Merge branch '4.0' into 4

This commit is contained in:
Daniel Hensby 2017-12-14 21:20:11 +00:00
commit e4bf9a31ed
No known key found for this signature in database
GPG Key ID: B00D1E9767F0B06E
14 changed files with 282 additions and 100 deletions

View File

@ -0,0 +1,32 @@
# 3.5.6
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2017-11-30 [6ba00e829](https://github.com/silverstripe/silverstripe-framework/commit/6ba00e829a9fb360dfe5cb0bc3d4544016c82357) Prevent disclosure of sensitive information via LoginAttempt (Damian Mooyman) - See [ss-2017-009](http://www.silverstripe.org/download/security-releases/ss-2017-009)
* 2017-11-30 [25e276cf3](https://github.com/silverstripe/silverstripe-framework/commit/25e276cf3784dc1ab3a38252192ccd61f9d63121) user agent invalidation on session startup (Damian Mooyman) - See [ss-2017-006](http://www.silverstripe.org/download/security-releases/ss-2017-006)
* 2017-11-29 [22ccf3e2f](https://github.com/silverstripe/silverstripe-framework/commit/22ccf3e2f9092f51e7f7288ce108598c6f17b49c) Ensure xls formulae are safely sanitised on output (Damian Mooyman) - See [ss-2017-007](http://www.silverstripe.org/download/security-releases/ss-2017-007)
* 2017-11-21 [0f2049d4d](https://github.com/silverstripe/silverstripe-framework/commit/0f2049d4d466e05f5d7f07fc63580836de8c6bff) SQL injection in search engine (Daniel Hensby) - See [ss-2017-008](http://www.silverstripe.org/download/security-releases/ss-2017-008)
### Bugfixes
* 2017-11-30 [84d7afb34](https://github.com/silverstripe/silverstripe-framework/commit/84d7afb3477885e9d69f2ac10838179efc1d3b91) Use baseDataClass for allVersions as with other methods (Daniel Hensby)
* 2017-11-24 [09a003bc1](https://github.com/silverstripe/silverstripe-framework/commit/09a003bc13390359fa717a4256f9278303d59544) deprecated usage of getMock in unit tests (Daniel Hensby)
* 2017-11-23 [2ad3cc07d](https://github.com/silverstripe/silverstripe-framework/commit/2ad3cc07d583041e23a5dca0d53ffbdf8c9cd0d0) Update meber passwordencryption to default on password change (Daniel Hensby)
* 2017-11-16 [dda14e895](https://github.com/silverstripe/silverstripe-framework/commit/dda14e89596a0de0b70eace27f7015bc0bb40669) HTTP::get_mime_type with uppercase filenames. (Roman Schmid)
* 2017-11-16 [52f0eadd3](https://github.com/silverstripe/silverstripe-framework/commit/52f0eadd3b1ad37806a95b6dd05427add3166cc5) for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in &lt;img&gt; tag which may be File instances). (Patrick Nelson)
* 2017-11-15 [ce3fd370f](https://github.com/silverstripe/silverstripe-framework/commit/ce3fd370fb07ffc18742323b0dd99f30cf28cf14) ManyMany link table joined with LEFT JOIN (Daniel Hensby)
* 2017-11-09 [1053de7ec](https://github.com/silverstripe/silverstripe-framework/commit/1053de7ec39d1a2ce6826ea2db8f55114755098d) Don't redirect in force_redirect() in CLI (Damian Mooyman)
* 2017-10-25 [cbac37559](https://github.com/silverstripe/silverstripe-framework/commit/cbac3755909bc5d72d923b07747fd6a98e2215dc) Helpful warning when phpunit bootstrap appears misconfigured (Daniel Hensby)
* 2017-10-25 [32cef975e](https://github.com/silverstripe/silverstripe-framework/commit/32cef975ef6c816d8b5bc953cffbd18492686281) Use self::inst() for Injector/Config nest methods (Daniel Hensby)
* 2017-10-19 [a73d5b41](https://github.com/silverstripe/silverstripe-cms/commit/a73d5b4177be445128a6fa42e20dd8df13eaf554) revert to this button after archiving (Christopher Joe)
* 2017-10-12 [fd39faee](https://github.com/silverstripe/silverstripe-cms/commit/fd39faeefd5241cf96313e968142183de767c51b) UploadField overwriteWarning isn't working in AssetAdmin (Jason)
* 2017-10-09 [264cec123](https://github.com/silverstripe/silverstripe-framework/commit/264cec1239ee8d75e67c5402970a91cf58e50539) Dont use var_export for cache key generation as it fails on circular references (Daniel Hensby)
* 2017-10-04 [24e190ea](https://github.com/silverstripe/silverstripe-cms/commit/24e190ea8265d16445a3210f7b06de191e474004) TreeDropdownField showing broken page icons (fixes silverstripe/silverstripe-framework#7420) (Loz Calver)
* 2017-09-12 [0aac4ddb](https://github.com/silverstripe/silverstripe-cms/commit/0aac4ddb7ecf0f17eda8add235017c10c9f57255) Default LoginForm generated from default_authenticator (Daniel Hensby)
* 2017-08-13 [2f579b64c](https://github.com/silverstripe/silverstripe-framework/commit/2f579b64cb9cb8986489e312b253dba5061e304b) Files without extensions (folders) do not have a trailing period added (Robbie Averill)
* 2017-07-04 [00f1ad5d6](https://github.com/silverstripe/silverstripe-framework/commit/00f1ad5d692f0a44b58bb216e5378e51dc96243d) Fixes #7116 Improves server requirements docs viz: OpCaches. (Russell Michell)
* 2016-03-20 [805c38f10](https://github.com/silverstripe/silverstripe-framework/commit/805c38f107e7e332d2846407e0a89cade1d33ed1) don't try and switch out of context of the tab system (Stevie Mayhew)

View File

@ -0,0 +1,34 @@
# 3.6.3
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2017-11-30 [6ba00e829](https://github.com/silverstripe/silverstripe-framework/commit/6ba00e829a9fb360dfe5cb0bc3d4544016c82357) Prevent disclosure of sensitive information via LoginAttempt (Damian Mooyman) - See [ss-2017-009](http://www.silverstripe.org/download/security-releases/ss-2017-009)
* 2017-11-30 [db54112f3](https://github.com/silverstripe/silverstripe-framework/commit/db54112f3cca012e33257c782dffd7154bf663a5) user agent invalidation on session startup (Damian Mooyman) - See [ss-2017-006](http://www.silverstripe.org/download/security-releases/ss-2017-006)
* 2017-11-29 [22ccf3e2f](https://github.com/silverstripe/silverstripe-framework/commit/22ccf3e2f9092f51e7f7288ce108598c6f17b49c) Ensure xls formulae are safely sanitised on output (Damian Mooyman) - See [ss-2017-007](http://www.silverstripe.org/download/security-releases/ss-2017-007)
* 2017-11-21 [0f2049d4d](https://github.com/silverstripe/silverstripe-framework/commit/0f2049d4d466e05f5d7f07fc63580836de8c6bff) SQL injection in search engine (Daniel Hensby) - See [ss-2017-008](http://www.silverstripe.org/download/security-releases/ss-2017-008)
### Bugfixes
* 2017-12-05 [8477de15](https://github.com/silverstripe/silverstripe-siteconfig/commit/8477de15203c4c80ca55365200fa3c7c031d70d8) Remove unused Behat tests from 3.6 branch (Robbie Averill)
* 2017-11-30 [84d7afb34](https://github.com/silverstripe/silverstripe-framework/commit/84d7afb3477885e9d69f2ac10838179efc1d3b91) Use baseDataClass for allVersions as with other methods (Daniel Hensby)
* 2017-11-24 [09a003bc1](https://github.com/silverstripe/silverstripe-framework/commit/09a003bc13390359fa717a4256f9278303d59544) deprecated usage of getMock in unit tests (Daniel Hensby)
* 2017-11-23 [2ad3cc07d](https://github.com/silverstripe/silverstripe-framework/commit/2ad3cc07d583041e23a5dca0d53ffbdf8c9cd0d0) Update meber passwordencryption to default on password change (Daniel Hensby)
* 2017-11-22 [ef6d86f2c](https://github.com/silverstripe/silverstripe-framework/commit/ef6d86f2c695d319f9c07ccd9f4d93e83263e356) Allow lowercase and uppercase delcaration of legacy Int class (Daniel Hensby)
* 2017-11-16 [dda14e895](https://github.com/silverstripe/silverstripe-framework/commit/dda14e89596a0de0b70eace27f7015bc0bb40669) HTTP::get_mime_type with uppercase filenames. (Roman Schmid)
* 2017-11-16 [52f0eadd3](https://github.com/silverstripe/silverstripe-framework/commit/52f0eadd3b1ad37806a95b6dd05427add3166cc5) for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in &lt;img&gt; tag which may be File instances). (Patrick Nelson)
* 2017-11-15 [ce3fd370f](https://github.com/silverstripe/silverstripe-framework/commit/ce3fd370fb07ffc18742323b0dd99f30cf28cf14) ManyMany link table joined with LEFT JOIN (Daniel Hensby)
* 2017-11-09 [1053de7ec](https://github.com/silverstripe/silverstripe-framework/commit/1053de7ec39d1a2ce6826ea2db8f55114755098d) Don't redirect in force_redirect() in CLI (Damian Mooyman)
* 2017-10-25 [cbac37559](https://github.com/silverstripe/silverstripe-framework/commit/cbac3755909bc5d72d923b07747fd6a98e2215dc) Helpful warning when phpunit bootstrap appears misconfigured (Daniel Hensby)
* 2017-10-25 [32cef975e](https://github.com/silverstripe/silverstripe-framework/commit/32cef975ef6c816d8b5bc953cffbd18492686281) Use self::inst() for Injector/Config nest methods (Daniel Hensby)
* 2017-10-19 [a73d5b41](https://github.com/silverstripe/silverstripe-cms/commit/a73d5b4177be445128a6fa42e20dd8df13eaf554) revert to this button after archiving (Christopher Joe)
* 2017-10-12 [fd39faee](https://github.com/silverstripe/silverstripe-cms/commit/fd39faeefd5241cf96313e968142183de767c51b) UploadField overwriteWarning isn't working in AssetAdmin (Jason)
* 2017-10-09 [264cec123](https://github.com/silverstripe/silverstripe-framework/commit/264cec1239ee8d75e67c5402970a91cf58e50539) Dont use var_export for cache key generation as it fails on circular references (Daniel Hensby)
* 2017-10-04 [24e190ea](https://github.com/silverstripe/silverstripe-cms/commit/24e190ea8265d16445a3210f7b06de191e474004) TreeDropdownField showing broken page icons (fixes silverstripe/silverstripe-framework#7420) (Loz Calver)
* 2017-09-12 [0aac4ddb](https://github.com/silverstripe/silverstripe-cms/commit/0aac4ddb7ecf0f17eda8add235017c10c9f57255) Default LoginForm generated from default_authenticator (Daniel Hensby)
* 2017-08-13 [2f579b64c](https://github.com/silverstripe/silverstripe-framework/commit/2f579b64cb9cb8986489e312b253dba5061e304b) Files without extensions (folders) do not have a trailing period added (Robbie Averill)
* 2017-07-04 [00f1ad5d6](https://github.com/silverstripe/silverstripe-framework/commit/00f1ad5d692f0a44b58bb216e5378e51dc96243d) Fixes #7116 Improves server requirements docs viz: OpCaches. (Russell Michell)
* 2016-03-20 [805c38f10](https://github.com/silverstripe/silverstripe-framework/commit/805c38f107e7e332d2846407e0a89cade1d33ed1) don't try and switch out of context of the tab system (Stevie Mayhew)

View File

@ -0,0 +1,31 @@
# 3.5.6-rc1
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2017-11-30 [6ba00e829]() Prevent disclosure of sensitive information via LoginAttempt (Damian Mooyman) - See [ss-2017-009](http://www.silverstripe.org/download/security-releases/ss-2017-009)
* 2017-11-30 [25e276cf3]() user agent invalidation on session startup (Damian Mooyman) - See [ss-2017-006](http://www.silverstripe.org/download/security-releases/ss-2017-006)
* 2017-11-29 [22ccf3e2f]() Ensure xls formulae are safely sanitised on output (Damian Mooyman) - See [ss-2017-007](http://www.silverstripe.org/download/security-releases/ss-2017-007)
### Bugfixes
* 2017-11-30 [84d7afb34]() Use baseDataClass for allVersions as with other methods (Daniel Hensby)
* 2017-11-24 [09a003bc1]() deprecated usage of getMock in unit tests (Daniel Hensby)
* 2017-11-23 [2ad3cc07d]() Update meber passwordencryption to default on password change (Daniel Hensby)
* 2017-11-16 [dda14e895]() HTTP::get_mime_type with uppercase filenames. (Roman Schmid)
* 2017-11-16 [52f0eadd3]() for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in &lt;img&gt; tag which may be File instances). (Patrick Nelson)
* 2017-11-15 [ce3fd370f]() ManyMany link table joined with LEFT JOIN (Daniel Hensby)
* 2017-11-09 [1053de7ec]() Don't redirect in force_redirect() in CLI (Damian Mooyman)
* 2017-10-25 [cbac37559]() Helpful warning when phpunit bootstrap appears misconfigured (Daniel Hensby)
* 2017-10-25 [32cef975e]() Use self::inst() for Injector/Config nest methods (Daniel Hensby)
* 2017-10-19 [a73d5b41](https://github.com/silverstripe/silverstripe-cms/commit/a73d5b4177be445128a6fa42e20dd8df13eaf554) revert to this button after archiving (Christopher Joe)
* 2017-10-12 [fd39faee](https://github.com/silverstripe/silverstripe-cms/commit/fd39faeefd5241cf96313e968142183de767c51b) UploadField overwriteWarning isn't working in AssetAdmin (Jason)
* 2017-10-09 [264cec123]() Dont use var_export for cache key generation as it fails on circular references (Daniel Hensby)
* 2017-10-04 [24e190ea](https://github.com/silverstripe/silverstripe-cms/commit/24e190ea8265d16445a3210f7b06de191e474004) TreeDropdownField showing broken page icons (fixes silverstripe/silverstripe-framework#7420) (Loz Calver)
* 2017-09-12 [0aac4ddb](https://github.com/silverstripe/silverstripe-cms/commit/0aac4ddb7ecf0f17eda8add235017c10c9f57255) Default LoginForm generated from default_authenticator (Daniel Hensby)
* 2017-08-13 [2f579b64c]() Files without extensions (folders) do not have a trailing period added (Robbie Averill)
* 2017-07-04 [00f1ad5d6]() Fixes #7116 Improves server requirements docs viz: OpCaches. (Russell Michell)
* 2016-03-20 [805c38f10]() don't try and switch out of context of the tab system (Stevie Mayhew)

View File

@ -0,0 +1,34 @@
# 3.6.3-rc2
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2017-11-30 [6ba00e829]() Prevent disclosure of sensitive information via LoginAttempt (Damian Mooyman) - See [ss-2017-009](http://www.silverstripe.org/download/security-releases/ss-2017-009)
* 2017-11-30 [db54112f3]() user agent invalidation on session startup (Damian Mooyman) - See [ss-2017-006](http://www.silverstripe.org/download/security-releases/ss-2017-006)
* 2017-11-29 [22ccf3e2f]() Ensure xls formulae are safely sanitised on output (Damian Mooyman) - See [ss-2017-007](http://www.silverstripe.org/download/security-releases/ss-2017-007)
* 2017-11-21 [0f2049d4d]() SQL injection in search engine (Daniel Hensby) - See [ss-2017-008](http://www.silverstripe.org/download/security-releases/ss-2017-008)
### Bugfixes
* 2017-12-05 [8477de15](https://github.com/silverstripe/silverstripe-siteconfig/commit/8477de15203c4c80ca55365200fa3c7c031d70d8) Remove unused Behat tests from 3.6 branch (Robbie Averill)
* 2017-11-30 [84d7afb34]() Use baseDataClass for allVersions as with other methods (Daniel Hensby)
* 2017-11-24 [09a003bc1]() deprecated usage of getMock in unit tests (Daniel Hensby)
* 2017-11-23 [2ad3cc07d]() Update meber passwordencryption to default on password change (Daniel Hensby)
* 2017-11-22 [ef6d86f2c]() Allow lowercase and uppercase delcaration of legacy Int class (Daniel Hensby)
* 2017-11-16 [dda14e895]() HTTP::get_mime_type with uppercase filenames. (Roman Schmid)
* 2017-11-16 [52f0eadd3]() for #7606: Ensure the object we're handling is actually an Image instance before calling methods specific to that class (e.g. in case of using SVG's in &lt;img&gt; tag which may be File instances). (Patrick Nelson)
* 2017-11-15 [ce3fd370f]() ManyMany link table joined with LEFT JOIN (Daniel Hensby)
* 2017-11-09 [1053de7ec]() Don't redirect in force_redirect() in CLI (Damian Mooyman)
* 2017-10-25 [cbac37559]() Helpful warning when phpunit bootstrap appears misconfigured (Daniel Hensby)
* 2017-10-25 [32cef975e]() Use self::inst() for Injector/Config nest methods (Daniel Hensby)
* 2017-10-19 [a73d5b41](https://github.com/silverstripe/silverstripe-cms/commit/a73d5b4177be445128a6fa42e20dd8df13eaf554) revert to this button after archiving (Christopher Joe)
* 2017-10-12 [fd39faee](https://github.com/silverstripe/silverstripe-cms/commit/fd39faeefd5241cf96313e968142183de767c51b) UploadField overwriteWarning isn't working in AssetAdmin (Jason)
* 2017-10-09 [264cec123]() Dont use var_export for cache key generation as it fails on circular references (Daniel Hensby)
* 2017-10-04 [24e190ea](https://github.com/silverstripe/silverstripe-cms/commit/24e190ea8265d16445a3210f7b06de191e474004) TreeDropdownField showing broken page icons (fixes silverstripe/silverstripe-framework#7420) (Loz Calver)
* 2017-09-12 [0aac4ddb](https://github.com/silverstripe/silverstripe-cms/commit/0aac4ddb7ecf0f17eda8add235017c10c9f57255) Default LoginForm generated from default_authenticator (Daniel Hensby)
* 2017-08-13 [2f579b64c]() Files without extensions (folders) do not have a trailing period added (Robbie Averill)
* 2017-07-04 [00f1ad5d6]() Fixes #7116 Improves server requirements docs viz: OpCaches. (Russell Michell)
* 2016-03-20 [805c38f10]() don't try and switch out of context of the tab system (Stevie Mayhew)

View File

@ -50,6 +50,20 @@ abstract class DBSchemaManager
*/ */
protected $supressOutput = false; protected $supressOutput = false;
/**
* @var array
*/
protected static $table_name_warnings = [];
/**
* @param string
* @deprecated 4.0..5.0
*/
public static function showTableNameWarning($table, $class)
{
static::$table_name_warnings[$table] = $class;
}
/** /**
* Injector injection point for database controller * Injector injection point for database controller
* *
@ -409,6 +423,27 @@ abstract class DBSchemaManager
$this->requireIndex($table, $indexName, $indexSpec); $this->requireIndex($table, $indexName, $indexSpec);
} }
} }
// Check and display notice about $table_name
static $table_name_info_sent = false;
if (isset(static::$table_name_warnings[$table])) {
if (!$table_name_info_sent) {
$this->alterationMessage(
<<<'MESSAGE'
<strong>Please note:</strong> It is strongly recommended to define a
table_name for all namespaced models. Not defining a table_name may cause generated table
names to be too long and may not be supported by your current database engine. The generated
naming scheme will also change when upgrading to SilverStripe 5.0 and potentially break.
MESSAGE
,
'error'
);
$table_name_info_sent = true;
}
$this->alterationMessage('table_name not set for class ' . static::$table_name_warnings[$table], 'notice');
}
} }
/** /**

View File

@ -3332,12 +3332,15 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
*/ */
public function summaryFields() public function summaryFields()
{ {
$fields = $this->config()->get('summary_fields'); $rawFields = $this->config()->get('summary_fields');
// if fields were passed in numeric array, // Merge associative / numeric keys
// convert to an associative array $fields = [];
if ($fields && array_key_exists(0, $fields)) { foreach ($rawFields as $key => $value) {
$fields = array_combine(array_values($fields), array_values($fields)); if (is_int($key)) {
$key = $value;
}
$fields[$key] = $value;
} }
if (!$fields) { if (!$fields) {

View File

@ -11,6 +11,7 @@ use SilverStripe\Core\Config\Configurable;
use SilverStripe\Core\Injector\Injectable; use SilverStripe\Core\Injector\Injectable;
use SilverStripe\Core\Injector\Injector; use SilverStripe\Core\Injector\Injector;
use SilverStripe\Dev\TestOnly; use SilverStripe\Dev\TestOnly;
use SilverStripe\ORM\Connect\DBSchemaManager;
use SilverStripe\ORM\FieldType\DBComposite; use SilverStripe\ORM\FieldType\DBComposite;
use SilverStripe\ORM\FieldType\DBField; use SilverStripe\ORM\FieldType\DBField;
@ -317,18 +318,13 @@ class DataObjectSchema
return $class; return $class;
} }
if (!ClassInfo::classImplements($class, TestOnly::class) && $this->classHasTable($class)) {
trigger_error(
"It is recommended to define a table_name for your '$class'." .
' Not defining a table_name may cause subsequent table names to be too long and may not be supported' .
' by your current database engine, the generated naming scheme will also change when upgrading to' .
' SilverStripe 5.0 and potentially break.',
E_USER_WARNING
);
}
$separator = DataObjectSchema::config()->uninherited('table_namespace_separator'); $separator = DataObjectSchema::config()->uninherited('table_namespace_separator');
$table = str_replace('\\', $separator, trim($class, '\\')); $table = str_replace('\\', $separator, trim($class, '\\'));
if (!ClassInfo::classImplements($class, TestOnly::class) && $this->classHasTable($class)) {
DBSchemaManager::showTableNameWarning($table, $class);
}
return $table; return $table;
} }

View File

@ -1716,7 +1716,7 @@ class Member extends DataObject
$encryption_details = Security::encrypt_password( $encryption_details = Security::encrypt_password(
$this->Password, $this->Password,
$this->Salt, $this->Salt,
$this->PasswordEncryption ?: Security::config()->get('password_encryption_algorithm'), $this->isChanged('PasswordEncryption') ? $this->PasswordEncryption : null,
$this $this
); );

View File

@ -1176,6 +1176,7 @@ class Security extends Controller implements TemplateGlobalProvider
* </code> * </code>
* If the passed algorithm is invalid, FALSE will be returned. * If the passed algorithm is invalid, FALSE will be returned.
* *
* @throws PasswordEncryptor_NotFoundException
* @see encrypt_passwords() * @see encrypt_passwords()
*/ */
public static function encrypt_password($password, $salt = null, $algorithm = null, $member = null) public static function encrypt_password($password, $salt = null, $algorithm = null, $member = null)

View File

@ -2,11 +2,13 @@
namespace SilverStripe\Security; namespace SilverStripe\Security;
use Exception;
use SilverStripe\Control\Controller; use SilverStripe\Control\Controller;
use SilverStripe\Control\HTTPRequest; use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\Session; use SilverStripe\Control\Session;
use SilverStripe\Core\Config\Configurable; use SilverStripe\Core\Config\Configurable;
use SilverStripe\Core\Injector\Injectable; use SilverStripe\Core\Injector\Injectable;
use SilverStripe\Core\Injector\Injector;
use SilverStripe\Forms\FieldList; use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\HiddenField; use SilverStripe\Forms\HiddenField;
use SilverStripe\View\TemplateGlobalProvider; use SilverStripe\View\TemplateGlobalProvider;
@ -56,7 +58,7 @@ class SecurityToken implements TemplateGlobalProvider
protected static $enabled = true; protected static $enabled = true;
/** /**
* @var String $name * @var string $name
*/ */
protected $name = null; protected $name = null;
@ -110,7 +112,7 @@ class SecurityToken implements TemplateGlobalProvider
} }
/** /**
* @return String * @return string
*/ */
public static function get_default_name() public static function get_default_name()
{ {
@ -146,11 +148,11 @@ class SecurityToken implements TemplateGlobalProvider
} }
/** /**
* @return String * @return string
*/ */
public function getValue() public function getValue()
{ {
$session = Controller::curr()->getRequest()->getSession(); $session = $this->getSession();
$value = $session->get($this->getName()); $value = $session->get($this->getName());
// only regenerate if the token isn't already set in the session // only regenerate if the token isn't already set in the session
@ -163,12 +165,30 @@ class SecurityToken implements TemplateGlobalProvider
} }
/** /**
* @param String $val * @param string $val
* @return $this
*/ */
public function setValue($val) public function setValue($val)
{ {
$session = Controller::curr()->getRequest()->getSession(); $this->getSession()->set($this->getName(), $val);
$session->set($this->getName(), $val); return $this;
}
/**
* Returns the current session instance from the injector
*
* @return Session
* @throws Exception If the HTTPRequest class hasn't been registered as a service and no controllers exist
*/
protected function getSession()
{
$injector = Injector::inst();
if ($injector->has(HTTPRequest::class)) {
return $injector->get(HTTPRequest::class)->getSession();
} elseif (Controller::has_curr()) {
return Controller::curr()->getRequest()->getSession();
}
throw new Exception('No HTTPRequest object or controller available yet!');
} }
/** /**
@ -188,8 +208,8 @@ class SecurityToken implements TemplateGlobalProvider
* *
* Typically you'll want to check {@link Form->securityTokenEnabled()} before calling this method. * Typically you'll want to check {@link Form->securityTokenEnabled()} before calling this method.
* *
* @param String $compare * @param string $compare
* @return Boolean * @return boolean
*/ */
public function check($compare) public function check($compare)
{ {
@ -246,8 +266,8 @@ class SecurityToken implements TemplateGlobalProvider
} }
/** /**
* @param String $url * @param string $url
* @return String * @return string
*/ */
public function addToUrl($url) public function addToUrl($url)
{ {
@ -272,7 +292,7 @@ class SecurityToken implements TemplateGlobalProvider
/** /**
* @uses RandomGenerator * @uses RandomGenerator
* *
* @return String * @return string
*/ */
protected function generate() protected function generate()
{ {

View File

@ -2,26 +2,24 @@
namespace SilverStripe\ORM\Tests; namespace SilverStripe\ORM\Tests;
use InvalidArgumentException;
use LogicException; use LogicException;
use SilverStripe\Core\Config\Config; use SilverStripe\Core\Config\Config;
use SilverStripe\Dev\SapphireTest; use SilverStripe\Dev\SapphireTest;
use SilverStripe\i18n\i18n; use SilverStripe\i18n\i18n;
use SilverStripe\ORM\Connect\MySQLDatabase;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DataObjectSchema; use SilverStripe\ORM\DataObjectSchema;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\FieldType\DBBoolean; use SilverStripe\ORM\FieldType\DBBoolean;
use SilverStripe\ORM\FieldType\DBDatetime; use SilverStripe\ORM\FieldType\DBDatetime;
use SilverStripe\ORM\FieldType\DBField; use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\DataObject;
use SilverStripe\ORM\DB;
use SilverStripe\ORM\Connect\MySQLDatabase;
use SilverStripe\ORM\FieldType\DBPolymorphicForeignKey; use SilverStripe\ORM\FieldType\DBPolymorphicForeignKey;
use SilverStripe\ORM\FieldType\DBVarchar; use SilverStripe\ORM\FieldType\DBVarchar;
use SilverStripe\ORM\ManyManyList; use SilverStripe\ORM\ManyManyList;
use SilverStripe\ORM\Tests\DataObjectTest\Player; use SilverStripe\ORM\Tests\DataObjectTest\Player;
use SilverStripe\ORM\ValidationException;
use SilverStripe\View\ViewableData; use SilverStripe\View\ViewableData;
use stdClass; use stdClass;
use ReflectionException;
use InvalidArgumentException;
class DataObjectTest extends SapphireTest class DataObjectTest extends SapphireTest
{ {
@ -1191,15 +1189,13 @@ class DataObjectTest extends SapphireTest
$summaryFields = $team->summaryFields(); $summaryFields = $team->summaryFields();
$this->assertEquals( $this->assertEquals(
'Custom Title', [
$summaryFields['Title'], 'Title' => 'Custom Title',
'Custom title is preserved' 'Title.UpperCase' => 'Title',
); 'Captain.ShirtNumber' => 'Captain\'s shirt number',
'Captain.FavouriteTeam.Title' => 'Captain\'s favourite team',
$this->assertEquals( ],
'Captain\'s shirt number', $summaryFields
$summaryFields['Captain.ShirtNumber'],
'Custom title on relation is preserved'
); );
} }

View File

@ -59,7 +59,7 @@ class Team extends DataObject implements TestOnly
); );
private static $summary_fields = array( private static $summary_fields = array(
'Title' => 'Custom Title', 'Title', // Overridden by Team_Extension
'Title.UpperCase' => 'Title', 'Title.UpperCase' => 'Title',
'Captain.ShirtNumber' => 'Captain\'s shirt number', 'Captain.ShirtNumber' => 'Captain\'s shirt number',
'Captain.FavouriteTeam.Title' => 'Captain\'s favourite team' 'Captain.FavouriteTeam.Title' => 'Captain\'s favourite team'

View File

@ -7,6 +7,10 @@ use SilverStripe\ORM\DataExtension;
class Team_Extension extends DataExtension implements TestOnly class Team_Extension extends DataExtension implements TestOnly
{ {
private static $summary_fields = [
'Title' => 'Custom Title', // override non-associative 'Title'
];
private static $db = array( private static $db = array(
'ExtendedDatabaseField' => 'Varchar' 'ExtendedDatabaseField' => 'Varchar'
); );

View File

@ -3,6 +3,7 @@
namespace SilverStripe\Security\Tests; namespace SilverStripe\Security\Tests;
use SilverStripe\Control\Cookie; use SilverStripe\Control\Cookie;
use SilverStripe\Core\Config\Config;
use SilverStripe\Core\Convert; use SilverStripe\Core\Convert;
use SilverStripe\Core\Injector\Injector; use SilverStripe\Core\Injector\Injector;
use SilverStripe\Dev\FunctionalTest; use SilverStripe\Dev\FunctionalTest;
@ -56,6 +57,22 @@ class MemberTest extends FunctionalTest
Member::set_password_validator(null); Member::set_password_validator(null);
} }
public function testPasswordEncryptionUpdatedOnChangedPassword()
{
Config::modify()->set(Security::class, 'password_encryption_algorithm', 'none');
$member = Member::create();
$member->Password = 'password';
$member->write();
$this->assertEquals('password', $member->Password);
$this->assertEquals('none', $member->PasswordEncryption);
Config::modify()->set(Security::class, 'password_encryption_algorithm', 'blowfish');
$member->Password = 'newpassword';
$member->write();
$this->assertNotEquals('password', $member->Password);
$this->assertNotEquals('newpassword', $member->Password);
$this->assertEquals('blowfish', $member->PasswordEncryption);
}
public function testWriteDoesntMergeNewRecordWithExistingMember() public function testWriteDoesntMergeNewRecordWithExistingMember()
{ {
$this->expectException(ValidationException::class); $this->expectException(ValidationException::class);
@ -91,8 +108,8 @@ class MemberTest extends FunctionalTest
$memberWithPassword->Password = 'mypassword'; $memberWithPassword->Password = 'mypassword';
$memberWithPassword->write(); $memberWithPassword->write();
$this->assertEquals( $this->assertEquals(
$memberWithPassword->PasswordEncryption,
Security::config()->get('password_encryption_algorithm'), Security::config()->get('password_encryption_algorithm'),
$memberWithPassword->PasswordEncryption,
'Password encryption is set for new member records on first write (with setting "Password")' 'Password encryption is set for new member records on first write (with setting "Password")'
); );
@ -104,27 +121,6 @@ class MemberTest extends FunctionalTest
); );
} }
public function testDefaultPasswordEncryptionDoesntChangeExistingMembers()
{
$member = new Member();
$member->Password = 'mypassword';
$member->PasswordEncryption = 'sha1_v2.4';
$member->write();
Security::config()->set('password_encryption_algorithm', 'none');
$member->Password = 'mynewpassword';
$member->write();
$this->assertEquals(
$member->PasswordEncryption,
'sha1_v2.4'
);
$auth = new MemberAuthenticator();
$result = $auth->checkPassword($member, 'mynewpassword');
$this->assertTrue($result->isValid());
}
public function testKeepsEncryptionOnEmptyPasswords() public function testKeepsEncryptionOnEmptyPasswords()
{ {
$member = new Member(); $member = new Member();
@ -136,8 +132,8 @@ class MemberTest extends FunctionalTest
$member->write(); $member->write();
$this->assertEquals( $this->assertEquals(
$member->PasswordEncryption, Security::config()->get('password_encryption_algorithm'),
'sha1_v2.4' $member->PasswordEncryption
); );
$auth = new MemberAuthenticator(); $auth = new MemberAuthenticator();
$result = $auth->checkPassword($member, ''); $result = $auth->checkPassword($member, '');