4b1b487041
[CVE-2023-49783] Allow permission checks in BulkLoader
2024-01-23 11:01:25 +13:00
b90d606427
Merge pull request #10834 from lekoala/patch-36
...
SessionAuthenticationHandler doesn't cache member query
2023-08-03 11:54:50 +12:00
7b21b38ac4
[CVE-2023-32302] Require password field to be non-empty
2023-07-31 11:14:22 +12:00
9391e696bb
use Member::class
2023-06-23 09:35:34 +02:00
2e73b5eeca
Use cached query
...
Fixes https://github.com/silverstripe/silverstripe-framework/issues/10833
2023-06-22 11:04:26 +02:00
cd946b6c80
Group visibility for SITETREE_GRANT_ACCESS permissions
...
Make groups visible if member has SITETREE_GRANT_ACCESS permissions, otherwise the dropdown for selecting the group is empty
2023-04-05 16:33:41 +10:00
23efed1802
Merge branch '4.12' into 4
2023-02-02 16:20:00 +13:00
3e5d99dedc
Prevent backslash in class name
...
since the default code is using get_called_class, you can end up with \ in the class name which is an escape character for css selectors
this update convert for example
even valCMS_ACCESS_SilverStripe\VersionedAdmin\ArchiveAdmin
to
even valCMS_ACCESS_SilverStripe-VersionedAdmin-ArchiveAdmin
ArchiveAdmin class should probably implement private static $required_permission_codes = 'CMS_ACCESS_ArchiveAdmin '; also
2023-01-30 10:26:22 +01:00
b5533e4680
API Stop using deprecated API
2022-11-28 19:16:31 +13:00
ad116c63e6
Merge pull request #10565 from creative-commoners/pulls/4/stop-depr
...
API Stop using deprecated API
2022-11-16 14:26:18 +13:00
137ebcebec
API Stop using deprecated API
2022-11-15 18:20:54 +13:00
ed63beeeee
Merge branch '4.11' into 4
2022-11-09 10:53:09 +13:00
9091d64652
API Deprecate Member::create_new_password()
2022-11-02 10:08:27 +13:00
a3c1cb0ddf
ENH Set PasswordEncryption on default admin
2022-10-27 13:57:27 +13:00
9c453abf89
API Update deprecations
2022-10-13 14:49:15 +13:00
33b6a00f49
ENH Update deprecation messages
2022-10-13 14:48:40 +13:00
2991901660
ENH Update deprecation messages
2022-10-13 14:05:49 +13:00
7b87926428
ENH Update deprecation messages
2022-10-13 14:05:49 +13:00
cc49036616
ENH Standardise deprecation messages
2022-10-13 14:05:49 +13:00
421864d111
Merge branch '4.11' into 4
2022-09-29 09:41:06 +13:00
54892fa267
request may not have a session
...
see https://github.com/silverstripe/silverstripe-framework/pull/10512
2022-09-28 10:44:13 +02:00
f78c3ee5bb
Member updateName extension hook
...
Allow updating the Member name from an extension
2022-09-26 16:57:39 +02:00
b101b8bdb8
Merge branch '4.11' into 4
2022-07-04 13:20:12 +12:00
b37178e831
FIX: 'passwordsent' title was not being displayed ( fixes #10366 ) ( #10367 )
2022-07-01 13:58:57 +12:00
9d73b7b4bd
Merge branch '4.11' into 4
2022-05-27 12:55:53 +12:00
972a77f4d3
Merge branch '4.10' into 4.11
2022-05-27 12:55:35 +12:00
e0c4f01c11
FIX Resolve deduping problem with group codes.
...
Also remove dead validation code.
2022-05-27 11:19:32 +12:00
07aae0e56a
Merge pull request #10330 from creative-commoners/pulls/4.9/permissions-repeated-records
...
ENH Replace record in Permission Table if GroupID already exist
2022-05-23 18:30:21 +12:00
70f1dc8841
ENH Override record if a provided GroupId with provided Code already exist in Permission table.
2022-05-23 14:52:33 +12:00
903dd860b7
ENH: Add extension hooks to core emails
2022-05-16 10:02:49 +01:00
63f3637dc2
ENH Ensure users are sent emails when passwords are changed by default.
2022-05-12 11:42:27 +12:00
511b3bb060
ENH PHP 8.1 compatibility
2022-04-14 13:12:59 +12:00
5c54276b6f
ENH Make all GridField components injectable (using abstract class) ( #10204 )
...
* ENH Make all GridField components injectable.
Some components were already injectable, but all GridField components shipped in silverstripe should be injectable.
This makes it a LOT easier to make global project-specific changes to a given component.
The new AbstractGridFieldComponent also makes it easy to make similar wide-spread changes in the future.
* DOCS Encourage injection for GridField and GridFieldComponents.
2022-02-02 11:14:33 +13:00
511b8a4c71
Merge branch '4.10' into 4
2022-01-19 16:03:42 +13:00
e40a95af27
MINOR: add filterable and sortable field indexes ( #10189 )
2022-01-17 10:55:55 +13:00
cbf2987a61
FIX Disallow negative values for FailedLoginCount ( #10200 )
2022-01-14 11:29:49 +13:00
41530f0be3
MINOR: adding index to PermissionRoleCode.Code for faster filtering and sorting
2022-01-05 09:40:12 +13:00
ed492da636
Merge branch '4.10' into 4
2021-12-16 17:45:33 +13:00
8b3bec9c68
Merge branch '4.9' into 4.10
2021-12-16 10:58:13 +13:00
552cf5944d
MNT Fix various typos with codespell ( #10177 )
2021-12-13 21:05:33 +13:00
b8d37f9ae4
NEW Validate the Title on Group is not empty ( #10113 )
2021-11-03 14:26:16 +13:00
31668e8acf
fix: remove login marker cookie on logout
...
Apply suggestions from code review
Co-authored-by: Michal Kleiner <mk@011.nz>
2021-11-01 10:04:18 +11:00
0a389112ca
FIX Only send email if email address set
2021-09-07 11:20:29 +12:00
00e29758ff
DOC Add information regarding Security::setCurrentUser()
2021-09-06 14:04:53 +12:00
9a7c99fc4b
FIX Take current request protocol into account when deleting session cookie
2021-08-06 10:55:05 +10:00
3e2ca3027b
destroy session on logout instead of restarting it
2021-07-20 12:05:16 +10:00
e812999632
Merge branch '4.7' into 4.8
2021-06-21 14:58:40 +12:00
b625ba99b3
ENH Remove wording for authenticated devices being manageable
2021-06-18 09:50:13 +12:00
7ed7ad0254
FIX Ensure changing a password to blank is validated
2021-06-17 12:05:20 +12:00
debf1ae9fb
Merge pull request #9887 from lekoala/patch-18
2021-04-24 21:05:29 +12:00
Guy Sartorelli
Guy Sartorelli
Steve Boyd
Thomas Portelange
Florian Thoma
Sabina Talipova
Bram de Leeuw
Loz Calver
Sabina Talipova
Loz Calver
Nicolaas / Sunn Side Up
Lukas
Kirk Mayo
Garion Herman