Steve Boyd
98b985fb91
Merge branch '4.10' into 4.11
2022-06-28 17:41:49 +12:00
Steve Boyd
991aedf017
[CVE-2022-25238] Sanitise htmlfields serverside by default
2022-06-28 17:03:05 +12:00
Lukas
552cf5944d
MNT Fix various typos with codespell ( #10177 )
2021-12-13 21:05:33 +13:00
Michael Pritchard
fdbd899766
DOC Update SilverStripe to Silverstripe CMS
...
- Remaining Developer Guides and Upgrading
- SilverStripe in a namespace or api has not been change
- To keep PRs easier no formatting was changed
Update merge conflics with two files
Update Silverstripe Ltd, Silverstripe Cloud and Silverstripe CMS
Silverstripe CMS Ltd > Silverstripe Ltd
Silverstripe CMS Platform > Silverstripe Cloud
Silverstripe CMS Framework > Silverstripe CMS
Resolve merge conflict
Remove Framework from Silverstripe CMS Framework
- 3 files
Change SilverStripe CMS to Silverstripe CMS
2021-07-30 13:54:15 +01:00
Steve Boyd
1c7fd287a1
ENH Reduce default token period from 90 to 30 days
2021-04-06 13:22:10 +12:00
Ed Wilde
da56fa785b
DOC: fix invalid syntax on link
...
Fixing the markdown syntax for the link to HTTP Cache Headers.
2021-02-12 16:11:36 +13:00
Ingo Schommer
fee31c2c6c
DOCS Recommend moving .protected out of webroot
...
Note that it's currently unclear whether Silverstripe Cloud or CWP support this,
but it shouldn't block us from recommend this in the open source project.
It's documented in the "server requirements", which should make it pretty
clear that this requires you to have control over server configuration (or check with those that have).
See https://github.com/silverstripe/silverstripe-framework/issues/7710
2020-10-15 17:08:37 +13:00
Ingo Schommer
bffb7e2577
Revert "DOCS MFA authentication"
...
Underlying feature isn't merged yet,
see https://github.com/silverstripe/silverstripe-installer/issues/280
Revert "Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md"
This reverts commit 72a02a3d0e
.
Revert "Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md"
This reverts commit c54f8e4864
.
Revert "DOCS MFA authentication"
This reverts commit 5fe5833fb2
.
2020-08-20 18:40:59 +12:00
Ingo Schommer
f8b4570cb1
DOCS MFA authentication ( #9536 )
...
See https://github.com/silverstripe/silverstripe-installer/issues/280
2020-08-20 18:33:36 +12:00
Ingo Schommer
72a02a3d0e
Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md
...
Co-authored-by: Serge Latyntsev <dnsl48@gmail.com>
2020-08-20 18:32:57 +12:00
Ingo Schommer
c54f8e4864
Update docs/en/02_Developer_Guides/09_Security/03_Authentication.md
...
Co-authored-by: Serge Latyntsev <dnsl48@gmail.com>
2020-08-20 18:32:39 +12:00
Ingo Schommer
b6169a87c2
DOCS HTTP header in server requirements
2020-07-29 14:28:20 +12:00
Jackson Darlow
ae1a883b32
Added mention of Session.timeout to secure_coding docs
2020-06-12 14:43:37 +12:00
Ingo Schommer
5fe5833fb2
DOCS MFA authentication
...
See https://github.com/silverstripe/silverstripe-installer/issues/280
2020-06-04 08:46:34 +12:00
Michal Kleiner
21129b1624
Use short array syntax across the framework's codebase
2020-05-16 10:34:45 +01:00
Maxime Rainville
affd43052a
Merge branch '4.5' into 4
2020-02-17 18:11:23 +13:00
Maxime Rainville
acd7d94167
Merge branch '4.4' into 4.5
2020-02-17 13:07:26 +13:00
Serge Latyntcev
ad1b00ec7d
[CVE-2019-19325] XSS through non-scalar FormField attributes
...
Silverstripe Forms allow malicious HTML or JavaScript to be inserted
through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting)
on some forms built with user input (Request data). This can lead to phishing attempts
to obtain a user's credentials or other sensitive user input.
There is no known attack vector for extracting user-session information or credentials automatically,
it required a user to fall for the phishing attempt.
XSS can also be used to modify the presentation of content in malicious ways.
2020-02-17 09:58:29 +13:00
Valentino Pesce
24c28e4457
Docs: Fix link to Middleware not found
...
Fix link to Middleware not found in page Rate Limiting
2020-01-25 19:21:15 +01:00
Loz Calver
f4713d95f6
Merge pull request #9333 from creative-commoners/pulls/4/canonicalurlmiddleware-docs
...
DOCS Add note about applying forceSSL to non-live environments
2019-11-25 11:37:30 +00:00
Garion Herman
bf38997b6e
DOCS Add note about applying forceSSL to non-live environments
2019-11-25 12:14:26 +13:00
Aaron Carlino
6888901468
NEW: Update docs to be compliant with Gatsby site ( #9314 )
...
* First cut
* Temporarily disable composer.json for netlify build
* POC
* New recursive directory query, various refinements
* Fix flexbox
* new styled components plugin
* Apply frontmatter delimiters
* Mobile styles, animation
* Search
* Redesign, clean up
* Nuke the cache, try again
* fix file casing
* Remove production env file
* ID headers
* Move app to new repo
* Add frontmatter universally
* Hide children changelogs
* Add how to title
* New callout tags
* Revert inline code block change
* Replace note callouts
* Fix icons
* Repalce images
* Fix icon
* Fix image links
* Use proper SQL icon
2019-11-18 17:58:33 +13:00
Maxime Rainville
d7f5ed3e65
DOC Substituce old apache syntax for Require
2019-09-25 16:59:48 +12:00
Matt Peel
7083f016c1
Update secure coding standards
...
As of SS4.0.0 and the introduction of TrustedProxyMiddleware, the default now if no trusted proxies are defined is that nothing is a trusted proxy, whereas in SS3 a missing declaration was treated as everything being allowed.
2019-09-10 12:55:24 +12:00
Robbie Averill
3224c9971b
Merge branch '4.4' into 4
2019-08-02 11:24:54 +12:00
Robbie Averill
3b96c51688
Merge branch '4.3' into 4.4
2019-08-02 11:24:45 +12:00
Robbie Averill
2d2b0b82f0
DOCS Fix incorrect rendering of note on list item
...
[ci skip]
2019-07-25 12:03:12 +02:00
Ingo Schommer
4d93e48b10
DOCS Add silverstripe/login-forms ( #9112 )
...
See https://github.com/silverstripe/recipe-cms/issues/26 .
Dependant on https://github.com/silverstripe/silverstripe-installer/pull/257 .
2019-07-16 10:11:37 +12:00
Erlend Mongstad
80b097eb68
Added missing Permission class to example
...
Following the example will give the following error;
```[Emergency] Uncaught Error: Class {my namespace}\Permission not found```
Added the missing class
2019-04-17 02:36:13 +02:00
Robbie Averill
af8d268cc7
DOCS Update documentation for password validation rule configuration
2018-11-13 10:55:26 +02:00
Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie
...
Fixes #8234
2018-07-30 16:41:49 +01:00
Ingo Schommer
259aa06010
DOCS More resilient example domain
...
myapp.com is owned, example.com is specifically reserved for documentation use cases:
https://en.wikipedia.org/wiki/Example.com
[ci skip]
2018-06-26 10:13:36 +12:00
Ingo Schommer
2e1e8e07b9
DOCS Consistent app/ folder and composer use
...
- Stronger wording around "use composer"
- Consistent domain and email address naming
- Removed example for publishing non-composer modules (those shouldn't be encouraged)
- Removed instructions for installing modules from archives
[ci skip]
2018-06-25 10:40:19 +12:00
Damian Mooyman
3ea98cdb13
Migrate documentation from 3.x
2018-06-13 14:50:02 +12:00
Robbie Averill
c3e5ab2258
Merge pull request #65 from silverstripe-security/pulls/4.2/ss-2018-009
...
[SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication
2018-05-28 18:57:38 +12:00
Ingo Schommer
9097a95de2
Cookie lifetime docs
2018-05-21 11:36:53 +12:00
Ingo Schommer
5445a0d3fc
Corrected login data usage docs
2018-05-21 11:36:45 +12:00
Ingo Schommer
78fe189c6d
Merge pull request #8003 from open-sausages/pulls/4/docs-personal-data
...
Docs for personal data usage in core
2018-05-17 17:11:56 +12:00
Kairat Jenishev
b4ba3cbd1f
DOCS Fix broken links and headers
2018-05-03 16:42:52 +01:00
Robbie Averill
1505a89a63
Update to include note about auto redirect to HTTPS for basic auth
2018-04-24 16:42:52 +12:00
Ingo Schommer
1b882e802e
Docs for personal data usage in core
...
See https://github.com/silverstripe/silverstripe-framework/issues/7791
2018-04-13 13:23:05 +12:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1
2018-03-13 14:26:18 +13:00
cpenny
fdbf4c2134
Updated docs for Rate Limiting.
2018-03-09 08:15:11 +13:00
Gorrie Coe
3ae8838285
Added Name to example
2017-12-12 14:40:34 +13:00
Gorrie Coe
849038a60b
Added after priority to replace default authenticator.
2017-12-12 12:52:52 +13:00
Damian Mooyman
cdfb413395
Code block whitespace / formatting cleanup
2017-10-27 15:38:27 +13:00
Aaron Carlino
e7274b0ee4
Add namespaces
2017-10-27 12:45:26 +13:00
Daniel Hensby
c077abf353
DOCS new rate limiting docs
2017-09-27 17:40:04 +01:00
Simon Erkelens
774d44a574
Authentication documentation rewrite
2017-08-28 16:28:30 +12:00
Aaron Carlino
50c8a02bff
remove tabs
2017-08-07 15:11:17 +12:00