Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt
2017-11-30 15:53:50 +13:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration
2017-09-12 15:57:03 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB
2017-05-25 16:14:52 +01:00
Damian Mooyman
4f06a43986
Merge 3.3 into 3
...
# Conflicts:
# admin/javascript/lang/src/cs.js
# admin/javascript/lang/src/de.js
# admin/javascript/lang/src/en.js
# admin/javascript/lang/src/eo.js
# admin/javascript/lang/src/es.js
# admin/javascript/lang/src/fi.js
# admin/javascript/lang/src/fr.js
# admin/javascript/lang/src/id.js
# admin/javascript/lang/src/id_ID.js
# admin/javascript/lang/src/it.js
# admin/javascript/lang/src/ja.js
# admin/javascript/lang/src/lt.js
# admin/javascript/lang/src/mi.js
# admin/javascript/lang/src/nb.js
# admin/javascript/lang/src/nl.js
# admin/javascript/lang/src/pl.js
# admin/javascript/lang/src/ro.js
# admin/javascript/lang/src/ru.js
# admin/javascript/lang/src/sk.js
# admin/javascript/lang/src/sl.js
# admin/javascript/lang/src/sr.js
# admin/javascript/lang/src/sr@latin.js
# admin/javascript/lang/src/sr_RS.js
# admin/javascript/lang/src/sr_RS@latin.js
# admin/javascript/lang/src/sv.js
# admin/javascript/lang/src/zh.js
# javascript/lang/fr.js
# javascript/lang/src/ar.js
# javascript/lang/src/cs.js
# javascript/lang/src/de.js
# javascript/lang/src/en.js
# javascript/lang/src/eo.js
# javascript/lang/src/es.js
# javascript/lang/src/fi.js
# javascript/lang/src/fr.js
# javascript/lang/src/id.js
# javascript/lang/src/id_ID.js
# javascript/lang/src/it.js
# javascript/lang/src/ja.js
# javascript/lang/src/lt.js
# javascript/lang/src/mi.js
# javascript/lang/src/nb.js
# javascript/lang/src/nl.js
# javascript/lang/src/pl.js
# javascript/lang/src/ru.js
# javascript/lang/src/sk.js
# javascript/lang/src/sl.js
# javascript/lang/src/sr.js
# javascript/lang/src/sr@latin.js
# javascript/lang/src/sr_RS.js
# javascript/lang/src/sr_RS@latin.js
# javascript/lang/src/sv.js
# javascript/lang/src/zh.js
# lang/it.yml
2016-05-11 14:06:23 +12:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4
2016-05-05 11:17:45 +01:00
Daniel Hensby
f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin
2016-04-19 23:20:29 +01:00
Sam Minnee
3ee8f505b7
MINORE: Remove training whitespace.
...
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.
Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.
The command used was this:
for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
53c40a94fa
API Enable re-authentication within the CMS if a user session is lost
...
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
2014-10-14 15:19:48 +13:00
Damian Mooyman
eb069e605d
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814
MINOR Add newline to end of files without one
2012-04-15 10:50:19 +12:00
Stig Lindqvist
0d031a5045
API CHANGE Use Config for registering default password encryptors
...
Using the config system for registering password encryptors
Remove the eval on password encryptor construction by using reflection
Throws deprecation messages when using static register / unregister
2012-04-07 19:14:00 +12:00
Ingo Schommer
e4dfc243b4
BUGFIX Fixed SapphireTest->loginWithPermission() and MemberAuthenticatorTest to use existing Members based on their unique_identifier_field (if existing) to accommodate recent Member->onBeforeWrite() changes (see r100705) (from r100723)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@105628 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-05-25 04:24:53 +00:00
Ingo Schommer
a6362eb6e0
MINOR Fixed MemberAuthenticatorTest, was setting global state in r97357 (from r97369)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102444 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 05:01:48 +00:00
Ingo Schommer
f400c28099
BUGFIX: old 2.3 passwords now handled correctly and migrated accordingly (from r97357)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102443 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 05:01:31 +00:00
Ingo Schommer
61e27830c6
MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) (merged from r98274)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 04:05:34 +00:00
Ingo Schommer
38c71c56a3
MINOR Added flag to remaining SapphireTest subclasses
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@93977 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-30 01:56:05 +00:00
Ingo Schommer
e4ca24c7e2
BUGFIX Legacy password hash migration in MemberAuthenticator::authenticate() which fixes the precision problems mentioned in #3004 when a user logs in
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90950 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:30 +00:00