silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-04 02:19:32 +02:00

Author	SHA1	Message	Date
Daniel Hensby	69974d940a	Merge branch '3.3' into 3.4	2016-11-18 11:33:39 +00:00
Daniel Hensby	0ae4b57754	Merge branch '3.2' into 3.3	2016-11-18 11:32:36 +00:00
Daniel Hensby	5df077f24d	Merge branch '3.1' into 3.2	2016-11-18 11:29:19 +00:00
Daniel Hensby	17097a4d11	[SS-2016-016] FIX Properly escape backURL for template injection	2016-11-10 17:00:03 +00:00
Loz Calver	6bf36fbd30	FIX: Correct return type for Member::currentUser()	2016-11-09 14:20:44 +00:00
Thomas Portelange	995d07756d	cache currentUser query (#6007 ) * cache currentUser query Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)	2016-09-15 15:45:40 +01:00
Daniel Hensby	060bf6b327	Merge branch '3.3' into 3.4	2016-08-22 16:22:37 +01:00
Daniel Hensby	088d88e978	Merge branch '3.2' into 3.3	2016-08-22 16:22:02 +01:00
Daniel Hensby	229a2b9217	Merge pull request #4133 from nimeso/patch-1	2016-08-22 11:52:47 +01:00
Daniel Hensby	d1163d87b7	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 15:52:10 +12:00
Daniel Hensby	8bbf1caae6	[SS-2016-013] FIX Uncasted member name	2016-08-15 15:52:04 +12:00
Daniel Hensby	782c18fd13	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login	2016-08-15 15:51:53 +12:00
Daniel Hensby	08384bb4d6	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 15:50:56 +12:00
Daniel Hensby	fa7f5af861	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 15:02:53 +12:00
Daniel Hensby	83e3302c04	[SS-2016-013] FIX Uncasted member name	2016-08-15 15:02:47 +12:00
Daniel Hensby	6d41db77fa	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 15:02:41 +12:00
Daniel Hensby	f85dea2e6d	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 15:02:36 +12:00
Daniel Hensby	b1f449762b	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 14:07:57 +12:00
Daniel Hensby	281b0de571	[SS-2016-013] FIX Uncasted member name	2016-08-15 14:07:51 +12:00
Daniel Hensby	2b30ade44d	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 14:07:40 +12:00
Daniel Hensby	dc47f7ec9a	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 14:07:24 +12:00
Daniel Hensby	1c7d5de51b	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 13:24:06 +12:00
Daniel Hensby	6817c57f64	[SS-2016-013] FIX Uncasted member name	2016-08-15 13:21:14 +12:00
Daniel Hensby	6606d98663	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 13:20:02 +12:00
Daniel Hensby	298f61521c	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 13:19:02 +12:00
Damian Mooyman	ca754eb887	Merge 3.3 into 3.4 # Conflicts: # admin/javascript/lang/fa_IR.js # admin/javascript/lang/it.js # admin/javascript/lang/src/fa_IR.js # admin/javascript/lang/src/it.js # lang/cs.yml # lang/eo.yml # lang/fa_IR.yml # lang/fi.yml # lang/it.yml # lang/sk.yml	2016-08-05 16:48:26 +12:00
Damian Mooyman	0d5ae23f2b	Merge 3.2 into 3.3	2016-08-05 14:36:35 +12:00
Andrew Aitken-Fincham	66f2e6811b	modify getAuthenticator to fall back to get_default_authenticator	2016-08-03 10:36:43 +12:00
Daniel Hensby	c35dc508cb	Merge branch '3.3' into 3.4	2016-07-04 23:53:55 +01:00
Damian Mooyman	f1a0aef0d7	BUG fix CMS_ACCESS permission being ignored if in incorrect order in array	2016-06-28 17:45:15 +12:00
Damian Mooyman	4d1ddf0e62	BUG Prevent session hijackers from resetting a user password BUG Member::checkPassword incorrect for default admin	2016-05-16 10:54:18 +12:00
Damian Mooyman	4f06a43986	Merge 3.3 into 3 # Conflicts: # admin/javascript/lang/src/cs.js # admin/javascript/lang/src/de.js # admin/javascript/lang/src/en.js # admin/javascript/lang/src/eo.js # admin/javascript/lang/src/es.js # admin/javascript/lang/src/fi.js # admin/javascript/lang/src/fr.js # admin/javascript/lang/src/id.js # admin/javascript/lang/src/id_ID.js # admin/javascript/lang/src/it.js # admin/javascript/lang/src/ja.js # admin/javascript/lang/src/lt.js # admin/javascript/lang/src/mi.js # admin/javascript/lang/src/nb.js # admin/javascript/lang/src/nl.js # admin/javascript/lang/src/pl.js # admin/javascript/lang/src/ro.js # admin/javascript/lang/src/ru.js # admin/javascript/lang/src/sk.js # admin/javascript/lang/src/sl.js # admin/javascript/lang/src/sr.js # admin/javascript/lang/src/sr@latin.js # admin/javascript/lang/src/sr_RS.js # admin/javascript/lang/src/sr_RS@latin.js # admin/javascript/lang/src/sv.js # admin/javascript/lang/src/zh.js # javascript/lang/fr.js # javascript/lang/src/ar.js # javascript/lang/src/cs.js # javascript/lang/src/de.js # javascript/lang/src/en.js # javascript/lang/src/eo.js # javascript/lang/src/es.js # javascript/lang/src/fi.js # javascript/lang/src/fr.js # javascript/lang/src/id.js # javascript/lang/src/id_ID.js # javascript/lang/src/it.js # javascript/lang/src/ja.js # javascript/lang/src/lt.js # javascript/lang/src/mi.js # javascript/lang/src/nb.js # javascript/lang/src/nl.js # javascript/lang/src/pl.js # javascript/lang/src/ru.js # javascript/lang/src/sk.js # javascript/lang/src/sl.js # javascript/lang/src/sr.js # javascript/lang/src/sr@latin.js # javascript/lang/src/sr_RS.js # javascript/lang/src/sr_RS@latin.js # javascript/lang/src/sv.js # javascript/lang/src/zh.js # lang/it.yml	2016-05-11 14:06:23 +12:00
Daniel Hensby	d1751e3310	Merge remote-tracking branch '3.2.4' into 3.3.2	2016-05-05 12:33:21 +01:00
Daniel Hensby	cf29b2c146	Merge remote-tracking branch '3.1.19' into 3.2.4	2016-05-05 11:17:45 +01:00
Daniel Hensby	92599727b9	Merge remote-tracking branch 'security/patch/3.1/ss-2016-006' into 3.1.19	2016-05-05 01:01:49 +01:00
Daniel Hensby	7af7f8dd65	Merge remote-tracking branch 'security/patch/3.1/ss-2016-005' into 3.1.19	2016-05-05 01:01:44 +01:00
Daniel Hensby	457931d664	Merge branch '3.3' into 3	2016-05-04 23:32:10 +01:00
Damian Mooyman	2a5ba397e6	BUG Fix SS_HTTPResponse being cast as string (#5413 ) Fixes #5335	2016-05-02 08:54:19 +12:00
Daniel Hensby	1ccd3926e3	[SS-2016-001] FIX Properly check backurl on CMSSecurity@success	2016-04-20 23:58:50 +01:00
Daniel Hensby	a6bd22ab2f	[SS-2016-006] FIX dont disable XSS for login forms	2016-04-20 23:57:59 +01:00
Daniel Hensby	f32c893546	[SS-2016-005] FIX Apply brute force protection to default admin	2016-04-19 23:20:29 +01:00
Damian Mooyman	e1865151c5	Merge pull request #5098 from bummzack/5086-fix-member-validator Fix for issue #5086	2016-02-26 14:39:53 +13:00
Roman Schmid	f691a5da32	Improve `Member_Validator` to: - properly check for existing members. - allow extensions. - remove old code and replace with new syntax and add config API. Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides. Added unit-tests. Establish a link between the member and the validator for said member.	2016-02-25 16:10:52 +01:00
Damian Mooyman	8c1cafd1a0	Merge remote-tracking branch 'origin/3.3' into 3 # Conflicts: # admin/scss/_forms.scss # admin/scss/_style.scss # admin/scss/_tree.scss # javascript/TreeDropdownField.js	2016-01-19 17:08:26 +13:00
Damian Mooyman	5d240feaec	Merge remote-tracking branch 'origin/3.2' into 3.3	2016-01-19 15:08:24 +13:00
Damian Mooyman	46cbe809ac	Merge remote-tracking branch 'origin/3.1' into 3.2 # Conflicts: # docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md # docs/en/02_Developer_Guides/14_Files/01_Image.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md # docs/en/03_Upgrading/index.md # docs/en/05_Contributing/01_Code.md # forms/TreeMultiselectField.php # security/Permission.php	2016-01-19 14:00:19 +13:00
Denise Rivera	7e32268ede	display filtered roles when not an admin	2016-01-11 13:05:10 +13:00
Sam Minnee	3ee8f505b7	MINORE: Remove training whitespace. The main benefit of this is so that authors who make use of .editorconfig don't end up with whitespace changes in their PRs. Spaces vs. tabs has been left alone, although that could do with a tidy-up in SS4 after the switch to PSR-1/2. The command used was this: for match in '.ss' '.css' '.scss' '.html' '.yml' '.php' '.js' '.csv' '.inc' '.php5'; do find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+ find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" \| xargs perl -pi -e 's/ +$//' done	2016-01-07 10:15:54 +13:00
Damian Mooyman	21e1e938eb	Merge pull request #4893 from dhensby/pulls/member-regenerate-session-id FIX session_regenerate_id uses config system	2016-01-06 15:16:31 +13:00
Daniel Hensby	00544ff100	FIX session_regenerate_id uses config system	2016-01-05 22:31:58 +00:00

1 2 3 4 5 ...

1117 Commits