Damian Mooyman
3dada00905
Cleanup trailing whitespace
2016-03-09 10:20:31 +13:00
Ingo Schommer
3b11d73c46
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# forms/gridfield/GridFieldDetailForm.php
# javascript/GridField.js
2016-03-07 09:26:35 +13:00
Damian Mooyman
b196d33bfa
API Ownership API
...
API Filter Relation. query parameters from relations when creating objects
API Versioned::publish now triggers invokeWithExtensions
API Update behaviour of versioned for all_versions mode to respect ID filters
API Tweak behaviour of inherited query parameters
2016-02-29 14:38:44 +13:00
Damian Mooyman
e1865151c5
Merge pull request #5098 from bummzack/5086-fix-member-validator
...
Fix for issue #5086
2016-02-26 14:39:53 +13:00
Roman Schmid
f691a5da32
Improve Member_Validator
to:
...
- properly check for existing members.
- allow extensions.
- remove old code and replace with new syntax and add config API.
Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides.
Added unit-tests.
Establish a link between the member and the validator for said member.
2016-02-25 16:10:52 +01:00
Jean-Fabien Barrois
bab1f230bf
NEW Cross device "Remember Me" feature
...
At the moment, using the "Remember me" function on more than one device will only work with the last device used. Previous devices will not auto login.
This PR introduces a new DataObject for storing hashed tokens against multiple devices. Developers can configure if logging out should discard all tokens, or only the one used on the device logging out; token expiry date is 90 days by default but configurable. For added security, the old behaviour can still be enforced if multiple tokens are not desired.
See silverstripe#1574 for additional background
2016-02-10 09:42:08 +13:00
Damian Mooyman
e77389d0c8
API Standardise SS_List::map() implementation
...
Fixes #1593
2016-01-25 10:22:47 +13:00
Damian Mooyman
e6b877df27
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# control/Director.php
# control/HTTP.php
# core/startup/ParameterConfirmationToken.php
# docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md
# docs/en/00_Getting_Started/04_Directory_Structure.md
# docs/en/00_Getting_Started/05_Coding_Conventions.md
# docs/en/01_Tutorials/01_Building_A_Basic_Site.md
# docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
# docs/en/01_Tutorials/03_Forms.md
# docs/en/01_Tutorials/04_Site_Search.md
# docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
# docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
# docs/en/02_Developer_Guides/13_i18n/index.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
# docs/en/03_Upgrading/index.md
# docs/en/changelogs/index.md
# docs/en/howto/customize-cms-menu.md
# docs/en/howto/navigation-menu.md
# docs/en/index.md
# docs/en/installation/index.md
# docs/en/installation/windows-manual-iis-6.md
# docs/en/misc/contributing/code.md
# docs/en/misc/contributing/issues.md
# docs/en/misc/module-release-process.md
# docs/en/reference/dataobject.md
# docs/en/reference/execution-pipeline.md
# docs/en/reference/grid-field.md
# docs/en/reference/modeladmin.md
# docs/en/reference/rssfeed.md
# docs/en/reference/templates.md
# docs/en/topics/commandline.md
# docs/en/topics/debugging.md
# docs/en/topics/email.md
# docs/en/topics/forms.md
# docs/en/topics/index.md
# docs/en/topics/module-development.md
# docs/en/topics/modules.md
# docs/en/topics/page-type-templates.md
# docs/en/topics/page-types.md
# docs/en/topics/search.md
# docs/en/topics/testing/index.md
# docs/en/topics/testing/testing-guide-troubleshooting.md
# docs/en/topics/theme-development.md
# docs/en/tutorials/1-building-a-basic-site.md
# docs/en/tutorials/2-extending-a-basic-site.md
# docs/en/tutorials/3-forms.md
# docs/en/tutorials/4-site-search.md
# docs/en/tutorials/5-dataobject-relationship-management.md
# docs/en/tutorials/building-a-basic-site.md
# docs/en/tutorials/dataobject-relationship-management.md
# docs/en/tutorials/extending-a-basic-site.md
# docs/en/tutorials/forms.md
# docs/en/tutorials/index.md
# docs/en/tutorials/site-search.md
# main.php
# model/SQLQuery.php
# security/ChangePasswordForm.php
# security/MemberLoginForm.php
# tests/control/ControllerTest.php
# tests/core/startup/ParameterConfirmationTokenTest.php
# tests/model/SQLQueryTest.php
# tests/security/SecurityTest.php
# tests/view/SSViewerTest.php
# view/SSTemplateParser.php
# view/SSTemplateParser.php.inc
# view/SSViewer.php
2016-01-20 13:16:27 +13:00
Damian Mooyman
8c1cafd1a0
Merge remote-tracking branch 'origin/3.3' into 3
...
# Conflicts:
# admin/scss/_forms.scss
# admin/scss/_style.scss
# admin/scss/_tree.scss
# javascript/TreeDropdownField.js
2016-01-19 17:08:26 +13:00
Damian Mooyman
5d240feaec
Merge remote-tracking branch 'origin/3.2' into 3.3
2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac
Merge remote-tracking branch 'origin/3.1' into 3.2
...
# Conflicts:
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
# docs/en/03_Upgrading/index.md
# docs/en/05_Contributing/01_Code.md
# forms/TreeMultiselectField.php
# security/Permission.php
2016-01-19 14:00:19 +13:00
Sam Minnee
3ee8f505b7
MINORE: Remove training whitespace.
...
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.
Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.
The command used was this:
for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Daniel Hensby
4335d8ed22
FIX Members with no ID inherit logged in user permission
2016-01-05 08:16:18 +00:00
Damian Mooyman
19b10044ec
Merge remote-tracking branch 'origin/3.2' into 3
2015-12-22 17:05:07 +13:00
Mateusz Uzdowski
5a21b2fb15
BUG Guard against users being added to all groups on unsaved Group.
...
If ->Members()->add() is called on an unsaved group (with ID 0), the
collateFamilyIDs() will errorneously return all root Groups thinking
it's looking for Groups with ParentID=0. As a result, the Member will be
added to all root groups, instead of just the selected group and all its
children.
2015-12-11 14:51:51 +13:00
Loz Calver
977642daa9
Remove Spyc YAML library
...
Also had to fix some fixture files - none of the YAML spec versions actually support tabs anyway
2015-10-19 17:07:34 +01:00
Damian Mooyman
10dece653f
API Consolidate DataObject db methods
...
BUG Fix namespace and getField on composite fields
2015-09-22 10:38:12 +12:00
Damian Mooyman
71b8aec306
Merge remote-tracking branch 'origin/3.2' into 3
2015-09-15 13:35:51 +12:00
Damian Mooyman
c4710b2272
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
admin/code/GroupImportForm.php
admin/code/MemberImportForm.php
tests/model/DataListTest.php
2015-09-15 13:18:47 +12:00
Damian Mooyman
7367cf54c4
[ss-2015-020]: Prevent possible Privilege escalation
2015-09-10 13:01:24 +12:00
Damian Mooyman
f10785350e
Merge remote-tracking branch 'origin/3.2' into 3
...
Conflicts:
docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md
2015-09-09 14:50:47 +12:00
Damian Mooyman
309ac0d196
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
.travis.yml
admin/code/CMSProfileController.php
admin/tests/LeftAndMainTest.php
control/HTTP.php
security/Permission.php
tests/forms/FormTest.php
tests/model/ArrayListTest.php
tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Stevie Mayhew
1b57e0ca5b
FEATURE: implement getter and setter usage for response
2015-08-29 10:24:06 +12:00
Daniel Hensby
2d4b743090
FIX Members can access their own profiles in CMS
2015-08-26 15:47:51 +01:00
Daniel Hensby
6eede57ff2
Fix issue where Access All CMS Sections doesnt work
2015-08-20 22:30:43 +01:00
Daniel Hensby
3507ddb0e8
FIX MemberPassword history removed with with Members
...
Currently Members that were deleted would still have their passwords
stored in the DB even though they were deleted. This seems unnecessary
and just increases data that could potentially be compromised later.
2015-06-24 21:04:23 +01:00
Damian Mooyman
1d122803cc
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
dev/SapphireTest.php
docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
forms/DatetimeField.php
forms/NullableField.php
forms/NumericField.php
forms/gridfield/GridField.php
tests/control/DirectorTest.php
tests/model/DataObjectSchemaGenerationTest.php
tests/model/MySQLDatabaseTest.php
2015-06-19 10:48:07 +12:00
Daniel Hensby
3ee5b24898
Nest and unnest Config and Controller for each test and test suite
2015-06-11 16:37:25 +01:00
Damian Mooyman
8331171f2c
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
.scrutinizer.yml
admin/javascript/LeftAndMain.Panel.js
core/startup/ParameterConfirmationToken.php
dev/Debug.php
dev/FixtureBlueprint.php
docs/en/00_Getting_Started/05_Coding_Conventions.md
docs/en/00_Getting_Started/index.md
docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
filesystem/File.php
filesystem/Folder.php
forms/FieldList.php
forms/LabelField.php
forms/MoneyField.php
forms/TextField.php
forms/TreeDropdownField.php
forms/Validator.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldExportButton.php
lang/de.yml
lang/fi.yml
model/DataObject.php
model/SQLQuery.php
parsers/ShortcodeParser.php
security/ChangePasswordForm.php
security/Security.php
tests/control/DirectorTest.php
tests/core/startup/ParameterConfirmationTokenTest.php
tests/dev/FixtureBlueprintTest.php
tests/forms/FieldListTest.php
tests/forms/MoneyFieldTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
0a8f328947
Fix merge / test regressions
2015-05-28 16:59:05 +12:00
Damian Mooyman
95c162ef0d
API Security better respects BackURL on login
...
BUG Restore missing authentication message not appearing in the login form $Content area (regression from #1807 )
2015-03-31 20:22:35 +13:00
Damian Mooyman
43f49e8434
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
admin/code/ModelAdmin.php
control/Director.php
model/SQLQuery.php
security/Member.php
tests/control/HTTPTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Daniel Hensby
de2aa47250
Merge pull request #4006 from kinglozzer/patch-1
...
FIX: Security::$default_message_set Config value unusable
2015-03-17 17:05:01 +00:00
Loz Calver
a61c08d031
FIX: Security::$default_message_set Config value unusable
2015-03-17 15:51:31 +00:00
Loz Calver
c58f4c469d
Replace core uses of DataObject::has_one/has_many/many_many
2015-03-13 16:16:12 +00:00
Damian Mooyman
88fdc75456
Merge remote-tracking branch 'composer/3.1' into 3
...
Conflicts:
.editorconfig
docs/en/00_Getting_Started/00_Server_Requirements.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_IIS7.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_Platform_Installer.md
docs/en/00_Getting_Started/04_Directory_Structure.md
docs/en/00_Getting_Started/index.md
docs/en/01_Tutorials/01_Building_A_Basic_Site.md
docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
docs/en/01_Tutorials/03_Forms.md
docs/en/01_Tutorials/04_Site_Search.md
docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
docs/en/01_Tutorials/index.md
docs/en/02_Developer_Guides/00_Model/01_Data_Model_and_ORM.md
docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md
docs/en/02_Developer_Guides/01_Templates/06_Themes.md
docs/en/02_Developer_Guides/03_Forms/How_Tos/Simple_Contact_Form.md
docs/en/02_Developer_Guides/05_Extending/05_Injector.md
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
docs/en/02_Developer_Guides/10_Email/index.md
docs/en/02_Developer_Guides/11_Integration/01_RestfulService.md
docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
docs/en/02_Developer_Guides/14_Files/index.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/03_CMS_Layout.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Tree.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_Site_Reports.md
docs/en/02_Developer_Guides/18_Cookies_And_Sessions/01_Cookies.md
docs/en/04_Changelogs/3.1.9.md
docs/en/05_Contributing/00_Issues_and_Bugs.md
docs/en/05_Contributing/02_Release_Process.md
docs/en/05_Contributing/03_Documentation.md
filesystem/File.php
filesystem/GD.php
model/DataDifferencer.php
model/Versioned.php
security/BasicAuth.php
security/Member.php
tests/filesystem/FileTest.php
tests/forms/uploadfield/UploadFieldTest.php
tests/model/VersionedTest.php
tests/security/BasicAuthTest.php
2015-01-15 18:52:46 +13:00
Will Rossiter
220bdf342c
Merge pull request #3577 from tractorcow/pulls/3.1/fix-basicauth-resetlogin
...
BUG Fix BasicAuth not resetting failed login counts on authentication
2015-01-15 11:03:52 +13:00
Damian Mooyman
6baf63e18c
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
dev/install/install.php5
docs/en/changelogs/index.md
security/Security.php
2014-11-19 11:16:46 +13:00
Damian Mooyman
2bdfd65e9b
BUG Security::findAnAdministrator doesn't always find an admin
2014-11-18 15:36:34 +13:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
9d78eb7fe6
BUG Fix BasicAuth not resetting failed login counts on authentication
2014-10-24 14:19:12 +13:00
Damian Mooyman
53c40a94fa
API Enable re-authentication within the CMS if a user session is lost
...
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
2014-10-14 15:19:48 +13:00
Sean Harvey
0e07f1a7f5
Merge remote-tracking branch 'origin/3.0' into 3.1
2014-08-22 17:50:36 +12:00
Ingo Schommer
1661213e5b
FIX Opt-out pf form message escaping ( fixes #2796 )
...
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/ .
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.
We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803 .
2014-08-22 16:59:34 +12:00
Damian Mooyman
eb069e605d
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Damian Mooyman
d8e9af8af8
API New Database abstraction layer. Ticket #7429
...
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
1dcaf36c9b
Fix merge regressions
2014-04-22 13:28:44 +12:00
Damian Mooyman
982ad569b9
Merge remote-tracking branch 'origin/3.1'
2014-04-22 12:09:51 +12:00
Damian Mooyman
997077ae83
API Security.remember_username to disable login form autocompletion
2014-04-11 09:05:25 +12:00
Simon Welsh
d431e98ecf
Merge branch '3.1'
...
Conflicts:
forms/Form.php
forms/FormField.php
security/Member.php
security/MemberLoginForm.php
2014-03-10 22:58:49 +13:00