Robbie Averill
1cbf27e0f4
FIX PHP 5.3 compat for referencing $this in closure, and make method public for same reason
...
sdf
2018-06-04 16:05:49 +01:00
Damian Mooyman
5771388821
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-09 15:12:40 +12:00
Damian Mooyman
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete
...
FIX: Fix Member_GroupSet::removeAll() (fixes #3948 )
2018-01-25 09:20:30 +13:00
Loz Calver
c2cd6b3832
FIX: Fix Member_GroupSet::removeAll() ( fixes #3948 )
2018-01-24 17:17:20 +00:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt
2017-11-30 15:53:50 +13:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change
2017-11-23 21:17:31 +00:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4
2017-05-29 01:02:35 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB
2017-05-25 16:14:52 +01:00
Daniel Hensby
5a7cde0e10
Merge branch '3.4' into 3.5.0
2016-11-09 16:14:40 +00:00
Loz Calver
6bf36fbd30
FIX: Correct return type for Member::currentUser()
2016-11-09 14:20:44 +00:00
Daniel Hensby
beeed8155a
Merge branch '3.4' into 3
2016-09-16 11:56:01 +01:00
Thomas Portelange
995d07756d
cache currentUser query ( #6007 )
...
* cache currentUser query
Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)
2016-09-15 15:45:40 +01:00
Daniel Hensby
3fd9fe3aa0
Merge branch '3.4' into 3
2016-09-07 09:22:06 +01:00
Daniel Hensby
060bf6b327
Merge branch '3.3' into 3.4
2016-08-22 16:22:37 +01:00
Daniel Hensby
229a2b9217
Merge pull request #4133 from nimeso/patch-1
2016-08-22 11:52:47 +01:00
Damian Mooyman
d88516203c
Merge 3.4 into 3
2016-08-15 19:05:20 +12:00
Daniel Hensby
d1163d87b7
[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled
2016-08-15 15:52:10 +12:00
Daniel Hensby
8bbf1caae6
[SS-2016-013] FIX Uncasted member name
2016-08-15 15:52:04 +12:00
Daniel Hensby
08384bb4d6
[SS-2016-008] Reset Member::Salt
on password change
2016-08-15 15:50:56 +12:00
Daniel Hensby
b1f449762b
[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled
2016-08-15 14:07:57 +12:00
Daniel Hensby
281b0de571
[SS-2016-013] FIX Uncasted member name
2016-08-15 14:07:51 +12:00
Daniel Hensby
dc47f7ec9a
[SS-2016-008] Reset Member::Salt
on password change
2016-08-15 14:07:24 +12:00
Stevie Mayhew
b1df9dcb1d
BUGFIX: check that we have a token and a UID before attempting a member auto login
2016-05-20 09:19:08 +12:00
Damian Mooyman
4d1ddf0e62
BUG Prevent session hijackers from resetting a user password
...
BUG Member::checkPassword incorrect for default admin
2016-05-16 10:54:18 +12:00
Damian Mooyman
4f06a43986
Merge 3.3 into 3
...
# Conflicts:
# admin/javascript/lang/src/cs.js
# admin/javascript/lang/src/de.js
# admin/javascript/lang/src/en.js
# admin/javascript/lang/src/eo.js
# admin/javascript/lang/src/es.js
# admin/javascript/lang/src/fi.js
# admin/javascript/lang/src/fr.js
# admin/javascript/lang/src/id.js
# admin/javascript/lang/src/id_ID.js
# admin/javascript/lang/src/it.js
# admin/javascript/lang/src/ja.js
# admin/javascript/lang/src/lt.js
# admin/javascript/lang/src/mi.js
# admin/javascript/lang/src/nb.js
# admin/javascript/lang/src/nl.js
# admin/javascript/lang/src/pl.js
# admin/javascript/lang/src/ro.js
# admin/javascript/lang/src/ru.js
# admin/javascript/lang/src/sk.js
# admin/javascript/lang/src/sl.js
# admin/javascript/lang/src/sr.js
# admin/javascript/lang/src/sr@latin.js
# admin/javascript/lang/src/sr_RS.js
# admin/javascript/lang/src/sr_RS@latin.js
# admin/javascript/lang/src/sv.js
# admin/javascript/lang/src/zh.js
# javascript/lang/fr.js
# javascript/lang/src/ar.js
# javascript/lang/src/cs.js
# javascript/lang/src/de.js
# javascript/lang/src/en.js
# javascript/lang/src/eo.js
# javascript/lang/src/es.js
# javascript/lang/src/fi.js
# javascript/lang/src/fr.js
# javascript/lang/src/id.js
# javascript/lang/src/id_ID.js
# javascript/lang/src/it.js
# javascript/lang/src/ja.js
# javascript/lang/src/lt.js
# javascript/lang/src/mi.js
# javascript/lang/src/nb.js
# javascript/lang/src/nl.js
# javascript/lang/src/pl.js
# javascript/lang/src/ru.js
# javascript/lang/src/sk.js
# javascript/lang/src/sl.js
# javascript/lang/src/sr.js
# javascript/lang/src/sr@latin.js
# javascript/lang/src/sr_RS.js
# javascript/lang/src/sr_RS@latin.js
# javascript/lang/src/sv.js
# javascript/lang/src/zh.js
# lang/it.yml
2016-05-11 14:06:23 +12:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4
2016-05-05 11:17:45 +01:00
Daniel Hensby
f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin
2016-04-19 23:20:29 +01:00
Roman Schmid
f691a5da32
Improve Member_Validator
to:
...
- properly check for existing members.
- allow extensions.
- remove old code and replace with new syntax and add config API.
Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides.
Added unit-tests.
Establish a link between the member and the validator for said member.
2016-02-25 16:10:52 +01:00
Damian Mooyman
46cbe809ac
Merge remote-tracking branch 'origin/3.1' into 3.2
...
# Conflicts:
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
# docs/en/03_Upgrading/index.md
# docs/en/05_Contributing/01_Code.md
# forms/TreeMultiselectField.php
# security/Permission.php
2016-01-19 14:00:19 +13:00
Daniel Hensby
00544ff100
FIX session_regenerate_id uses config system
2016-01-05 22:31:58 +00:00
Damian Mooyman
94742fa3e2
BUG Revert method visibility regression
2015-11-27 13:10:52 +13:00
Damian Mooyman
c4710b2272
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
admin/code/GroupImportForm.php
admin/code/MemberImportForm.php
tests/model/DataListTest.php
2015-09-15 13:18:47 +12:00
Damian Mooyman
7367cf54c4
[ss-2015-020]: Prevent possible Privilege escalation
2015-09-10 13:01:24 +12:00
Damian Mooyman
1686c83826
Revert #3425 #3396 to restore deprecated functionality
...
Fixes #4514
2015-08-24 11:26:25 +12:00
Loz Calver
b7480b92a9
FIX: Hide 'Logged Passwords' tab in member CMS fields ( fixes #4422 )
2015-07-22 14:40:09 +01:00
Daniel Hensby
3507ddb0e8
FIX MemberPassword history removed with with Members
...
Currently Members that were deleted would still have their passwords
stored in the DB even though they were deleted. This seems unnecessary
and just increases data that could potentially be compromised later.
2015-06-24 21:04:23 +01:00
Damian Mooyman
e14f743bf0
Set deprecation level for all changes in 3.x to 4.0
2015-06-19 13:07:41 +12:00
Damian Mooyman
58cc3da8d8
API Revert DataObject::validate to 3.1 method signature (protected)
2015-06-16 11:59:21 +12:00
Jamie Barker
06e087d0f3
Check that LastVisited field exists before making it readonly
2015-04-29 11:34:32 +12:00
Damian Mooyman
43f49e8434
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
admin/code/ModelAdmin.php
control/Director.php
model/SQLQuery.php
security/Member.php
tests/control/HTTPTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Damian Mooyman
8d6cd1529f
BUG Fix some database errors during dev/build where an auth token exists for the current user
...
Fixes #3660
2015-03-25 11:34:13 +13:00
Damian Mooyman
319b96b48b
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
docs/en/05_Contributing/01_Code.md
forms/TreeDropdownField.php
model/DataObject.php
security/Member.php
tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00
Daniel Hensby
d2a3da2203
Making docs gender agnostic
2015-03-07 12:32:04 +00:00
Damian Mooyman
dff65867cc
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
control/HTTP.php
control/HTTPResponse.php
docs/en/05_Contributing/01_Code.md
forms/CompositeField.php
forms/FormAction.php
forms/FormField.php
forms/InlineFormAction.php
forms/NumericField.php
forms/TreeDropdownField.php
forms/TreeMultiselectField.php
templates/forms/TreeDropdownField.ss
tests/core/CoreTest.php
tests/forms/NumericFieldTest.php
tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Cameron Bourgeois
88ac537e96
Change date format to set AutoLoginExpired correctly
2015-02-08 19:49:54 +13:00
Elvinas L.
32ce85d9f4
FIX. Summary fields can't be translated
...
fieldLabels() now can find these fields and translate them.
2015-01-15 15:09:32 +02:00
Damian Mooyman
88fdc75456
Merge remote-tracking branch 'composer/3.1' into 3
...
Conflicts:
.editorconfig
docs/en/00_Getting_Started/00_Server_Requirements.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_IIS7.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_Platform_Installer.md
docs/en/00_Getting_Started/04_Directory_Structure.md
docs/en/00_Getting_Started/index.md
docs/en/01_Tutorials/01_Building_A_Basic_Site.md
docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
docs/en/01_Tutorials/03_Forms.md
docs/en/01_Tutorials/04_Site_Search.md
docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
docs/en/01_Tutorials/index.md
docs/en/02_Developer_Guides/00_Model/01_Data_Model_and_ORM.md
docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md
docs/en/02_Developer_Guides/01_Templates/06_Themes.md
docs/en/02_Developer_Guides/03_Forms/How_Tos/Simple_Contact_Form.md
docs/en/02_Developer_Guides/05_Extending/05_Injector.md
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
docs/en/02_Developer_Guides/10_Email/index.md
docs/en/02_Developer_Guides/11_Integration/01_RestfulService.md
docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
docs/en/02_Developer_Guides/14_Files/index.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/03_CMS_Layout.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Tree.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_Site_Reports.md
docs/en/02_Developer_Guides/18_Cookies_And_Sessions/01_Cookies.md
docs/en/04_Changelogs/3.1.9.md
docs/en/05_Contributing/00_Issues_and_Bugs.md
docs/en/05_Contributing/02_Release_Process.md
docs/en/05_Contributing/03_Documentation.md
filesystem/File.php
filesystem/GD.php
model/DataDifferencer.php
model/Versioned.php
security/BasicAuth.php
security/Member.php
tests/filesystem/FileTest.php
tests/forms/uploadfield/UploadFieldTest.php
tests/model/VersionedTest.php
tests/security/BasicAuthTest.php
2015-01-15 18:52:46 +13:00
Will Rossiter
220bdf342c
Merge pull request #3577 from tractorcow/pulls/3.1/fix-basicauth-resetlogin
...
BUG Fix BasicAuth not resetting failed login counts on authentication
2015-01-15 11:03:52 +13:00
Damian Mooyman
19549d620f
Moved deprecation of SQLQuery to 4.0
2014-12-04 09:30:50 +13:00
JorisDebonnet
1cd54e6bdc
Update Member.Email from 256 to 254 length
...
Fixes #3074
2014-11-29 22:30:11 +01:00