tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
21,677 Commits 31 Branches 527 Tags
Commit Graph

3131 Commits

Author SHA1 Message Date
Simon Erkelens
2b26cafcff Separate out the log-out handling. 
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
 2017-06-07 21:11:58 +12:00
Antony Thorpe
6348f2e3e8 Updated Form.php & 04_Form_Security.md 
Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting.  In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]."  The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)).

Why not make this the default behaviour?  Is there a scenario where this would cause a problem?  Have manually tested in the CMS (alpha7) and is working fine.

Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.
 2017-06-06 21:10:49 +12:00
Damian Mooyman
9b965ed5fa
Add in missing changelog notes 2017-06-06 11:08:05 +12:00
Ingo Schommer
b137e91998 Internal security process docs 2017-06-02 11:30:12 +12:00
Justin Brown
ac08e16720 Update to 00_CSV_Import.md 
Adding further explanation for using a custom CsvBulkLoader in ModelAdmin instead of the default one. I think some people might be able to guess at this, but others (like me) might benefit from making things a bit more explicit. This a follow up from my [question on StackOverflow](https://stackoverflow.com/questions/44271755/adding-custom-csvbulkuploader-to-modeladmin-in-silverstripe).
 2017-05-31 09:05:05 -06:00
Ed Linklater
f007fca51f Docs: Correct Stevie's name on committers page 2017-05-31 12:27:06 +12:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3 2017-05-31 00:12:14 +01:00
Daniel Hensby
becb769167
Merge branch '3.5' into 3.6 2017-05-31 00:11:48 +01:00
Daniel Hensby
294df1320f
Merge branch '3.4' into 3.5 2017-05-31 00:11:18 +01:00
Daniel Hensby
143c4a63cf
Added 3.6.0 changelog 2017-05-30 22:11:03 +00:00
Daniel Hensby
2f7f761a9c
Added 3.5.4 changelog 2017-05-30 22:03:17 +00:00
Daniel Hensby
deca99a5fe
Added 3.4.6 changelog 2017-05-30 21:58:52 +00:00
Damian Mooyman
e7d87add9f API Remove legacy HTMLEditor classes 2017-05-30 11:01:28 +12:00
Nick
318b0248b7 Update 05_Dataobject_Relationship_Management.md 
Correct a naffed up code block and a typo
 2017-05-29 20:54:50 +12:00
Daniel Hensby
659053a256
Added 3.6.0-rc1 changelog 2017-05-29 00:36:04 +00:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0 2017-05-29 01:29:05 +01:00
Daniel Hensby
9a38bedd18
Added 3.5.4-rc1 changelog 2017-05-29 00:08:27 +00:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4 2017-05-29 01:02:35 +01:00
Daniel Hensby
b5ad4bdcc6
Added 3.4.6-rc2 changelog 2017-05-28 23:49:04 +00:00
Daniel Hensby
eeb549faf3
Added 3.4.6-rc1 changelog 2017-05-28 21:34:38 +00:00
Aaron Carlino
06615e3d76 Resample doc images for react di 2017-05-26 11:08:07 +12:00
Chris Joe
5ec8d40c19 Merge pull request #6957 from open-sausages/pulls/4/react-di-documentation 
Docs for React DI
 2017-05-26 10:59:42 +12:00
Daniel Hensby
893f19a5ea
DOCS Updating index definition examples 2017-05-25 23:29:12 +01:00
Aaron Carlino
bfc373cf0f update docs with new api 2017-05-25 16:34:32 +12:00
Aaron Carlino
75981989b0 Docs for React DI 2017-05-25 14:58:55 +12:00
Christopher Joe
e327bf3c70 Enhancement add contribution notes about releasing to NPM 2017-05-24 17:07:05 +12:00
Damian Mooyman
fba8e2c245 API Remove Object class 
API DataObjectSchema::manyManyComponent() return array is now associative array
 2017-05-23 13:50:35 +12:00
Damian Mooyman
2aa3b5d5fa Merge pull request #6934 from robbieaverill/pulls/4.0/consistent-instance-method 
API Consistent use of inst() naming across framework
 2017-05-22 11:57:20 +12:00
Damian Mooyman
4197090e11 Merge pull request #6940 from kinglozzer/randomgenerator 
Only use random_bytes() for RandomGenerator (closes #6397)
 2017-05-22 10:29:55 +12:00
Loz Calver
e653e90997 Only use random_bytes() for RandomGenerator (closes #6397) 2017-05-19 11:18:56 +01:00
Robbie Averill
f2cbe86f03 Remove CustomMethods::createMethod and create_function implementations, replace with closures 2017-05-19 15:56:44 +12:00
Robbie Averill
ad43a82923 API Consistent use of inst() naming across framework 2017-05-19 14:38:06 +12:00
Ingo Schommer
100048da33 API PSR-11 compliance (fixes #6594) (#6931) 
Note that our usage of `$asSingleton` in `get()` is fine. Quote from the PSR:

> Two successive calls to get with the same identifier SHOULD return the same value. However, depending on the implementor design and/or user configuration, different values might be returned, so user SHOULD NOT rely on getting the same value on 2 successive calls.
 2017-05-19 13:45:07 +12:00
Daniel Hensby
283e3279be
Merge branch '3.6' into 3 2017-05-18 13:55:07 +01:00
Loz Calver
471166c15e Merge pull request #6169 from open-sausages/pulls/4.0/duplicate-manymany-option 
API Duplication of many_many relationships now defaults to many_many only
 2017-05-17 09:31:09 +01:00
Damian Mooyman
f5f6fdce12
API Duplication of many_many relationships now defaults to many_many only 
Fixes https://github.com/silverstripe/silverstripe-cms/issues/1453
 2017-05-16 23:26:39 +12:00
Colm McBarron
8666d4abb2 Update YAML format to use namespace 2017-05-16 11:49:39 +01:00
Damian Mooyman
259f957ce8 API Rename services to match FQN of interface / classes 2017-05-16 14:15:49 +12:00
Damian Mooyman
0b70b008b3 API Implement InheritedPermission calculator (#6877) 
* API Implement InheritedPermission calculator

* API Rename RootPermissions to DefaultPermissionChecker
API Refactor inherited permission fields into InheritedPermissionExtension
API Introduce PermissionChecker interface
 2017-05-11 21:07:27 +12:00
Aaron Carlino
7fa47e234f New API for minified files using injectable service 2017-05-11 10:14:16 +12:00
Daniel Hensby
9bdce9790d
Added 3.6.0-beta2 changelog 2017-05-10 21:55:25 +01:00
Ingo Schommer
da3236b0e7 Merge pull request #6887 from open-sausages/pulls/4.0/docs-calendar-year-format 
Doc dateformats with calendar year
 2017-05-09 23:07:25 +12:00
Loz Calver
7ae203908f Merge pull request #6882 from robbieaverill/patch-6 
DOCS Fix broken markdown rendering in 03_Template_debugging.md
 2017-05-09 09:38:28 +01:00
Sam Minnée
33119a1f36 Merge branch 'master' into pulls/4.0/remove-deprecated-methods 2017-05-09 15:31:53 +12:00
Ingo Schommer
7c2f49d443 API Removed RootURLController:set_default_homepage_link() 2017-05-09 11:38:35 +12:00
Ingo Schommer
cec983b628 API Removed deprecated ModelAsController::find_old_page() 2017-05-09 11:38:35 +12:00
Ingo Schommer
5784a7d2d7 API Removed deprecated Security::set_login_recording() 2017-05-09 11:38:35 +12:00
Ingo Schommer
2a7c76e9e9 API Removed deprecated DatabaseAdmin#clearAllData() 2017-05-09 11:38:35 +12:00
Ingo Schommer
81e5c7ac40 API Removed deprecated Session::set_config() 2017-05-09 11:38:35 +12:00
Ingo Schommer
1d438d3fb5 API Remove deprecated FormAction::createTag() 2017-05-09 11:38:35 +12:00