Commit Graph

237 Commits

Author SHA1 Message Date
Sean Harvey
151abde17d Merge pull request #388 from chillu/trac/7170-i18n-sprintf-injections
#7170 i18n sprintf injections
2012-05-02 16:18:30 -07:00
Andrew O'Neil
fa60f9e8b2 ENHANCEMENT: Implement blowfish encryption and use it by default. (#7111) 2012-05-02 13:51:29 +12:00
Ingo Schommer
7b18d9d0da MINOR Switching _t() calls from sprintf() to using injection parameters (#7170) 2012-05-01 22:17:00 +02:00
Sean Harvey
0882741f54 API CHANGE Renamed setModel for DataModel instances to setDataModel for
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Ingo Schommer
d44f6b3e1f MINOR Removed deprecated usage of $priority argument in _t() calls 2012-04-15 17:17:17 +02:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Sean Harvey
fd3de5158d BUGFIX Use of Link() in security classes now refers to $this->controller
instead of calling the instance method Link statically (which isn't
allowed for E_STRICT compliance.)
2012-04-12 12:09:39 +12:00
Ingo Schommer
a3d99b082d MINOR Resetting Security::$database_is_ready state during tests (regression from a9509a610d) 2012-04-11 17:22:55 +02:00
Stig Lindqvist
a9509a610d MINOR Security::database_is_ready() check are doing duplicate DB queries for Members.
The will make sure that if the database has been ready once, it is ready for the rest of the request
2012-04-12 00:29:35 +12:00
Ingo Schommer
40d73127ae MINOR Using late static binding instead of Object::create() calls 2012-04-04 17:10:31 +02:00
Andrew O'Neil
86ef281d8f BUGFIX: #7019 Fix SQL error when building database after adding a Member DataExtension in non-dev mode 2012-03-21 11:53:38 +13:00
Sean Harvey
2644cbb6e9 BUGFIX Remove use of encryptPasswords; use PasswordEncryptor_None
instead
2012-03-09 15:31:33 +13:00
Sean Harvey
d0a0df0b8e API CHANGE Removed Security::$useSalt static, please use a custom PasswordEncryptor instead 2012-03-09 15:06:12 +13:00
Sean Harvey
aca2b2f3b5 API CHANGE Removed deprecated Security::get_encryption_algorithms() - please use PasswordEncryptor::get_encryptors() instead 2012-03-09 14:51:34 +13:00
Sean Harvey
6e58026c27 API CHANGE Removed deprecated Security::encrypt_passwords() - please use PasswordEncryptor_None instead. 2012-03-09 14:50:14 +13:00
Ingo Schommer
5911abc0f6 API CHANGE Removed prototype.js style $() alias usage for document.getElementById() to avoid confusion with the more common jQuery() alias.
API CHANGE Removed several unsed JavaScript globals: sprintf(), Number.prototype.CURRENCIES, Number.prototype.toCurrency(), String.prototype.ucfirst(), jQuery.fn.clearFields(), jQuery.fn.clearInputs()
MINOR Removed prototype_improvements.js and jquery_improvements.js files, now contained in individual component code (or removed altogether)
2012-02-16 12:27:47 +01:00
Sam Minnee
06605ffadc ENHANCEMENT: Provide a default Controller::Link() method, meaning that Controller objects can be constructed to help with testing forms. 2012-01-10 16:39:12 +13:00
Sam Minnee
ce6d24c379 BUGFIX: Remvoed unused method Security::authenticate() 2012-01-10 11:10:38 +13:00
Ingo Schommer
ef514b924e MINOR Fixed SecurityAdmin styling 2012-01-09 10:09:40 +01:00
Sam Minnee
38c3410d81 MINOR: Remove use of deprecated join() from Security::findAnAdministrator. 2011-10-29 17:47:19 +13:00
Sam Minnee
ff9b9e17af MINOR: Removed use of deprecated Director::redirect* functions. 2011-10-29 17:36:37 +13:00
Sam Minnee
e5afa25522 MINOR: Use Deprecation class to indicate deprecated methods in core. 2011-10-29 17:34:31 +13:00
ajshort
1f6f7f0862 API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
Sam Minnee
7fbb919ce8 API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
Sam Minnee
de1494e3a8 ENHANCEMENT: Implemented DataList as the successor of DataObjectSet. DataList doesn't execute the query until it's actually needed, allowing for a more flexible ORM.
API CHANGE: augmentSQL is now passed a DataQuery object from which query parameters can be extracted.
API CHANGE: DataObjectDecorators that manipulate the query can now define augmentDataQueryCreation().
API CHANGE: The container class argument for DataObject::get() is deprecated.
API CHANGE: DataObject::buildSQL() and DataObject::extendedSQL() are deprecated; just use DataObject::get() now.
API CHANGE: DataObject::instance_get() and DataObject::instance_get_one() are deprecated, and can no longer be overloaded.
API CHANGE: DataObject::buildDataObjectSet() is deprecated.
API CHANGE: Cant't call manual manipulation methods on DataList such as insertFirst()
2011-05-01 15:25:45 +12:00
Ingo Schommer
43491c2641 MINOR Reducing number of asset downloads by combining files in LeftAndMain->init() and including full jquery.ui.css instead of multiple @import statements 2011-04-25 21:36:51 +12:00
Julian Seidenberg
e3f15dba9e BUGFIX: %40 instead of @ when using forgot password fix (fixes #6314, thanks Fragarach 87) 2011-03-30 18:16:16 +13:00
Ingo Schommer
e1b249d0d8 BUGFIX Allowing Security controller methods to work without Page or Page_Controller classes (now moved to 'cms' module) 2011-03-29 18:07:57 +13:00
Paul Meyrick
dc36725869 MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00
Julian Seidenberg
52070a0c3a ENHANCEMENT: including all of jquery-ui instead of specifying individual pieces of it. This is a larger download size, but should be quicker overall as it is just a single download instead of lots of small files. 2011-02-24 17:07:24 +13:00
Julian Seidenberg
a836456cd9 BUGFIX: updated links to new jquery ui file paths 2011-02-24 12:07:34 +13:00
Sam Minnee
27246ce982 MINOR: Fixed 2.4 mergeback 2011-02-22 10:53:58 +13:00
Sam Minnee
1e0c4ae8d1 Merge branch '2.4'
Conflicts:
	cache/Cache.php
	cli/CliController.php
	core/Convert.php
	core/Core.php
	core/ManifestBuilder.php
	core/Object.php
	core/SSViewer.php
	core/control/ContentController.php
	core/control/ContentNegotiator.php
	core/control/FormResponse.php
	core/control/RequestHandler.php
	core/control/SilverStripeNavigatorItem.php
	core/i18n.php
	core/i18nTextCollector.php
	core/model/DataObjectSet.php
	core/model/Hierarchy.php
	core/model/Image.php
	core/model/MySQLDatabase.php
	core/model/SiteConfig.php
	core/model/SiteTree.php
	core/model/Translatable.php
	core/model/VirtualPage.php
	dev/Debug.php
	dev/SapphireTest.php
	dev/TestRunner.php
	dev/YamlFixture.php
	dev/install/MySQLDatabaseConfigurationHelper.php
	docs/en/installation/from-source.md
	docs/en/topics/themes.md
	docs/en/tutorials/4-site-search.md
	email/Mailer.php
	filesystem/File.php
	filesystem/Folder.php
	forms/ComplexTableField.php
	forms/CurrencyField.php
	forms/DateField.php
	forms/FieldSet.php
	forms/FileField.php
	forms/FileIFrameField.php
	forms/HtmlEditorConfig.php
	forms/HtmlEditorField.php
	forms/SelectionGroup.php
	forms/SimpleImageField.php
	forms/TabSet.php
	forms/TableField.php
	forms/TableListField.php
	forms/TreeDropdownField.php
	forms/TreeMultiselectField.php
	integration/Geoip.php
	javascript/SelectionGroup.js
	javascript/TreeSelectorField.js
	javascript/UpdateURL.js
	javascript/core/jquery.ondemand.js
	javascript/tiny_mce_improvements.js
	javascript/tree/tree.js
	lang/en_US.php
	search/ContentControllerSearchExtension.php
	security/Group.php
	security/Member.php
	security/PermissionCheckboxSetField.php
	security/PermissionRole.php
	security/Security.php
	static-main.php
	templates/RelationComplexTableField.ss
	templates/TableListField.ss
	tests/ConvertTest.php
	tests/DataObjectSetTest.php
	tests/DataObjectTest.php
	tests/DataObjectTest.yml
	tests/RequestHandlingTest.php
	tests/SSViewerTest.php
	tests/SiteTreePermissionsTest.php
	tests/SiteTreeTest.php
	tests/TransactionTest.php
	tests/api/RestfulServiceTest.php
	tests/control/DirectorTest.php
	tests/control/ModelAsControllerTest.php
	tests/fieldtypes/WidgetAreaEditorTest.php
	tests/forms/CurrencyFieldTest.php
	tests/forms/FormTest.php
	tests/model/DatabaseTest.php
	tests/model/ImageTest.php
	tests/search/ContentControllerSearchExtensionTest.php
	tests/security/MemberAuthenticatorTest.php
	thirdparty/.gitignore
	thirdparty/behaviour/behaviour.js
	thirdparty/firebug-lite/firebug.js
	thirdparty/firebug-lite/firebugx.js
	thirdparty/jquery-form/jquery.form.js
	thirdparty/jquery-livequery/jquery.livequery.js
	thirdparty/jquery-livequery/test/jquery.js
	thirdparty/jquery-livequery/test/test.html
	thirdparty/jquery-livequery/test/test2.html
	thirdparty/jquery-metadata/META.json
	thirdparty/jquery-metadata/README
	thirdparty/jquery-metadata/jquery.metadata.js
	thirdparty/jquery-metadata/test/index.html
	thirdparty/jquery-metadata/test/jquery.js
	thirdparty/jquery-metadata/test/test.js
	thirdparty/jquery-metadata/test/testrunner.js
	thirdparty/jquery-metadata/test/testsuite.css
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_75_ffffff_40x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_65_ffffff_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_dadada_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_222222_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_2e83ff_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_454545_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_888888_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_cd0a0a_256x240.png
	thirdparty/jquery-ui/i18n/jquery-ui-i18n.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ar.js
	thirdparty/jquery-ui/i18n/ui.datepicker-bg.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ca.js
	thirdparty/jquery-ui/i18n/ui.datepicker-cs.js
	thirdparty/jquery-ui/i18n/ui.datepicker-da.js
	thirdparty/jquery-ui/i18n/ui.datepicker-de.js
	thirdparty/jquery-ui/i18n/ui.datepicker-el.js
	thirdparty/jquery-ui/i18n/ui.datepicker-eo.js
	thirdparty/jquery-ui/i18n/ui.datepicker-es.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fa.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fi.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-he.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hu.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hy.js
	thirdparty/jquery-ui/i18n/ui.datepicker-id.js
	thirdparty/jquery-ui/i18n/ui.datepicker-is.js
	thirdparty/jquery-ui/i18n/ui.datepicker-it.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ja.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ko.js
	thirdparty/jquery-ui/i18n/ui.datepicker-lt.js
	thirdparty/jquery-ui/i18n/ui.datepicker-lv.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ms.js
	thirdparty/jquery-ui/i18n/ui.datepicker-nl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-no.js
	thirdparty/jquery-ui/i18n/ui.datepicker-pl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-pt-BR.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ro.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ru.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sk.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sq.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sr-SR.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sv.js
	thirdparty/jquery-ui/i18n/ui.datepicker-th.js
	thirdparty/jquery-ui/i18n/ui.datepicker-tr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-uk.js
	thirdparty/jquery-ui/i18n/ui.datepicker-zh-CN.js
	thirdparty/jquery-ui/i18n/ui.datepicker-zh-TW.js
	thirdparty/jquery/jquery.js
	thirdparty/jsmin/.piston.yml
	thirdparty/jsmin/jsmin.php
	thirdparty/prototype/prototype.js
	thirdparty/scriptaculous/dragdrop.js
	thirdparty/simplepie/.piston.yml
	thirdparty/spyc/.piston.yml
	thirdparty/spyc/README
	thirdparty/spyc/php4/spyc.php4
	thirdparty/spyc/php4/test.php4
	thirdparty/spyc/spyc.php
	thirdparty/spyc/spyc.yaml
	thirdparty/tinymce-advcode/dialog.html
	thirdparty/tinymce-advcode/editor_plugin_src.js
	thirdparty/tinymce-advcode/js/dialog.js
	thirdparty/tinymce/langs/en.js
	thirdparty/tinymce/plugins/advhr/langs/en_dlg.js
	thirdparty/tinymce/plugins/advhr/rule.htm
	thirdparty/tinymce/plugins/advimage/image.htm
	thirdparty/tinymce/plugins/advimage/langs/en_dlg.js
	thirdparty/tinymce/plugins/advlink/langs/en_dlg.js
	thirdparty/tinymce/plugins/advlink/link.htm
	thirdparty/tinymce/plugins/emotions/emotions.htm
	thirdparty/tinymce/plugins/emotions/langs/en_dlg.js
	thirdparty/tinymce/plugins/example/dialog.htm
	thirdparty/tinymce/plugins/fullpage/fullpage.htm
	thirdparty/tinymce/plugins/fullpage/langs/en_dlg.js
	thirdparty/tinymce/plugins/fullscreen/fullscreen.htm
	thirdparty/tinymce/plugins/inlinepopups/template.htm
	thirdparty/tinymce/plugins/media/langs/en_dlg.js
	thirdparty/tinymce/plugins/media/media.htm
	thirdparty/tinymce/plugins/paste/js/pasteword.js
	thirdparty/tinymce/plugins/paste/langs/en_dlg.js
	thirdparty/tinymce/plugins/paste/pastetext.htm
	thirdparty/tinymce/plugins/paste/pasteword.htm
	thirdparty/tinymce/plugins/searchreplace/langs/en_dlg.js
	thirdparty/tinymce/plugins/searchreplace/searchreplace.htm
	thirdparty/tinymce/plugins/spellchecker/editor_plugin.js
	thirdparty/tinymce/plugins/spellchecker/editor_plugin_src.js
	thirdparty/tinymce/plugins/style/langs/en_dlg.js
	thirdparty/tinymce/plugins/style/props.htm
	thirdparty/tinymce/plugins/table/cell.htm
	thirdparty/tinymce/plugins/table/langs/en_dlg.js
	thirdparty/tinymce/plugins/table/merge_cells.htm
	thirdparty/tinymce/plugins/table/row.htm
	thirdparty/tinymce/plugins/table/table.htm
	thirdparty/tinymce/plugins/template/langs/en_dlg.js
	thirdparty/tinymce/plugins/template/template.htm
	thirdparty/tinymce/plugins/xhtmlxtras/abbr.htm
	thirdparty/tinymce/plugins/xhtmlxtras/acronym.htm
	thirdparty/tinymce/plugins/xhtmlxtras/attributes.htm
	thirdparty/tinymce/plugins/xhtmlxtras/cite.htm
	thirdparty/tinymce/plugins/xhtmlxtras/del.htm
	thirdparty/tinymce/plugins/xhtmlxtras/ins.htm
	thirdparty/tinymce/plugins/xhtmlxtras/langs/en_dlg.js
	thirdparty/tinymce/themes/advanced/about.htm
	thirdparty/tinymce/themes/advanced/anchor.htm
	thirdparty/tinymce/themes/advanced/charmap.htm
	thirdparty/tinymce/themes/advanced/color_picker.htm
	thirdparty/tinymce/themes/advanced/image.htm
	thirdparty/tinymce/themes/advanced/langs/en.js
	thirdparty/tinymce/themes/advanced/langs/en_dlg.js
	thirdparty/tinymce/themes/advanced/link.htm
	thirdparty/tinymce/themes/advanced/source_editor.htm
	thirdparty/tinymce/themes/simple/langs/en.js
	thirdparty/tinymce/tiny_mce.js
	thirdparty/tinymce/tiny_mce_src.js
	widgets/Widget.php
2011-02-14 18:47:53 +13:00
Sam Minnee
8d05811734 Merge remote branch 'cbarberis/master' 2011-02-14 16:34:02 +13:00
Carlos Barberis
184e8bd852 ENHANCEMENT: Added allowed actions to core classes 2011-02-14 11:14:51 +13:00
Ingo Schommer
60ca784aae API CHANGE Removed Director::history(), history was no longer recorded. Removed Director::__construct(), as Director is a static utility class without instance state (fixes #6385) 2011-02-12 16:39:35 +13:00
Ingo Schommer
397bbe7bb5 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114760 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Sean Harvey
28f1c20c5d MINOR Reverted r108515
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114079 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Sam Minnee
ce79e78de6 BUGFIX: Themed permissionFailure messages
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109102 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:46 +13:00
Sean Harvey
72e1120168 BUGFIX #5627 Clear session on logout
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108515 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:44 +13:00
Ingo Schommer
8dee93b523 BUGFIX Allowing dev/build in "live" mode when Security::database_is_ready() returns FALSE (typically happens when an existing SilverStripe project is upgraded and database columns in Member/Permission/Group have been added) (fixes #4957)
MINOR Using Object::create() in DevelopmentAdmin to make objects mockable
ENHANCEMENT Added Security::$force_database_is_ready to mock database_is_ready() state
ENHANCEMENT Added permission check exception in TaskRunner and DatabaseAdmin if SapphireTest::is_running_test() returns TRUE (necessary for DevelopmentAdminTest)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107415 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:36 +13:00
Ingo Schommer
7dfb8dd43d MINOR Making $Email available in Security_passwordsent.ss template (fixes #5737)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@106876 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:32 +13:00
Will Rossiter
1491fc9358 BUGFIX: fallback to the standard authenticator before throwing user_error as in some cases auth method is not passed back to the login form
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102156 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:11 +13:00
Ingo Schommer
2dffb95e83 MINOR Using Behaviour.register instead of jquery.livequery in TabSet.php/tabstrip.js (already replaced with jQuery.entwine in next release, we try to reduce the dependencies to jquery plugins)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100885 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:55 +13:00
Ingo Schommer
e7806f28cf ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100799 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:53 +13:00
Luke Hudson
1e921362fc BUGFIX: Sam's fix for "Unknown column Group.SubsiteID" with new subsites
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100375 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:44 +13:00
Ingo Schommer
5c92712924 BUGFIX Setting ID = -1 on Security/lostpassword to avoid showing toplevel navigation (see #5086)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99479 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:38 +13:00
Sam Minnee
4513b0b79f MINOR: Fixed caching of login page for tests
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98538 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:29 +13:00
Sam Minnee
ec326f752e BUGFIX: Make Security/login page's ID give a different number for loggedin vs loggedout, to help with partial caching
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98534 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:28 +13:00
Sam Minnee
ff666ff25d BUGFIX: Make login form work without any theme loaded.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98432 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:28 +13:00
Ingo Schommer
31280ece2c BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97480 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:13 +13:00
Ingo Schommer
51c14227b2 API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin'

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97478 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:13 +13:00
Geoff Munn
f4de365be8 API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email'
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97270 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:10 +13:00
Sam Minnee
51a2eeed15 MERGE merged back a whole bunch of defect fixes from trunk (from r87846)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96712 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:02 +13:00
Geoff Munn
6b59dc3e78 BUGFIX: Fallback for arrays which do not contain 'alreadyLoggedIn' values
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@95968 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:00 +13:00
Mateusz Uzdowski
056dae8103 BUGFIX: orphaned permissions and subsite administrator groups were causing trouble - now with the JOIN the first global administrator group is picked up when ussing the override login.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94835 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Andrew O'Neil
a783448266 BUGFIX: Make sure findAnAdministrator gets a global administrator when subsites is installed.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94369 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Ingo Schommer
03c5caea72 MINOR Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and sapphire/javascript
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@93611 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:52 +13:00
Ingo Schommer
07fc3650a3 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665) (merged from r90949)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004) (merged from r90949)
API CHANGE Deprecated Security::encrypt_passwords() (merged from r90949)
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation (merged from r90949)
API CHANGE Removed Security::get_encryption_algorithms() (merged from r90949)
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. (merged from r90949)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91576 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
710f701645 MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask (merged from r90948)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91564 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
4b2c64c843 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Sam Minnee
b34286caab MINOR Reverted r108515 (from r114079)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114544 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:10 +00:00
Sam Minnee
f8ec13a1ab BUGFIX: Themed permissionFailure messages (from r109102)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112780 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:55:20 +00:00
Sam Minnee
f23921b815 BUGFIX #5627 Clear session on logout (from r108515)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:47:05 +00:00
Ingo Schommer
f63751893b BUGFIX Allowing dev/build in "live" mode when Security::database_is_ready() returns FALSE (typically happens when an existing SilverStripe project is upgraded and database columns in Member/Permission/Group have been added) (fixes #4957)
MINOR Using Object::create() in DevelopmentAdmin to make objects mockable
ENHANCEMENT Added Security::$force_database_is_ready to mock database_is_ready() state
ENHANCEMENT Added permission check exception in TaskRunner and DatabaseAdmin if SapphireTest::is_running_test() returns TRUE (necessary for DevelopmentAdminTest) (from r107415)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112588 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:43:30 +00:00
Ingo Schommer
68e98b4ee2 MINOR Making $Email available in Security_passwordsent.ss template (fixes #5737) (from r106876)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112541 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:06:53 +00:00
Sam Minnee
16277e5299 BUGFIX: fallback to the standard authenticator before throwing user_error as in some cases auth method is not passed back to the login form (from r102156)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112062 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 01:36:12 +00:00
Andreas Piening
1941c6042c ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() (from r100799)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@108804 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-08-03 01:05:27 +00:00
Ingo Schommer
95c4befb4a BUGFIX: Sam's fix for "Unknown column Group.SubsiteID" with new subsites (from r100375)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@105555 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-05-25 03:45:27 +00:00
Ingo Schommer
e67c8d8c37 BUGFIX Setting ID = -1 on Security/lostpassword to avoid showing toplevel navigation (see #5086) (from r99479)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102864 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 04:40:30 +00:00
Ingo Schommer
b4c425168c MINOR: Fixed caching of login page for tests (from r98538)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102766 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 02:19:54 +00:00
Ingo Schommer
ef36220d9f BUGFIX: Make Security/login page's ID give a different number for loggedin vs loggedout, to help with partial caching (from r98534)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102763 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 02:17:42 +00:00
Ingo Schommer
8256228e69 MINOR Upgraded jQuery.entwine (formerly known as jQuery.concrete) to the latest trunk
MINOR Updated jQuery.concrete references to point to the new "entwine" name

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102695 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-13 05:45:29 +00:00
Ingo Schommer
9c0c2cad7a BUGFIX: Make login form work without any theme loaded. (from r98432)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102656 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-13 03:24:20 +00:00
Ingo Schommer
6450810b4c BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027) (from r97480)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102494 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:17:07 +00:00
Ingo Schommer
426190bc9e API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin' (from r97478)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102493 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:16:26 +00:00
Ingo Schommer
b69b03b9e0 API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email' (from r97270)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102440 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 05:00:05 +00:00
Ingo Schommer
603657b943 MERGE merged back a whole bunch of defect fixes from trunk (from r87846) (from r96712)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102336 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 01:45:52 +00:00
Ingo Schommer
0375eea256 BUGFIX: Fallback for arrays which do not contain 'alreadyLoggedIn' values (from r95968)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102322 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 00:51:21 +00:00
Sean Harvey
ca45cbe7e2 BUGFIX: orphaned permissions and subsite administrator groups were causing trouble - now with the JOIN the first global administrator group is picked up when ussing the override login. (from r94835)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95625 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:43:35 +00:00
Sean Harvey
298ef035ed BUGFIX: Make sure findAnAdministrator gets a global administrator when subsites is installed. (from r94369)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95603 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:40:05 +00:00
Ingo Schommer
78ec0cbfa7 MINOR Updated jquery-concrete
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92558 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:33:12 +00:00
Ingo Schommer
dca8c0cb6f merging
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92557 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:33:06 +00:00
Ingo Schommer
926834db27 MINOR Removed redundant jquery-ui.js dependency from TabSet.php and Security.php
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92550 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:32:27 +00:00
Ingo Schommer
4b1293771d MINOR Using jquery.concrete and jquery.selector on github through piston dependency management
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92542 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:31:55 +00:00
Ingo Schommer
757df3088e ENHANCEMENT Returning FALSE from Security->ping() if no valid user session exists, for more accurate login checking through the CMS javascript pinging
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92527 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:31:09 +00:00
Ingo Schommer
2fc966cc44 MINOR Removed loader.js dependencies
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92514 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:30:36 +00:00
Ingo Schommer
dd074069de MINOR Moved css specific to Security/login in Security_login.css (shouldnt be in the generic Form.css declarations)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92509 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:30:24 +00:00
Ingo Schommer
a11db29672 MINOR Changed paths to moved thirdparty dependencies (mostly from /jsparty to /sapphire/thirdparty, /cms/javascript and /sapphire/javascript)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92502 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:29:59 +00:00
Ingo Schommer
3b547ec9c9 ENHANCEMENT Using "concrete" jQuery plugin for tabbed Security/login view (in combination with jQuery UI tabs)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92480 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:22:41 +00:00
Ingo Schommer
deb691a481 ENHANCEMENT Using jQuery UI tabs for Security/login with multiple authentication methods (e.g. CMS-login and OpenID)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92478 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:22:36 +00:00
Andrew O'Neil
649079f4e8 BUGFIX: Use Object::create() for lostpassword(). (#4670, Tjofras)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@91270 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-11 03:00:02 +00:00
Ingo Schommer
e675381cd4 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004)
API CHANGE Deprecated Security::encrypt_passwords()
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation
API CHANGE Removed Security::get_encryption_algorithms()
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:21 +00:00
Ingo Schommer
7dc1d607de MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90948 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:13 +00:00
Andrew Short
79773042be API CHANGE: Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog.
MINOR: Replaced usage of renamed classes with the new namespaced name.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90075 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-26 03:06:31 +00:00
Ingo Schommer
d386db0bc3 ENHANCEMENT Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86021 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:01:46 +00:00
Will Rossiter
ebce107d07 MINOR: added check for exec() and fixed the path for the wordlist file. Ticket #4428
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-03 23:36:45 +00:00
Sam Minnee
d38c79f584 ENHANCEMENT: If you are logged in and Security::permissionFailure() is called, just return a 403
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@81430 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-07-09 03:20:32 +00:00
Sam Minnee
20cbabfcb5 BUGFIX #3750 bgribaudo: Always render the security login form in the $Form template variable.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@79565 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-06-18 08:22:27 +00:00