Ingo Schommer
b367dd6237
API Removed Member.LastVisited and Member.NumVisits
2013-10-10 12:35:07 +02:00
Ingo Schommer
8727d1b1eb
Merge remote-tracking branch 'origin/3.1'
2013-10-10 12:11:50 +02:00
Ingo Schommer
cd225f0fa4
No HTML entities in "Groups" ListboxField ( fixes #2513 )
2013-10-10 12:08:16 +02:00
Ingo Schommer
60fc7e5346
Merge remote-tracking branch 'origin/3.1'
2013-10-06 19:07:39 +02:00
Damian Mooyman
5bbea12b45
BUG Issue with login form failing to login in certain situations. Fixes issue #2424
2013-10-03 17:12:30 +13:00
Ingo Schommer
c7f656cd00
API Removed "PastMember" cookie and template getter
...
The functionality is easy to replicate in custom controllers,
and is too rarely used to be placed in core.
This also removes the `Member::is_repeat_member()` getter
and the `PastMember`/`IsRepeatMember` template globals.
See https://groups.google.com/forum/#!topic/silverstripe-dev/b8K3wU64TXg
2013-09-27 20:06:25 +02:00
Ingo Schommer
455e550d9a
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
docs/en/topics/testing/create-silverstripe-test.md
forms/Form.php
i18n/i18n.php
model/Image.php
2013-09-27 19:22:14 +02:00
Ingo Schommer
0ea7042443
$privileged_permissions visibility ( fixes #2464 )
2013-09-27 18:56:38 +02:00
Ingo Schommer
03d1d58148
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
admin/code/SecurityAdmin.php
css/AssetUploadField.css
docs/en/topics/configuration.md
security/PermissionRole.php
2013-09-12 17:33:36 +02:00
Ingo Schommer
c2b312d76f
Merge remote-tracking branch 'origin/3.1.0' into 3.1
2013-09-12 17:24:42 +02:00
Ingo Schommer
f803704d91
FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
05757efceb
FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:43 +02:00
Ingo Schommer
720c149aee
FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
...
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:42 +02:00
Ingo Schommer
091c096dbf
FIX Disallow permissions assign for APPLY_ROLES (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
cfa88adf4b
FIX Privilege escalation through APPLY_ROLES assignment (SS-2013-005)
...
See http://www.silverstripe.org/ss-2013-005-privilege-escalation-through-apply-roles-assignment/
2013-09-12 15:42:36 +02:00
Ingo Schommer
68ca47b0dd
FIX Privilege escalation through Group hierarchy setting (SS-2013-003)
...
See http://www.silverstripe.org/ss-2013-003-privilege-escalation-through-group-hierarchy-setting/
2013-09-12 15:42:35 +02:00
Sean Harvey
e43ca931d6
Merge pull request #2343 from chillu/pulls/security-404
...
Returning 404 on /Security, instead of Controller.ss template
2013-09-05 18:56:23 -07:00
Ingo Schommer
1c31c098ee
FIX Correct Zend_Locale fallbacks in i18n/DateField/DateTimeField
...
Due to the recent change of translations to transifex, some
locales changed their names, which prompted a fix to
i18n::get_available_translations() (see 00ffe7294
).
This caused a regression where short locales are determined
from the YAML file names (e.g. "en"), but weren't matched up
with fully qualified locales from get_available_translations() (e.g. "en_US").
Since this list is used in the admin/myprofile dropdown for the Member.Locale value,
it didn't match up with any entries and defaulted to the first one ("Africaans").
Note that the behaviour of admin/myprofile is still a bit weird:
It defaults the locale on new members to the one set for the current administrator.
So if a site defaults to en_US in _config.php, but the admin happens to view
his backend in de_DE, all members he creates default to de_DE as well.
Thanks to @tractorcow for contributing and peer reviewing!
2013-08-30 10:18:00 +02:00
Ingo Schommer
20b49e215c
Merge pull request #2136 from nedmas/fix-remove-export-button-padding
...
FIX: GridField button styling
2013-08-30 00:24:21 -07:00
Ingo Schommer
a4c6ae3e90
Merge remote-tracking branch 'origin/3.1'
2013-08-22 13:56:33 +02:00
Simon Welsh
151baeede1
Correct line length and indentation
2013-08-21 18:54:05 +12:00
Ingo Schommer
18ae4c5db6
Returning 404 on /Security, instead of Controller.ss template
...
We shouldn't expose unsolicited content on public URLs,
mainly because it impacts SEO.
2013-08-20 21:12:55 +02:00
Mateusz Uzdowski
085d2e62cb
BUG MemberLoginForm fields should be tagged as required.
2013-08-12 09:32:03 +12:00
Ingo Schommer
2a35f2f928
Merge remote-tracking branch 'origin/3.1'
2013-08-07 17:34:11 +02:00
Julian Seidenberg
17e0432252
BUG adding a more descriptive message when the CMS session times out. It used to say "Forbidden", now it says "Not logged in".
2013-08-06 17:27:37 +12:00
Hamish Friedlander
0a79ac3592
Merge branch 'origin/3.1'
...
Conflicts:
templates/forms/CheckboxSetField.ss
templates/forms/FormField_holder.ss
templates/forms/OptionsetField.ss
2013-07-19 16:25:38 +12:00
Mateusz Uzdowski
d4a6f7304e
BUG First error should take precedence here. No further checks needed.
2013-07-19 08:54:52 +12:00
Ingo Schommer
d4a1e6d294
BUG Prevent clickjacking in CMS and Security controllers ( fixes #2215 )
2013-07-14 22:44:09 +02:00
Ingo Schommer
b58e2dbe3a
Member.lock_out_delay_mins configurable, password security docs
2013-07-11 09:47:28 +02:00
Simon Welsh
fbce9fd7cd
Merge branch '3.1'
...
Conflicts:
.travis.yml
docs/en/misc/contributing/code.md
javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Simon Welsh
1d5ac5876b
Only redirect on logout if we're not already redirecting
2013-06-27 09:49:10 +12:00
Tom Densham
3596892001
FIX: GridField button styling
...
Remove all top/bottom margins from buttons and apply to GridFieldButtonRow component. Ensure that all buttons are added to a suitable GridFieldButtonRow in ModelAdmin, SecurityAdmin and Group.
2013-06-21 14:22:00 +01:00
Ingo Schommer
94b4237372
Merge remote-tracking branch 'origin/3.1'
2013-06-19 11:17:33 +02:00
Will Morgan
db3eed1f9a
Using Injector pattern for ValidationResult in Member
2013-06-18 15:49:58 +01:00
Stig Lindqvist
2eafd63297
Merge pull request #2077 from halkyon/changepassword_validation_redirection_issue
...
BUG If BackURL set, validation errors send the user to wrong place.
2013-06-07 22:44:13 -07:00
Sean Harvey
83bff54ec2
BUG If BackURL set, validation errors send the user to wrong place.
...
If there's validation errors in the ChangePasswordForm, the user
is taken to the BackURL because redirectBack() will go there if
it's set.
Instead of this, just redirect back to the "changepassword" action
on the Security controller.
2013-06-08 11:34:58 +12:00
Sean Harvey
7862ececbd
Allow PasswordValidator to be translated
2013-06-08 10:48:27 +12:00
Will Morgan
1c0ae76f8e
Adding passwordless message instead of throwing an exception
2013-06-07 16:52:44 +02:00
Ingo Schommer
88536998b9
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
2013-05-31 18:08:59 +02:00
Sam Minnée
5d76048275
Merge pull request #1780 from hdrlab/patch-4
...
Disable ID based partial caching for all security actions
2013-05-24 23:53:04 -07:00
Sam Minnée
628391e3f1
Merge pull request #1979 from nedmas/patch-1
...
BUGFIX: singleton('Group')->Members() fails
2013-05-24 19:45:54 -07:00
Ingo Schommer
016368afdc
Merge pull request #1994 from mateusz/logout-cleanup
...
BUG Clean up the logOut and session destructon routines.
2013-05-24 16:01:42 -07:00
Tom Densham
d36fbfb1b2
BUGFIX: singleton('Group')->Members() fails
...
Running Members() on a Group that has no Db record causes UnsavedRelationList to be returned by DirectMembers() which in turn causes alterDataQuery() to fall over when called on an UnsavedRelationList. This just adds a simple check to prevent it.
2013-05-23 17:31:19 +02:00
Sam Minnee
d97ca43cd0
Merge branch '3.1'
...
Conflicts:
README.md
dev/install/install.php5
forms/ConfirmedPasswordField.php
tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Sean Harvey
ac2216dabc
Merge pull request #1969 from robert-h-curry/patch-1
...
Only show direct members of a group in the members field
2013-05-22 20:28:17 -07:00
Mateusz Uzdowski
2f7fd967b2
BUG Clean up the logOut and session destructon routines.
2013-05-23 13:27:41 +12:00
Ingo Schommer
ee784c3663
Fix priority of Member->getHtmlEditorConfigForCMS() ( silverstripe/silverstripe-cms#728 )
2013-05-22 21:31:42 +02:00
Robert Curry
aeb5a2e42a
Only show direct members of a group in the members field
...
The call to Members() includes members of child groups, which was causing any members added through the grid field to be added to the child groups as well.
2013-05-22 18:48:36 +12:00
Sean Harvey
abad856534
Use create() to instantiate Member_GroupSet on Member::Groups()
...
Keeps it consistent with how HasManyList and ManyManyList are
instantiated in DataObject.
2013-05-22 13:56:36 +12:00
Sean Harvey
15f7c884f8
Merge pull request #1756 from halkyon/permission_denied_hook
...
BUG Security::permissionFailure() fixing permissionDenied hook inconsistency
2013-05-13 02:15:58 -07:00