Commit Graph

238 Commits

Author SHA1 Message Date
Robbie Averill
4a9e991edb Merge branch '3.6' into 3 2018-05-28 17:44:48 +12:00
Robbie Averill
dae8fefb1e Merge remote-tracking branch 'origin/3.5' into 3.6 2018-05-28 17:43:55 +12:00
Damian Mooyman
5771388821 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-09 15:12:40 +12:00
Damian Mooyman
f4b13fb2c4
Merge remote-tracking branch 'origin/3.6' into 3
# Conflicts:
#	model/DataQuery.php
2018-02-05 16:53:15 +13:00
Damian Mooyman
4da99efd5d
Merge remote-tracking branch 'origin/3.5' into 3.6 2018-01-31 16:03:42 +13:00
Daniel Hensby
9103816333
NEW Add php 7.2 support 2018-01-30 16:50:32 +00:00
Damian Mooyman
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete
FIX: Fix Member_GroupSet::removeAll() (fixes #3948)
2018-01-25 09:20:30 +13:00
Loz Calver
c2cd6b3832 FIX: Fix Member_GroupSet::removeAll() (fixes #3948) 2018-01-24 17:17:20 +00:00
Damian Mooyman
50aa1f22a6
Merge branch '3.6' into 3 2017-12-07 13:20:58 +13:00
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6
# Conflicts:
#	security/Member.php
2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6 2017-12-06 17:21:09 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change 2017-11-23 21:17:31 +00:00
Daniel Hensby
b49d1d7fbd
Merge branch '3.6' into 3 2017-09-28 17:17:19 +01:00
Daniel Hensby
bd7abc73de
Merge branch '3.5.5' into 3.6.2 2017-09-20 16:26:30 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
Garion Herman
6ad19495a2
Add test coverage for auth failure after TempID expires. 2017-07-27 12:45:35 +01:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0 2017-05-29 01:29:05 +01:00
Daniel Hensby
f71efb5063 Merge pull request #40 from silverstripe-security/patch/3.4/ss-2017-002
[SS-2017-002] FIX Lock out users who dont exist in the DB
2017-05-28 22:18:56 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-05-25 16:14:52 +01:00
Daniel Hensby
85f0650796
Remove unnecessary nesting of config/injector in tests 2017-05-24 16:05:39 +01:00
Robbie Averill
2f6f5b5eff Do not send the header if it is not defined 2017-01-11 08:26:04 +13:00
Robbie Averill
cb2dcc75f1 Add X-Robots-Tag noindex,nofollow header from Security controller to prevent indexing 2017-01-09 16:13:39 +13:00
Loz Calver
6bf36fbd30
FIX: Correct return type for Member::currentUser() 2016-11-09 14:20:44 +00:00
Daniel Hensby
c35dc508cb
Merge branch '3.3' into 3.4 2016-07-04 23:53:55 +01:00
Damian Mooyman
f1a0aef0d7
BUG fix CMS_ACCESS permission being ignored if in incorrect order in array 2016-06-28 17:45:15 +12:00
Damian Mooyman
4f06a43986 Merge 3.3 into 3
# Conflicts:
#	admin/javascript/lang/src/cs.js
#	admin/javascript/lang/src/de.js
#	admin/javascript/lang/src/en.js
#	admin/javascript/lang/src/eo.js
#	admin/javascript/lang/src/es.js
#	admin/javascript/lang/src/fi.js
#	admin/javascript/lang/src/fr.js
#	admin/javascript/lang/src/id.js
#	admin/javascript/lang/src/id_ID.js
#	admin/javascript/lang/src/it.js
#	admin/javascript/lang/src/ja.js
#	admin/javascript/lang/src/lt.js
#	admin/javascript/lang/src/mi.js
#	admin/javascript/lang/src/nb.js
#	admin/javascript/lang/src/nl.js
#	admin/javascript/lang/src/pl.js
#	admin/javascript/lang/src/ro.js
#	admin/javascript/lang/src/ru.js
#	admin/javascript/lang/src/sk.js
#	admin/javascript/lang/src/sl.js
#	admin/javascript/lang/src/sr.js
#	admin/javascript/lang/src/sr@latin.js
#	admin/javascript/lang/src/sr_RS.js
#	admin/javascript/lang/src/sr_RS@latin.js
#	admin/javascript/lang/src/sv.js
#	admin/javascript/lang/src/zh.js
#	javascript/lang/fr.js
#	javascript/lang/src/ar.js
#	javascript/lang/src/cs.js
#	javascript/lang/src/de.js
#	javascript/lang/src/en.js
#	javascript/lang/src/eo.js
#	javascript/lang/src/es.js
#	javascript/lang/src/fi.js
#	javascript/lang/src/fr.js
#	javascript/lang/src/id.js
#	javascript/lang/src/id_ID.js
#	javascript/lang/src/it.js
#	javascript/lang/src/ja.js
#	javascript/lang/src/lt.js
#	javascript/lang/src/mi.js
#	javascript/lang/src/nb.js
#	javascript/lang/src/nl.js
#	javascript/lang/src/pl.js
#	javascript/lang/src/ru.js
#	javascript/lang/src/sk.js
#	javascript/lang/src/sl.js
#	javascript/lang/src/sr.js
#	javascript/lang/src/sr@latin.js
#	javascript/lang/src/sr_RS.js
#	javascript/lang/src/sr_RS@latin.js
#	javascript/lang/src/sv.js
#	javascript/lang/src/zh.js
#	lang/it.yml
2016-05-11 14:06:23 +12:00
Daniel Hensby
d1751e3310
Merge remote-tracking branch '3.2.4' into 3.3.2 2016-05-05 12:33:21 +01:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4 2016-05-05 11:17:45 +01:00
Daniel Hensby
679185514d
Merge 3.3 into 3
Conflicts:
	admin/css/screen.css.map
2016-04-26 00:24:59 +01:00
Daniel Hensby
745faebd81
Merge 3.2 into 3.3
Conflicts:
	.travis.yml
2016-04-26 00:17:09 +01:00
Daniel Hensby
f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin 2016-04-19 23:20:29 +01:00
Roman Schmid
9146450c49 Fix Email test issue discovered in #5271.
Updated/added tests for changed- and forgot-password Emails.
Updated fixture and tests to no longer use a real Email address.
2016-04-11 13:46:41 +02:00
Damian Mooyman
e1865151c5 Merge pull request #5098 from bummzack/5086-fix-member-validator
Fix for issue #5086
2016-02-26 14:39:53 +13:00
Roman Schmid
f691a5da32 Improve Member_Validator to:
- properly check for existing members.
- allow extensions.
- remove old code and replace with new syntax and add config API.

Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides.
Added unit-tests.

Establish a link between the member and the validator for said member.
2016-02-25 16:10:52 +01:00
Damian Mooyman
8c1cafd1a0 Merge remote-tracking branch 'origin/3.3' into 3
# Conflicts:
#	admin/scss/_forms.scss
#	admin/scss/_style.scss
#	admin/scss/_tree.scss
#	javascript/TreeDropdownField.js
2016-01-19 17:08:26 +13:00
Damian Mooyman
5d240feaec Merge remote-tracking branch 'origin/3.2' into 3.3 2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac Merge remote-tracking branch 'origin/3.1' into 3.2
# Conflicts:
#	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
#	docs/en/02_Developer_Guides/14_Files/01_Image.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
#	docs/en/03_Upgrading/index.md
#	docs/en/05_Contributing/01_Code.md
#	forms/TreeMultiselectField.php
#	security/Permission.php
2016-01-19 14:00:19 +13:00
Sam Minnee
3ee8f505b7 MINORE: Remove training whitespace.
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Daniel Hensby
4335d8ed22 FIX Members with no ID inherit logged in user permission 2016-01-05 08:16:18 +00:00
Damian Mooyman
19b10044ec Merge remote-tracking branch 'origin/3.2' into 3 2015-12-22 17:05:07 +13:00
Mateusz Uzdowski
5a21b2fb15 BUG Guard against users being added to all groups on unsaved Group.
If ->Members()->add() is called on an unsaved group (with ID 0), the
collateFamilyIDs() will errorneously return all root Groups thinking
it's looking for Groups with ParentID=0. As a result, the Member will be
added to all root groups, instead of just the selected group and all its
children.
2015-12-11 14:51:51 +13:00
Damian Mooyman
71b8aec306 Merge remote-tracking branch 'origin/3.2' into 3 2015-09-15 13:35:51 +12:00
Damian Mooyman
c4710b2272 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	admin/code/GroupImportForm.php
	admin/code/MemberImportForm.php
	tests/model/DataListTest.php
2015-09-15 13:18:47 +12:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
f10785350e Merge remote-tracking branch 'origin/3.2' into 3
Conflicts:
	docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md
2015-09-09 14:50:47 +12:00
Damian Mooyman
309ac0d196 Merge remote-tracking branch 'origin/3.1' into 3.2
Conflicts:
	.travis.yml
	admin/code/CMSProfileController.php
	admin/tests/LeftAndMainTest.php
	control/HTTP.php
	security/Permission.php
	tests/forms/FormTest.php
	tests/model/ArrayListTest.php
	tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Stevie Mayhew
1b57e0ca5b FEATURE: implement getter and setter usage for response 2015-08-29 10:24:06 +12:00
Daniel Hensby
2d4b743090 FIX Members can access their own profiles in CMS 2015-08-26 15:47:51 +01:00
Daniel Hensby
6eede57ff2 Fix issue where Access All CMS Sections doesnt work 2015-08-20 22:30:43 +01:00