cf69d04866
BUG Fix ping including requirements
...
Fixes #7802
2018-01-26 10:26:18 +13:00
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete
...
FIX: Fix Member_GroupSet::removeAll() (fixes #3948 )
2018-01-25 09:20:30 +13:00
c2cd6b3832
FIX: Fix Member_GroupSet::removeAll() ( fixes #3948 )
2018-01-24 17:17:20 +00:00
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt
2017-11-30 15:53:50 +13:00
2ad3cc07d5
FIX Update meber passwordencryption to default on password change
2017-11-23 21:17:31 +00:00
72702dbd50
Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
...
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:39:39 +01:00
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:33:22 +01:00
091d99f599
FIX Authenticators are more resilient to incomplete configuration
2017-09-12 15:57:03 +01:00
82c0632f46
Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes ( fixes #7208 )
2017-07-26 09:54:29 +01:00
a5c84b12ab
FIX Order of conditionals for getting default admin
2017-06-12 11:54:05 +01:00
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4
2017-05-29 01:02:35 +01:00
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB
2017-05-25 16:14:52 +01:00
69974d940a
Merge branch '3.3' into 3.4
2016-11-18 11:33:39 +00:00
0ae4b57754
Merge branch '3.2' into 3.3
2016-11-18 11:32:36 +00:00
5df077f24d
Merge branch '3.1' into 3.2
2016-11-18 11:29:19 +00:00
8e5f786b8d
Merge branch '3.4' into 3.5.0
2016-11-15 11:43:16 +00:00
3f4445641d
Merge branch '3.3' into 3.4
2016-11-15 11:35:38 +00:00
c7778a1e9a
Merge branch '3.2' into 3.3
2016-11-15 11:19:27 +00:00
06d0210233
Merge branch '3.1' into 3.2
2016-11-15 11:18:46 +00:00
17097a4d11
[SS-2016-016] FIX Properly escape backURL for template injection
2016-11-10 17:00:03 +00:00
5a7cde0e10
Merge branch '3.4' into 3.5.0
2016-11-09 16:14:40 +00:00
6bf36fbd30
FIX: Correct return type for Member::currentUser()
2016-11-09 14:20:44 +00:00
beeed8155a
Merge branch '3.4' into 3
2016-09-16 11:56:01 +01:00
995d07756d
cache currentUser query ( #6007 )
...
* cache currentUser query
Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)
2016-09-15 15:45:40 +01:00
3fd9fe3aa0
Merge branch '3.4' into 3
2016-09-07 09:22:06 +01:00
060bf6b327
Merge branch '3.3' into 3.4
2016-08-22 16:22:37 +01:00
088d88e978
Merge branch '3.2' into 3.3
2016-08-22 16:22:02 +01:00
229a2b9217
Merge pull request #4133 from nimeso/patch-1
2016-08-22 11:52:47 +01:00
d88516203c
Merge 3.4 into 3
2016-08-15 19:05:20 +12:00
d1163d87b7
[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled
2016-08-15 15:52:10 +12:00
8bbf1caae6
[SS-2016-013] FIX Uncasted member name
2016-08-15 15:52:04 +12:00
782c18fd13
[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login
2016-08-15 15:51:53 +12:00
08384bb4d6
[SS-2016-008] Reset `Member::Salt` on password change
2016-08-15 15:50:56 +12:00
fa7f5af861
[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled
2016-08-15 15:02:53 +12:00
83e3302c04
[SS-2016-013] FIX Uncasted member name
2016-08-15 15:02:47 +12:00
6d41db77fa
[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login
...
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
2016-08-15 15:02:41 +12:00
f85dea2e6d
[SS-2016-008] Reset `Member::Salt` on password change
2016-08-15 15:02:36 +12:00
b1f449762b
[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled
2016-08-15 14:07:57 +12:00
281b0de571
[SS-2016-013] FIX Uncasted member name
2016-08-15 14:07:51 +12:00
2b30ade44d
[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login
...
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
2016-08-15 14:07:40 +12:00
dc47f7ec9a
[SS-2016-008] Reset `Member::Salt` on password change
2016-08-15 14:07:24 +12:00
1c7d5de51b
[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled
2016-08-15 13:24:06 +12:00
6817c57f64
[SS-2016-013] FIX Uncasted member name
2016-08-15 13:21:14 +12:00
6606d98663
[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login
...
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
2016-08-15 13:20:02 +12:00
298f61521c
[SS-2016-008] Reset `Member::Salt` on password change
2016-08-15 13:19:02 +12:00
3c1a5d2a46
Merge pull request #5872 from dhensby/pulls/3/injector-for-cmslogin
...
FIX Use create syntax for CMSMemberLoginForm remember me form
2016-08-12 14:10:56 +12:00
86add3e021
FIX Use create syntax for CMSMemberLoginForm remember me form
2016-08-07 20:20:20 +01:00
7de5b998e1
Merge 3.4 into 3
2016-08-05 19:12:25 +12:00
ca754eb887
Merge 3.3 into 3.4
...
# Conflicts:
# admin/javascript/lang/fa_IR.js
# admin/javascript/lang/it.js
# admin/javascript/lang/src/fa_IR.js
# admin/javascript/lang/src/it.js
# lang/cs.yml
# lang/eo.yml
# lang/fa_IR.yml
# lang/fi.yml
# lang/it.yml
# lang/sk.yml
2016-08-05 16:48:26 +12:00
0d5ae23f2b
Merge 3.2 into 3.3
2016-08-05 14:36:35 +12:00
Damian Mooyman
Loz Calver
Daniel Hensby
Daniel Hensby
Thomas Portelange
Daniel Hensby