tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
20,455 Commits 31 Branches 527 Tags
Commit Graph

165 Commits

Author SHA1 Message Date
Ingo Schommer
2d6964c243
Merge pull request #8261 from open-sausages/pulls/4/secure-remember-me-cookie 
NEW Option for secure "remember me" cookie
 2018-07-31 09:19:15 +12:00
Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie 
Fixes #8234
 2018-07-30 16:41:49 +01:00
Ingo Schommer
93b0884e19 BUG Lazy session state (fixes #8267) 
Fixes regression from 3.x, where sessions where lazy started as required:
Either because an existing session identifier was sent through with the request,
or because new session data needed to be persisted as part of the request execution.

Without this lazy starting, *every* request will get a session,
which makes all those responses uncacheable by HTTP layers.

Note that 4.x also changed the $data vs. $changedData payloads:
In 3.x, they both contained key/value pairs.
In 4.x, $data contains key/value, while $changedData contains key/boolean to declare isChanged.
While this reduces duplication in the class, it also surfaced a bug which was latent in 3.x:
When an existing session is lazily resumed via start(), $data is set back to an empty array.
In 3.x, any changed data before this point was *also* retained in $changedData,
ensuring it gets merged into existing $_SESSION data.
In 4.x, this clears out data - hence the need for a more complex merge logic.

Since isset($this->data) is no longer an accurate indicator of a started session,
we introduce a separate $this->started flag.

Note that I've chosen not to make lazy an opt-in (e.g. via start($request, $lazy=false)).
We already have a distinction between lazy starting via init(), and force starting via start().
 2018-07-19 13:32:04 +12:00
Daniel Hensby
560fe9820a FIX remove personal information from password reset confirmation screen 2018-07-05 14:19:15 +12:00
Robbie Averill
e0993043f8 Merge branch '4.1' into 4 2018-05-30 15:08:39 +12:00
Robbie Averill
c8b0bc0ad7 Merge branch '4.0' into 4.1 
# Conflicts:
  #	src/ORM/DataObject.php
  #	tests/php/ORM/DataObjectDuplicationTest.php
  #	tests/php/ORM/DataObjectDuplicationTest/Class1.php
 2018-05-30 14:52:07 +12:00
Robbie Averill
ea16e28aa7 Merge branch '4.1' into 4 2018-05-28 18:33:56 +12:00
Robbie Averill
6d98a912c9 Merge branch 'heads/4.1.1' into 4.1 2018-05-28 18:26:20 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
722202fef4 Merge remote-tracking branch 'origin/4.0.4' into 4.1.1 
# Conflicts:
  #	src/Control/Director.php
 2018-05-24 15:41:11 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010 
[SS-2018-010] Fix regression of SS-2017-002
 2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
azt3k
6b39b25e20
Fixes a count() php warning without an api change 
Warning: count(): Parameter must be an array or an object that implements Countable in /path/to/vendor/silverstripe/framework/src/Security/Member.php on line 1355
 2018-04-27 09:31:07 +01:00
Damian Mooyman
9a12fac218
BUG Prevent password validator min score producing false negatives 
Replaces #7995
 2018-04-18 10:35:31 +12:00
Daniel Hensby
70effc7046
Revert "ENHANCEMENT Add config var to skip confirm logout (#7977)" 
This reverts commit 47bcac930df8bde71ffeb9144ac07d429ea9ee87.
 2018-04-04 13:51:18 +01:00
Andrew Aitken-Fincham
47bcac930d ENHANCEMENT Add config var to skip confirm logout (#7977) 2018-04-04 09:43:49 +12:00
Damian Mooyman
386ef27f65
Update requesthandlers with missing extension points 2018-03-23 15:28:00 +13:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-03-13 14:26:18 +13:00
Joe Harvey
bf2cee3989 Bugfix - Correct duplicate nesting of 'Content' to be returned to template 
In scenarios where:

- No member is logged in
- An 'AutoLoginHash' is provided via the 't' (token) query param
- The token isn't valid (determined by Member::validateAutoLoginToken())

The message which is intended to be returned to the end-user via $Content
in the template, is mistakenly double nested in ['Content' => ['Content' => 'Message']]
this leads to "The method forTemplate() doesn't exist on ArrayData" errors.

See - https://github.com/silverstripe/silverstripe-framework/issues/7866
 2018-03-07 14:14:05 +00:00
JorisDebonnet
3e0984db49
Delete orphaned Group_Members records after deleting a Member 2018-02-27 19:47:26 +01:00
Daniel Hensby
c04ff8c55a
Merge branch '4.0' into 4.1 2018-02-21 13:40:30 +00:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records 2018-02-20 12:20:18 +13:00
Daniel Hensby
7ec5fa2c8d
Merge branch '4.0' into 4.1 2018-02-09 15:19:15 +00:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0 2018-02-09 14:32:58 +00:00
Damian Mooyman
2f1f5c0caa
Merge remote-tracking branch 'origin/4.0' into 4 2018-02-07 11:48:46 +13:00
Daniel Hensby
660dfd34a8
FIX Issue where default admin has no password encryption 2018-02-06 20:18:32 +00:00
Damian Mooyman
e359948eb3
Merge remote-tracking branch 'origin/4.0' into 4 
# Conflicts:
#	src/Core/CoreKernel.php
 2018-02-05 17:52:38 +13:00
Simon Erkelens
a071672b48 [bugfix] $request == null breaks 
The $request incoming as null was not properly detected by the if/elseif structure.
 2018-02-05 13:02:07 +13:00
Damian Mooyman
bc2fc7f2db
BUG Prevent invalid members being written to database if validation_enabled is false 2018-02-01 16:24:31 +13:00
Christopher Joe
456871fd91 Enhancement Updated PasswordValidator to fallback to config options - still retains instance variables 2018-01-31 10:54:43 +13:00
Damian Mooyman
bca47029c4
Merge remote-tracking branch 'origin/4.0' into 4 
# Conflicts:
#	src/Control/SimpleResourceURLGenerator.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
 2018-01-25 12:53:15 +13:00
Damian Mooyman
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4 
# Conflicts:
#	src/Core/TempFolder.php
#	src/ORM/DataObject.php
#	src/View/ThemeResourceLoader.php
#	src/includes/constants.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
#	tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
#	tests/php/View/RequirementsTest.php
 2018-01-22 14:57:05 +13:00
Damian Mooyman
60fa7558d3
BUG Fix double casting in login authenticator name 
Fixes #7769
 2018-01-22 14:06:24 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
Damian Mooyman
f86b855c90
BUG Prevent basic-auth from disallowing logout 
Fixes #7555
 2018-01-16 15:24:20 +13:00
Damian Mooyman
c4ff8443bb
API Shift basic auth checking into middleware 
Fixes #7554
 2017-12-20 11:39:04 +13:00
Chris Joe
4ad9ceca6b
Merge pull request #7702 from open-sausages/pulls/4/fix-message-casting-permissions 
BUG Fix message casting for html security messages
 2017-12-18 15:43:35 +13:00
Daniel Hensby
e4bf9a31ed
Merge branch '4.0' into 4 2017-12-14 21:20:11 +00:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0 2017-12-14 21:01:35 +00:00
Damian Mooyman
140ed72e2a
BUG Fix message casting for html security messages 2017-12-14 14:49:58 +13:00
Damian Mooyman
529e341dbc
Merge pull request #7699 from open-sausages/pulls/4/html-in-security-msg 
ENHANCEMENT Allow html in security failure message
 2017-12-14 14:30:09 +13:00
Damian Mooyman
8b1b9f022b
Fix linting issues 2017-12-14 13:50:52 +13:00
Saophalkun Ponlu
31e04c8491 ENHANCEMENT Allow html in security failure message 2017-12-13 17:10:16 +13:00
Damian Mooyman
a2fa9f0943
Merge pull request #7694 from creative-commoners/pulls/4.0/injection-session 
FIX Use Injector to retrieve the current session
 2017-12-12 16:47:36 +13:00
Robbie Averill
eb6c1fc6de FIX Allow the current controller as well as injectable HTTPRequest objects 2017-12-12 16:35:53 +13:00
Robbie Averill
097d0697c5 FIX Use Injector to retrieve the current session 2017-12-12 16:03:16 +13:00
Damian Mooyman
33b2d50d59
Cache warming in InheritedPermissions::getCachePermissions() 
Simplify Group::Members() code
Remove cms-only config
 2017-12-12 09:01:43 +13:00
Aaron Carlino
2be902ef2f Adapt to new MemberCacheFlusher interface 2017-12-11 17:50:11 +13:00