silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-05 19:09:27 +02:00

Author	SHA1	Message	Date
Damian Mooyman	d08ab6ac81	API Allow X-Frame-Options to be configured Fixes #2970	2016-07-15 14:08:14 +12:00
Daniel Hensby	a449045b09	Merge branch '3.4' into 3	2016-07-04 23:54:27 +01:00
Daniel Hensby	c35dc508cb	Merge branch '3.3' into 3.4	2016-07-04 23:53:55 +01:00
Daniel Hensby	ee326f6394	Merge branch 'hailwood/patch-5' into 3	2016-07-01 14:53:02 +01:00
Matthew Hailwood	4f0969f119	Make lost password url a config option like login_url and logout_url Also makes the login_url, logout_url and new lost_password_url functions return their link relative to the base url rather than assuming the base tag	2016-07-01 14:47:51 +01:00
Damian Mooyman	f1a0aef0d7	BUG fix CMS_ACCESS permission being ignored if in incorrect order in array	2016-06-28 17:45:15 +12:00
Daniel Hensby	19b9413432	NEW Use injector for MemberLoginForm fields	2016-06-10 22:50:38 +01:00
Stevie Mayhew	b1df9dcb1d	BUGFIX: check that we have a token and a UID before attempting a member auto login	2016-05-20 09:19:08 +12:00
Damian Mooyman	4d1ddf0e62	BUG Prevent session hijackers from resetting a user password BUG Member::checkPassword incorrect for default admin	2016-05-16 10:54:18 +12:00
Damian Mooyman	4f06a43986	Merge 3.3 into 3 # Conflicts: # admin/javascript/lang/src/cs.js # admin/javascript/lang/src/de.js # admin/javascript/lang/src/en.js # admin/javascript/lang/src/eo.js # admin/javascript/lang/src/es.js # admin/javascript/lang/src/fi.js # admin/javascript/lang/src/fr.js # admin/javascript/lang/src/id.js # admin/javascript/lang/src/id_ID.js # admin/javascript/lang/src/it.js # admin/javascript/lang/src/ja.js # admin/javascript/lang/src/lt.js # admin/javascript/lang/src/mi.js # admin/javascript/lang/src/nb.js # admin/javascript/lang/src/nl.js # admin/javascript/lang/src/pl.js # admin/javascript/lang/src/ro.js # admin/javascript/lang/src/ru.js # admin/javascript/lang/src/sk.js # admin/javascript/lang/src/sl.js # admin/javascript/lang/src/sr.js # admin/javascript/lang/src/sr@latin.js # admin/javascript/lang/src/sr_RS.js # admin/javascript/lang/src/sr_RS@latin.js # admin/javascript/lang/src/sv.js # admin/javascript/lang/src/zh.js # javascript/lang/fr.js # javascript/lang/src/ar.js # javascript/lang/src/cs.js # javascript/lang/src/de.js # javascript/lang/src/en.js # javascript/lang/src/eo.js # javascript/lang/src/es.js # javascript/lang/src/fi.js # javascript/lang/src/fr.js # javascript/lang/src/id.js # javascript/lang/src/id_ID.js # javascript/lang/src/it.js # javascript/lang/src/ja.js # javascript/lang/src/lt.js # javascript/lang/src/mi.js # javascript/lang/src/nb.js # javascript/lang/src/nl.js # javascript/lang/src/pl.js # javascript/lang/src/ru.js # javascript/lang/src/sk.js # javascript/lang/src/sl.js # javascript/lang/src/sr.js # javascript/lang/src/sr@latin.js # javascript/lang/src/sr_RS.js # javascript/lang/src/sr_RS@latin.js # javascript/lang/src/sv.js # javascript/lang/src/zh.js # lang/it.yml	2016-05-11 14:06:23 +12:00
Daniel Hensby	d1751e3310	Merge remote-tracking branch '3.2.4' into 3.3.2	2016-05-05 12:33:21 +01:00
Daniel Hensby	cf29b2c146	Merge remote-tracking branch '3.1.19' into 3.2.4	2016-05-05 11:17:45 +01:00
Daniel Hensby	92599727b9	Merge remote-tracking branch 'security/patch/3.1/ss-2016-006' into 3.1.19	2016-05-05 01:01:49 +01:00
Daniel Hensby	7af7f8dd65	Merge remote-tracking branch 'security/patch/3.1/ss-2016-005' into 3.1.19	2016-05-05 01:01:44 +01:00
Daniel Hensby	457931d664	Merge branch '3.3' into 3	2016-05-04 23:32:10 +01:00
Damian Mooyman	2a5ba397e6	BUG Fix SS_HTTPResponse being cast as string (#5413 ) Fixes #5335	2016-05-02 08:54:19 +12:00
Daniel Hensby	1ccd3926e3	[SS-2016-001] FIX Properly check backurl on CMSSecurity@success	2016-04-20 23:58:50 +01:00
Daniel Hensby	a6bd22ab2f	[SS-2016-006] FIX dont disable XSS for login forms	2016-04-20 23:57:59 +01:00
Daniel Hensby	f32c893546	[SS-2016-005] FIX Apply brute force protection to default admin	2016-04-19 23:20:29 +01:00
Damian Mooyman	e1865151c5	Merge pull request #5098 from bummzack/5086-fix-member-validator Fix for issue #5086	2016-02-26 14:39:53 +13:00
Roman Schmid	f691a5da32	Improve `Member_Validator` to: - properly check for existing members. - allow extensions. - remove old code and replace with new syntax and add config API. Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides. Added unit-tests. Establish a link between the member and the validator for said member.	2016-02-25 16:10:52 +01:00
Damian Mooyman	8c1cafd1a0	Merge remote-tracking branch 'origin/3.3' into 3 # Conflicts: # admin/scss/_forms.scss # admin/scss/_style.scss # admin/scss/_tree.scss # javascript/TreeDropdownField.js	2016-01-19 17:08:26 +13:00
Damian Mooyman	5d240feaec	Merge remote-tracking branch 'origin/3.2' into 3.3	2016-01-19 15:08:24 +13:00
Damian Mooyman	46cbe809ac	Merge remote-tracking branch 'origin/3.1' into 3.2 # Conflicts: # docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md # docs/en/02_Developer_Guides/14_Files/01_Image.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md # docs/en/03_Upgrading/index.md # docs/en/05_Contributing/01_Code.md # forms/TreeMultiselectField.php # security/Permission.php	2016-01-19 14:00:19 +13:00
Denise Rivera	7e32268ede	display filtered roles when not an admin	2016-01-11 13:05:10 +13:00
Sam Minnee	3ee8f505b7	MINORE: Remove training whitespace. The main benefit of this is so that authors who make use of .editorconfig don't end up with whitespace changes in their PRs. Spaces vs. tabs has been left alone, although that could do with a tidy-up in SS4 after the switch to PSR-1/2. The command used was this: for match in '.ss' '.css' '.scss' '.html' '.yml' '.php' '.js' '.csv' '.inc' '.php5'; do find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+ find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" \| xargs perl -pi -e 's/ +$//' done	2016-01-07 10:15:54 +13:00
Damian Mooyman	21e1e938eb	Merge pull request #4893 from dhensby/pulls/member-regenerate-session-id FIX session_regenerate_id uses config system	2016-01-06 15:16:31 +13:00
Daniel Hensby	00544ff100	FIX session_regenerate_id uses config system	2016-01-05 22:31:58 +00:00
Daniel Hensby	4335d8ed22	FIX Members with no ID inherit logged in user permission	2016-01-05 08:16:18 +00:00
Damian Mooyman	19b10044ec	Merge remote-tracking branch 'origin/3.2' into 3	2015-12-22 17:05:07 +13:00
Damian Mooyman	6ac83f02c9	Merge pull request #4819 from SilverStripers/3 parse the string to be converted to group codes.	2015-12-22 16:53:31 +13:00
Damian Mooyman	48a30909f3	Merge remote-tracking branch 'origin/3.2' into 3 # Conflicts: # admin/javascript/LeftAndMain.BatchActions.js # css/UploadField.css # forms/HtmlEditorField.php	2015-12-22 14:07:52 +13:00
Mateusz Uzdowski	5a21b2fb15	BUG Guard against users being added to all groups on unsaved Group. If ->Members()->add() is called on an unsaved group (with ID 0), the collateFamilyIDs() will errorneously return all root Groups thinking it's looking for Groups with ParentID=0. As a result, the Member will be added to all root groups, instead of just the selected group and all its children.	2015-12-11 14:51:51 +13:00
Damian Mooyman	38e154af0a	API Disable get parameter access to site stage mode BUG Fix missing and undocumented response from Security::permissionFailure()	2015-12-07 17:39:18 +13:00
Nivanka Fonseka	411f168f00	parse the string to be converted to group codes. Two fixes. 1. parse the group code by using Convert::raw2url() as it creates duplicate records if the group code is given in upper case letters, spaces etc. 2. assigning to the $_cache_groupByCode has to be really done in the if condition rather than out of it.	2015-12-02 10:01:25 +05:30
Novusvetus	6266f909e0	API Increased Permission.Code db field to 255 characters	2015-11-27 13:54:37 +13:00
Damian Mooyman	94742fa3e2	BUG Revert method visibility regression	2015-11-27 13:10:52 +13:00
Manuel Teuber	666ce26929	FIX: Permission::checkMember() use of undefined variable $codes	2015-10-07 16:02:36 +13:00
Manuel Teuber	5224fc460c	FIX: Permission::checkMember() use of undefined variable $codes	2015-09-29 23:49:29 +02:00
Damian Mooyman	71b8aec306	Merge remote-tracking branch 'origin/3.2' into 3	2015-09-15 13:35:51 +12:00
Damian Mooyman	c4710b2272	Merge remote-tracking branch 'origin/3.1' into 3.2 Conflicts: admin/code/GroupImportForm.php admin/code/MemberImportForm.php tests/model/DataListTest.php	2015-09-15 13:18:47 +12:00
Damian Mooyman	7e76f769b1	Merge pull request #4600 from patricknelson/issue-4597-gridfieldconfig-injector FIX for #4597: Ensuring GridFieldConfig_RelationEditor is instantiated via Injector, not via "new" keyword.	2015-09-14 10:14:05 +12:00
Patrick Nelson	5cc0878dc1	FIX for #4597 : Ensuring GridFieldConfig_RelationEditor is instantiated via Injector, not via "new" keyword.	2015-09-11 17:57:13 -04:00
Damian Mooyman	7367cf54c4	[ss-2015-020]: Prevent possible Privilege escalation	2015-09-10 13:01:24 +12:00
Damian Mooyman	f10785350e	Merge remote-tracking branch 'origin/3.2' into 3 Conflicts: docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md	2015-09-09 14:50:47 +12:00
Damian Mooyman	309ac0d196	Merge remote-tracking branch 'origin/3.1' into 3.2 Conflicts: .travis.yml admin/code/CMSProfileController.php admin/tests/LeftAndMainTest.php control/HTTP.php security/Permission.php tests/forms/FormTest.php tests/model/ArrayListTest.php tests/security/PermissionTest.php	2015-09-09 14:35:29 +12:00
Sam Minnée	f4b7cd3f68	Merge pull request #4500 from stevie-mayhew/pulls/get-response FEATURE: implement getter and setter usage for response	2015-08-29 15:35:55 +12:00
Stevie Mayhew	1b57e0ca5b	FEATURE: implement getter and setter usage for response	2015-08-29 10:24:06 +12:00
Daniel Hensby	2d4b743090	FIX Members can access their own profiles in CMS	2015-08-26 15:47:51 +01:00
Damian Mooyman	4a011303b9	Add missing packages	2015-08-24 16:15:38 +12:00

1 2 3 4 5 ...

1094 Commits