Damian Mooyman
2a5ba397e6
BUG Fix SS_HTTPResponse being cast as string ( #5413 )
...
Fixes #5335
2016-05-02 08:54:19 +12:00
Damian Mooyman
38e154af0a
API Disable get parameter access to site stage mode
...
BUG Fix missing and undocumented response from Security::permissionFailure()
2015-12-07 17:39:18 +13:00
Damian Mooyman
71b8aec306
Merge remote-tracking branch 'origin/3.2' into 3
2015-09-15 13:35:51 +12:00
Damian Mooyman
c4710b2272
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
admin/code/GroupImportForm.php
admin/code/MemberImportForm.php
tests/model/DataListTest.php
2015-09-15 13:18:47 +12:00
Damian Mooyman
7367cf54c4
[ss-2015-020]: Prevent possible Privilege escalation
2015-09-10 13:01:24 +12:00
Stevie Mayhew
1b57e0ca5b
FEATURE: implement getter and setter usage for response
2015-08-29 10:24:06 +12:00
Phill Price
b2024107a9
DOCS: Typo in a block
2015-06-24 11:57:12 +01:00
Damian Mooyman
e14f743bf0
Set deprecation level for all changes in 3.x to 4.0
2015-06-19 13:07:41 +12:00
Stevie Mayhew
0d94cf15a5
UPDATE: change all instances of $this->request to use appropriate getter/setter
2015-04-30 11:04:08 +12:00
Daniel Hensby
c2fd18e829
FIX use config for Security::$login_url
2015-04-23 17:20:07 +01:00
Damian Mooyman
95c162ef0d
API Security better respects BackURL on login
...
BUG Restore missing authentication message not appearing in the login form $Content area (regression from #1807 )
2015-03-31 20:22:35 +13:00
Damian Mooyman
43f49e8434
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
admin/code/ModelAdmin.php
control/Director.php
model/SQLQuery.php
security/Member.php
tests/control/HTTPTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Daniel Hensby
de2aa47250
Merge pull request #4006 from kinglozzer/patch-1
...
FIX: Security::$default_message_set Config value unusable
2015-03-17 17:05:01 +00:00
Loz Calver
a61c08d031
FIX: Security::$default_message_set Config value unusable
2015-03-17 15:51:31 +00:00
Damian Mooyman
6baf63e18c
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
dev/install/install.php5
docs/en/changelogs/index.md
security/Security.php
2014-11-19 11:16:46 +13:00
Damian Mooyman
ce93a8a98e
Resolve merge regressions
2014-11-19 11:05:07 +13:00
Damian Mooyman
2bdfd65e9b
BUG Security::findAnAdministrator doesn't always find an admin
2014-11-18 15:36:34 +13:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
53c40a94fa
API Enable re-authentication within the CMS if a user session is lost
...
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
2014-10-14 15:19:48 +13:00
Will Rossiter
4b6a03bb0b
Fix deprecation warning with word_list
2014-08-31 15:59:16 +12:00
Damian Mooyman
eb069e605d
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Damian Mooyman
0433ba1642
BUG Revert some changes to ManyManyList
...
BUG Fix incompatibility in Member_GroupList
Fix regressions in merges from 3.1
BUG Fix Security failing on test classes
BUG Fix postgresql compatibility
Clarify sql encoding of table names
2014-07-23 12:38:41 +12:00
Damian Mooyman
d8e9af8af8
API New Database abstraction layer. Ticket #7429
...
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
982ad569b9
Merge remote-tracking branch 'origin/3.1'
2014-04-22 12:09:51 +12:00
Damian Mooyman
997077ae83
API Security.remember_username to disable login form autocompletion
2014-04-11 09:05:25 +12:00
Daniel Hensby
ab52b677aa
FIX Log out current member when forgotten password
...
At the moment, if a user is logged in on a device (say, their phone) but has forgotten their password.
If they attempt to reset their password on their desktop, then open the email on their phone they then see the reset password form *with* the CurrentPassword field. I'm not entirely sure what happens if a DIFFERENT user is currently logged in, but I think they remain logged in and you're effectively trying to change their password.
Both scenarios are not ideal and (in fact) this happens a lot in the real world as it's a legitimate complaint we're receiving from a visitors of one of our client's websites.
2014-02-28 14:27:45 +00:00
micmania1
229bea399b
added logout url to Security and deprecated Security::set_login_url in favour of config
2013-12-20 21:55:54 +00:00
Ingo Schommer
f29d51f433
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
docs/en/reference/dataobject.md
lang/es.yml
2013-12-19 20:23:09 +01:00
Ingo Schommer
23371b01aa
"lost password" translation master ( fixes #2725 )
2013-12-19 20:00:59 +01:00
Andrew Short
bedf292612
Merge branch '3.1'
...
Conflicts:
docs/en/reference/execution-pipeline.md
lang/nl.yml
2013-11-11 18:18:25 +11:00
Mateusz Uzdowski
1a39f61598
BUG Fix the password reset message to be shown consistently.
...
If we detect any of the password reset GET params, it's safe to assume
that someone intended a password reset, regardless of other conditions.
2013-10-25 09:29:21 +13:00
Ingo Schommer
455e550d9a
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
docs/en/topics/testing/create-silverstripe-test.md
forms/Form.php
i18n/i18n.php
model/Image.php
2013-09-27 19:22:14 +02:00
Sean Harvey
e43ca931d6
Merge pull request #2343 from chillu/pulls/security-404
...
Returning 404 on /Security, instead of Controller.ss template
2013-09-05 18:56:23 -07:00
Ingo Schommer
a4c6ae3e90
Merge remote-tracking branch 'origin/3.1'
2013-08-22 13:56:33 +02:00
Simon Welsh
151baeede1
Correct line length and indentation
2013-08-21 18:54:05 +12:00
Ingo Schommer
18ae4c5db6
Returning 404 on /Security, instead of Controller.ss template
...
We shouldn't expose unsolicited content on public URLs,
mainly because it impacts SEO.
2013-08-20 21:12:55 +02:00
Ingo Schommer
2a35f2f928
Merge remote-tracking branch 'origin/3.1'
2013-08-07 17:34:11 +02:00
Julian Seidenberg
17e0432252
BUG adding a more descriptive message when the CMS session times out. It used to say "Forbidden", now it says "Not logged in".
2013-08-06 17:27:37 +12:00
Hamish Friedlander
0a79ac3592
Merge branch 'origin/3.1'
...
Conflicts:
templates/forms/CheckboxSetField.ss
templates/forms/FormField_holder.ss
templates/forms/OptionsetField.ss
2013-07-19 16:25:38 +12:00
Ingo Schommer
d4a1e6d294
BUG Prevent clickjacking in CMS and Security controllers ( fixes #2215 )
2013-07-14 22:44:09 +02:00
Simon Welsh
fbce9fd7cd
Merge branch '3.1'
...
Conflicts:
.travis.yml
docs/en/misc/contributing/code.md
javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Simon Welsh
1d5ac5876b
Only redirect on logout if we're not already redirecting
2013-06-27 09:49:10 +12:00
Sam Minnée
5d76048275
Merge pull request #1780 from hdrlab/patch-4
...
Disable ID based partial caching for all security actions
2013-05-24 23:53:04 -07:00
Sam Minnee
d97ca43cd0
Merge branch '3.1'
...
Conflicts:
README.md
dev/install/install.php5
forms/ConfirmedPasswordField.php
tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Sean Harvey
15f7c884f8
Merge pull request #1756 from halkyon/permission_denied_hook
...
BUG Security::permissionFailure() fixing permissionDenied hook inconsistency
2013-05-13 02:15:58 -07:00
Will Morgan
17e31fc609
Merge pull request #1 from silverstripe/master
...
Syncing back because I suck at Git
2013-05-08 03:45:51 -07:00
Josua2012
59be4a3be0
Allow custom ChangePasswordForm form
...
With this modification we can use Object::useCustomClass() to create a
custom ChangePasswordForm form:
Object::useCustomClass('ChangePasswordForm',
'CustomChangePasswordForm');
2013-05-08 09:39:39 +02:00
Will Morgan
8f6451612b
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-28 09:58:42 +12:00
Will Morgan
0de8a8a304
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-27 13:29:13 +02:00
Will Morgan
c61f050757
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-27 13:22:00 +02:00