Damian Mooyman
4ca5237185
Merge pull request #4321 from dhensby/pulls/formfield-docs
...
DOCS Fixing docs (and bad API usage)
2015-07-30 15:29:28 +12:00
Loz Calver
b7480b92a9
FIX: Hide 'Logged Passwords' tab in member CMS fields ( fixes #4422 )
2015-07-22 14:40:09 +01:00
Daniel Hensby
79c4f63855
DOCS Fixing docs (and bad API usage)
2015-07-20 16:42:33 +01:00
Daniel Hensby
ca8d0f2818
Merge branch '3.1' into 3.2
...
Conflicts:
dev/Debug.php
docs/en/05_Contributing/01_Code.md
forms/FormField.php
i18n/i18nTextCollector.php
model/DataQuery.php
2015-07-20 10:48:01 +01:00
Damian Mooyman
6fabd0122b
BUG Fix potential XSS injection
2015-07-01 17:41:32 +12:00
Sean Harvey
fd755a7ff9
BUG ChangePasswordForm validation message should render HTML correctly.
...
HTML shows up in the form message escaped, but it shouldn't be.
2015-07-01 17:41:32 +12:00
Daniel Hensby
3507ddb0e8
FIX MemberPassword history removed with with Members
...
Currently Members that were deleted would still have their passwords
stored in the DB even though they were deleted. This seems unnecessary
and just increases data that could potentially be compromised later.
2015-06-24 21:04:23 +01:00
Phill Price
b2024107a9
DOCS: Typo in a block
2015-06-24 11:57:12 +01:00
Damian Mooyman
e14f743bf0
Set deprecation level for all changes in 3.x to 4.0
2015-06-19 13:07:41 +12:00
Damian Mooyman
55170a0b74
API make DataObject::validate public
2015-06-17 15:51:30 +12:00
Damian Mooyman
0103b076c3
Merge remote-tracking branch 'origin/3'
...
Conflicts:
forms/Form.php
model/ManyManyList.php
2015-06-17 15:41:13 +12:00
Damian Mooyman
58cc3da8d8
API Revert DataObject::validate to 3.1 method signature (protected)
2015-06-16 11:59:21 +12:00
Damian Mooyman
e9d4863828
API Formalise new additional arguments to DataObject::canCreate, DataExtension::augmentSQL, and DataObject::extendedCan
2015-06-09 11:31:34 +12:00
Damian Mooyman
786b1dd5d4
Merge remote-tracking branch 'origin/3'
...
Conflicts:
control/HTTPRequest.php
filesystem/Upload.php
model/ManyManyList.php
2015-06-09 11:10:14 +12:00
Damian Mooyman
8331171f2c
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
.scrutinizer.yml
admin/javascript/LeftAndMain.Panel.js
core/startup/ParameterConfirmationToken.php
dev/Debug.php
dev/FixtureBlueprint.php
docs/en/00_Getting_Started/05_Coding_Conventions.md
docs/en/00_Getting_Started/index.md
docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
filesystem/File.php
filesystem/Folder.php
forms/FieldList.php
forms/LabelField.php
forms/MoneyField.php
forms/TextField.php
forms/TreeDropdownField.php
forms/Validator.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldExportButton.php
lang/de.yml
lang/fi.yml
model/DataObject.php
model/SQLQuery.php
parsers/ShortcodeParser.php
security/ChangePasswordForm.php
security/Security.php
tests/control/DirectorTest.php
tests/core/startup/ParameterConfirmationTokenTest.php
tests/dev/FixtureBlueprintTest.php
tests/forms/FieldListTest.php
tests/forms/MoneyFieldTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
22a35e48a9
BUG Fix malformed urls redirecting to external sites
2015-05-28 10:12:18 +12:00
Damian Mooyman
cd1eb1b484
Merge remote-tracking branch 'origin/3'
...
Conflicts:
admin/tests/CMSFormTest.php
2015-05-19 09:19:47 +12:00
Stevie Mayhew
0d94cf15a5
UPDATE: change all instances of $this->request to use appropriate getter/setter
2015-04-30 11:04:08 +12:00
Daniel Hensby
c2fd18e829
FIX use config for Security::$login_url
2015-04-23 17:20:07 +01:00
Ingo Schommer
72a284c9b8
Merge remote-tracking branch 'origin/3'
...
Conflicts:
core/Constants.php
docs/en/05_Contributing/01_Code.md
tests/model/SQLQueryTest.php
2015-04-09 16:26:16 +12:00
Damian Mooyman
95c162ef0d
API Security better respects BackURL on login
...
BUG Restore missing authentication message not appearing in the login form $Content area (regression from #1807 )
2015-03-31 20:22:35 +13:00
Damian Mooyman
43f49e8434
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
admin/code/ModelAdmin.php
control/Director.php
model/SQLQuery.php
security/Member.php
tests/control/HTTPTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Damian Mooyman
8d6cd1529f
BUG Fix some database errors during dev/build where an auth token exists for the current user
...
Fixes #3660
2015-03-25 11:34:13 +13:00
Damian Mooyman
a775a44387
Merge pull request #4016 from guru-digital/REDIRECT_fix
...
HTTP basic auth fix
2015-03-19 14:55:20 +13:00
Daniel Hensby
de2aa47250
Merge pull request #4006 from kinglozzer/patch-1
...
FIX: Security::$default_message_set Config value unusable
2015-03-17 17:05:01 +00:00
Loz Calver
a61c08d031
FIX: Security::$default_message_set Config value unusable
2015-03-17 15:51:31 +00:00
Corey Sewell
46e61b3448
Check both $_SERVER['HTTP_AUTHORIZATION'] and $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] for HTTP Basic authentication headers
2015-03-17 14:15:54 +13:00
Loz Calver
c58f4c469d
Replace core uses of DataObject::has_one/has_many/many_many
2015-03-13 16:16:12 +00:00
Damian Mooyman
319b96b48b
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
docs/en/05_Contributing/01_Code.md
forms/TreeDropdownField.php
model/DataObject.php
security/Member.php
tests/model/DataObjectTest.php
2015-03-11 11:40:06 +13:00
Daniel Hensby
d2a3da2203
Making docs gender agnostic
2015-03-07 12:32:04 +00:00
Damian Mooyman
a86ed93759
Merge remote-tracking branch 'origin/3'
...
Conflicts:
docs/en/05_Contributing/01_Code.md
2015-02-20 14:09:38 +13:00
Damian Mooyman
dff65867cc
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
control/HTTP.php
control/HTTPResponse.php
docs/en/05_Contributing/01_Code.md
forms/CompositeField.php
forms/FormAction.php
forms/FormField.php
forms/InlineFormAction.php
forms/NumericField.php
forms/TreeDropdownField.php
forms/TreeMultiselectField.php
templates/forms/TreeDropdownField.ss
tests/core/CoreTest.php
tests/forms/NumericFieldTest.php
tests/model/DataDifferencerTest.php
2015-02-20 10:17:19 +13:00
Damian Mooyman
49c462710d
Merge pull request #3795 from uniun/patch-2
...
FIX. Summary fields can't be translated
2015-02-16 15:55:29 +13:00
Daniel Hensby
89c14d079d
Making TreeMultiSelectField consistent with parent class
...
NEW TreeDropdownField sanatiser helper added
Use config for default_cast of objects
FIX Determine if Diffed value should be escaped
Forcing casting for core DB fields
Fixing permissions labels
2015-02-13 11:12:30 +13:00
Cameron Bourgeois
88ac537e96
Change date format to set AutoLoginExpired correctly
2015-02-08 19:49:54 +13:00
Damian Mooyman
58cb0af753
Merge remote-tracking branch 'origin/3'
...
Conflicts:
composer.json
docs/en/00_Getting_Started/00_Server_Requirements.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_IIS7.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_Platform_Installer.md
docs/en/00_Getting_Started/04_Directory_Structure.md
docs/en/01_Tutorials/01_Building_A_Basic_Site.md
docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
docs/en/01_Tutorials/03_Forms.md
docs/en/01_Tutorials/04_Site_Search.md
docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
docs/en/01_Tutorials/index.md
docs/en/02_Developer_Guides/00_Model/01_Data_Model_and_ORM.md
docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md
docs/en/02_Developer_Guides/01_Templates/06_Themes.md
docs/en/02_Developer_Guides/03_Forms/How_Tos/Simple_Contact_Form.md
docs/en/02_Developer_Guides/05_Extending/05_Injector.md
docs/en/02_Developer_Guides/14_Files/index.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/03_CMS_Layout.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Tree.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_Site_Reports.md
docs/en/02_Developer_Guides/18_Cookies_And_Sessions/01_Cookies.md
docs/en/04_Changelogs/3.1.9.md
docs/en/05_Contributing/00_Issues_and_Bugs.md
docs/en/05_Contributing/02_Release_Process.md
docs/en/05_Contributing/03_Documentation.md
2015-01-16 10:08:40 +13:00
Elvinas L.
32ce85d9f4
FIX. Summary fields can't be translated
...
fieldLabels() now can find these fields and translate them.
2015-01-15 15:09:32 +02:00
Damian Mooyman
88fdc75456
Merge remote-tracking branch 'composer/3.1' into 3
...
Conflicts:
.editorconfig
docs/en/00_Getting_Started/00_Server_Requirements.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_IIS7.md
docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_Platform_Installer.md
docs/en/00_Getting_Started/04_Directory_Structure.md
docs/en/00_Getting_Started/index.md
docs/en/01_Tutorials/01_Building_A_Basic_Site.md
docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
docs/en/01_Tutorials/03_Forms.md
docs/en/01_Tutorials/04_Site_Search.md
docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
docs/en/01_Tutorials/index.md
docs/en/02_Developer_Guides/00_Model/01_Data_Model_and_ORM.md
docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md
docs/en/02_Developer_Guides/01_Templates/06_Themes.md
docs/en/02_Developer_Guides/03_Forms/How_Tos/Simple_Contact_Form.md
docs/en/02_Developer_Guides/05_Extending/05_Injector.md
docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
docs/en/02_Developer_Guides/10_Email/index.md
docs/en/02_Developer_Guides/11_Integration/01_RestfulService.md
docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
docs/en/02_Developer_Guides/14_Files/index.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/03_CMS_Layout.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Tree.md
docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_Site_Reports.md
docs/en/02_Developer_Guides/18_Cookies_And_Sessions/01_Cookies.md
docs/en/04_Changelogs/3.1.9.md
docs/en/05_Contributing/00_Issues_and_Bugs.md
docs/en/05_Contributing/02_Release_Process.md
docs/en/05_Contributing/03_Documentation.md
filesystem/File.php
filesystem/GD.php
model/DataDifferencer.php
model/Versioned.php
security/BasicAuth.php
security/Member.php
tests/filesystem/FileTest.php
tests/forms/uploadfield/UploadFieldTest.php
tests/model/VersionedTest.php
tests/security/BasicAuthTest.php
2015-01-15 18:52:46 +13:00
Will Rossiter
220bdf342c
Merge pull request #3577 from tractorcow/pulls/3.1/fix-basicauth-resetlogin
...
BUG Fix BasicAuth not resetting failed login counts on authentication
2015-01-15 11:03:52 +13:00
Daniel Hensby
b2ace2b76c
Merge pull request #3689 from guru-digital/patch-2
...
Add ability to use Basic Auth when running PHP in CGI mode in Apache
2014-12-08 18:39:42 +00:00
Corey Sewell
fbebf96d66
Add detection for PHP running in CGI mode and add HTTP_AUTHORIZATION rewrite rule
...
Detect and parse HTTP_AUTHORIZATION for basic authentication running PHP in CGI mode
Add comments about using CGI mode with Apache and Basic Auth in /docs/en/topics/environment-management.md
Added notes to docs/en/changelogs/3.1.9.md
2014-12-05 11:35:52 +13:00
Damian Mooyman
19549d620f
Moved deprecation of SQLQuery to 4.0
2014-12-04 09:30:50 +13:00
JorisDebonnet
1cd54e6bdc
Update Member.Email from 256 to 254 length
...
Fixes #3074
2014-11-29 22:30:11 +01:00
Damian Mooyman
31b5a9dc86
API Allow CMS re-authentication to be completely disabled if necessary
2014-11-21 17:43:53 +13:00
Damian Mooyman
6baf63e18c
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
dev/install/install.php5
docs/en/changelogs/index.md
security/Security.php
2014-11-19 11:16:46 +13:00
Damian Mooyman
ce93a8a98e
Resolve merge regressions
2014-11-19 11:05:07 +13:00
Damian Mooyman
2bdfd65e9b
BUG Security::findAnAdministrator doesn't always find an admin
2014-11-18 15:36:34 +13:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
9d78eb7fe6
BUG Fix BasicAuth not resetting failed login counts on authentication
2014-10-24 14:19:12 +13:00
Damian Mooyman
53c40a94fa
API Enable re-authentication within the CMS if a user session is lost
...
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
2014-10-14 15:19:48 +13:00
Daniel Hensby
3b9056fc01
NEW Cookie_Backend for managing cookie state
...
I've decoupled `Cookie` from the actual act of setting and getting
cookies. Currently there are a few limitations to how Cookie works that
this change mitigates:
0. `Cookie` currently changes the super global `$_COOKIE` when setting
to make the state of an application a bit more managable, but this is
bad because we shouldn't be modifying super globals
0. One can't actually change the `$cookie_class` once the
`Cookie::$inst` has been instantiated
0. One can't test cookies as there is no class that holds the state of
the cookies (it's just held in the super global which is reset as part
of `Director::test()`
0. One can't tell the origin of a cookie (eg: did the application set it
and it needs to be sent, or did we receive it from the browser?)
0. `time()` was used, so testing was made difficult
0. There was no way to get all the cookies at once (without accessing
the super global)
Todos are on the phpdoc and I'd like to write some tests for the backend
as well as update the docs (if there are any) around cookies.
DOCS Adding `Cookie` docs
Explains basic usage of `Cookie` as well as how the `Cookie_Backend`
controls the setting and getting of cookies and manages state of sent vs
received cookies
Fixing `Cookie` usage
`Cookie` is being used inconsistently with the API throughout framework.
Either by not using `force_expiry` to expire cookies or setting them to
null and then expiring them (which is redundant).
NEW `Director::test()` takes `Cookie_Backend` rather than `array` for `$cookies` param
2014-10-06 17:44:51 +13:00
Will Rossiter
61ec808604
Set $lock_out_after_incorrect_logins out of the box
2014-09-26 10:49:53 +12:00
Will Rossiter
4b6a03bb0b
Fix deprecation warning with word_list
2014-08-31 15:59:16 +12:00
Damian Mooyman
e301279358
Merge pull request #3425 from halkyon/removing_deprecated2
...
Removing deprecated class/functions marked for deprecation in 3.0/3.1
2014-08-26 09:13:08 +12:00
Ingo Schommer
e56ad9b37c
Don't clear BackURL after MemberAuthenticator::authenticate()
...
It breaks logic flow, e.g. when
Its called by BasicAuth:requireLogin() when basic auth is enabled,
before any controller logic kicks in (on every HTTP request).
This means you can't use session-based BackURLs with basic auth enabled,
breaking flows like redirection after Facebook logins.
I can't see why a clear() was necessary here, looks like a overly
cautious way to prevent infinite loops? Can't see how those
would be caused by requireLogin() though.
Been there since all the way back in 2007: a377a67e54
2014-08-25 23:12:52 +12:00
Sean Harvey
07eef2ece2
Removing deprecated class/functions marked for deprecation in 3.0/3.1
2014-08-25 12:06:05 +12:00
Sean Harvey
0e07f1a7f5
Merge remote-tracking branch 'origin/3.0' into 3.1
2014-08-22 17:50:36 +12:00
Ingo Schommer
1661213e5b
FIX Opt-out pf form message escaping ( fixes #2796 )
...
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/ .
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.
We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803 .
2014-08-22 16:59:34 +12:00
Damian Mooyman
eb069e605d
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Sean Harvey
404478b07f
Removing @deprecated 3.1 functionality and classes.
...
Changelog has been updated to include what was removed in terms of
major functionality, and what to use as a replacement.
2014-08-18 16:00:13 +12:00
Damian Mooyman
0433ba1642
BUG Revert some changes to ManyManyList
...
BUG Fix incompatibility in Member_GroupList
Fix regressions in merges from 3.1
BUG Fix Security failing on test classes
BUG Fix postgresql compatibility
Clarify sql encoding of table names
2014-07-23 12:38:41 +12:00
Damian Mooyman
d8e9af8af8
API New Database abstraction layer. Ticket #7429
...
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Ingo Schommer
58445245d9
Conditionally reset MemberLoginForm.force_message
...
Avoid starting a session just because the login form is rendered,
which adds overhead to requests and makes them harder to cache.
2014-06-03 23:21:57 +12:00
Damian Mooyman
e9c3ff933f
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
composer.json
2014-05-06 10:22:09 +12:00
Tim Snadden
afad65ee71
Fix 'Uncaught ReferenceError: jQuery is not defined' if jQuery is not included in template.
2014-04-30 09:30:22 +12:00
Damian Mooyman
982ad569b9
Merge remote-tracking branch 'origin/3.1'
2014-04-22 12:09:51 +12:00
Mateusz U
36d925543b
Merge pull request #3020 from tractorcow/pulls/3.1-autocomplete-username
...
API Security.remember_username to disable login form autocompletion
2014-04-11 09:17:27 +12:00
Damian Mooyman
997077ae83
API Security.remember_username to disable login form autocompletion
2014-04-11 09:05:25 +12:00
Ingo Schommer
be12656bd9
Returning response from doChangePassword()
2014-04-10 17:21:56 +12:00
Ingo Schommer
f737922cdf
Prevent IE errors on hidden login forms
...
In order to focus a field, it needs to be visible,
which can't be guaranteed on a core level by the login form JavaScript.
Optionally check for visibility via jQuery if it exists,
and allow explicit disabling of this behaviour via a unique identifier.
2014-04-08 11:28:54 +12:00
Simon Welsh
3e57cc069e
Merge pull request #2907 from dhensby/patch-1
...
FIX Log out current member when forgotten password
2014-03-15 21:42:41 +13:00
Simon Welsh
18661005ee
Corrects merge errors.
...
Closes #2937
2014-03-11 07:04:24 +13:00
Simon Welsh
d431e98ecf
Merge branch '3.1'
...
Conflicts:
forms/Form.php
forms/FormField.php
security/Member.php
security/MemberLoginForm.php
2014-03-10 22:58:49 +13:00
Damian Mooyman
1cc366fe23
Merge pull request #2850 from kinglozzer/2827-member-extend
...
FIX: Rewrite Member getCMSFields to ensure updateCMSFields is only run once (fixes #2827 )
2014-03-04 13:42:17 +13:00
Ingo Schommer
c047a7b990
Reset FailedLoginCount on successful password reset
2014-03-03 17:47:16 +13:00
Daniel Hensby
ab52b677aa
FIX Log out current member when forgotten password
...
At the moment, if a user is logged in on a device (say, their phone) but has forgotten their password.
If they attempt to reset their password on their desktop, then open the email on their phone they then see the reset password form *with* the CurrentPassword field. I'm not entirely sure what happens if a DIFFERENT user is currently logged in, but I think they remain logged in and you're effectively trying to change their password.
Both scenarios are not ideal and (in fact) this happens a lot in the real world as it's a legitimate complaint we're receiving from a visitors of one of our client's websites.
2014-02-28 14:27:45 +00:00
Ingo Schommer
9afcf8f01a
Allow vetoing forgot password requests
2014-02-25 13:05:32 +13:00
Loz Calver
d91c7d14b8
FIX: Rewrite Member getCMSFields to ensure updateCMSFields is only run once ( fixes #2827 )
...
Fix usage of inside closure
Can't use self:: in closure either
Basic unit tests to check extensions are applied correctly
2014-02-16 21:21:15 +00:00
Ingo Schommer
6906c9bd1a
API Removed auto-detection for i18n date/time formats
...
Default to "yyyy-MM-dd" for date format, and "H:mm" for time_format.
Switched to config API for setting/getting values.
Avoid using "MMM" in particular, since it causes
inconsistencies in month names between jQuery UI and Zend_Locale_Format.
Fixes https://github.com/silverstripe/silverstripe-cms/issues/544
2014-02-16 23:57:49 +13:00
Ingo Schommer
4af9143d3b
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
docs/en/misc/contributing/code.md
2014-02-07 16:43:22 +13:00
Kirk Mayo
632884252b
NEW: Updating out of date URLs in the framework source code and docs
2014-02-07 15:10:44 +13:00
Ingo Schommer
bb9f84afd5
Merge pull request #2806 from tractorcow/pulls/bug-member-locale
...
BUG Default Member.Locale now chooses a better default value when i18n.locale is not a valid translation
2014-02-03 17:03:48 -08:00
Ingo Schommer
0d7e9a9692
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
_config/routes.yml
docs/en/topics/datamodel.md
forms/DropdownField.php
2014-02-04 08:19:04 +13:00
Ingo Schommer
124886a7f9
Merge pull request #2799 from yearofthegus/document-magic-members
...
Documented magic properties of DataObject
2014-01-30 18:26:23 -08:00
Ingo Schommer
ab070944d5
Merge branch 'pulls/apidocs-package-list' of https://github.com/madmatt/silverstripe-framework into madmatt-pulls/apidocs-package-list
...
Conflicts:
view/SSTemplateParser.php
view/SSTemplateParser.php.inc
2014-01-31 15:15:59 +13:00
Damian Mooyman
293c672fa7
BUG Default Member.Locale now chooses a better default value when i18n.locale is not a valid translation
...
This will resolve issues in cases where the site locale may be assigned a value that does not have an explicit translation. E.g. if the locale is en_NZ (and it's appropriate for this to be the assigned locale), Afrikaans will no longer be the default selected locale when creating members. Now en_US is chosen as a better fallback default.
This is a minor ease of use fix that means fewer CMS users can be accidentally created in Afrikaans within NZ based sites.
Test cases included.
2014-01-30 15:55:14 +13:00
Gus King
5797efa263
Documented magic properties of DataObject
2014-01-26 00:11:32 -05:00
Will Rossiter
13bd4e96b1
Correct PHPDoc for Member::currentUser. ( Fixes #2750 )
2014-01-12 16:08:31 +13:00
micmania1
229bea399b
added logout url to Security and deprecated Security::set_login_url in favour of config
2013-12-20 21:55:54 +00:00
Ingo Schommer
7591e43ab9
Merge remote-tracking branch 'origin/3.1'
2013-12-19 23:33:58 +01:00
Ingo Schommer
627e3cdf11
Revert entity name change
...
Partially reverts b0f38f4990
which broke unit tests relying on the old entity name
in 3.1, where translations and the en.yml master file have been backported to.
2013-12-19 23:13:13 +01:00
Ingo Schommer
f29d51f433
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
docs/en/reference/dataobject.md
lang/es.yml
2013-12-19 20:23:09 +01:00
Ingo Schommer
23371b01aa
"lost password" translation master ( fixes #2725 )
2013-12-19 20:00:59 +01:00
Sean Harvey
6fc9db6f0e
API DataObject::validate() visibility changed to public (issue #1659 )
...
DataObject::validate() is currently set to protected, but this means
you can't call validate() from outside the context of itself unless
you overload the method to use a public visibility and then call
parent::validate()
As it would turn out, most classes that overload this method already
set the visibility to public, so it would make sense the parent matches
that as well.
2013-12-19 16:36:39 +13:00
Ingo Schommer
15c7252af0
beforeMemberLoggedIn/beforeMemberLoggedOut hooks
...
Required to save/restore parts of the session information,
which Member nukes indiscriminately on logout.
Specific use case is restoring linkages to temporary databases
on Behat test runs.
2013-12-18 18:26:01 +01:00
madmatt
bebe0f6e37
Updating @package and @subpackage doc tags
2013-11-29 17:49:30 +13:00
Andrew Short
bedf292612
Merge branch '3.1'
...
Conflicts:
docs/en/reference/execution-pipeline.md
lang/nl.yml
2013-11-11 18:18:25 +11:00
Sean Harvey
70c23f37de
Merge pull request #2608 from andrewvt/3.1
...
added removeFromGroupByCode() function to Member.php
2013-11-03 12:27:10 -08:00
andrewvt
953dec8863
Updated group filter
...
Updated group filter
2013-11-01 07:22:13 -04:00
Sean Harvey
42fa4d6005
Merge pull request #2574 from dhensby/patch-1
...
Allowing chaining on `PasswordValidator`
2013-10-31 15:54:18 -07:00