Ingo Schommer
43debfafe9
BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114773 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 22:53:24 +00:00
Ingo Schommer
4b2c64c843
BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Ingo Schommer
e4a786eb1a
MINOR Setting Content-Type to text/plain in various error responses for RestfulServer
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114750 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 08:40:28 +00:00
Ingo Schommer
f61a307486
MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114748 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 08:17:35 +00:00
Ingo Schommer
674d8e0f4a
MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114743 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 05:48:33 +00:00
Ingo Schommer
1222b4d146
ENHANCEMENT 'bypassStaticCache' cookie set in Versioned is limited to httpOnly flag (no access by JS) to improve clientside security
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114568 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-06 00:29:20 +00:00
Ingo Schommer
562eeee790
ENHANCEMENT Session::start() forces PHPSESSID cookies to be httpOnly (no access by JS) to improve clientside security
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114567 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-06 00:28:27 +00:00
Ingo Schommer
ead9dce351
MINOR Documentation in SS_Cache
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114551 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 19:46:21 +00:00
Sam Minnee
df08da0f49
MINOR: Blocking unnecessary revisions
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114550 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:46:15 +00:00
Sam Minnee
51ee52c7ab
BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens (from r114500)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114549 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:45:42 +00:00
Sam Minnee
6de3e90527
FIX: Revert last commit (from r114464)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114548 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:45:20 +00:00
Sam Minnee
aaf56e190f
FIX: Revert last commit (from r114463)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114547 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:44:37 +00:00
Sam Minnee
8638221adb
MINOR: Added exception handling if ClassName is null in search results (from r114454)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114546 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:44:20 +00:00
Sam Minnee
1fc8bef1ce
BUGFIX Including template /lang folders in i18n::include_by_locale() (implementation started in r113919) (from r114208)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114545 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:38 +00:00
Sam Minnee
b34286caab
MINOR Reverted r108515 (from r114079)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114544 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:10 +00:00
Sam Minnee
05d6df2193
MINOR Fixed php tag in SecurityTokenTest, should be "<?php" not "<?" (from r114016)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114543 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:41:38 +00:00
Sam Minnee
312c7aec07
BUGFIX #6201 Use of set_include_path() did not always include sapphire paths in some environments (from r113976)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114542 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:40:28 +00:00
Sam Minnee
e340ccb1ad
MINOR Fixed PHP strict standard where non-variables cannot be passed by reference (from r113968)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114541 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:39:31 +00:00
Sam Minnee
edc7a46d21
MINOR Fixed spaces with tabs in Core (from r113924)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114540 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:37:31 +00:00
Sam Minnee
567c0b4939
MINOR Fixed spaces with tabs for Core::getTempFolder() (from r113923)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114539 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:37:15 +00:00
Sam Minnee
68747773ae
MINOR Updated cs_CZ and sk_SK translations in sapphire/javascript ( fixes #6085 , thanks Pike) (from r113690)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114538 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:36:57 +00:00
Sam Minnee
b7777cd67d
BUGFIX ErrorPage::requireDefaultRecords() case where no assets directory causes an fopen() error. Ensure assets directory is created before attempting to write error page files (from r113590)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114537 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:36:05 +00:00
Sam Minnee
a2475141c6
MINOR Fixed output spelling mistake and formatting in SapphireTest::delete_all_temp_dbs() (from r113450)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114536 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:48 +00:00
Sam Minnee
400157c8bf
MINOR Fixed RSSFeedTest which should put test configuration code into setUp() and tearDown() methods. If the test fails halfway through, these will get called to clean up the state (from r113430)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114535 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:33 +00:00
Sam Minnee
1a3897ab1a
ENHANCEMENT Validation for uploaded files (from r113420)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114534 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:06 +00:00
Sam Minnee
c24ed58d2d
BUGFIX Better checking of file validity ( #6093 ) Thanks Pigeon (from r113419)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114533 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:34:42 +00:00
Sam Minnee
100e50c700
BUGFIX Ensure that SearchForm searchEngine() call properly escapes the Relevance field for ANSI compliance (from r113295)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114532 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:30:51 +00:00
Sam Minnee
854e0e30b4
ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() (from r113284)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114531 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:30:32 +00:00
Sam Minnee
770281b65c
BUGFIX Clear static marking caches on Hierarchy->flushCache() (from r113277)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114530 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:26:40 +00:00
Sam Minnee
38601b96f8
BUGFIX Fixed ComplexTableField and TableListField GET actions against CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114529 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:26:03 +00:00
Sam Minnee
5c0b2182ae
API CHANGE Added security token to TableListField->Link() in order to include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection (from r113275)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114528 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:58 +00:00
Sam Minnee
c63b00f92a
MINOR Using SecurityToken in ViewableData->getSecurityID() (from r113274)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114527 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:37 +00:00
Sam Minnee
3f8a0ede40
BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group) (from r113273)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114526 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:12 +00:00
Sam Minnee
9ec31acacb
ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114525 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:22:57 +00:00
Sam Minnee
ecaa735db2
BUGFIX ModelViewer doesn't work due to minor bug introduced by making $_CLASS_MANIFEST keys lowercase ( fixes #6144 , thanks daniel.lindkvist) (from r113249)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114524 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:20:33 +00:00
Sam Minnee
662f581b24
BUGFIX Fixed month conversion in DateField_View_JQuery::convert_iso_to_jquery_format() ( fixes #6124 , thanks mbren and natmchugh) (from r113247)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114523 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:20:13 +00:00
Sam Minnee
c3fa7406ab
MINOR Documentation (from r113241)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114522 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:18:58 +00:00
Sam Minnee
24f2c51fa2
BUGFIX: removed taiwans province of china (from r113193)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114521 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:17:34 +00:00
Sam Minnee
75c6c4941c
BUGFIX: Use correct language code for jquery-ui date picker for en_US (from r113107)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114520 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:17:16 +00:00
Sam Minnee
e3d109763a
MINOR: updated typo in comment for Cache. (from r112982)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114519 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:16:59 +00:00
Sam Minnee
fc869c1d86
MINOR: Fix to SapphireInfo for git-svn checkouts. (from r112962)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114518 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:06:29 +00:00
Ingo Schommer
3e8704c882
BUGFIX Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114515 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 05:23:37 +00:00
Ingo Schommer
531fa04d7d
BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114510 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 04:41:49 +00:00
Ingo Schommer
50f823697c
MINOR Fixed regression from r114504
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114505 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:43:10 +00:00
Ingo Schommer
a0a88af255
BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114504 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:39:25 +00:00
Ingo Schommer
1dddd5252d
BUGFIX Using RandomGenerator class in PasswordEncryptor->salt()
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:37:35 +00:00
Ingo Schommer
8b220b923a
ENHANCEMENT Using RandomGenerator in Form->getExtraFields() "SecurityID" token creation
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114498 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:48 +00:00
Ingo Schommer
c378448f19
ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114497 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:19 +00:00
Sam Minnee
6cec0a083e
BUGFIX: Don't include web.config in the assets tracked in the File table.
...
MINOR: Add documentation to File::$allowed_extensions explaining that there are config files to edit in assets/ (from r112961)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114496 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:05:05 +00:00
Jean-Fabien Barrios
5dbddba41b
BUGFIX File upload not working when open_basedir is set #5547
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114471 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-03 00:28:30 +00:00