Ingo Schommer
4b2c64c843
BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Ingo Schommer
f61a307486
MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114748 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 08:17:35 +00:00
Ingo Schommer
674d8e0f4a
MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114743 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 05:48:33 +00:00
Sam Minnee
51ee52c7ab
BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens (from r114500)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114549 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:45:42 +00:00
Sam Minnee
b34286caab
MINOR Reverted r108515 (from r114079)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114544 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:10 +00:00
Sam Minnee
3f8a0ede40
BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group) (from r113273)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114526 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:12 +00:00
Sam Minnee
9ec31acacb
ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114525 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:22:57 +00:00
Ingo Schommer
531fa04d7d
BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114510 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 04:41:49 +00:00
Ingo Schommer
50f823697c
MINOR Fixed regression from r114504
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114505 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:43:10 +00:00
Ingo Schommer
a0a88af255
BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114504 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:39:25 +00:00
Ingo Schommer
1dddd5252d
BUGFIX Using RandomGenerator class in PasswordEncryptor->salt()
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:37:35 +00:00
Ingo Schommer
c378448f19
ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114497 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:19 +00:00
Ingo Schommer
07b6d1870a
MINOR Checking for class_exists() before SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114332 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-11-30 05:13:09 +00:00
Sam Minnee
ef8419f11d
ENHANCEMENT #4903 MemberLoginForm field for "You are logged in as %s" message customisation (thanks walec51!) (from r111891)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112941 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 05:05:23 +00:00
Sam Minnee
d8a8635374
API CHANGE Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_SecurityAdmin permissions tries to edit an ADMIN ( fixes #5651 ) (from r110856)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112861 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 02:46:26 +00:00
Sam Minnee
102375954a
MINOR Remove whitespace if Surname field set on Member, but not FirstName (from r109334)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112824 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 01:24:43 +00:00
Sam Minnee
00ddc0ff83
MINOR: trim space off end of firstname if surname is not set. #5925 (from r109330)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112822 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 01:23:44 +00:00
Sam Minnee
496e9bcef6
API CHANGE #5873 DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use DataObjectSet::unshift($item) if unshifting was intended!
...
API CHANGE Added DataObjectSet::pop()
MINOR Unit tests for DataObjectSet::shift(), DataObjectSet::unshift() and DataObjectSet::pop() (from r109156)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112817 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 01:20:56 +00:00
Sam Minnee
cf6907931b
API CHANGE Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site (from r109103)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112781 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:55:33 +00:00
Sam Minnee
f8ec13a1ab
BUGFIX: Themed permissionFailure messages (from r109102)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112780 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:55:20 +00:00
Sam Minnee
829d532b6a
BUGFIX Group::getCMSFields() should use Tab instances with a fixed name instead of translated one, leaving the translation for the tab title instead (from r109083)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112776 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:54:16 +00:00
Sam Minnee
58d6cbf81a
MINOR: remove SQL table alias keyword AS (from r108961)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112769 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:51:53 +00:00
Sam Minnee
f23921b815
BUGFIX #5627 Clear session on logout (from r108515)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:47:05 +00:00
Sam Minnee
60c78eb54d
ENHANCEMENT New Member records are populated with the currently set default through i18n::set_locale() (from r108499)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112753 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:37:43 +00:00
Sam Minnee
066bf90f02
BUGFIX Member_ProfileForm should fallback to english text for save button if no translation defined for current language (from r108408)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112727 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:54:17 +00:00
Sam Minnee
2ec9234da6
BUGFIX Bypass BasicAuth when in CLI mode so unit tests can run (regression from r104962) (from r108193)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112715 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:42:45 +00:00
Sam Minnee
bd96d249f0
MINOR Fixed incorrect word "colon" with "dot" (from r108002)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112704 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:37:11 +00:00
Sam Minnee
7254c00aef
BUGFIX #5833 Duplicate IDs when two similar date formats in Member_DatetimeOptionsetField containing different delimiters (e.g / and .) replaced to an empty string (from r108001)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112703 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:34:09 +00:00
Sam Minnee
93eb6214b7
ENHANCEMENT Allowing custom messages and permission codes in BasicAuth::protect_entire_site()
...
ENHANCEMENT Making $permissionCode argument optional for BasicAuth::requireLogin(). If not set the logic only checks for a valid account (but no group memberships)
ENHANCEMENT Using SS_HTTPResponse_Exception instead of header()/die() in BasicAuth::requireLogin() to make it more testable (from r107867)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:29:35 +00:00
Ingo Schommer
577e82a123
BUGFIX Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772 ) (from r107532)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112602 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:52:38 +00:00
Ingo Schommer
f63751893b
BUGFIX Allowing dev/build in "live" mode when Security::database_is_ready() returns FALSE (typically happens when an existing SilverStripe project is upgraded and database columns in Member/Permission/Group have been added) ( fixes #4957 )
...
MINOR Using Object::create() in DevelopmentAdmin to make objects mockable
ENHANCEMENT Added Security::$force_database_is_ready to mock database_is_ready() state
ENHANCEMENT Added permission check exception in TaskRunner and DatabaseAdmin if SapphireTest::is_running_test() returns TRUE (necessary for DevelopmentAdminTest) (from r107415)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112588 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:43:30 +00:00
Ingo Schommer
ad7267aa4c
ENHANCEMENT Member_DatetimeOptionsetField toggle text is now translatable (from r107365)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112570 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:23:43 +00:00
Ingo Schommer
6959909cb6
ENHANCEMENT #5352 Translatable entities for help text in Member_DatetimeOptionsetField::getFormattingHelpText() (from r107334)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112569 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:23:22 +00:00
Ingo Schommer
47762cdf5b
ENHANCEMENT #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field (from r107326)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112568 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:23:02 +00:00
Ingo Schommer
68e98b4ee2
MINOR Making $Email available in Security_passwordsent.ss template ( fixes #5737 ) (from r106876)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112541 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:06:53 +00:00
Ingo Schommer
d51627a342
MINOR Fixed hardcoded error message in PasswordValidator ( fixes #5734 )
...
MINOR Added PasswordValidatorTest (from r106687)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112534 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:03:19 +00:00
Ingo Schommer
39b056024f
APICHANGE: moved Group::addToGroupByName to $member->addToGroupByCode. (from r106217)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112528 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:00:48 +00:00
Ingo Schommer
95e1efb4bf
BUGFIX: get_title_sql has string concat hardcoded as ||, fixed for MSSQL which uses +, fix for #5613 (from r105337)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112497 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 02:48:51 +00:00
Ingo Schommer
72e9ce08be
BUGFIX: Fixed bug in basicauth failover to session member.
...
BUGFIX: Don't use session member for test site protection feature. (from r104962)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112412 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 01:18:07 +00:00
Ingo Schommer
1f3a067fdf
BUGFIX: after reset password, the site redirect to non-exisit page (SC #1 ) (from r104745)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112378 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 01:11:59 +00:00
Ingo Schommer
bfe44b3909
MINOR Documentation (from r104610)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112358 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 00:31:41 +00:00
Ingo Schommer
3a6b79a6f3
MINOR Fixed wrong _t() notation in ChangePasswordForm (broken in r103226 and r104596) (from r104598)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112356 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 00:30:46 +00:00
Ingo Schommer
589adbfde3
BUGFIX: when using custom Member title, the join was failing - it had wrong parameters. Now changed to correctly handle the ansi sql join for all Member columns. (from r104552)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112351 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 00:28:57 +00:00
Ingo Schommer
d46c3c877f
BUGFIX: table and column names now quoted properly (from r103851)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112322 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-14 23:50:36 +00:00
Sam Minnee
0b4e4428be
MINOR: Merges from branches/2.4
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112157 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 04:04:32 +00:00
Sam Minnee
1e925a9e91
BUGFIX Choosing i18n::default_locale() in Member->populateDefaults() instead of "current locale". This fixes a bug where a new member created through admin/security automatically "inherits" the current locale settings of the admin creating it. (from r103582)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112149 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:57:49 +00:00
Sam Minnee
eb43fb14ef
MINOR Returning ValidationResult from Member->onBeforeWrite() to ensure the ValidationException is compatible with MemberTableField (related to r103336) (from r103337)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112133 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:42:49 +00:00
Sam Minnee
5cabd56ac6
ENHANCEMENT: allow ChangePasswordForm to redirect to BackURL (from #5420 ) (from r103229)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112126 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:36:39 +00:00
Sam Minnee
86fa92248a
BUGFIX: made the invalid password message translatable; disallow new blank password (as it makes it impossible to login); Member::checkPassword now returns ValidationResult - handle that properly ( #5420 , patch submitted by walec51)
...
MINOR: typo (from r103226)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112125 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:36:13 +00:00
Sam Minnee
50c5887aec
BUGFIX: exchanged MySQL CONCAT function with ANSI compliant operator (from r102237)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112063 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 01:37:24 +00:00