Commit Graph

43 Commits

Author SHA1 Message Date
Daniel Hensby
782c18fd13 [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 2016-08-15 15:51:53 +12:00
Sam Minnee
3ee8f505b7 MINORE: Remove training whitespace.
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Damian Mooyman
6fabd0122b BUG Fix potential XSS injection 2015-07-01 17:41:32 +12:00
Sean Harvey
fd755a7ff9 BUG ChangePasswordForm validation message should render HTML correctly.
HTML shows up in the form message escaped, but it shouldn't be.
2015-07-01 17:41:32 +12:00
Damian Mooyman
22a35e48a9 BUG Fix malformed urls redirecting to external sites 2015-05-28 10:12:18 +12:00
Ingo Schommer
be12656bd9 Returning response from doChangePassword() 2014-04-10 17:21:56 +12:00
Ingo Schommer
c047a7b990 Reset FailedLoginCount on successful password reset 2014-03-03 17:47:16 +13:00
Devlin
6c6ab7b0ce Bad redirect in ChangePasswordForm->doChangePassword() 2013-10-30 09:57:28 +01:00
Sean Harvey
83bff54ec2 BUG If BackURL set, validation errors send the user to wrong place.
If there's validation errors in the ChangePasswordForm, the user
is taken to the BackURL because redirectBack() will go there if
it's set.

Instead of this, just redirect back to the "changepassword" action
on the Security controller.
2013-06-08 11:34:58 +12:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
77c2365b87 MINOR Replacing deprecated static function calls to Director with
current Controller instance replacements.
2012-05-23 21:50:02 +12:00
Ingo Schommer
7b18d9d0da MINOR Switching _t() calls from sprintf() to using injection parameters (#7170) 2012-05-01 22:17:00 +02:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Sean Harvey
fd3de5158d BUGFIX Use of Link() in security classes now refers to $this->controller
instead of calling the instance method Link statically (which isn't
allowed for E_STRICT compliance.)
2012-04-12 12:09:39 +12:00
Fred Condo
d370423825 Clean up trailing ?> per coding standard
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Hamish Friedlander
0a3e0f15de MINOR: Replace references to FieldSet (now deprecated) with references to FieldList 2011-10-28 15:58:55 +13:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Ingo Schommer
ce8e72cf0e MINOR Removing executable flag from all files (thanks miiihi) 2011-09-18 22:04:02 +02:00
ajshort
1f6f7f0862 API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
Ingo Schommer
4b2c64c843 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Ingo Schommer
1f3a067fdf BUGFIX: after reset password, the site redirect to non-exisit page (SC #1) (from r104745)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112378 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 01:11:59 +00:00
Ingo Schommer
3a6b79a6f3 MINOR Fixed wrong _t() notation in ChangePasswordForm (broken in r103226 and r104596) (from r104598)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112356 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 00:30:46 +00:00
Sam Minnee
5cabd56ac6 ENHANCEMENT: allow ChangePasswordForm to redirect to BackURL (from #5420) (from r103229)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112126 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:36:39 +00:00
Sam Minnee
86fa92248a BUGFIX: made the invalid password message translatable; disallow new blank password (as it makes it impossible to login); Member::checkPassword now returns ValidationResult - handle that properly (#5420, patch submitted by walec51)
MINOR: typo (from r103226)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112125 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:36:13 +00:00
Andrew O'Neil
60f75c5ca4 Merged changes from 2.3 branch
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71172 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-01 23:49:53 +00:00
Sean Harvey
b93a8257f4 BUGFIX Fixed call to Member function that didn't exist
MINOR Check if OldPassword data exists before running checkPassword()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65135 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 03:41:14 +00:00
Ingo Schommer
692bd4c835 BUGFIX Using PasswordField instead of deprecated EncryptField
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64427 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-16 13:43:31 +00:00
Sam Minnee
970cba1b5d Fixed call to badly named static method
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60411 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 06:11:33 +00:00
Sam Minnee
eb9e66808c API CHANGE: Renamed static Member::autologinhash() to static Member::member_from_autloginhash() to be more in line with naming convnetions, and not conflict with Member.AutoLoginHash in the database
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60392 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 05:18:18 +00:00
Ingo Schommer
60860cc1b9 MINOR Unified @package PHPdoc (added where missing, removed duplicates)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-06-15 13:33:53 +00:00
Ingo Schommer
64d0d7fd95 Merged revisions 50532 via svnmerge from
svn://svn.silverstripe.com/silverstripe/modules/sapphire/branches/2.2.0-mesq

........
  r50532 | ischommer | 2008-03-04 14:09:45 +1300 (Tue, 04 Mar 2008) | 1 line
  
  setting BackURL in GET parameter of /security/login to avoid redirecting to lostpassword form again
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@55069 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-05-24 01:17:20 +00:00
Sam Minnee
eb60b67732 Merged revisions 52121 via svnmerge from
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52121 | sminnee | 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) | 4 lines
  
  Added DataObject::validate() for specifying DataObject-level validators.
  Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite()
  Added password strength testing to security system
  Added password expiry to security system
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-04-26 06:31:52 +00:00
Matt Peel
7d13ba7fb8 Reverted geoffm's accidental commit to /open
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@50107 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-02-25 02:10:37 +00:00
Geoff Munn
bf3c09bec6 First post
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@50105 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-02-25 01:06:39 +00:00
Ingo Schommer
794dc27b31 formatting
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@48106 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-01-16 21:51:44 +00:00
Sam Minnee
b1d2e3906b API Documentation updates
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@47766 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-01-09 04:18:36 +00:00
Sam Minnee
d27937f448 Updated API documentation package tags
Fixed some whitespace

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@47725 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-01-08 06:37:50 +00:00
Normann Lou
f141fbe5ad To include OldPassword field only when the curruentUser exists and (no autologinhash given or the autologinhash is not right), since there a lots of cases that the currentUser exists (like a temperary member ) but he hasn't got password yet.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@46304 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-12-04 03:53:46 +00:00
Ingo Schommer
393caf4287 FEATURE made sapphire i18n-capable
FEATURE a little bit of german translation

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@43842 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-10-25 02:47:45 +00:00
Ingo Schommer
7d600b025d mlanthaler: Refactored the created code since the coding conventions for static methods were changed (ticket #49).
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41982 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-09-16 00:44:30 +00:00
Ingo Schommer
f54e9db8b9 mlanthaler: Newly implemented "I've lost my password" feature that works also with encrypted passwords (ticket #48).
There are some (cosmetically) things that should be fixed, but everything work as it should. 
Will fix those things after my vacation. 
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41976 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-09-16 00:32:48 +00:00
Hayden Smith
4a5d9b03f8 Moved Sapphire module to open source path
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@39001 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-07-19 10:40:28 +00:00