Commit Graph

28 Commits

Author SHA1 Message Date
Daniel Hensby
72702dbd50 Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:39:39 +01:00
Daniel Hensby
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated 2017-09-20 11:33:22 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
Damian Mooyman
4f06a43986 Merge 3.3 into 3
# Conflicts:
#	admin/javascript/lang/src/cs.js
#	admin/javascript/lang/src/de.js
#	admin/javascript/lang/src/en.js
#	admin/javascript/lang/src/eo.js
#	admin/javascript/lang/src/es.js
#	admin/javascript/lang/src/fi.js
#	admin/javascript/lang/src/fr.js
#	admin/javascript/lang/src/id.js
#	admin/javascript/lang/src/id_ID.js
#	admin/javascript/lang/src/it.js
#	admin/javascript/lang/src/ja.js
#	admin/javascript/lang/src/lt.js
#	admin/javascript/lang/src/mi.js
#	admin/javascript/lang/src/nb.js
#	admin/javascript/lang/src/nl.js
#	admin/javascript/lang/src/pl.js
#	admin/javascript/lang/src/ro.js
#	admin/javascript/lang/src/ru.js
#	admin/javascript/lang/src/sk.js
#	admin/javascript/lang/src/sl.js
#	admin/javascript/lang/src/sr.js
#	admin/javascript/lang/src/sr@latin.js
#	admin/javascript/lang/src/sr_RS.js
#	admin/javascript/lang/src/sr_RS@latin.js
#	admin/javascript/lang/src/sv.js
#	admin/javascript/lang/src/zh.js
#	javascript/lang/fr.js
#	javascript/lang/src/ar.js
#	javascript/lang/src/cs.js
#	javascript/lang/src/de.js
#	javascript/lang/src/en.js
#	javascript/lang/src/eo.js
#	javascript/lang/src/es.js
#	javascript/lang/src/fi.js
#	javascript/lang/src/fr.js
#	javascript/lang/src/id.js
#	javascript/lang/src/id_ID.js
#	javascript/lang/src/it.js
#	javascript/lang/src/ja.js
#	javascript/lang/src/lt.js
#	javascript/lang/src/mi.js
#	javascript/lang/src/nb.js
#	javascript/lang/src/nl.js
#	javascript/lang/src/pl.js
#	javascript/lang/src/ru.js
#	javascript/lang/src/sk.js
#	javascript/lang/src/sl.js
#	javascript/lang/src/sr.js
#	javascript/lang/src/sr@latin.js
#	javascript/lang/src/sr_RS.js
#	javascript/lang/src/sr_RS@latin.js
#	javascript/lang/src/sv.js
#	javascript/lang/src/zh.js
#	lang/it.yml
2016-05-11 14:06:23 +12:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4 2016-05-05 11:17:45 +01:00
Daniel Hensby
a6bd22ab2f
[SS-2016-006] FIX dont disable XSS for login forms 2016-04-20 23:57:59 +01:00
Sam Minnee
3ee8f505b7 MINORE: Remove training whitespace.
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
2016-01-07 10:15:54 +13:00
Damian Mooyman
0b1f297873 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Damian Mooyman
53c40a94fa API Enable re-authentication within the CMS if a user session is lost
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
2014-10-14 15:19:48 +13:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Will Morgan
72a7f0e672 AJAX friendly responses for Security class
Final work around issue #1802 - creating templates for complex layout
operations and removing HTML from this controller.
2013-04-26 12:29:35 +01:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Fred Condo
d370423825 Clean up trailing ?> per coding standard
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Hayden Smith
634ed7b70c Merged from branches/nzct-trunk. Use 'svn log -c <changeset> -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63806 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-08 02:00:12 +00:00
Ingo Schommer
60860cc1b9 MINOR Unified @package PHPdoc (added where missing, removed duplicates)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-06-15 13:33:53 +00:00
Matt Peel
7d13ba7fb8 Reverted geoffm's accidental commit to /open
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@50107 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-02-25 02:10:37 +00:00
Geoff Munn
bf3c09bec6 First post
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@50105 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-02-25 01:06:39 +00:00
Sam Minnee
b1d2e3906b API Documentation updates
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@47766 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-01-09 04:18:36 +00:00
Sam Minnee
d27937f448 Updated API documentation package tags
Fixed some whitespace

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@47725 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-01-08 06:37:50 +00:00
Andrew O'Neil
808d6875cb #941 - Security flaw: SS prone to CSRF attack
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@43901 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-10-28 21:44:38 +00:00
Ingo Schommer
2271dc5d4a mlanthaler: Refactored the created code since the coding conventions for static methods were changed (ticket #49).
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42155 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-09-16 17:30:12 +00:00
Ingo Schommer
7d600b025d mlanthaler: Refactored the created code since the coding conventions for static methods were changed (ticket #49).
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41982 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-09-16 00:44:30 +00:00
Ingo Schommer
069192e83c mlanthaler: Refactored the new authenticator code so that it is easier now to enable/disable different authentication methods (simple edit _config.php).
Also moved the needed change to the PHP include path to the new _config.php file so you don't need to set that anymore in mysite/_config.php. 
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41824 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-09-15 00:08:23 +00:00
Ingo Schommer
b5156e26ae mlanthaler:
Login forms are now styled and use the tabstrip library. 

Make sure you create a CSS file "tabs.css" in your mysite/css folder with the following content, otherwise the tabs will be without border. Maybe it would be a good idea to create a mysite gsoc branch for changes like this. Will post that issue in the forum. 

div.tab { 

clear: left; 
overflow: auto; 
border: 1px #AAA solid; 
border-top: none; 
position: relative; 
top: -3px; 
margin: 0; 
padding: 10px; 
/*width: 98%;*/ 

} 

div.tabset { 

border: 1px solid #fff; /* Hack for FF1.5/Win Float-Bug */ 
clear: left; 
margin: 0; 

} 

ul.tabstrip li { 

margin-left: 0; 

} 
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41786 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-09-14 19:13:12 +00:00
Ingo Schommer
a377a67e54 mlanthaler: Switched to an authenticator and a form class to be able to add other authentication methods. (merged from branches/gsoc)
mlanthaler: The missing authenticator base class...  (merged from branches/gsocmlanthaler: Switched to an authenticator and a form class to be able to add other authentication methods.  (merged from branches/gsoc)
mlanthaler: The missing authenticator base class...  (merged from branches/gsoc))


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41729 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-09-14 03:12:21 +00:00
Hayden Smith
4a5d9b03f8 Moved Sapphire module to open source path
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@39001 467b73ca-7a2a-4603-9d3b-597d59a354a9
2007-07-19 10:40:28 +00:00