tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-06 01:31:22 +02:00
Code Issues Projects Releases Wiki Activity
16,817 Commits 29 Branches 525 Tags 150 MiB
46d8aad91a
Commit Graph

403 Commits

Author SHA1 Message Date
Robbie Averill
7b23a548aa FIX PHP 5.3 compat for referencing $this in closure, and make method public for same reason 
sdf
 2018-05-29 14:55:21 +12:00
Robbie Averill
4a9e991edb Merge branch '3.6' into 3 2018-05-28 17:44:48 +12:00
Robbie Averill
dae8fefb1e Merge remote-tracking branch 'origin/3.5' into 3.6 2018-05-28 17:43:55 +12:00
Damian Mooyman
5771388821 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-09 15:12:40 +12:00
Damian Mooyman
f4b13fb2c4
Merge remote-tracking branch 'origin/3.6' into 3 
# Conflicts:
#	model/DataQuery.php
 2018-02-05 16:53:15 +13:00
Damian Mooyman
4da99efd5d
Merge remote-tracking branch 'origin/3.5' into 3.6 2018-01-31 16:03:42 +13:00
Damian Mooyman
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete 
FIX: Fix Member_GroupSet::removeAll() (fixes #3948)
 2018-01-25 09:20:30 +13:00
Loz Calver
c2cd6b3832 FIX: Fix Member_GroupSet::removeAll() (fixes #3948) 2018-01-24 17:17:20 +00:00
Steve Boyd
f214cd52e0
Ensure currentUserID() returns an int 
Cast $id returned from Session as an int to ensure it's never returned as a string
 2018-01-23 13:37:06 +13:00
Damian Mooyman
50aa1f22a6
Merge branch '3.6' into 3 2017-12-07 13:20:58 +13:00
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6 
# Conflicts:
#	security/Member.php
 2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6 2017-12-06 17:21:09 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change 2017-11-23 21:17:31 +00:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3 2017-05-31 00:12:14 +01:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0 2017-05-29 01:29:05 +01:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4 2017-05-29 01:02:35 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-05-25 16:14:52 +01:00
Damian Mooyman
f16d7e1838 API Deprecate unused / undesirable create_new_password implementation 2017-05-08 17:41:37 +12:00
Joe Harvey
0d0d18612d Adding extension hooks to Member isLockedOut() and registerSuccessfulLogin() 2017-03-30 11:07:51 +01:00
Daniel Hensby
5a7cde0e10
Merge branch '3.4' into 3.5.0 2016-11-09 16:14:40 +00:00
Loz Calver
6bf36fbd30
FIX: Correct return type for Member::currentUser() 2016-11-09 14:20:44 +00:00
Daniel Hensby
beeed8155a
Merge branch '3.4' into 3 2016-09-16 11:56:01 +01:00
Thomas Portelange
995d07756d cache currentUser query (#6007) 
* cache currentUser query

Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)
 2016-09-15 15:45:40 +01:00
Daniel Hensby
3fd9fe3aa0
Merge branch '3.4' into 3 2016-09-07 09:22:06 +01:00
Daniel Hensby
060bf6b327
Merge branch '3.3' into 3.4 2016-08-22 16:22:37 +01:00
Daniel Hensby
229a2b9217
Merge pull request #4133 from nimeso/patch-1 2016-08-22 11:52:47 +01:00
Damian Mooyman
d88516203c Merge 3.4 into 3 2016-08-15 19:05:20 +12:00
Daniel Hensby
d1163d87b7 [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 15:52:10 +12:00
Daniel Hensby
8bbf1caae6 [SS-2016-013] FIX Uncasted member name 2016-08-15 15:52:04 +12:00
Daniel Hensby
08384bb4d6 [SS-2016-008] Reset Member::Salt on password change 2016-08-15 15:50:56 +12:00
Daniel Hensby
b1f449762b [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 14:07:57 +12:00
Daniel Hensby
281b0de571 [SS-2016-013] FIX Uncasted member name 2016-08-15 14:07:51 +12:00
Daniel Hensby
dc47f7ec9a [SS-2016-008] Reset Member::Salt on password change 2016-08-15 14:07:24 +12:00
Stevie Mayhew
b1df9dcb1d BUGFIX: check that we have a token and a UID before attempting a member auto login 2016-05-20 09:19:08 +12:00
Damian Mooyman
4d1ddf0e62
BUG Prevent session hijackers from resetting a user password 
BUG Member::checkPassword incorrect for default admin
 2016-05-16 10:54:18 +12:00
Damian Mooyman
4f06a43986 Merge 3.3 into 3 
# Conflicts:
#	admin/javascript/lang/src/cs.js
#	admin/javascript/lang/src/de.js
#	admin/javascript/lang/src/en.js
#	admin/javascript/lang/src/eo.js
#	admin/javascript/lang/src/es.js
#	admin/javascript/lang/src/fi.js
#	admin/javascript/lang/src/fr.js
#	admin/javascript/lang/src/id.js
#	admin/javascript/lang/src/id_ID.js
#	admin/javascript/lang/src/it.js
#	admin/javascript/lang/src/ja.js
#	admin/javascript/lang/src/lt.js
#	admin/javascript/lang/src/mi.js
#	admin/javascript/lang/src/nb.js
#	admin/javascript/lang/src/nl.js
#	admin/javascript/lang/src/pl.js
#	admin/javascript/lang/src/ro.js
#	admin/javascript/lang/src/ru.js
#	admin/javascript/lang/src/sk.js
#	admin/javascript/lang/src/sl.js
#	admin/javascript/lang/src/sr.js
#	admin/javascript/lang/src/sr@latin.js
#	admin/javascript/lang/src/sr_RS.js
#	admin/javascript/lang/src/sr_RS@latin.js
#	admin/javascript/lang/src/sv.js
#	admin/javascript/lang/src/zh.js
#	javascript/lang/fr.js
#	javascript/lang/src/ar.js
#	javascript/lang/src/cs.js
#	javascript/lang/src/de.js
#	javascript/lang/src/en.js
#	javascript/lang/src/eo.js
#	javascript/lang/src/es.js
#	javascript/lang/src/fi.js
#	javascript/lang/src/fr.js
#	javascript/lang/src/id.js
#	javascript/lang/src/id_ID.js
#	javascript/lang/src/it.js
#	javascript/lang/src/ja.js
#	javascript/lang/src/lt.js
#	javascript/lang/src/mi.js
#	javascript/lang/src/nb.js
#	javascript/lang/src/nl.js
#	javascript/lang/src/pl.js
#	javascript/lang/src/ru.js
#	javascript/lang/src/sk.js
#	javascript/lang/src/sl.js
#	javascript/lang/src/sr.js
#	javascript/lang/src/sr@latin.js
#	javascript/lang/src/sr_RS.js
#	javascript/lang/src/sr_RS@latin.js
#	javascript/lang/src/sv.js
#	javascript/lang/src/zh.js
#	lang/it.yml
 2016-05-11 14:06:23 +12:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4 2016-05-05 11:17:45 +01:00
Daniel Hensby
f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin 2016-04-19 23:20:29 +01:00
Roman Schmid
f691a5da32 Improve Member_Validator to: 
- properly check for existing members.
- allow extensions.
- remove old code and replace with new syntax and add config API.

Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides.
Added unit-tests.

Establish a link between the member and the validator for said member.
 2016-02-25 16:10:52 +01:00
Damian Mooyman
46cbe809ac Merge remote-tracking branch 'origin/3.1' into 3.2 
# Conflicts:
#	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
#	docs/en/02_Developer_Guides/14_Files/01_Image.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
#	docs/en/03_Upgrading/index.md
#	docs/en/05_Contributing/01_Code.md
#	forms/TreeMultiselectField.php
#	security/Permission.php
 2016-01-19 14:00:19 +13:00
Daniel Hensby
00544ff100 FIX session_regenerate_id uses config system 2016-01-05 22:31:58 +00:00
Damian Mooyman
94742fa3e2 BUG Revert method visibility regression 2015-11-27 13:10:52 +13:00
Damian Mooyman
c4710b2272 Merge remote-tracking branch 'origin/3.1' into 3.2 
Conflicts:
	admin/code/GroupImportForm.php
	admin/code/MemberImportForm.php
	tests/model/DataListTest.php
 2015-09-15 13:18:47 +12:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
1686c83826 Revert #3425 #3396 to restore deprecated functionality 
Fixes #4514
 2015-08-24 11:26:25 +12:00
Loz Calver
b7480b92a9 FIX: Hide 'Logged Passwords' tab in member CMS fields (fixes #4422) 2015-07-22 14:40:09 +01:00
Daniel Hensby
3507ddb0e8 FIX MemberPassword history removed with with Members 
Currently Members that were deleted would still have their passwords
stored in the DB even though they were deleted. This seems unnecessary
and just increases data that could potentially be compromised later.
 2015-06-24 21:04:23 +01:00
Damian Mooyman
e14f743bf0 Set deprecation level for all changes in 3.x to 4.0 2015-06-19 13:07:41 +12:00
Damian Mooyman
58cc3da8d8 API Revert DataObject::validate to 3.1 method signature (protected) 2015-06-16 11:59:21 +12:00