Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission
...
Fix administrators not being able to see files that are restricted to groups
2019-09-23 11:13:26 -07:00
Loz Calver
efdb9cc718
FIX: run member CMS validator when editing via groups ( fixes #9184 )
2019-09-23 16:59:58 +01:00
bergice
6a1c6ecec6
Fix administrators not being able to see files that are restricted to groups
...
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
2019-09-23 16:44:28 +12:00
Serge Latyntsev
233e0e7aa0
ENH PasswordExpirationMiddleware implementation ( #9207 )
2019-09-12 14:34:06 +12:00
Robbie Averill
e8c2f963fd
FIX Member::getLastName() now correctly returns the Member surname
2019-09-06 12:12:27 -07:00
Hels666
22a6a5b1e3
NEW Add getLastName() method to Member.php ( #9222 )
...
* Add getLastName() method to Member.php
Add getLastName() method to Silverstripe\Security\Member.php to allow use of $LastName instead of $Surname in templates as it is a common mistake made
this is for issue #9219
as discussed in Slack on 04-Sep-2019
* Minor doc block clean-up
* Update src/Security/Member.php - typo fix
Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
2019-09-06 20:31:22 +12:00
Maxime Rainville
dd40d53e6b
Merge branch '4.4' into 4
2019-09-04 09:46:33 +12:00
Maxime Rainville
24015c7767
Merge branch '4.3' into 4.4
2019-09-04 09:42:09 +12:00
Robbie Averill
0b991cc039
Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group
...
Bug : Add html_entity_decode to group parents
2019-08-30 09:51:52 +12:00
Dileep Ratnayake
fe4eb5dd2a
Update src/Security/Group.php
...
Co-Authored-By: Maxime Rainville <maxime@rainville.me>
2019-08-29 15:44:41 +12:00
Maxime Rainville
73f43c6f42
BUG Remove placeholder text on new group form
2019-08-28 17:14:19 +12:00
Dileep Ratnayake
9b7075ed5d
Update Group.php
2019-08-27 16:22:00 +12:00
Dileep Ratnayake
a976a1688b
Update Group.php
...
move to private method
2019-08-27 16:21:08 +12:00
Dileep Ratnayake
40e5c4ec59
Update Group.php
...
use of convert::raw2xml, rename $grp to $group
2019-08-27 16:19:40 +12:00
Dileep Ratnayake
4f8240bd48
Update src/Security/Group.php
...
Co-Authored-By: Andre Kiste <bergice@users.noreply.github.com>
2019-08-27 12:19:03 +12:00
Dileep Ratnayake
f7a602137a
add html_entity_decode to breadcrumbs
2019-08-27 11:49:17 +12:00
Robbie Averill
a5d6b998fc
Merge branch '4.4' into 4
2019-08-16 16:40:39 +12:00
Robbie Averill
bae7e32680
FIX Member::changePassword() no longer applies password validation rules to the hashed value
2019-08-16 09:06:07 +12:00
Robbie Averill
0672f8b76b
NEW HTTPRequest now has hasSession() to determine whether a session exists for it
2019-08-02 11:29:23 +12:00
Robbie Averill
3224c9971b
Merge branch '4.4' into 4
2019-08-02 11:24:54 +12:00
Robbie Averill
3b96c51688
Merge branch '4.3' into 4.4
2019-08-02 11:24:45 +12:00
Robbie Averill
5c794dfcdd
FIX Prevent setting session value when no session exists yet
2019-07-29 17:16:01 +02:00
Serge Latyntcev
29a663c65d
Merge branch '4.4' into 4
2019-07-15 09:24:49 +12:00
Serge Latyntsev
7ef13e7ef6
FIX Confirmation components to respect SS_BASE_URL ( #9074 )
2019-07-05 16:05:41 +12:00
Aaron Carlino
d04e54c1be
Merge branch '4.4' into 4
2019-06-10 17:33:30 +12:00
Aaron Carlino
c747b1f8d3
Merge branch '4.3' into 4.4
2019-06-10 17:32:07 +12:00
Aaron Carlino
f766555d61
Merge branch '4.2' into 4.3
2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e
[CVE-2019-12246] Denial of Service on flush and development URL tools
2019-06-10 17:23:56 +12:00
Robbie Averill
d873779956
API checkHistoricalPasswords(), characterStrength() and minLength() are now correctly deprecated from 4.5.0 onwards
2019-05-27 09:12:32 +12:00
Aaron Carlino
dfa90715f7
Merge branch '4.4' into 4
2019-05-13 16:08:05 +12:00
Guy Marriott
abaeeb9432
Merge branch '4.3' into 4.4
2019-05-13 15:56:41 +12:00
Guy Marriott
53cb804929
Merge branch '4.2' into 4.3
2019-05-13 15:56:23 +12:00
matt-in-a-hat
db0e6f7104
Fix password validation min length message
...
When relying on static config instead of an explicitly set minLength then this message would show without the value, like "it must be or more characters long".
2019-05-13 13:43:29 +12:00
Indy Griffiths
5dc57518c2
NEW Filter out authenticators that are falsy
...
Use-case: if a module is defining its own authenticator and you want to disable it, as it seems we don't have `unregister_authenticator()` anymore and I can't spot how to remove YAML-based injected properties, then this lets you mark it as null or false to prevent it from erroring out when it attempts to call `supportedServices()`
2019-05-04 20:58:48 +12:00
Robbie Averill
7775f82584
FIX Handle falsy return value when setting form field value in setAuthenticatorClass()
2019-02-01 19:39:15 +03:00
Robbie Averill
ebfab45e23
API LoginForm::authentiator_class is now deprecated, use getters or setters instead
2019-02-01 19:39:15 +03:00
Maxime Rainville
868258926f
Implement feedback on PSR-19 compatibility
2019-01-30 11:57:17 +13:00
Robbie Averill
b0fc161235
Merge branch '4' into pulls/4/deprecating-declared-permissions
2019-01-29 09:33:44 +02:00
Robbie Averill
47fbaebb92
Alter deprecation version numbers
...
Co-Authored-By: ScopeyNZ <guy@scopey.co.nz>
2018-11-06 00:07:24 +13:00
Guy Marriott
2ff7ee6752
NEW Deprecate RandomGenerator::generateEntropy in favour of using random_bytes directly
2018-11-01 19:51:15 +13:00
Maxime Rainville
0703c1a94e
API Deprecating Permission::$declared_permissions and related methods/props
2018-11-01 09:28:05 +13:00
micmania1
1e83dff4ed
BUGFIX #828 optimised query in graphql asset admin
2018-10-18 18:34:03 +13:00
Robbie Averill
ee24413c30
Merge branch '4.2' into 4
2018-10-03 15:28:05 +02:00
Robbie Averill
231d6d9a9f
FIX New members now receive the configured default locale, not the current locale
2018-09-28 16:25:10 +02:00
Robbie Averill
4d14e9b6b1
Merge pull request #8421 from creative-commoners/pulls/4.3/psr-5-deprecations
...
Update deprecation PHPDocs to be PSR-5 compliant
2018-09-28 14:18:54 +02:00
Robbie Averill
f842ee2eec
Update deprecation PHPDocs to be PSR-5 compliant
...
See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated
2018-09-28 10:49:14 +02:00
Robbie Averill
adb4d1f92d
MINOR Reduce some code complexity, update array syntax and injected SQLSelect etc
2018-09-27 16:40:23 +02:00
Simon Gow
c269a987d5
Performance issues with BasicAuth and LoginAttempts
...
Two functions interact with the LoginAttempt object which when used in conjunction with BasicAuth result in significant performance degradation over time, as the LoginAttempts Table fills.
This fix adds an index to the lookup column EmailHashed and removes the Email filter part of getByEmail() so it can use the index resulting in a much faster query.
For more information see https://github.com/silverstripe/silverstripe-framework/issues/8389
2018-09-20 13:34:03 +12:00
Robbie Averill
373a8afeb5
Merge branch '4.2' into 4
2018-09-06 13:26:46 +02:00
Ingo Schommer
f7d85fe794
Make sure that CMS requests disable caching
...
Original author: @dhensby
Forward port from 3.7 fix at https://github.com/silverstripe/silverstripe-framework/pull/8318
2018-09-05 11:38:41 +12:00
Robbie Averill
83e461abbf
Merge branch '4.2' into 4
2018-08-27 16:15:57 +12:00
Robbie Averill
373326e49c
Merge pull request #8324 from creative-commoners/pulls/4.2/request-before-init
...
FIX Pass request to dummy controller before calling init
2018-08-21 12:08:14 +12:00
Robbie Averill
18fff5c16c
Remove past tense for "log in" in expired token message
2018-08-20 22:31:23 +12:00
Robbie Averill
dbab696690
FIX Message when changing password with invalid token now contains correct links to login
...
The Security controller should be used to return these links rather than the
ChangePasswordHandler
2018-08-20 22:30:12 +12:00
Robbie Averill
873873dc30
FIX Pass request to dummy controller before calling init
2018-08-15 10:14:25 +12:00
Anh Le
68f75a9e25
Password changing notification issue on new member
...
With `notify_password_change = true`, new member is receiving notification email regarding password changing when they should not.
2018-08-13 14:13:05 +07:00
Ingo Schommer
2d6964c243
Merge pull request #8261 from open-sausages/pulls/4/secure-remember-me-cookie
...
NEW Option for secure "remember me" cookie
2018-07-31 09:19:15 +12:00
Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie
...
Fixes #8234
2018-07-30 16:41:49 +01:00
Ingo Schommer
93b0884e19
BUG Lazy session state ( fixes #8267 )
...
Fixes regression from 3.x, where sessions where lazy started as required:
Either because an existing session identifier was sent through with the request,
or because new session data needed to be persisted as part of the request execution.
Without this lazy starting, *every* request will get a session,
which makes all those responses uncacheable by HTTP layers.
Note that 4.x also changed the $data vs. $changedData payloads:
In 3.x, they both contained key/value pairs.
In 4.x, $data contains key/value, while $changedData contains key/boolean to declare isChanged.
While this reduces duplication in the class, it also surfaced a bug which was latent in 3.x:
When an existing session is lazily resumed via start(), $data is set back to an empty array.
In 3.x, any changed data before this point was *also* retained in $changedData,
ensuring it gets merged into existing $_SESSION data.
In 4.x, this clears out data - hence the need for a more complex merge logic.
Since isset($this->data) is no longer an accurate indicator of a started session,
we introduce a separate $this->started flag.
Note that I've chosen not to make lazy an opt-in (e.g. via start($request, $lazy=false)).
We already have a distinction between lazy starting via init(), and force starting via start().
2018-07-19 13:32:04 +12:00
Daniel Hensby
560fe9820a
FIX remove personal information from password reset confirmation screen
2018-07-05 14:19:15 +12:00
Robbie Averill
e0993043f8
Merge branch '4.1' into 4
2018-05-30 15:08:39 +12:00
Robbie Averill
c8b0bc0ad7
Merge branch '4.0' into 4.1
...
# Conflicts:
# src/ORM/DataObject.php
# tests/php/ORM/DataObjectDuplicationTest.php
# tests/php/ORM/DataObjectDuplicationTest/Class1.php
2018-05-30 14:52:07 +12:00
Robbie Averill
ea16e28aa7
Merge branch '4.1' into 4
2018-05-28 18:33:56 +12:00
Robbie Averill
6d98a912c9
Merge branch 'heads/4.1.1' into 4.1
2018-05-28 18:26:20 +12:00
Robbie Averill
3a537bc745
Merge branch 'heads/4.0.4' into 4.0
2018-05-28 17:50:07 +12:00
Robbie Averill
722202fef4
Merge remote-tracking branch 'origin/4.0.4' into 4.1.1
...
# Conflicts:
# src/Control/Director.php
2018-05-24 15:41:11 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
...
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:07 +12:00
Damian Mooyman
e409d6f673
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-14 17:10:22 +12:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0
2018-05-01 21:47:17 +01:00
azt3k
6b39b25e20
Fixes a count() php warning without an api change
...
Warning: count(): Parameter must be an array or an object that implements Countable in /path/to/vendor/silverstripe/framework/src/Security/Member.php on line 1355
2018-04-27 09:31:07 +01:00
Damian Mooyman
9a12fac218
BUG Prevent password validator min score producing false negatives
...
Replaces #7995
2018-04-18 10:35:31 +12:00
Daniel Hensby
70effc7046
Revert "ENHANCEMENT Add config var to skip confirm logout ( #7977 )"
...
This reverts commit 47bcac930d
.
2018-04-04 13:51:18 +01:00
Andrew Aitken-Fincham
47bcac930d
ENHANCEMENT Add config var to skip confirm logout ( #7977 )
2018-04-04 09:43:49 +12:00
Damian Mooyman
386ef27f65
Update requesthandlers with missing extension points
2018-03-23 15:28:00 +13:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1
2018-03-13 14:26:18 +13:00
Joe Harvey
bf2cee3989
Bugfix - Correct duplicate nesting of 'Content' to be returned to template
...
In scenarios where:
- No member is logged in
- An 'AutoLoginHash' is provided via the 't' (token) query param
- The token isn't valid (determined by Member::validateAutoLoginToken())
The message which is intended to be returned to the end-user via $Content
in the template, is mistakenly double nested in ['Content' => ['Content' => 'Message']]
this leads to "The method forTemplate() doesn't exist on ArrayData" errors.
See - https://github.com/silverstripe/silverstripe-framework/issues/7866
2018-03-07 14:14:05 +00:00
JorisDebonnet
3e0984db49
Delete orphaned Group_Members records after deleting a Member
2018-02-27 19:47:26 +01:00
Daniel Hensby
c04ff8c55a
Merge branch '4.0' into 4.1
2018-02-21 13:40:30 +00:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records
2018-02-20 12:20:18 +13:00
Daniel Hensby
7ec5fa2c8d
Merge branch '4.0' into 4.1
2018-02-09 15:19:15 +00:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0
2018-02-09 14:32:58 +00:00
Damian Mooyman
2f1f5c0caa
Merge remote-tracking branch 'origin/4.0' into 4
2018-02-07 11:48:46 +13:00
Daniel Hensby
660dfd34a8
FIX Issue where default admin has no password encryption
2018-02-06 20:18:32 +00:00
Damian Mooyman
e359948eb3
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Core/CoreKernel.php
2018-02-05 17:52:38 +13:00
Simon Erkelens
a071672b48
[bugfix] $request == null breaks
...
The $request incoming as null was not properly detected by the if/elseif structure.
2018-02-05 13:02:07 +13:00
Damian Mooyman
bc2fc7f2db
BUG Prevent invalid members being written to database if validation_enabled is false
2018-02-01 16:24:31 +13:00
Christopher Joe
456871fd91
Enhancement Updated PasswordValidator to fallback to config options - still retains instance variables
2018-01-31 10:54:43 +13:00
Damian Mooyman
bca47029c4
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Control/SimpleResourceURLGenerator.php
# tests/php/Control/SimpleResourceURLGeneratorTest.php
2018-01-25 12:53:15 +13:00
Damian Mooyman
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4
...
# Conflicts:
# src/Core/TempFolder.php
# src/ORM/DataObject.php
# src/View/ThemeResourceLoader.php
# src/includes/constants.php
# tests/php/Control/SimpleResourceURLGeneratorTest.php
# tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
# tests/php/View/RequirementsTest.php
2018-01-22 14:57:05 +13:00
Damian Mooyman
60fa7558d3
BUG Fix double casting in login authenticator name
...
Fixes #7769
2018-01-22 14:06:24 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues
2018-01-16 18:39:30 +00:00
Damian Mooyman
f86b855c90
BUG Prevent basic-auth from disallowing logout
...
Fixes #7555
2018-01-16 15:24:20 +13:00
Damian Mooyman
c4ff8443bb
API Shift basic auth checking into middleware
...
Fixes #7554
2017-12-20 11:39:04 +13:00
Chris Joe
4ad9ceca6b
Merge pull request #7702 from open-sausages/pulls/4/fix-message-casting-permissions
...
BUG Fix message casting for html security messages
2017-12-18 15:43:35 +13:00
Daniel Hensby
e4bf9a31ed
Merge branch '4.0' into 4
2017-12-14 21:20:11 +00:00
Daniel Hensby
1c72d6946d
Merge branch '3.6' into 4.0
2017-12-14 21:01:35 +00:00
Damian Mooyman
140ed72e2a
BUG Fix message casting for html security messages
2017-12-14 14:49:58 +13:00
Damian Mooyman
529e341dbc
Merge pull request #7699 from open-sausages/pulls/4/html-in-security-msg
...
ENHANCEMENT Allow html in security failure message
2017-12-14 14:30:09 +13:00
Damian Mooyman
8b1b9f022b
Fix linting issues
2017-12-14 13:50:52 +13:00
Saophalkun Ponlu
31e04c8491
ENHANCEMENT Allow html in security failure message
2017-12-13 17:10:16 +13:00
Damian Mooyman
a2fa9f0943
Merge pull request #7694 from creative-commoners/pulls/4.0/injection-session
...
FIX Use Injector to retrieve the current session
2017-12-12 16:47:36 +13:00
Robbie Averill
eb6c1fc6de
FIX Allow the current controller as well as injectable HTTPRequest objects
2017-12-12 16:35:53 +13:00
Robbie Averill
097d0697c5
FIX Use Injector to retrieve the current session
2017-12-12 16:03:16 +13:00
Damian Mooyman
33b2d50d59
Cache warming in InheritedPermissions::getCachePermissions()
...
Simplify Group::Members() code
Remove cms-only config
2017-12-12 09:01:43 +13:00
Aaron Carlino
2be902ef2f
Adapt to new MemberCacheFlusher interface
2017-12-11 17:50:11 +13:00
Aaron Carlino
45999e1133
Revisions per robbieaverill
2017-12-11 17:50:11 +13:00
Aaron Carlino
aefb0aeaa8
Make InheritedPermissions use cache and implement cache flushing
2017-12-11 17:50:11 +13:00
Damian Mooyman
ee27329728
Minor linting / style updates
2017-12-11 16:46:59 +13:00
Aaron Carlino
8b429bf47b
update docblock
2017-12-11 16:46:59 +13:00
Aaron Carlino
86458941be
Refactor to MemberCacheFlusher
2017-12-11 16:46:59 +13:00
Aaron Carlino
4857816c9e
Revisions per robbieaverill
2017-12-11 16:46:59 +13:00
Aaron Carlino
eecb9f64d3
Add new InheritedPermissionFlusher extension, CacheFlusher service
2017-12-11 16:46:59 +13:00
Damian Mooyman
6b384f4b35
Merge branch '4.0' into 4
2017-12-07 13:52:00 +13:00
Daniel Hensby
eb55c27124
Merge branch '4.0' into 4
2017-12-05 12:14:22 +00:00
Damian Mooyman
f1dd3d6f03
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt
2017-11-30 17:00:49 +13:00
Loz Calver
c4b366828e
FIX: Restore BackURL preservation on log out ( closes #7636 )
2017-11-27 16:15:28 +00:00
Simon Erkelens
0987003053
Add the ability to redirect a user to a custom page with custom content after changing their password
2017-11-27 14:18:40 +13:00
Damian Mooyman
6a73466b41
BUG Fix basicauth
2017-11-03 12:08:38 +13:00
Damian Mooyman
ad36b8f6a9
Use restart instead of destroy
2017-11-03 12:08:38 +13:00
Daniel Hensby
a61ce077c6
FIX Sessions must be destroyed on logout
2017-11-03 12:08:38 +13:00
Robbie Averill
897cba55cb
FIX Move Member log out extension points to non-deprecated methods
2017-11-02 11:39:02 +13:00
Damian Mooyman
3c8848a090
Update code style and fix tests
2017-10-30 17:34:15 +13:00
Christopher Joe
f6b7cf8889
Feature disable current user from removing their admin permission
2017-10-30 12:34:06 +13:00
Oly Su
4d85da179f
291 checks if ->value is iterable
2017-10-27 10:46:20 +13:00
Damian Mooyman
b9cb1e69e6
BUG Replace phpdotenv with thread-safe replacement
2017-10-20 18:43:11 +13:00
Simon Erkelens
6506a5b958
Don't add a . when there's no extension
2017-10-16 11:56:35 +13:00
Damian Mooyman
6a55dcfc16
Fix references to resource paths / urls
2017-10-10 16:51:47 +13:00
Chris Joe
566d7baa48
Merge pull request #7437 from open-sausages/pulls/4.0/stateless-extensions
...
API Extensions are now stateless
2017-10-09 11:45:33 +13:00
Ingo Schommer
7406318f03
Merge pull request #7436 from creative-commoners/pulls/4.0/consistent-change-password-api
...
NEW Ensure changePassword is called by onBeforeWrite for a consistent API
2017-10-06 11:26:37 +01:00
Damian Mooyman
b996e2c22c
API Extensions are now stateless
...
ENHANCEMENT Injector now lazy-loads services more intelligently
2017-10-06 14:53:44 +13:00
Daniel Hensby
16cac4e3bd
Merge branch '3' into 4
2017-10-05 16:40:31 +01:00
Robbie Averill
413034f684
Remove psuedo-property SetPassword from Member
2017-10-05 16:55:24 +13:00
Robbie Averill
cdf6ae45a3
NEW Ensure changePassword is called by onBeforeWrite for a consistent API
2017-10-05 16:14:15 +13:00
Robbie Averill
6044579a3f
MINOR Separate some areas of logic in LostPasswordHandler to make them more overridable
2017-10-05 14:17:38 +13:00
Robbie Averill
6b52412693
NEW Make Member::changePassword extensible
2017-10-05 11:18:34 +13:00
Chris Joe
b219e40ff7
Merge pull request #7414 from open-sausages/pulls/4.0/basic-auth-var
...
BUG Restore SS_USE_BASIC_AUTH env var
2017-10-02 15:11:19 +13:00
Damian Mooyman
e2750c03fc
BUG Restore SS_USE_BASIC_AUTH env var
...
Fixes #7268
2017-09-29 16:56:56 +13:00
Damian Mooyman
f4b1417612
ENHANCEMENT Use less expensive i18n defaults in Member::populateDefaults()
...
Fixes #7381
2017-09-29 16:40:17 +13:00
Mike Cochrane
b8e5a2ce32
FIX readonly PermissionCheckboxSetField
...
A readonly PermissionCheckboxSetField (eg in Security when viewing a member without permission to edit it) can result in calling "getRecord()" on null. Add is_object check, consistent with line 98.
2017-09-25 15:25:10 +13:00
Loz Calver
7431122b58
Make auto login token expiry configurable ( closes #7278 )
2017-09-18 14:06:13 +01:00
Damian Mooyman
905c4e04d5
BUG Incorrect path for requirements file
2017-09-12 10:36:48 +01:00
Christopher Joe
25380eb454
Fix permission check for admin role
2017-09-06 10:21:01 +12:00
Sam Minnee
8c15e451c6
FIX: Removed unnecessary database_is_ready call.
...
This shaves about 45ms from every request (PHP 7.1 on a 2013 rMBP),
cutting down execution time of a “hello world” controller by about 33%.
database_is_ready is still used in dev/build and ?flush=1 to stop people
from people bypassing security by DOSing the database or otherwise
forcing a DatabaseException
2017-08-25 13:06:12 +12:00
Loz Calver
ecc619248b
Merge pull request #7298 from robbieaverill/pulls/4.0/replace-stat-usage
...
Replace use of Configurable stat() with config()->get(), will be deprecated in future
2017-08-23 10:12:40 +01:00
Damian Mooyman
14761a9246
Remove mcrypt
...
Use session for alternativeDatabaseName instead
Fixes #7280
2017-08-23 12:13:32 +12:00
Robbie Averill
8ebc13ae4e
Replace use of Configurable stat() with config()->get(), will be deprecated in future
2017-08-23 09:42:10 +12:00
Damian Mooyman
9b4d689bb2
Lazy-load custom methods and extensions on CustomMethods and Extensible traits
...
No longer need constructExtensions()
2017-08-22 15:47:24 +12:00
Damian Mooyman
b6a8e45888
BUG Ensure mocked controller has request assigned
...
Fixes #7237
2017-08-03 15:52:31 +12:00
Damian Mooyman
e64acef53a
BUG Fix invalid i18n yaml
2017-08-03 10:13:09 +12:00