tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
4,808 Commits 31 Branches 527 Tags
Commit Graph

27 Commits

Author SHA1 Message Date
Ingo Schommer
0bae1826bb FIX Opt-out pf form message escaping (fixes #2796) 
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/.
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.

We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803.
 2014-08-22 09:08:55 +12:00
Mateusz Uzdowski
22095dae6c API Hash autologin tokens before storing in the database. 
Backported from 3.0, cc423c38fbc6755f4e29024590c1b42092b3a621.
 2012-11-09 12:03:55 +01:00
Ingo Schommer
397bbe7bb5 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114760 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:20:05 +13:00
Sean Harvey
ddcb7b6b89 MINOR Fixed failing test as session being set before logging out and losing BackURL 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108518 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:44 +13:00
Julian Seidenberg
b22261f781 BUGFIX: tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107940 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:39 +13:00
Hamish Friedlander
98a299d00c BUGFIX: SecurityTest tests would fail on sites which had set a non-default unique identifier field for Members 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104016 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:19 +13:00
Mateusz Uzdowski
f0677542a8 ENHANCEMENT: added tests for checking the change password functionality, including the resulting redirection (from #5420) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103250 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:14 +13:00
Ingo Schommer
05b4a2313e BUGFIX Logging in with an invalid email returns no error message (fixes #5332, thanks ajshort) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102072 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:19:11 +13:00
Ingo Schommer
96f022be85 MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98274 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:25 +13:00
Ingo Schommer
31280ece2c BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97480 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2011-02-02 14:18:13 +13:00
Ingo Schommer
5e3cffec1f BUGFIX More robust URL handling in SecurityTest to avoid failing on custom /admin redirects 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85514 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-09-01 06:48:31 +00:00
Sean Harvey
13b358a8dd Merged from branches/2.3 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-04-29 00:07:39 +00:00
Sam Minnee
41fb93b344 ENHANCEMENT #3032 ajshort: Use static methods for accessing static data 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73036 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-03-14 00:16:32 +00:00
Ingo Schommer
6d708765fe BUGFIX Fixed redirection to external URLs through Security/login with BackURL parameter 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71708 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-02-11 21:08:28 +00:00
Sam Minnee
96c5be8252 Updating queries to be more DB agnostic 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-24 09:31:14 +00:00
Sam Minnee
12e62c6329 ENHANCEMENT: Change MySQLDatabase connection to operate in ANSI SQL mode, to ease the transition to DB abstraction 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66399 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-22 03:51:04 +00:00
Ingo Schommer
2b15a2d5b5 BUGFIX Using _t() to check content strings in unit tests and avoid tests failing when i18n is enabled 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64042 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-10 02:20:33 +00:00
Hayden Smith
634ed7b70c Merged from branches/nzct-trunk. Use 'svn log -c <changeset> -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63806 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-10-08 02:00:12 +00:00
Sam Minnee
12a62b9f62 Updated SecurityTest to use new FunctionalTest system consistently 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60427 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-11 23:04:25 +00:00
Sam Minnee
8536a47b7c Update SecurityTest to use the FunctionalTest base-class 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60394 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-11 05:27:18 +00:00
Ingo Schommer
2d8434a43f (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60327 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-11 02:57:59 +00:00
Ingo Schommer
ad4d506f82 (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60287 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-11 00:14:48 +00:00
Sam Minnee
7b278290b4 BUGFIX: SecurityTest fails when running tests at 12am 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@58559 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-07-21 12:21:53 +00:00
Ingo Schommer
60860cc1b9 MINOR Unified @package PHPdoc (added where missing, removed duplicates) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-06-15 13:33:53 +00:00
Sam Minnee
834da4640d Merged revisions 52618 via svnmerge from 
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52618 | sminnee | 2008-04-13 16:58:15 +1200 (Sun, 13 Apr 2008) | 1 line
  
  Updated tests to make better use of TestViewer
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53470 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-04-26 06:32:52 +00:00
Sam Minnee
a1f8892c52 Merged revisions 52151 via svnmerge from 
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52151 | sminnee | 2008-04-05 11:14:26 +1300 (Sat, 05 Apr 2008) | 1 line
  
  Lock users out after 5 failed log-ins
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53466 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-04-26 06:32:05 +00:00
Sam Minnee
eb60b67732 Merged revisions 52121 via svnmerge from 
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52121 | sminnee | 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) | 4 lines
  
  Added DataObject::validate() for specifying DataObject-level validators.
  Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite()
  Added password strength testing to security system
  Added password expiry to security system
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-04-26 06:31:52 +00:00