silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00

Author	SHA1	Message	Date
William Desportes	c932d7e7fb	Fix the phpdoc blocks	2020-12-21 22:23:23 +01:00
Loz Calver	7377d094c0	FIX: Include missing security page titles when CMS not installed (fixes #9648 )	2020-08-21 14:55:06 +01:00
Daniel Hensby	42cee6f5fb	Merge pull request #9489 from mattclegg/1587548067 DOCS: Fix typos	2020-04-22 12:28:02 +01:00
mattclegg	d521a52a33	DOCS: Fix typos	2020-04-22 15:20:11 +05:45
Daniel Hensby	237b2d5f74	Convert array delcarations to short array syntax	2020-04-20 18:58:09 +01:00
Robbie Averill	0672f8b76b	NEW HTTPRequest now has hasSession() to determine whether a session exists for it	2019-08-02 11:29:23 +12:00
Robbie Averill	3224c9971b	Merge branch '4.4' into 4	2019-08-02 11:24:54 +12:00
Robbie Averill	3b96c51688	Merge branch '4.3' into 4.4	2019-08-02 11:24:45 +12:00
Robbie Averill	5c794dfcdd	FIX Prevent setting session value when no session exists yet	2019-07-29 17:16:01 +02:00
Aaron Carlino	d04e54c1be	Merge branch '4.4' into 4	2019-06-10 17:33:30 +12:00
Aaron Carlino	f766555d61	Merge branch '4.2' into 4.3	2019-06-10 17:27:05 +12:00
Serge Latyntcev	ca56e8d78e	[CVE-2019-12246] Denial of Service on flush and development URL tools	2019-06-10 17:23:56 +12:00
Indy Griffiths	5dc57518c2	NEW Filter out authenticators that are falsy Use-case: if a module is defining its own authenticator and you want to disable it, as it seems we don't have `unregister_authenticator()` anymore and I can't spot how to remove YAML-based injected properties, then this lets you mark it as null or false to prevent it from erroring out when it attempts to call `supportedServices()`	2019-05-04 20:58:48 +12:00
Robbie Averill	f842ee2eec	Update deprecation PHPDocs to be PSR-5 compliant See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated	2018-09-28 10:49:14 +02:00
Ingo Schommer	f7d85fe794	Make sure that CMS requests disable caching Original author: @dhensby Forward port from 3.7 fix at https://github.com/silverstripe/silverstripe-framework/pull/8318	2018-09-05 11:38:41 +12:00
Robbie Averill	873873dc30	FIX Pass request to dummy controller before calling init	2018-08-15 10:14:25 +12:00
Damian Mooyman	386ef27f65	Update requesthandlers with missing extension points	2018-03-23 15:28:00 +13:00
Daniel Hensby	7ec5fa2c8d	Merge branch '4.0' into 4.1	2018-02-09 15:19:15 +00:00
Daniel Hensby	e298fcc345	Merge branch '3.6' into 4.0	2018-02-09 14:32:58 +00:00
Damian Mooyman	e359948eb3	Merge remote-tracking branch 'origin/4.0' into 4 # Conflicts: # src/Core/CoreKernel.php	2018-02-05 17:52:38 +13:00
Simon Erkelens	a071672b48	[bugfix] $request == null breaks The $request incoming as null was not properly detected by the if/elseif structure.	2018-02-05 13:02:07 +13:00
Damian Mooyman	a3c52f901a	Merge remote-tracking branch 'origin/4.0' into 4 # Conflicts: # src/Core/TempFolder.php # src/ORM/DataObject.php # src/View/ThemeResourceLoader.php # src/includes/constants.php # tests/php/Control/SimpleResourceURLGeneratorTest.php # tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php # tests/php/View/RequirementsTest.php	2018-01-22 14:57:05 +13:00
Daniel Hensby	db610aaf3b	Fixing string concat CS issues	2018-01-16 18:39:30 +00:00
Chris Joe	4ad9ceca6b	Merge pull request #7702 from open-sausages/pulls/4/fix-message-casting-permissions BUG Fix message casting for html security messages	2017-12-18 15:43:35 +13:00
Daniel Hensby	e4bf9a31ed	Merge branch '4.0' into 4	2017-12-14 21:20:11 +00:00
Daniel Hensby	1c72d6946d	Merge branch '3.6' into 4.0	2017-12-14 21:01:35 +00:00
Damian Mooyman	140ed72e2a	BUG Fix message casting for html security messages	2017-12-14 14:49:58 +13:00
Damian Mooyman	8b1b9f022b	Fix linting issues	2017-12-14 13:50:52 +13:00
Saophalkun Ponlu	31e04c8491	ENHANCEMENT Allow html in security failure message	2017-12-13 17:10:16 +13:00
Simon Erkelens	0987003053	Add the ability to redirect a user to a custom page with custom content after changing their password	2017-11-27 14:18:40 +13:00
Loz Calver	ecc619248b	Merge pull request #7298 from robbieaverill/pulls/4.0/replace-stat-usage Replace use of Configurable stat() with config()->get(), will be deprecated in future	2017-08-23 10:12:40 +01:00
Damian Mooyman	14761a9246	Remove mcrypt Use session for alternativeDatabaseName instead Fixes #7280	2017-08-23 12:13:32 +12:00
Robbie Averill	8ebc13ae4e	Replace use of Configurable stat() with config()->get(), will be deprecated in future	2017-08-23 09:42:10 +12:00
Damian Mooyman	b6a8e45888	BUG Ensure mocked controller has request assigned Fixes #7237	2017-08-03 15:52:31 +12:00
Damian Mooyman	8418011456	Fix linting issues	2017-08-02 14:08:59 +12:00
Robbie Averill	e307f067ed	FIX Replace deprecated %s placeholders in translations with named placeholders * Remove the use of sprintf and %s placeholders in the i18n tests	2017-08-02 13:03:55 +12:00
Simon Erkelens	3e97b99e22	[BUG] Fix issues with multiple authenticators for a single task (#7149 ) Using multiple 2FA authenticators, logging out, resetting password etc. proved to be handled wrong. Example scenario: The result is an error, because the `renderWrappedController` was called, despite the responses being a set of either array with Content or Form, or a redirect action. The default action should be followed and not try to render if there is nothing to render Because the logout (or changepassword, or resetpassword, etc.) has already been handled, the first response is the default authenticator's response. This _could_ be a form (in case of logout without valid token), a content set (reset password) or a form (change password). This edge case only happens when there are multiple authenticators supporting the requested method that is _not_ login.	2017-07-14 09:20:58 +12:00
Damian Mooyman	4b23205838	Fix unnamespaced i18n keys Fixes https://github.com/silverstripe/silverstripe-framework/issues/6862	2017-07-04 14:18:47 +12:00
Damian Mooyman	f65e3627dc	BUG Implement or exclude all pending upgrader deltas	2017-07-03 12:21:47 +12:00
Ingo Schommer	fa568e333e	Fixed linting errors	2017-06-23 11:19:16 +12:00
Damian Mooyman	3873e4ba00	API Refactor bootstrap, request handling See https://github.com/silverstripe/silverstripe-framework/pull/7037 and https://github.com/silverstripe/silverstripe-framework/issues/6681 Squashed commit of the following: commit `8f65e56532` Author: Ingo Schommer <me@chillu.com> Date: Thu Jun 22 22:25:50 2017 +1200 Fixed upgrade guide spelling commit `76f95944fa` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 22 16:38:34 2017 +1200 BUG Fix non-test class manifest including sapphiretest / functionaltest commit `9379834cb4` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 22 15:50:47 2017 +1200 BUG Fix nesting bug in Kernel commit `188ce35d82` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 22 15:14:51 2017 +1200 BUG fix db bootstrapping issues commit `7ed4660e7a` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 22 14:49:07 2017 +1200 BUG Fix issue in DetailedErrorFormatter commit `738f50c497` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 22 11:49:19 2017 +1200 Upgrading notes on mysite/_config.php commit `6279d28e5e` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 22 11:43:28 2017 +1200 Update developer documentation commit `5c90d53a84` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 22 10:48:44 2017 +1200 Update installer to not use global databaseConfig commit `f9b2ba4755` Author: Damian Mooyman <damian@silverstripe.com> Date: Wed Jun 21 21:04:39 2017 +1200 Fix behat issues commit `5b59a912b6` Author: Damian Mooyman <damian@silverstripe.com> Date: Wed Jun 21 17:07:11 2017 +1200 Move HTTPApplication to SilverStripe\Control namespace commit `e2c4a18f63` Author: Damian Mooyman <damian@silverstripe.com> Date: Wed Jun 21 16:29:03 2017 +1200 More documentation Fix up remaining tests Refactor temp DB into TempDatabase class so it’s available outside of unit tests. commit `5d235e64f3` Author: Damian Mooyman <damian@silverstripe.com> Date: Wed Jun 21 12:13:15 2017 +1200 API HTTPRequestBuilder::createFromEnvironment() now cleans up live globals BUG Fix issue with SSViewer Fix Security / View tests commit `d88d4ed4e4` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 20 16:39:43 2017 +1200 API Refactor AppKernel into CoreKernel commit `f7946aec33` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 20 16:00:40 2017 +1200 Docs and minor cleanup commit `12bd31f936` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 20 15:34:34 2017 +1200 API Remove OutputMiddleware API Move environment / global / ini management into Environment class API Move getTempFolder into TempFolder class API Implement HTTPRequestBuilder / CLIRequestBuilder BUG Restore SS_ALLOWED_HOSTS check in original location API CoreKernel now requires $basePath to be passed in API Refactor installer.php to use application to bootstrap API move memstring conversion globals to Convert BUG Fix error in CoreKernel nesting not un-nesting itself properly. commit `bba9791146` Author: Damian Mooyman <damian@silverstripe.com> Date: Mon Jun 19 18:07:53 2017 +1200 API Create HTTPMiddleware and standardise middleware for request handling commit `2a10c2397b` Author: Damian Mooyman <damian@silverstripe.com> Date: Mon Jun 19 17:42:42 2017 +1200 Fixed ORM tests commit `d75a8d1d93` Author: Damian Mooyman <damian@silverstripe.com> Date: Mon Jun 19 17:15:07 2017 +1200 FIx i18n tests commit `06364af3c3` Author: Damian Mooyman <damian@silverstripe.com> Date: Mon Jun 19 16:59:34 2017 +1200 Fix controller namespace Move states to sub namespace commit `2a278e2953` Author: Damian Mooyman <damian@silverstripe.com> Date: Mon Jun 19 12:49:45 2017 +1200 Fix forms namespace commit `b65c21241b` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 15 18:56:48 2017 +1200 Update API usages commit `d1d4375c95` Author: Damian Mooyman <damian@silverstripe.com> Date: Thu Jun 15 18:41:44 2017 +1200 API Refactor $flush into HTPPApplication API Enforce health check in Controller::pushCurrent() API Better global backup / restore Updated Director::test() to use new API commit `b220534f06` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 13 22:05:57 2017 +1200 Move app nesting to a test state helper commit `603704165c` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 13 21:46:04 2017 +1200 Restore kernel stack to fix multi-level nesting commit `2f6336a15b` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 13 17:23:21 2017 +1200 API Implement kernel nesting commit `fc7188da7d` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 13 15:43:13 2017 +1200 Fix core tests commit `a0ae723514` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 13 15:23:52 2017 +1200 Fix manifest tests commit `ca03395251` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 13 15:00:00 2017 +1200 API Move extension management into test state commit `c66d433977` Author: Damian Mooyman <damian@silverstripe.com> Date: Tue Jun 13 14:10:59 2017 +1200 API Refactor SapphireTest state management into SapphireTestState API Remove Injector::unregisterAllObjects() API Remove FakeController commit `f26ae75c6e` Author: Damian Mooyman <damian@silverstripe.com> Date: Mon Jun 12 18:04:34 2017 +1200 Implement basic CLI application object commit `001d559662` Author: Damian Mooyman <damian@silverstripe.com> Date: Mon Jun 12 17:39:38 2017 +1200 Remove references to SapphireTest::is_running_test() Upgrade various code commit `de079c041d` Author: Damian Mooyman <damian@silverstripe.com> Date: Wed Jun 7 18:07:33 2017 +1200 API Implement APP object API Refactor of Session	2017-06-22 22:50:45 +12:00
Loz Calver	5d27dccd60	NEW: Add CSRF token to logout action	2017-06-21 15:42:13 +01:00
Damian Mooyman	0f90c5b63f	ENHANCEMENT Update style of CMSLogin form	2017-06-15 18:13:14 +12:00
Damian Mooyman	62d095305b	API Update DefaultAdmin services API Improve validation of authentication process	2017-06-15 15:53:57 +12:00
Simon Erkelens	576eee72dc	Remove DefaultAdmin things from Security and Member into the MemberAuthenticator, unifying and removing duplicate code.	2017-06-15 14:20:29 +12:00
Simon Erkelens	3fe837dad7	Fix for CMS Authenticator. Should only apply to CMSSecurity	2017-06-10 14:47:53 +12:00
Damian Mooyman	62753b3cb1	Cleanup and RequestFilter refactor	2017-06-09 15:07:35 +12:00
Simon Erkelens	5fce3308b4	Move LostPasswordHandler in to it's own class. - Moved the Authenticators from statics to normal - Moved MemberLoginForm methods to the getFormFields as they make more sense there - Did some spring-cleaning on the LostPasswordHandler - Removed the BuildResponse from ChangePasswordHandler after spring cleaning	2017-06-08 20:09:57 +12:00
Simon Erkelens	082db89550	Feedback from Damian. - Move the success and message to a validationresult - Fix tests for validationresult return - We need to clear the session in Test logOut method - Rename to MemberAuthenticator and CMSMemberAuthenticator for consistency. - Unify all to getCurrentUser on Security - ChangePasswordHandler removed from Security - Update SapphireTest for CMS login/logout - Get the Member ID correctly, if it's an object. - Only enable "remember me" when it's allowed. - Add flag to disable password logging - Remove Subsites coupling, give it an extension hook to disable itself - Change cascadeLogInTo to cascadeInTo for the logout method logic naming - Docblocks - Basicauth config	2017-06-08 17:50:20 +12:00
Simon Erkelens	2b26cafcff	Separate out the log-out handling. Repairing tests and regressions Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()` Fix for the logout handler to properly logout, some minor wording updates Remove the login hashes for the member when logging out. BasicAuth to use `HTTPRequest`	2017-06-07 21:11:58 +12:00

1 2

70 Commits