Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Hamish Friedlander
7efae6b95f
Merge remote-tracking branch 'origin/3.0' into 3.1
2013-02-18 14:31:57 +13:00
Ingo Schommer
30096ee730
BUGFIX Keep Member.PasswordEncryption setting on empty passwords
...
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
634c91c6ff
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
email/Mailer.php
2013-01-30 12:46:24 +01:00
Sam Minnee
d8bfc0bb48
API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself.
2013-01-29 18:03:47 +01:00
Ingo Schommer
22eeaa4ac1
BUG Members should not be allowed to delete themselves ( fixes #8121 )
2012-12-16 23:53:45 +01:00
Ingo Schommer
644cc79ebb
API Removed methods previously deprecated in 3.0
2012-12-14 01:16:47 +01:00
Simon Welsh
b0121b541c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 00:12:11 +13:00
Ingo Schommer
15a687f1e7
Merge remote-tracking branch 'origin/3.0'
2012-11-23 15:31:08 +01:00
Ingo Schommer
aa72425e84
Fixed PHPUnit assertions for incomplete tests in core
...
Avoid PHPUnit throwing "test didn't run any assertions"
notices in PHP. If nothing else, it keeps test output
looking less broken by default, making it more likely
that actual errors do get noticed.
2012-11-23 15:16:39 +01:00
Ingo Schommer
c55c7c33f8
Merge branch '3.0'
...
Conflicts:
admin/code/CMSProfileController.php
composer.json
tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Mateusz Uzdowski
a8b0e44d98
API Hash autologin tokens before storing in the database.
...
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Andrew O'Neil
6dd6a5c188
APICHANGE: Use late static binding for Object::remove_extension()
2012-11-07 11:07:55 +13:00
Andrew O'Neil
fdea5321c7
APICHANGE: add_extension() is now called directly on the class, instead of on Object
2012-11-07 11:07:55 +13:00
Ingo Schommer
56f7ce1dcf
Merge remote-tracking branch 'origin/3.0'
...
Conflicts:
control/Cookie.php
control/Director.php
control/HTTPResponse.php
model/Database.php
model/MySQLDatabase.php
model/SQLQuery.php
view/Requirements.php
view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Simon Welsh
1e629f4585
Merge branch '3.0'
...
Conflicts:
control/Cookie.php
control/Director.php
dev/Profiler.php
view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Ingo Schommer
4b9ccabcf6
Merge pull request #603 from willrossi/trac7296
...
FIX: ensure permissions_for_member() accounts for denied permissions
2012-07-05 09:26:04 -07:00
Will Rossiter
f9ea5430bb
API: add SecurityToken::reset() as a shortcut for regenerating a secure token.
...
See http://open.silverstripe.org/ticket/6303
2012-07-01 20:53:58 +12:00
Will Rossiter
9babb01a4b
FIX: ensure that permissions_for_member() accounts for denied permissions.
...
Taken from http://open.silverstripe.org/ticket/7296 . PermissionTest extended to validate that permissions_for_member() includes permissions denied pre applying patch. PermissionTest passes post patch.
2012-07-01 17:55:20 +12:00
Will Rossiter
a4bce3fc44
ENHANCEMENT: remove dependencies between framework tests and cms module.
2012-06-20 16:17:29 +02:00
Sam Minnee
09e821efc3
MINOR: Don't leave cost=31 blowfish setting dormant in code, causing timeouts.
2012-06-15 13:47:38 +12:00
Cam Spiers
9139f737b8
ENHANCEMENT: Added the ability to set a cost (the property was protected before and there were no setters and getters) and enforced the php requirements on the cost string used in the salt of crypt. Specifically, two digit from 04-31. Updated unit tests for blowfish algorithm to actually use the salt generation function and to test the newly implemented cost setting and getting functionality.
2012-06-14 15:13:11 +12:00
Stig Lindqvist
bbe3879eaa
BUGFIX: Member::mapInGroups() throws SQL error
...
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
2012-05-10 13:53:54 +12:00
Sean Harvey
b1e17578c7
API CHANGE Removed assertType() and assertEmpty() workarounds. Use assertInstanceOf()
...
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.
MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
2012-05-09 23:05:39 +12:00
Andrew O'Neil
0c0a91e3c1
MINOR: Fix coding conventions
2012-05-08 10:33:03 +12:00
Andrew O'Neil
5cf3720bf0
ENHANCEMENT: Use the best blowfish encryption available - this fixes fragility between PHP versions and system installations
2012-05-07 15:04:09 +12:00
Andrew O'Neil
89fc8e5fdd
APICHANGE: PasswordEncryptor::check() allows for more powerful password checking, deprecating PasswordEncryptor::compare()
2012-05-07 15:03:53 +12:00
Andrew O'Neil
fa60f9e8b2
ENHANCEMENT: Implement blowfish encryption and use it by default. ( #7111 )
2012-05-02 13:51:29 +12:00
Sean Harvey
8a6671d72e
BUGFIX Member::onChangeGroups() should allow ADMIN permission grant if the logged in user is an ADMIN
2012-04-27 12:27:46 +12:00
Sean Harvey
007ed25c0b
MINOR Fixing broken tests
2012-04-20 15:05:18 +12:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814
MINOR Add newline to end of files without one
2012-04-15 10:50:19 +12:00
Ingo Schommer
8ba9c3ca6b
API CHANGE Removed $params argument to DataObject->getCMSFields(), please use FormScaffolder directly ( fixes #7135 )
2012-04-13 15:46:47 +02:00
Stig Lindqvist
0d031a5045
API CHANGE Use Config for registering default password encryptors
...
Using the config system for registering password encryptors
Remove the eval on password encryptor construction by using reflection
Throws deprecation messages when using static register / unregister
2012-04-07 19:14:00 +12:00
Ingo Schommer
d0d23dc591
Merge pull request #271 from halkyon/group_changes
...
BUGFIX Nested Group records should be removed, along with the parent.
2012-03-28 02:52:52 -07:00
Sean Harvey
bd95bcaf61
BUGFIX Nested Group records should be removed, along with the parent.
2012-03-28 22:49:58 +13:00
Sean Harvey
e097f6e1a8
MINOR Fixes to method arguments in core classes for E_STRICT support.
...
API CHANGE Remove abstract static function and just use static functions
in Authenticator (PHP 5.3+ doesn't support abstract static functions)
2012-03-28 22:41:42 +13:00
Sean Harvey
d28da56e19
BUGFIX Fixed regression where Member::PasswordEncryption field wouldn't be set to the default
2012-03-09 17:29:57 +13:00
Ingo Schommer
424da6abe1
API CHANGE Moved NZGovtPasswordValidator to new 'securityextras' module
2012-03-02 00:28:22 +01:00
Fred Condo
d370423825
Clean up trailing ?> per coding standard
...
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Sam Minnee
ec73555db4
MINOR: Text fix.
2011-10-29 17:36:38 +13:00
Sam Minnee
22e5617ee2
MINOR: Moved from use of deprecated SQLMap to SS_Map.
2011-10-29 17:36:37 +13:00
Sam Minnee
3e3188f81a
MINOR: Update tests for deprecated functions to explicitly disable deprecation errors.
2011-10-29 17:34:32 +13:00
Sam Minnee
a49b56a348
MINOR: Removed usage of deprecated FormField::Name()
2011-10-29 17:34:32 +13:00
Simon Welsh
2c0257e9b9
Cast the header value to string as PHPUnit can't handle it being NULL.
2011-10-29 15:24:06 +13:00
Will Rossiter
1732a17114
Merged new-orm into datagrid
2011-09-26 16:47:54 +13:00
Ingo Schommer
e1931c107f
MINOR Updated MemberTest to accept new default date formats caused by Zend/CLDR upgrade (from 'MM/dd/yyyy' to a less ambiguous 'MMM d, y')
2011-05-31 07:55:12 +12:00