Sam Minnee
d97ca43cd0
Merge branch '3.1'
...
Conflicts:
README.md
dev/install/install.php5
forms/ConfirmedPasswordField.php
tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Ingo Schommer
3e88c98ca5
API Restrict MemberLoginForm to POST requests for increased security
...
CVE-2013-2653 - Thanks to Fara Rustein of Deloitte Argentina for reporting.
2013-05-08 10:25:28 +02:00
Ingo Schommer
97819b3f21
Correct encoding in MemberLoginForm->forgotPassword() URLs ( fixes #6126 )
2013-04-05 11:15:34 +02:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
18c9a95996
API Removed 'BadLoginURL' session var from MemberLoginForm
...
It was never set in core, and is generally undocumented,
hence just unnecessarily increases the security surface
of this sensitive class.
2013-02-05 22:49:06 +01:00
Simon Welsh
b0121b541c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 17:33:31 +13:00
Mateusz Uzdowski
a8b0e44d98
API Hash autologin tokens before storing in the database.
...
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Sean Harvey
d4154dae9e
API CHANGE Deprecate Member::sendInfo(), use Member_ChangePasswordEmail and Member_ForgotPasswordEmail class directly instead.
2012-05-05 10:04:46 +12:00
Ingo Schommer
7b18d9d0da
MINOR Switching _t() calls from sprintf() to using injection parameters ( #7170 )
2012-05-01 22:17:00 +02:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Sean Harvey
fd3de5158d
BUGFIX Use of Link() in security classes now refers to $this->controller
...
instead of calling the instance method Link statically (which isn't
allowed for E_STRICT compliance.)
2012-04-12 12:09:39 +12:00
Sean Harvey
9f3344b355
API CHANGE Removed built-in behaviour.js client-side form validation.
...
This is no longer supported. Please use custom client-side validation instead. (see 3.0.0 changelog
for more information)
2012-03-09 12:19:57 +13:00
Fred Condo
d370423825
Clean up trailing ?> per coding standard
...
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Sam Minnee
ff9b9e17af
MINOR: Removed use of deprecated Director::redirect* functions.
2011-10-29 17:36:37 +13:00
Stig Lindqvist
7a4c7a6e23
MINOR Redirect user to homepage if the BackURL have been set to another site.
...
This might indicatate a spoofing attack. I also extracted code into it's own method to make it easier to read.
2011-10-27 22:38:29 +02:00
Hamish Friedlander
0a3e0f15de
MINOR: Replace references to FieldSet (now deprecated) with references to FieldList
2011-10-28 15:58:55 +13:00
ajshort
1f6f7f0862
API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
...
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
Sam Minnee
ef8419f11d
ENHANCEMENT #4903 MemberLoginForm field for "You are logged in as %s" message customisation (thanks walec51!) (from r111891)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112941 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 05:05:23 +00:00
Sam Minnee
0b4e4428be
MINOR: Merges from branches/2.4
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112157 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 04:04:32 +00:00
Ingo Schommer
8203e5b179
BUGFIX: Don't register member IDs that don't exist in the DB as being logged in. (from r98265)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102637 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-13 03:18:26 +00:00
Ingo Schommer
b69b03b9e0
API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email' (from r97270)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102440 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 05:00:05 +00:00
Andrew O'Neil
813760108c
BUGFIX: Security::$default_login_dest isn't used ( #4179 , simon_w)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90023 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-10-23 00:18:10 +00:00
Ingo Schommer
d386db0bc3
ENHANCEMENT Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86021 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-10 03:01:46 +00:00
Sean Harvey
a5e82ddff1
Merged from branches/2.3
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75590 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 01:20:24 +00:00
Sean Harvey
13b358a8dd
Merged from branches/2.3
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 00:07:39 +00:00
Ingo Schommer
a96ca0eacc
BUGFIX Checking for Director::is_site_url() before redirecting in Controller->redirectBack() and MemberLoginForm
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73252 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-17 22:24:50 +00:00
Sam Minnee
08a5a7c387
Merged from branches/2.3
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72803 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-10 22:08:52 +00:00
Ingo Schommer
6d708765fe
BUGFIX Fixed redirection to external URLs through Security/login with BackURL parameter
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71708 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-11 21:08:28 +00:00
Andrew O'Neil
60f75c5ca4
Merged changes from 2.3 branch
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71172 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-01 23:49:53 +00:00
Ingo Schommer
b7d394008e
MINOR Merged from branches/2.3
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@69957 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-01-10 11:35:50 +00:00
Sam Minnee
96c5be8252
Updating queries to be more DB agnostic
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-24 09:31:14 +00:00
Sam Minnee
2984355f43
Merged branches/2.3 into trunk
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66395 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-22 03:33:00 +00:00
Sam Minnee
3d9532db83
Merged branches/2.3
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66108 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-18 01:48:37 +00:00
Sam Minnee
58dbe416ee
Merged from branches/2.2
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65523 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-10 03:51:35 +00:00
Ingo Schommer
692bd4c835
BUGFIX Using PasswordField instead of deprecated EncryptField
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64427 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-16 13:43:31 +00:00
Sean Harvey
d6680e300d
ENHANCEMENT Added ID to allow CSS styling of forgot password link on MemberLoginForm
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64408 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-16 11:35:43 +00:00
Sean Harvey
0d8e5708c0
MINOR Tidied up code formatting for MemberLoginForm->forgotPassword() to be clearer
...
ENHANCEMENT Added a message if no email address was specified, for user feedback purposes on MemberLoginForm->forgotPassword()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64406 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-16 11:29:43 +00:00
Sean Harvey
85bcedf9e6
ENHANCEMENT Changed the "I've lost my password" action to a link instead, since the button is too prominent, and usability is poor having this as a form submit button.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64405 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-16 11:10:56 +00:00
Hayden Smith
634ed7b70c
Merged from branches/nzct-trunk. Use 'svn log -c <changeset> -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63806 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-08 02:00:12 +00:00
Sam Minnee
6915ac9bc7
Turned dos line endings into unix
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63113 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-09-26 02:22:51 +00:00
Ingo Schommer
28699c3550
BUGFIX Changed URL format for password sent confirmation display, to avoid issues with new request handling trying to detect the email-TLD as a pseudo-file-extension (which resulted in truncated email-addresses in display). Old: /Security/passwordsent/myemailaddress. New: Security/passwordsent/?email=myemailaddress
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@62701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-09-18 23:00:36 +00:00
Sam Minnee
c20c4ae6b0
Added Secuirty::set_default_login_dest() for developers to specify the default page to direct to after the log in
...
This results in more reliable log-in redirection
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@62653 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-09-18 03:53:36 +00:00
Sam Minnee
00677d8cb7
Passed controller argument to ChangedPasswordForm constructor
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60586 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-13 01:58:54 +00:00
Hayden Smith
ca6c248de1
Merged [47069]: Replaced explicit calls to AccessLogEntry::create with more flexible calls to extensions. AccessLogEntry to be refactored into separate module.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60504 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-12 20:59:32 +00:00
Ingo Schommer
60860cc1b9
MINOR Unified @package PHPdoc (added where missing, removed duplicates)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-06-15 13:33:53 +00:00
Sam Minnee
eb60b67732
Merged revisions 52121 via svnmerge from
...
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity
........
r52121 | sminnee | 2008-04-03 22:04:33 +1300 (Thu, 03 Apr 2008) | 4 lines
Added DataObject::validate() for specifying DataObject-level validators.
Added DataObject::onAfterWrite(), a complement of DataObject::onBeforeWrite()
Added password strength testing to security system
Added password expiry to security system
........
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53465 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-04-26 06:31:52 +00:00
Matt Peel
7d13ba7fb8
Reverted geoffm's accidental commit to /open
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@50107 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-02-25 02:10:37 +00:00
Geoff Munn
bf3c09bec6
First post
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@50105 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-02-25 01:06:39 +00:00