Ingo Schommer
0c6ac1960e
Fixed whitespace usage
2013-02-18 15:43:52 +01:00
Ingo Schommer
30096ee730
BUGFIX Keep Member.PasswordEncryption setting on empty passwords
...
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
jean
c048a019f6
BUGFIX Avoid infinite redirection when logging out and when showing a custom login page after displaying the draft version of a page.
2013-01-29 19:24:37 +01:00
Sam Minnee
5f9348b016
FIX: Ensure that Security views respect redirections triggered by Page_Controller::init()
...
Sometimes Page_Controller::init() will trigger a redirection. For example, it may redirect to a
canonical URL. In this case, the Security views, which co-opt Page_Controller, need to respect
this.
2013-01-29 18:19:15 +01:00
Sam Minnee
d8bfc0bb48
API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself.
2013-01-29 18:03:47 +01:00
Ingo Schommer
c6b1d4aa6b
API Storing alternative DB name in cookie rather than session
...
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.
Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.
Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
2012-12-13 23:21:48 +01:00
Simon Welsh
fc5dd2994c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 00:12:11 +13:00
Mateusz Uzdowski
a8b0e44d98
API Hash autologin tokens before storing in the database.
...
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sean Harvey
3451da001a
BUG Fixing session keep alive for non-ADMIN users
...
SecurityAdmin isn't always available for CMS users, as they might
not have permission to view that section. This fixes the problem
with session keep alive by moving the ping to Security/ping, which
is available for all users.
2012-11-05 15:41:10 +13:00
Damian Mooyman
c99991ba7a
BUG Dummy Page_Controller initiated during login now is correctly initialised via dependency injection
2012-10-11 13:45:54 +13:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Sam Minnee
3f0136749b
API CHANGE: Add Security::ignore_disallowed_actions() to allow site features to be disabled when permissions have failed, rather than redirecting to the log-in form. (Trac #7097 )
2012-06-15 15:17:48 +12:00
Sean Harvey
45465dca91
Merge pull request #483 from halkyon/cms_ping_keepalive
...
Re-instate CMS ping to ensure sessions are kept alive
2012-05-23 15:55:22 -07:00
Sean Harvey
77c2365b87
MINOR Replacing deprecated static function calls to Director with
...
current Controller instance replacements.
2012-05-23 21:50:02 +12:00
Sean Harvey
ecf847b61c
ENHANCEMENT Re-instate pinging every 5 minutes in the CMS as a measure
...
to keep sessions alive. Moved Security/ping to admin/security/ping
2012-05-23 17:15:17 +12:00
Sean Harvey
151abde17d
Merge pull request #388 from chillu/trac/7170-i18n-sprintf-injections
...
#7170 i18n sprintf injections
2012-05-02 16:18:30 -07:00
Andrew O'Neil
fa60f9e8b2
ENHANCEMENT: Implement blowfish encryption and use it by default. ( #7111 )
2012-05-02 13:51:29 +12:00
Ingo Schommer
7b18d9d0da
MINOR Switching _t() calls from sprintf() to using injection parameters ( #7170 )
2012-05-01 22:17:00 +02:00
Sean Harvey
0882741f54
API CHANGE Renamed setModel for DataModel instances to setDataModel for
...
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Ingo Schommer
d44f6b3e1f
MINOR Removed deprecated usage of $priority argument in _t() calls
2012-04-15 17:17:17 +02:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251
API-CHANGE sapphire folder can now be renamed.
2012-04-15 10:50:19 +12:00
Sean Harvey
fd3de5158d
BUGFIX Use of Link() in security classes now refers to $this->controller
...
instead of calling the instance method Link statically (which isn't
allowed for E_STRICT compliance.)
2012-04-12 12:09:39 +12:00
Ingo Schommer
a3d99b082d
MINOR Resetting Security::$database_is_ready state during tests (regression from a9509a610d
)
2012-04-11 17:22:55 +02:00
Stig Lindqvist
a9509a610d
MINOR Security::database_is_ready() check are doing duplicate DB queries for Members.
...
The will make sure that if the database has been ready once, it is ready for the rest of the request
2012-04-12 00:29:35 +12:00
Ingo Schommer
40d73127ae
MINOR Using late static binding instead of Object::create() calls
2012-04-04 17:10:31 +02:00
Andrew O'Neil
86ef281d8f
BUGFIX: #7019 Fix SQL error when building database after adding a Member DataExtension in non-dev mode
2012-03-21 11:53:38 +13:00
Sean Harvey
2644cbb6e9
BUGFIX Remove use of encryptPasswords; use PasswordEncryptor_None
...
instead
2012-03-09 15:31:33 +13:00
Sean Harvey
d0a0df0b8e
API CHANGE Removed Security::$useSalt static, please use a custom PasswordEncryptor instead
2012-03-09 15:06:12 +13:00
Sean Harvey
aca2b2f3b5
API CHANGE Removed deprecated Security::get_encryption_algorithms() - please use PasswordEncryptor::get_encryptors() instead
2012-03-09 14:51:34 +13:00
Sean Harvey
6e58026c27
API CHANGE Removed deprecated Security::encrypt_passwords() - please use PasswordEncryptor_None instead.
2012-03-09 14:50:14 +13:00
Ingo Schommer
5911abc0f6
API CHANGE Removed prototype.js style $() alias usage for document.getElementById() to avoid confusion with the more common jQuery() alias.
...
API CHANGE Removed several unsed JavaScript globals: sprintf(), Number.prototype.CURRENCIES, Number.prototype.toCurrency(), String.prototype.ucfirst(), jQuery.fn.clearFields(), jQuery.fn.clearInputs()
MINOR Removed prototype_improvements.js and jquery_improvements.js files, now contained in individual component code (or removed altogether)
2012-02-16 12:27:47 +01:00
Sam Minnee
06605ffadc
ENHANCEMENT: Provide a default Controller::Link() method, meaning that Controller objects can be constructed to help with testing forms.
2012-01-10 16:39:12 +13:00
Sam Minnee
ce6d24c379
BUGFIX: Remvoed unused method Security::authenticate()
2012-01-10 11:10:38 +13:00
Ingo Schommer
ef514b924e
MINOR Fixed SecurityAdmin styling
2012-01-09 10:09:40 +01:00
Sam Minnee
38c3410d81
MINOR: Remove use of deprecated join() from Security::findAnAdministrator.
2011-10-29 17:47:19 +13:00
Sam Minnee
ff9b9e17af
MINOR: Removed use of deprecated Director::redirect* functions.
2011-10-29 17:36:37 +13:00
Sam Minnee
e5afa25522
MINOR: Use Deprecation class to indicate deprecated methods in core.
2011-10-29 17:34:31 +13:00
ajshort
1f6f7f0862
API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
...
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
Sam Minnee
7fbb919ce8
API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
...
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
Sam Minnee
de1494e3a8
ENHANCEMENT: Implemented DataList as the successor of DataObjectSet. DataList doesn't execute the query until it's actually needed, allowing for a more flexible ORM.
...
API CHANGE: augmentSQL is now passed a DataQuery object from which query parameters can be extracted.
API CHANGE: DataObjectDecorators that manipulate the query can now define augmentDataQueryCreation().
API CHANGE: The container class argument for DataObject::get() is deprecated.
API CHANGE: DataObject::buildSQL() and DataObject::extendedSQL() are deprecated; just use DataObject::get() now.
API CHANGE: DataObject::instance_get() and DataObject::instance_get_one() are deprecated, and can no longer be overloaded.
API CHANGE: DataObject::buildDataObjectSet() is deprecated.
API CHANGE: Cant't call manual manipulation methods on DataList such as insertFirst()
2011-05-01 15:25:45 +12:00
Ingo Schommer
43491c2641
MINOR Reducing number of asset downloads by combining files in LeftAndMain->init() and including full jquery.ui.css instead of multiple @import statements
2011-04-25 21:36:51 +12:00
Julian Seidenberg
e3f15dba9e
BUGFIX: %40 instead of @ when using forgot password fix ( fixes #6314 , thanks Fragarach 87)
2011-03-30 18:16:16 +13:00
Ingo Schommer
e1b249d0d8
BUGFIX Allowing Security controller methods to work without Page or Page_Controller classes (now moved to 'cms' module)
2011-03-29 18:07:57 +13:00
Paul Meyrick
dc36725869
MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency
...
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00
Julian Seidenberg
52070a0c3a
ENHANCEMENT: including all of jquery-ui instead of specifying individual pieces of it. This is a larger download size, but should be quicker overall as it is just a single download instead of lots of small files.
2011-02-24 17:07:24 +13:00
Julian Seidenberg
a836456cd9
BUGFIX: updated links to new jquery ui file paths
2011-02-24 12:07:34 +13:00
Sam Minnee
27246ce982
MINOR: Fixed 2.4 mergeback
2011-02-22 10:53:58 +13:00
Sam Minnee
1e0c4ae8d1
Merge branch '2.4'
...
Conflicts:
cache/Cache.php
cli/CliController.php
core/Convert.php
core/Core.php
core/ManifestBuilder.php
core/Object.php
core/SSViewer.php
core/control/ContentController.php
core/control/ContentNegotiator.php
core/control/FormResponse.php
core/control/RequestHandler.php
core/control/SilverStripeNavigatorItem.php
core/i18n.php
core/i18nTextCollector.php
core/model/DataObjectSet.php
core/model/Hierarchy.php
core/model/Image.php
core/model/MySQLDatabase.php
core/model/SiteConfig.php
core/model/SiteTree.php
core/model/Translatable.php
core/model/VirtualPage.php
dev/Debug.php
dev/SapphireTest.php
dev/TestRunner.php
dev/YamlFixture.php
dev/install/MySQLDatabaseConfigurationHelper.php
docs/en/installation/from-source.md
docs/en/topics/themes.md
docs/en/tutorials/4-site-search.md
email/Mailer.php
filesystem/File.php
filesystem/Folder.php
forms/ComplexTableField.php
forms/CurrencyField.php
forms/DateField.php
forms/FieldSet.php
forms/FileField.php
forms/FileIFrameField.php
forms/HtmlEditorConfig.php
forms/HtmlEditorField.php
forms/SelectionGroup.php
forms/SimpleImageField.php
forms/TabSet.php
forms/TableField.php
forms/TableListField.php
forms/TreeDropdownField.php
forms/TreeMultiselectField.php
integration/Geoip.php
javascript/SelectionGroup.js
javascript/TreeSelectorField.js
javascript/UpdateURL.js
javascript/core/jquery.ondemand.js
javascript/tiny_mce_improvements.js
javascript/tree/tree.js
lang/en_US.php
search/ContentControllerSearchExtension.php
security/Group.php
security/Member.php
security/PermissionCheckboxSetField.php
security/PermissionRole.php
security/Security.php
static-main.php
templates/RelationComplexTableField.ss
templates/TableListField.ss
tests/ConvertTest.php
tests/DataObjectSetTest.php
tests/DataObjectTest.php
tests/DataObjectTest.yml
tests/RequestHandlingTest.php
tests/SSViewerTest.php
tests/SiteTreePermissionsTest.php
tests/SiteTreeTest.php
tests/TransactionTest.php
tests/api/RestfulServiceTest.php
tests/control/DirectorTest.php
tests/control/ModelAsControllerTest.php
tests/fieldtypes/WidgetAreaEditorTest.php
tests/forms/CurrencyFieldTest.php
tests/forms/FormTest.php
tests/model/DatabaseTest.php
tests/model/ImageTest.php
tests/search/ContentControllerSearchExtensionTest.php
tests/security/MemberAuthenticatorTest.php
thirdparty/.gitignore
thirdparty/behaviour/behaviour.js
thirdparty/firebug-lite/firebug.js
thirdparty/firebug-lite/firebugx.js
thirdparty/jquery-form/jquery.form.js
thirdparty/jquery-livequery/jquery.livequery.js
thirdparty/jquery-livequery/test/jquery.js
thirdparty/jquery-livequery/test/test.html
thirdparty/jquery-livequery/test/test2.html
thirdparty/jquery-metadata/META.json
thirdparty/jquery-metadata/README
thirdparty/jquery-metadata/jquery.metadata.js
thirdparty/jquery-metadata/test/index.html
thirdparty/jquery-metadata/test/jquery.js
thirdparty/jquery-metadata/test/test.js
thirdparty/jquery-metadata/test/testrunner.js
thirdparty/jquery-metadata/test/testsuite.css
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_75_ffffff_40x100.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_65_ffffff_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_dadada_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_222222_256x240.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_2e83ff_256x240.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_454545_256x240.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_888888_256x240.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_cd0a0a_256x240.png
thirdparty/jquery-ui/i18n/jquery-ui-i18n.js
thirdparty/jquery-ui/i18n/ui.datepicker-ar.js
thirdparty/jquery-ui/i18n/ui.datepicker-bg.js
thirdparty/jquery-ui/i18n/ui.datepicker-ca.js
thirdparty/jquery-ui/i18n/ui.datepicker-cs.js
thirdparty/jquery-ui/i18n/ui.datepicker-da.js
thirdparty/jquery-ui/i18n/ui.datepicker-de.js
thirdparty/jquery-ui/i18n/ui.datepicker-el.js
thirdparty/jquery-ui/i18n/ui.datepicker-eo.js
thirdparty/jquery-ui/i18n/ui.datepicker-es.js
thirdparty/jquery-ui/i18n/ui.datepicker-fa.js
thirdparty/jquery-ui/i18n/ui.datepicker-fi.js
thirdparty/jquery-ui/i18n/ui.datepicker-fr.js
thirdparty/jquery-ui/i18n/ui.datepicker-he.js
thirdparty/jquery-ui/i18n/ui.datepicker-hr.js
thirdparty/jquery-ui/i18n/ui.datepicker-hu.js
thirdparty/jquery-ui/i18n/ui.datepicker-hy.js
thirdparty/jquery-ui/i18n/ui.datepicker-id.js
thirdparty/jquery-ui/i18n/ui.datepicker-is.js
thirdparty/jquery-ui/i18n/ui.datepicker-it.js
thirdparty/jquery-ui/i18n/ui.datepicker-ja.js
thirdparty/jquery-ui/i18n/ui.datepicker-ko.js
thirdparty/jquery-ui/i18n/ui.datepicker-lt.js
thirdparty/jquery-ui/i18n/ui.datepicker-lv.js
thirdparty/jquery-ui/i18n/ui.datepicker-ms.js
thirdparty/jquery-ui/i18n/ui.datepicker-nl.js
thirdparty/jquery-ui/i18n/ui.datepicker-no.js
thirdparty/jquery-ui/i18n/ui.datepicker-pl.js
thirdparty/jquery-ui/i18n/ui.datepicker-pt-BR.js
thirdparty/jquery-ui/i18n/ui.datepicker-ro.js
thirdparty/jquery-ui/i18n/ui.datepicker-ru.js
thirdparty/jquery-ui/i18n/ui.datepicker-sk.js
thirdparty/jquery-ui/i18n/ui.datepicker-sl.js
thirdparty/jquery-ui/i18n/ui.datepicker-sq.js
thirdparty/jquery-ui/i18n/ui.datepicker-sr-SR.js
thirdparty/jquery-ui/i18n/ui.datepicker-sr.js
thirdparty/jquery-ui/i18n/ui.datepicker-sv.js
thirdparty/jquery-ui/i18n/ui.datepicker-th.js
thirdparty/jquery-ui/i18n/ui.datepicker-tr.js
thirdparty/jquery-ui/i18n/ui.datepicker-uk.js
thirdparty/jquery-ui/i18n/ui.datepicker-zh-CN.js
thirdparty/jquery-ui/i18n/ui.datepicker-zh-TW.js
thirdparty/jquery/jquery.js
thirdparty/jsmin/.piston.yml
thirdparty/jsmin/jsmin.php
thirdparty/prototype/prototype.js
thirdparty/scriptaculous/dragdrop.js
thirdparty/simplepie/.piston.yml
thirdparty/spyc/.piston.yml
thirdparty/spyc/README
thirdparty/spyc/php4/spyc.php4
thirdparty/spyc/php4/test.php4
thirdparty/spyc/spyc.php
thirdparty/spyc/spyc.yaml
thirdparty/tinymce-advcode/dialog.html
thirdparty/tinymce-advcode/editor_plugin_src.js
thirdparty/tinymce-advcode/js/dialog.js
thirdparty/tinymce/langs/en.js
thirdparty/tinymce/plugins/advhr/langs/en_dlg.js
thirdparty/tinymce/plugins/advhr/rule.htm
thirdparty/tinymce/plugins/advimage/image.htm
thirdparty/tinymce/plugins/advimage/langs/en_dlg.js
thirdparty/tinymce/plugins/advlink/langs/en_dlg.js
thirdparty/tinymce/plugins/advlink/link.htm
thirdparty/tinymce/plugins/emotions/emotions.htm
thirdparty/tinymce/plugins/emotions/langs/en_dlg.js
thirdparty/tinymce/plugins/example/dialog.htm
thirdparty/tinymce/plugins/fullpage/fullpage.htm
thirdparty/tinymce/plugins/fullpage/langs/en_dlg.js
thirdparty/tinymce/plugins/fullscreen/fullscreen.htm
thirdparty/tinymce/plugins/inlinepopups/template.htm
thirdparty/tinymce/plugins/media/langs/en_dlg.js
thirdparty/tinymce/plugins/media/media.htm
thirdparty/tinymce/plugins/paste/js/pasteword.js
thirdparty/tinymce/plugins/paste/langs/en_dlg.js
thirdparty/tinymce/plugins/paste/pastetext.htm
thirdparty/tinymce/plugins/paste/pasteword.htm
thirdparty/tinymce/plugins/searchreplace/langs/en_dlg.js
thirdparty/tinymce/plugins/searchreplace/searchreplace.htm
thirdparty/tinymce/plugins/spellchecker/editor_plugin.js
thirdparty/tinymce/plugins/spellchecker/editor_plugin_src.js
thirdparty/tinymce/plugins/style/langs/en_dlg.js
thirdparty/tinymce/plugins/style/props.htm
thirdparty/tinymce/plugins/table/cell.htm
thirdparty/tinymce/plugins/table/langs/en_dlg.js
thirdparty/tinymce/plugins/table/merge_cells.htm
thirdparty/tinymce/plugins/table/row.htm
thirdparty/tinymce/plugins/table/table.htm
thirdparty/tinymce/plugins/template/langs/en_dlg.js
thirdparty/tinymce/plugins/template/template.htm
thirdparty/tinymce/plugins/xhtmlxtras/abbr.htm
thirdparty/tinymce/plugins/xhtmlxtras/acronym.htm
thirdparty/tinymce/plugins/xhtmlxtras/attributes.htm
thirdparty/tinymce/plugins/xhtmlxtras/cite.htm
thirdparty/tinymce/plugins/xhtmlxtras/del.htm
thirdparty/tinymce/plugins/xhtmlxtras/ins.htm
thirdparty/tinymce/plugins/xhtmlxtras/langs/en_dlg.js
thirdparty/tinymce/themes/advanced/about.htm
thirdparty/tinymce/themes/advanced/anchor.htm
thirdparty/tinymce/themes/advanced/charmap.htm
thirdparty/tinymce/themes/advanced/color_picker.htm
thirdparty/tinymce/themes/advanced/image.htm
thirdparty/tinymce/themes/advanced/langs/en.js
thirdparty/tinymce/themes/advanced/langs/en_dlg.js
thirdparty/tinymce/themes/advanced/link.htm
thirdparty/tinymce/themes/advanced/source_editor.htm
thirdparty/tinymce/themes/simple/langs/en.js
thirdparty/tinymce/tiny_mce.js
thirdparty/tinymce/tiny_mce_src.js
widgets/Widget.php
2011-02-14 18:47:53 +13:00