tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
16,393 Commits 31 Branches 527 Tags 162 MiB
6fe5c37d6a
Commit Graph

1146 Commits

Author SHA1 Message Date
Damian Mooyman
cf69d04866
BUG Fix ping including requirements 
Fixes #7802
 2018-01-26 10:26:18 +13:00
Damian Mooyman
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete 
FIX: Fix Member_GroupSet::removeAll() (fixes #3948)
 2018-01-25 09:20:30 +13:00
Loz Calver
c2cd6b3832 FIX: Fix Member_GroupSet::removeAll() (fixes #3948) 2018-01-24 17:17:20 +00:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change 2017-11-23 21:17:31 +00:00
Daniel Hensby
72702dbd50 Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack 
[SS-2017-005] User enumeration via timing attack mitigated
 2017-09-20 11:39:39 +01:00
Daniel Hensby
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated 2017-09-20 11:33:22 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
Loz Calver
82c0632f46
Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes (fixes #7208) 2017-07-26 09:54:29 +01:00
Daniel Hensby
a5c84b12ab
FIX Order of conditionals for getting default admin 2017-06-12 11:54:05 +01:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4 2017-05-29 01:02:35 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-05-25 16:14:52 +01:00
Daniel Hensby
69974d940a
Merge branch '3.3' into 3.4 2016-11-18 11:33:39 +00:00
Daniel Hensby
0ae4b57754
Merge branch '3.2' into 3.3 2016-11-18 11:32:36 +00:00
Daniel Hensby
5df077f24d
Merge branch '3.1' into 3.2 2016-11-18 11:29:19 +00:00
Daniel Hensby
8e5f786b8d
Merge branch '3.4' into 3.5.0 2016-11-15 11:43:16 +00:00
Daniel Hensby
3f4445641d
Merge branch '3.3' into 3.4 2016-11-15 11:35:38 +00:00
Daniel Hensby
c7778a1e9a
Merge branch '3.2' into 3.3 2016-11-15 11:19:27 +00:00
Daniel Hensby
06d0210233
Merge branch '3.1' into 3.2 2016-11-15 11:18:46 +00:00
Daniel Hensby
17097a4d11
[SS-2016-016] FIX Properly escape backURL for template injection 2016-11-10 17:00:03 +00:00
Daniel Hensby
5a7cde0e10
Merge branch '3.4' into 3.5.0 2016-11-09 16:14:40 +00:00
Loz Calver
6bf36fbd30
FIX: Correct return type for Member::currentUser() 2016-11-09 14:20:44 +00:00
Daniel Hensby
beeed8155a
Merge branch '3.4' into 3 2016-09-16 11:56:01 +01:00
Thomas Portelange
995d07756d cache currentUser query (#6007) 
* cache currentUser query

Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)
 2016-09-15 15:45:40 +01:00
Daniel Hensby
3fd9fe3aa0
Merge branch '3.4' into 3 2016-09-07 09:22:06 +01:00
Daniel Hensby
060bf6b327
Merge branch '3.3' into 3.4 2016-08-22 16:22:37 +01:00
Daniel Hensby
088d88e978
Merge branch '3.2' into 3.3 2016-08-22 16:22:02 +01:00
Daniel Hensby
229a2b9217
Merge pull request #4133 from nimeso/patch-1 2016-08-22 11:52:47 +01:00
Damian Mooyman
d88516203c Merge 3.4 into 3 2016-08-15 19:05:20 +12:00
Daniel Hensby
d1163d87b7 [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 15:52:10 +12:00
Daniel Hensby
8bbf1caae6 [SS-2016-013] FIX Uncasted member name 2016-08-15 15:52:04 +12:00
Daniel Hensby
782c18fd13 [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 2016-08-15 15:51:53 +12:00
Daniel Hensby
08384bb4d6 [SS-2016-008] Reset Member::Salt on password change 2016-08-15 15:50:56 +12:00
Daniel Hensby
fa7f5af861 [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 15:02:53 +12:00
Daniel Hensby
83e3302c04 [SS-2016-013] FIX Uncasted member name 2016-08-15 15:02:47 +12:00
Daniel Hensby
6d41db77fa [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
 2016-08-15 15:02:41 +12:00
Daniel Hensby
f85dea2e6d [SS-2016-008] Reset Member::Salt on password change 2016-08-15 15:02:36 +12:00
Daniel Hensby
b1f449762b [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 14:07:57 +12:00
Daniel Hensby
281b0de571 [SS-2016-013] FIX Uncasted member name 2016-08-15 14:07:51 +12:00
Daniel Hensby
2b30ade44d [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
 2016-08-15 14:07:40 +12:00
Daniel Hensby
dc47f7ec9a [SS-2016-008] Reset Member::Salt on password change 2016-08-15 14:07:24 +12:00
Daniel Hensby
1c7d5de51b [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 13:24:06 +12:00
Daniel Hensby
6817c57f64 [SS-2016-013] FIX Uncasted member name 2016-08-15 13:21:14 +12:00
Daniel Hensby
6606d98663 [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
 2016-08-15 13:20:02 +12:00
Daniel Hensby
298f61521c [SS-2016-008] Reset Member::Salt on password change 2016-08-15 13:19:02 +12:00
Damian Mooyman
3c1a5d2a46 Merge pull request #5872 from dhensby/pulls/3/injector-for-cmslogin 
FIX Use create syntax for CMSMemberLoginForm remember me form
 2016-08-12 14:10:56 +12:00
Daniel Hensby
86add3e021
FIX Use create syntax for CMSMemberLoginForm remember me form 2016-08-07 20:20:20 +01:00
Damian Mooyman
7de5b998e1 Merge 3.4 into 3 2016-08-05 19:12:25 +12:00
Damian Mooyman
ca754eb887 Merge 3.3 into 3.4 
# Conflicts:
#	admin/javascript/lang/fa_IR.js
#	admin/javascript/lang/it.js
#	admin/javascript/lang/src/fa_IR.js
#	admin/javascript/lang/src/it.js
#	lang/cs.yml
#	lang/eo.yml
#	lang/fa_IR.yml
#	lang/fi.yml
#	lang/it.yml
#	lang/sk.yml
 2016-08-05 16:48:26 +12:00
Damian Mooyman
0d5ae23f2b Merge 3.2 into 3.3 2016-08-05 14:36:35 +12:00