Damian Mooyman
7367cf54c4
[ss-2015-020]: Prevent possible Privilege escalation
2015-09-10 13:01:24 +12:00
Loz Calver
d91c7d14b8
FIX: Rewrite Member getCMSFields to ensure updateCMSFields is only run once ( fixes #2827 )
...
Fix usage of inside closure
Can't use self:: in closure either
Basic unit tests to check extensions are applied correctly
2014-02-16 21:21:15 +00:00
andrewvt
389bdb4ddf
Added a unit test for removeFromGroupByCode()
...
Added a unit test for removeFromGroupByCode()
2013-10-31 22:05:13 -04:00
Will Rossiter
813d34b15e
FIX: Use Injector API for managing Member_Validator instance.
...
Updates the CMS profile page and SecurityAdmin to give developers a few ways to customise the required fields.
Added extension hook updateValidator for getValidator for things like modules to inject required fields to go along with Injector for replacing the entire class for project specific use.
2013-10-16 11:29:43 +13:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Hamish Friedlander
7efae6b95f
Merge remote-tracking branch 'origin/3.0' into 3.1
2013-02-18 14:31:57 +13:00
Ingo Schommer
30096ee730
BUGFIX Keep Member.PasswordEncryption setting on empty passwords
...
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
22eeaa4ac1
BUG Members should not be allowed to delete themselves ( fixes #8121 )
2012-12-16 23:53:45 +01:00
Simon Welsh
b0121b541c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 00:12:11 +13:00
Ingo Schommer
c55c7c33f8
Merge branch '3.0'
...
Conflicts:
admin/code/CMSProfileController.php
composer.json
tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Mateusz Uzdowski
a8b0e44d98
API Hash autologin tokens before storing in the database.
...
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Andrew O'Neil
6dd6a5c188
APICHANGE: Use late static binding for Object::remove_extension()
2012-11-07 11:07:55 +13:00
Andrew O'Neil
fdea5321c7
APICHANGE: add_extension() is now called directly on the class, instead of on Object
2012-11-07 11:07:55 +13:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Stig Lindqvist
bbe3879eaa
BUGFIX: Member::mapInGroups() throws SQL error
...
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
2012-05-10 13:53:54 +12:00
Sean Harvey
b1e17578c7
API CHANGE Removed assertType() and assertEmpty() workarounds. Use assertInstanceOf()
...
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.
MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
2012-05-09 23:05:39 +12:00
Sean Harvey
8a6671d72e
BUGFIX Member::onChangeGroups() should allow ADMIN permission grant if the logged in user is an ADMIN
2012-04-27 12:27:46 +12:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Sean Harvey
e097f6e1a8
MINOR Fixes to method arguments in core classes for E_STRICT support.
...
API CHANGE Remove abstract static function and just use static functions
in Authenticator (PHP 5.3+ doesn't support abstract static functions)
2012-03-28 22:41:42 +13:00
Sean Harvey
d28da56e19
BUGFIX Fixed regression where Member::PasswordEncryption field wouldn't be set to the default
2012-03-09 17:29:57 +13:00
Ingo Schommer
424da6abe1
API CHANGE Moved NZGovtPasswordValidator to new 'securityextras' module
2012-03-02 00:28:22 +01:00
Will Rossiter
1732a17114
Merged new-orm into datagrid
2011-09-26 16:47:54 +13:00
Ingo Schommer
e1931c107f
MINOR Updated MemberTest to accept new default date formats caused by Zend/CLDR upgrade (from 'MM/dd/yyyy' to a less ambiguous 'MMM d, y')
2011-05-31 07:55:12 +12:00
ajshort
04e30243d0
MINOR: Updated MemberTest to work with a standard array iterator.
2011-05-03 12:16:40 +10:00
ajshort
3a1c2df4e7
API CHANGE: Renamed DataObjectDecorator to DataExtension.
...
API CHANGE: Renamed LeftAndMainDecorator to LeftAndMainExtension.
MINOR: Replaced all references to decorators with extension.
2011-04-26 11:01:38 +10:00
Ingo Schommer
2870eb9212
MINOR Changed $fixture_path to relative filenames in all sapphire test cases in order to allow easier file moving and less verbosity in tests
2011-03-30 23:04:48 +13:00
Ingo Schommer
2184acf17d
Revert "MINOR Replaced assertType() calls with assertInstanceOf(), deprecated in PHPUnit 3.6 (throws warnings as of 3.5.10)" - cased too many problems with mixed build environments that require PHP 3.4
...
This reverts commit 65f6104cd6
.
2011-03-11 15:06:09 +13:00
Ingo Schommer
498e5758bf
BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups()
2011-03-09 15:49:41 +13:00
Ingo Schommer
65f6104cd6
MINOR Replaced assertType() calls with assertInstanceOf(), deprecated in PHPUnit 3.6 (throws warnings as of 3.5.10)
2011-02-21 18:49:09 +13:00
Sam Minnee
1fc540c16b
MINOR Fixed regression from r111843 (i18nText, MemberDatetimeFieldTest, MemberTest) (from r111844)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112929 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 05:01:35 +00:00
Sam Minnee
ef36436f75
BUGFIX Protect MemberTest from side effects caused by auth_openid and forum modules (from r110894)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112865 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 03:01:29 +00:00
Sam Minnee
d8a8635374
API CHANGE Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_SecurityAdmin permissions tries to edit an ADMIN ( fixes #5651 ) (from r110856)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112861 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 02:46:26 +00:00
Sam Minnee
38f9e74fba
MINOR Tests for Member::getName() and Member::setName() (from r109333)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112823 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 01:24:04 +00:00
Sam Minnee
0e3693f99e
BUGFIX: tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file (from r107940)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112702 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:33:41 +00:00
Ingo Schommer
577e82a123
BUGFIX Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772 ) (from r107532)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112602 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:52:38 +00:00
Ingo Schommer
47762cdf5b
ENHANCEMENT #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field (from r107326)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112568 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:23:02 +00:00
Ingo Schommer
39b056024f
APICHANGE: moved Group::addToGroupByName to $member->addToGroupByCode. (from r106217)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112528 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:00:48 +00:00
Ingo Schommer
c604341a1d
API CHANGE Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@100705 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-03-09 04:10:38 +00:00
Ingo Schommer
61e27830c6
MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) (merged from r98274)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 04:05:34 +00:00
Sean Harvey
69cda024ab
MINOR Added tests methods for Member::can*() methods to MemberTest
...
MINOR Added test Extension classes for testing decorated can*() methods (from r94359)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95602 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:39:57 +00:00
Sean Harvey
35628832d6
BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete()
...
MINOR Added additional tests to MemberTest (from r94358)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95601 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:39:39 +00:00
Ingo Schommer
e675381cd4
ENHANCEMENT Pluggable password encryption through PasswordEncryptor class ( #3665 )
...
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004 )
API CHANGE Deprecated Security::encrypt_passwords()
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation
API CHANGE Removed Security::get_encryption_algorithms()
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:21 +00:00
Sean Harvey
13b358a8dd
Merged from branches/2.3
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 00:07:39 +00:00
Sam Minnee
96c5be8252
Updating queries to be more DB agnostic
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-24 09:31:14 +00:00
Ingo Schommer
e57b7651ef
ENHANCEMENT Unit tests for Member->inGroup() and Member->inGroups()
...
ENHANCEMENT Added a "strict-mode" for Member->inGroup() and Member->inGroups() to determine true membership to a group (without inheritance)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@65125 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-03 01:57:16 +00:00
Sam Minnee
c812ca5f91
Improved robustness of MemberTest
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60391 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 05:17:37 +00:00
Ingo Schommer
03fcc80e19
(merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60205 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-09 03:19:54 +00:00
Ingo Schommer
60860cc1b9
MINOR Unified @package PHPdoc (added where missing, removed duplicates)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-06-15 13:33:53 +00:00