Commit Graph

945 Commits

Author SHA1 Message Date
Sean Harvey
60c72c40d9 API CHANGE Use of the DropdownField $emptyString argument is now
properly deprecated (has been marked as deprecated since 2.3). Please
use setEmptyString() on the DropdownField instance instead.
2012-05-23 22:59:40 +12:00
Sean Harvey
77c2365b87 MINOR Replacing deprecated static function calls to Director with
current Controller instance replacements.
2012-05-23 21:50:02 +12:00
Sean Harvey
ecf847b61c ENHANCEMENT Re-instate pinging every 5 minutes in the CMS as a measure
to keep sessions alive. Moved Security/ping to admin/security/ping
2012-05-23 17:15:17 +12:00
Ingo Schommer
69fbdad722 MINOR Removed non-functional "close popup" link from profile editing in CMS (fixes #7343) 2012-05-20 14:03:50 +02:00
Sean Harvey
e5e8f489a2 Merge branch (pull request #247) 'template-global-fixes' of https://github.com/sminnee/sapphire into sminnee-template-global-fixes 2012-05-19 15:39:59 +12:00
Andrew O'Neil
becdd85421 BUGFIX: Fix checking for flawed blowfish encryption 2012-05-16 16:40:12 +12:00
Stig Lindqvist
bbe3879eaa BUGFIX: Member::mapInGroups() throws SQL error
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
2012-05-10 13:53:54 +12:00
Ingo Schommer
15e8e10f5e Merge pull request #411 from ajoneil/blowfish
MINOR: Fix coding conventions
2012-05-07 15:56:03 -07:00
Andrew O'Neil
0c0a91e3c1 MINOR: Fix coding conventions 2012-05-08 10:33:03 +12:00
Stig Lindqvist
a16b75d459 Merge pull request #405 from halkyon/member_changes2
API CHANGE Removed Member_SignupEmail and deprecate sendInfo() on Member
2012-05-06 21:47:05 -07:00
Andrew O'Neil
f6c98b1992 BUGFIX: Increase size of varchar fields on MemberPassword to match those defined in Member. This fixes issues when the password hash is longer than 50 characters, and was being truncated when saved in MemberPassword. 2012-05-07 15:04:25 +12:00
Andrew O'Neil
5cf3720bf0 ENHANCEMENT: Use the best blowfish encryption available - this fixes fragility between PHP versions and system installations 2012-05-07 15:04:09 +12:00
Andrew O'Neil
89fc8e5fdd APICHANGE: PasswordEncryptor::check() allows for more powerful password checking, deprecating PasswordEncryptor::compare() 2012-05-07 15:03:53 +12:00
Sean Harvey
d4154dae9e API CHANGE Deprecate Member::sendInfo(), use Member_ChangePasswordEmail and Member_ForgotPasswordEmail class directly instead. 2012-05-05 10:04:46 +12:00
Sean Harvey
fd0ec1c47f API CHANGE Removed Member_SignupEmail, use your own custom sign up Email class instead. 2012-05-05 10:04:23 +12:00
Sam Minnee
de4a865fb8 BUGFIX: Fixed blowfish encryption for PHP < 5.3.7 (#7276) 2012-05-04 11:50:26 +12:00
Ingo Schommer
68051fdb96 Merge pull request #371 from halkyon/sapphire
---

Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
151abde17d Merge pull request #388 from chillu/trac/7170-i18n-sprintf-injections
#7170 i18n sprintf injections
2012-05-02 16:18:30 -07:00
Sean Harvey
6483cdd204 Merge pull request #382 from chillu/trac/7217-group-default-on-member
Group default on member (#7217)
2012-05-01 21:43:05 -07:00
Andrew O'Neil
a2e9c001d7 MINOR: Fix style according to style guidelines, and add a comment about use of "$2y" instead of "$2a" 2012-05-02 14:59:39 +12:00
Andrew O'Neil
fa60f9e8b2 ENHANCEMENT: Implement blowfish encryption and use it by default. (#7111) 2012-05-02 13:51:29 +12:00
Ingo Schommer
7b18d9d0da MINOR Switching _t() calls from sprintf() to using injection parameters (#7170) 2012-05-01 22:17:00 +02:00
Sean Harvey
0882741f54 API CHANGE Renamed setModel for DataModel instances to setDataModel for
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Ingo Schommer
f873707e9d ENHANCEMENT Prepopulating group on new members (fixes #7217) 2012-04-30 14:35:25 +02:00
Ingo Schommer
ffe698ca1e MINOR Placeholder text for adding a group in Member->getCMSFields() (fixes #7217) 2012-04-30 10:29:09 +02:00
Sean Harvey
f63d137d49 ENHANCEMENT Session::start() now only called when there is changed
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Sean Harvey
8a6671d72e BUGFIX Member::onChangeGroups() should allow ADMIN permission grant if the logged in user is an ADMIN 2012-04-27 12:27:46 +12:00
Ingo Schommer
7f62ad0f3e Merge branch 'master' into 7094-combine-tree-edit-view 2012-04-18 14:19:55 +02:00
Sean Harvey
926daa29e2 BUGFIX Revert remove of function_exists() check for mcrypt in
7d84aff01e, as we don't expect mcrypt to actually be available,
since fallbacks in RandomGenerator are available.
2012-04-18 18:44:33 +12:00
Andrew O'Neil
14c0796617 MINOR: Remove checks for PHP < 5.3.2, as it's no longer supported 2012-04-18 10:38:09 +12:00
Ingo Schommer
65fc81fd68 MINOR Removed Group->CMSTreeClasses(), no longer shown as a tree 2012-04-17 22:34:24 +02:00
Andrew O'Neil
a89228e934 MINOR: Fix deprecation notice when saving user settings 2012-04-16 14:13:21 +12:00
Ingo Schommer
d44f6b3e1f MINOR Removed deprecated usage of $priority argument in _t() calls 2012-04-15 17:17:17 +02:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251 API-CHANGE sapphire folder can now be renamed. 2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814 MINOR Add newline to end of files without one 2012-04-15 10:50:19 +12:00
Ingo Schommer
8ba9c3ca6b API CHANGE Removed $params argument to DataObject->getCMSFields(), please use FormScaffolder directly (fixes #7135) 2012-04-13 15:46:47 +02:00
Sean Harvey
fd3de5158d BUGFIX Use of Link() in security classes now refers to $this->controller
instead of calling the instance method Link statically (which isn't
allowed for E_STRICT compliance.)
2012-04-12 12:09:39 +12:00
Ingo Schommer
a3d99b082d MINOR Resetting Security::$database_is_ready state during tests (regression from a9509a610d) 2012-04-11 17:22:55 +02:00
Ingo Schommer
ac45e5b9c0 Merge branch 'integration'
Conflicts:
	admin/css/ie8.css
	admin/css/screen.css
	admin/scss/_style.scss
	dev/install/config-form.html
	dev/install/install.css
	dev/install/php5-required.html
2012-04-11 16:31:12 +02:00
Ingo Schommer
aed5e93da2 Merge pull request #301 from stojg/database-is-ready-checks
MINOR Security::database_is_ready() check are doing duplicate DB queries...
2012-04-11 06:38:22 -07:00
Ingo Schommer
6cd91ff449 Merge pull request #299 from ajoneil/sapphire
---

Conflicts:
	forms/NumericField.php
2012-04-11 15:36:35 +02:00
Stig Lindqvist
a9509a610d MINOR Security::database_is_ready() check are doing duplicate DB queries for Members.
The will make sure that if the database has been ready once, it is ready for the rest of the request
2012-04-12 00:29:35 +12:00
Andrew O'Neil
4be59a8d45 MINOR: Ensure all form fields Field() method has the same signature as FormField::Field(). Fixes E_STRICT warnings. 2012-04-11 17:33:36 +12:00
Andrew O'Neil
daab8f4cbc MINOR: Consistently use DataObjectInterface for saveInto() on FormField subclasses. Fixes E_STRICT notice 2012-04-11 17:00:57 +12:00
Ingo Schommer
8c5e56fe31 Merge branch 'master' into integration
Conflicts:
	admin/css/screen.css
	dev/install/php5-required.html
2012-04-09 21:10:08 +02:00
Stig Lindqvist
0d031a5045 API CHANGE Use Config for registering default password encryptors
Using the config system for registering password encryptors
Remove the eval on password encryptor construction by using reflection
Throws deprecation messages when using static register / unregister
2012-04-07 19:14:00 +12:00
Ingo Schommer
40d73127ae MINOR Using late static binding instead of Object::create() calls 2012-04-04 17:10:31 +02:00
Felipe Skroski
7740bb326a ENHANCEMENT SSF-168 moved print and csv export buttons to the top of the grid 2012-04-04 14:09:52 +12:00
Normann Lou
2f3949ac6e MINOR add 'print button' to Member list and data list of ModelAdmin 2012-04-04 10:35:41 +12:00
Ingo Schommer
d0d23dc591 Merge pull request #271 from halkyon/group_changes
BUGFIX Nested Group records should be removed, along with the parent.
2012-03-28 02:52:52 -07:00
Sean Harvey
bd95bcaf61 BUGFIX Nested Group records should be removed, along with the parent. 2012-03-28 22:49:58 +13:00
Sean Harvey
e097f6e1a8 MINOR Fixes to method arguments in core classes for E_STRICT support.
API CHANGE Remove abstract static function and just use static functions
in Authenticator (PHP 5.3+ doesn't support abstract static functions)
2012-03-28 22:41:42 +13:00
Ingo Schommer
cbb0259dd7 Merge branch 'integration-merge27march' 2012-03-27 18:07:21 +02:00
Ingo Schommer
efc30fd39e MINOR Removed setRightTitle() special case (and too specific styling) from Group->getCMSFields(), implemented title attribute for chosen.js drop downs instead (to be styled with more friendly title popovers) 2012-03-27 17:07:50 +02:00
Sean Harvey
b92e4e01a9 MINOR Removed PHP 5.1 check for PasswordEncryptor, use hash() always as PHP 5.1 is no longer supported. 2012-03-27 20:09:36 +13:00
Andrew O'Neil
86ef281d8f BUGFIX: #7019 Fix SQL error when building database after adding a Member DataExtension in non-dev mode 2012-03-21 11:53:38 +13:00
Sam Minnee
6c35588eda API CHANGE: Rename 'PastMember' to 'IsRepeatMember' in templates.
API CHANGE: Move Controller::PastMember() to Member::is_repeat_member() in code.
API CHANGE: Removed Controller::CurrentMember(), it was only ever intended as a template global provider.
2012-03-16 15:05:28 +13:00
Normann Lou
aed91931a7 MINOR SSF-53 : code convention, use "-" instead of "_" for html class property value 2012-03-12 09:35:25 +01:00
Ingo Schommer
01b24daace API CHANGE Removed Member::isAdmin(), use Permission::check('ADMIN') instead
API CHANGE Removed Member->setByCheckboxes()/setByCheckboxSetField(), Use setByIdList() and/or a CheckboxSetField instead
API CHANGE Removed Member->addManyByGroupID(), Use DataList->addMany() instead.
API CHANGE Removed Member->removeManyByGroupID(). Use DataList->removeMany() instead.
API CHANGE Removed Member->getGroupsFromIDs(). Use DataObject::get("Group")->byIds() instead.
API CHANGE Removed Member->addManyByCodename()/removeManyByCodename(). Don\'t rely on codename
2012-03-09 21:33:52 +01:00
Ingo Schommer
4216a09177 API CHANGE Removed BasicAuth::enable()/disable(), use protect_entire_site() 2012-03-09 21:20:20 +01:00
Sean Harvey
d28da56e19 BUGFIX Fixed regression where Member::PasswordEncryption field wouldn't be set to the default 2012-03-09 17:29:57 +13:00
Sean Harvey
2644cbb6e9 BUGFIX Remove use of encryptPasswords; use PasswordEncryptor_None
instead
2012-03-09 15:31:33 +13:00
Sean Harvey
d0a0df0b8e API CHANGE Removed Security::$useSalt static, please use a custom PasswordEncryptor instead 2012-03-09 15:06:12 +13:00
Sean Harvey
0d8151fd3d Merge remote-tracking branch 'upstream/master' into deprecation_fixes 2012-03-09 15:03:43 +13:00
Sean Harvey
aca2b2f3b5 API CHANGE Removed deprecated Security::get_encryption_algorithms() - please use PasswordEncryptor::get_encryptors() instead 2012-03-09 14:51:34 +13:00
Sean Harvey
6e58026c27 API CHANGE Removed deprecated Security::encrypt_passwords() - please use PasswordEncryptor_None instead. 2012-03-09 14:50:14 +13:00
Sam Minnee
a071456837 Merge branch 'master' of github.com:silverstripe/sapphire
Conflicts:
	tests/forms/gridfield/GridFieldDetailFormTest.php
	tests/forms/gridfield/GridFieldPopupFormsTest.yml
2012-03-09 14:37:32 +13:00
Stig Lindqvist
8b82dae06c API CHANGE: Renaming of gridfield components #6921 2012-03-09 12:54:02 +13:00
Sean Harvey
9f3344b355 API CHANGE Removed built-in behaviour.js client-side form validation.
This is no longer supported. Please use custom client-side validation instead. (see 3.0.0 changelog
for more information)
2012-03-09 12:19:57 +13:00
Ingo Schommer
e4a6dd5850 Merge branch 'integration'
Conflicts:
	forms/gridfield/GridField.php
2012-03-08 20:25:21 +01:00
Ingo Schommer
c117ef58cf API CHANGE Removed LeftAndMain->RootForm(), concept no longer applies in 3.0 UI. Use EmptyForm() or EditForm() 2012-03-08 18:22:30 +01:00
Normann Lou
1de30d5bf2 ENHANCEMENT SSF-53 : remove literal field for explanation text of Parent dropdown, use a right title for it, instead 2012-03-08 10:47:06 +13:00
Ingo Schommer
79d420f941 ENHANCEMENT Member->DirectGroups() (to complement Group->DirectMembers(), and aid with relationship saving through Member->getCMSFields()) 2012-03-07 01:23:40 +01:00
Ingo Schommer
723a8488ac BUGFIX Fixed Group->Members() overloaded relation getter to avoid filtering on zero-value foreign keys, producing empty rather than inherited results (important for the GridField used in Group->getCMSFields()) 2012-03-06 15:50:07 +01:00
Ingo Schommer
18932b5be5 MINOR Enforcing SecurityAdmin::$hidden_permissions, refactoring error 2012-03-06 01:23:35 +01:00
Ingo Schommer
1201f6c8bb BUGFIX Saving records in ListboxField->saveInto() and PermissionCheckboxSetField->saveInto() so we have a database ID to relate to (was previously customised in MemberTableField->saveComplexTableField(), which is now deprecated) 2012-03-06 01:23:34 +01:00
Ingo Schommer
bb6d4c506e BUGFIX Fixed HasManyList and ManyManyList queries for relationships on new records (was returning all available records due to the SQL filtering ignoring ID=0) 2012-03-06 01:23:34 +01:00
Hamish Friedlander
374ed19406 API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic 2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08 APICHANGE: Rename getExposedVariables to match coding conventions 2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717 API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData 2012-03-06 09:11:46 +13:00
Ingo Schommer
6f71186e2c ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles" 2012-03-05 18:31:52 +01:00
Ingo Schommer
f9f659672a MINOR Re-instating Member_Validator in SecurityAdmin->RootForm() and Groups->getCMSFields() with new GridField implementation 2012-03-05 17:41:50 +01:00
Ingo Schommer
2abb021efb BUGFIX Restored old permission code model, broken due to new controller structure. Introduced LeftAndMain::$required_permission_codes as a way to control permissions independently of subclasses, and "cluster" multiple classes under a single code. 2012-03-05 17:41:49 +01:00
Ingo Schommer
ad5cf1ebf1 ENHANCEMENT Using ListboxField/chosen.js to assign roles in Group->getCMSFields(). Improved explanation of groups in the user interface. 2012-03-05 17:41:47 +01:00
Ingo Schommer
0762be9927 ENHANCEMENT Renamed GridFieldConfig_ManyManyEditor to GridFieldConfig_RelationEditor, to be more in line with underlying component naming, and more accurate (as it allows editing has_many relations as well). Removed $fieldToSearch argument from its constructor to keep config API consistent, should use getComponentByType() for configuration. Added GridFieldConfig_RecordEditor 2012-03-05 12:26:02 +01:00
Ingo Schommer
e8ad2c2173 MINOR Using ListboxField instead of CheckboxSetField in Member->getCMSFields() for group assignment 2012-03-05 10:55:32 +01:00
Sam Minnee
adfdd068e2 Merge branch 'ereg-to-preg' of https://github.com/AngryPHPNerd/sapphire
Conflicts:
	model/fieldtypes/Date.php
2012-03-05 13:54:20 +13:00
Ingo Schommer
46628721fe ENHANCEMENT Using chosen.js for group selection in Member->getCMSFields() 2012-03-02 20:46:22 +01:00
Normann Lou
45927b98c4 ENHANCEMENT SSF-53: add customised class to Member's GridField in SecurityAdmin 2012-03-02 16:28:47 +13:00
Normann Lou
5548c66a49 ENHANCEMENT SSF-53 reordering the components that added to group GridField in CMS so that it appears same as the landing view of SecurityAdmin 2012-03-02 16:03:23 +13:00
Ingo Schommer
c4e04899b6 MINOR Added GridFieldTitle to Group->getCMSFields() to allow addition of new records (currently that button is hardcoded in the title component) 2012-03-02 00:29:09 +01:00
Ingo Schommer
424da6abe1 API CHANGE Moved NZGovtPasswordValidator to new 'securityextras' module 2012-03-02 00:28:22 +01:00
Ingo Schommer
0ab43cdcb8 API CHANGE Moved "IP Address restrictions for groups" feature to a new "ipaddress-restriction" module (SSF-53) 2012-03-01 21:36:01 +01:00
Ingo Schommer
4bd5333b56 MINOR Editing and relation adding on SecurityAdmin groups (both root and group instances) (SSF-53) 2012-03-01 21:35:48 +01:00
Ingo Schommer
bcc73de85e Merge branch '106-add-edit-records-rc'
Conflicts:
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/_style.scss
	admin/templates/Includes/LeftAndMain_EditForm.ss
	css/GridField.css
	filesystem/Folder.php
	forms/gridfield/GridField.php
	forms/gridfield/GridFieldDefaultColumns.php
	forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Ingo Schommer
8ff8d32764 MINOR Adding GridFieldPopupForms to default GridFieldConfig_ManyManyEditor settings 2012-02-27 23:52:49 +01:00
Ingo Schommer
ba0d1c60cb MINOR Don't require controller on instanciation of GridFieldPopupForms, as it can't be reliably determined e.g. during a getCMSFields() call. Should use existing FormField/Form API to retrieve controller when its required.
MINOR Renamed GridFieldPopupForms->popupFormName to $name to make it clearer that its the component name (which is optional now).
2012-02-27 23:52:48 +01:00
AngryPHPNerd
0e2cbb0b88 Replace ereg with preg_* 2012-02-27 22:14:02 +01:00
Ingo Schommer
abfa16fa70 ENHANCEMENT Using native jQuery UI buttons and icon styling for a less coupled implementation (e.g. assuming that a "constructive" button always has a specific icon, or one at all). All CMS UI buttons switched to use <button> markup, which allows for inline icons and correctly aligned multi-line button labels. 2012-02-17 15:58:32 +01:00
Ingo Schommer
5911abc0f6 API CHANGE Removed prototype.js style $() alias usage for document.getElementById() to avoid confusion with the more common jQuery() alias.
API CHANGE Removed several unsed JavaScript globals: sprintf(), Number.prototype.CURRENCIES, Number.prototype.toCurrency(), String.prototype.ucfirst(), jQuery.fn.clearFields(), jQuery.fn.clearInputs()
MINOR Removed prototype_improvements.js and jquery_improvements.js files, now contained in individual component code (or removed altogether)
2012-02-16 12:27:47 +01:00
Fred Condo
d370423825 Clean up trailing ?> per coding standard
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Stig Lindqvist
6f2e8893a5 MINOR Groups in SecurityAdmin was not using Autosuggestion field for adding members to group. 2012-01-24 19:16:23 +01:00
Sam Minnee
2d898cab63 API CHANGE: Added GridFieldExporter, a GridField component that adds export functionality, and added it to the security admin. 2012-01-30 19:49:10 +13:00
Russell Michell
0090009703 BUGFIX: Added default args to GridFieldPopupForms for AssetAdmin which was casing errors
BUGFIX: Added GridFieldFilter() to new GridFieldConfig whuch adds filters and fixes the display
MINOR: Added gridfield specific margins to form div to push GridField display down-page (due to GF's sort-fields which will be refactored from new designs)
2012-01-30 09:26:39 +13:00
Stig Lindqvist
c396c2d2ae API CHANGE Security admin supports adding, removing and searching for members by relations via gridfield
This contains some experimental API's when using GridFieldPopupForms on GridFieldPopupForms.

- GridFieldRelationAdd
- GridFieldRelationDelete
2012-01-24 02:46:07 +01:00
Sam Minnee
06605ffadc ENHANCEMENT: Provide a default Controller::Link() method, meaning that Controller objects can be constructed to help with testing forms. 2012-01-10 16:39:12 +13:00
Sam Minnee
ce6d24c379 BUGFIX: Remvoed unused method Security::authenticate() 2012-01-10 11:10:38 +13:00
Ingo Schommer
ef514b924e MINOR Fixed SecurityAdmin styling 2012-01-09 10:09:40 +01:00
Ingo Schommer
b4b6e5a2db MINOR Cleaned up CMS dialog styling (now works with/without tabs, in iframe and inline markup), removed superfluous SCSS variable declarations 2012-01-03 18:11:21 +01:00
Wolf Vollprecht
2a429c9850 MINOR: Added Member Profile Popup Styling
MINOR: Better button styles
MINOR: Now compass for button sprites
2011-12-29 09:48:22 +01:00
Ingo Schommer
7d245c3803 MINOR Reduced unnecessary autoloading 2011-12-23 10:31:35 +01:00
Ingo Schommer
96d18efa58 MINOR Replaced calls to deprecated FormField->Name() with getName() 2011-10-29 13:27:11 +02:00
Sam Minnee
beb10ef4be BUGFIX: Fix Member::mapInGroups() and Member::mapInCMSGroups() to not use deprecated. 2011-10-29 18:07:54 +13:00
Sam Minnee
38c3410d81 MINOR: Remove use of deprecated join() from Security::findAnAdministrator. 2011-10-29 17:47:19 +13:00
Sam Minnee
a5a94b520f MINOR: Remove uses of deprecated extendedSQL() 2011-10-29 17:36:39 +13:00
Sam Minnee
0d683dd8ef MINOR: Removed use of deprecated join() in favour of innerJoin() and leftJoin(). 2011-10-29 17:36:38 +13:00
Sam Minnee
22e5617ee2 MINOR: Moved from use of deprecated SQLMap to SS_Map. 2011-10-29 17:36:37 +13:00
Sam Minnee
ff9b9e17af MINOR: Removed use of deprecated Director::redirect* functions. 2011-10-29 17:36:37 +13:00
Sam Minnee
e5afa25522 MINOR: Use Deprecation class to indicate deprecated methods in core. 2011-10-29 17:34:31 +13:00
Stig Lindqvist
7a4c7a6e23 MINOR Redirect user to homepage if the BackURL have been set to another site.
This might indicatate a spoofing attack. I also extracted code into it's own method to make it easier to read.
2011-10-27 22:38:29 +02:00
Stig Lindqvist
6db830605c MINOR Do a isset check before using the value.
This happens if someone accidentially access /Security/LoginForm directly.
2011-10-27 22:38:11 +02:00
Stig Lindqvist
e38dd08ea5 MINOR: Fix docblocks to reference SS_List instead of (now deprecated) DataObjectSet where appropriate 2011-10-28 15:58:55 +13:00
Hamish Friedlander
0a3e0f15de MINOR: Replace references to FieldSet (now deprecated) with references to FieldList 2011-10-28 15:58:55 +13:00
Ingo Schommer
5257c35dff MINOR Documentation 2011-10-07 14:12:49 +02:00
Ingo Schommer
0a8a17833f MINOR Quoting relation tables in new ManyManyList API 2011-10-07 14:11:07 +02:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Ingo Schommer
ce8e72cf0e MINOR Removing executable flag from all files (thanks miiihi) 2011-09-18 22:04:02 +02:00
Ingo Schommer
7d01b4042f BUGFIX Increasing length of Member.Email database column to comply with recommended RFC lengths for email addresses 2011-08-22 08:56:42 +02:00
Will Rossiter
ef6432d647 BUGFIX: Member::autoLogin() not setting alc_enc properly. PATCH via simon_w. FIXES: #6646. 2011-05-30 10:04:55 +12:00
Sam Minnee
878b348a0f Merge branch 'master' into new-orm
Conflicts:
	docs/en/reference/built-in-page-controls.md
	model/SQLQuery.php
2011-05-26 17:08:10 +12:00
ajshort
1f6f7f0862 API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
ajshort
3f132a105b API CHANGE: Replaced DataObjectSet instances with ArrayList. 2011-05-05 20:40:24 +10:00
ajshort
04e5dae22e MINOR: Updated places that expect a DataObjectSet to accept an SS_List instance. 2011-05-02 17:14:05 +10:00
Ingo Schommer
afbb4cc045 MINOR Fixed Member_ProfileForm styling, inlining into _style.css. Misc style fixes 2011-05-01 20:23:07 +12:00
Ingo Schommer
87163d5bb6 MINOR Removed unnecessary headers from Member->getCMSFields() 2011-05-01 20:23:07 +12:00
Ingo Schommer
f8b38e9adb MINOR Moving _layout.scss include from screen.css into its own file, in order to selectively block layout options like body {overflow: none;} while retaining all other cms styles (useful in a dialog context) 2011-05-01 20:23:07 +12:00
Sam Minnee
7fbb919ce8 API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
ajshort
81c0caaddb API CHANGE: Renamed DataList::filter() and DataQuery::filter() to ::where(). 2011-05-01 15:26:30 +12:00
Sam Minnee
397d19f23b BUGFIX: Fixed bug in relation to new ORM(DataObject::get() doesn't return a null anymore) 2011-05-01 15:26:28 +12:00
Sam Minnee
0de6dbc848 BUGFIX: Fixed Permission::add_to_hidden_permissions() and Permission::remove_from_hidden_permissions() 2011-05-01 15:26:28 +12:00
Sam Minnee
4a061fd071 ENHANCEMENT: Refactored MemberTableList field to make better use of DataList and ManyManyList. Refactored ComplexTableField and TableListField to, stripping out as much model logic as possible. 2011-05-01 15:26:28 +12:00
Sam Minnee
33fa7825f9 BUGFIX: Updated Member <-> Group relations to work with new ManyManyList. API CHANGE: Deprecated the special methods in Member_GroupSet. 2011-05-01 15:25:45 +12:00
Sam Minnee
de1494e3a8 ENHANCEMENT: Implemented DataList as the successor of DataObjectSet. DataList doesn't execute the query until it's actually needed, allowing for a more flexible ORM.
API CHANGE: augmentSQL is now passed a DataQuery object from which query parameters can be extracted.
API CHANGE: DataObjectDecorators that manipulate the query can now define augmentDataQueryCreation().
API CHANGE: The container class argument for DataObject::get() is deprecated.
API CHANGE: DataObject::buildSQL() and DataObject::extendedSQL() are deprecated; just use DataObject::get() now.
API CHANGE: DataObject::instance_get() and DataObject::instance_get_one() are deprecated, and can no longer be overloaded.
API CHANGE: DataObject::buildDataObjectSet() is deprecated.
API CHANGE: Cant't call manual manipulation methods on DataList such as insertFirst()
2011-05-01 15:25:45 +12:00
Ingo Schommer
79e0634537 Merge branch 'cms-ui-preparation' 2011-04-28 22:48:02 +12:00
ajshort
3a1c2df4e7 API CHANGE: Renamed DataObjectDecorator to DataExtension.
API CHANGE: Renamed LeftAndMainDecorator to LeftAndMainExtension.
MINOR: Replaced all references to decorators with extension.
2011-04-26 11:01:38 +10:00
Ingo Schommer
43491c2641 MINOR Reducing number of asset downloads by combining files in LeftAndMain->init() and including full jquery.ui.css instead of multiple @import statements 2011-04-25 21:36:51 +12:00
Ingo Schommer
d5efacbf56 BUGFIX Less fragile 'newness' check on Group->Code in Group->onBeforeWrite() (fixes #6595) 2011-04-14 21:38:07 +12:00
Julian Seidenberg
e3f15dba9e BUGFIX: %40 instead of @ when using forgot password fix (fixes #6314, thanks Fragarach 87) 2011-03-30 18:16:16 +13:00
Ingo Schommer
e1b249d0d8 BUGFIX Allowing Security controller methods to work without Page or Page_Controller classes (now moved to 'cms' module) 2011-03-29 18:07:57 +13:00
Paul Meyrick
dc36725869 MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00
Ingo Schommer
da909a0214 BUGFIX Fixed usage of htmlentities() and html_entity_decode() to be UTF8 compatible by default 2011-03-21 18:13:01 +13:00
Sam Minnee
5755c27c30 ENHANCEMENT Improved performance of DataObject::get_by_id() by setting order to "1" in the contained get_one() call 2011-03-21 18:09:12 +13:00
Ingo Schommer
2b7c633e6e MINOR Rewrite of PermissionCheckboxSetField.js from Behaviour.js to jQuery.entwine 2011-03-16 14:18:30 +13:00
Ingo Schommer
c6f3a08b7b BUGFIX Set title automatically for empty groups in Group->populateDefaults() 2011-03-16 13:31:50 +13:00
Ingo Schommer
498e5758bf BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups() 2011-03-09 15:49:41 +13:00
Julian Seidenberg
52070a0c3a ENHANCEMENT: including all of jquery-ui instead of specifying individual pieces of it. This is a larger download size, but should be quicker overall as it is just a single download instead of lots of small files. 2011-02-24 17:07:24 +13:00
Julian Seidenberg
a836456cd9 BUGFIX: updated links to new jquery ui file paths 2011-02-24 12:07:34 +13:00
Sam Minnee
d045970d83 Merge remote branch 'origin/master' 2011-02-22 10:57:59 +13:00
Sam Minnee
27246ce982 MINOR: Fixed 2.4 mergeback 2011-02-22 10:53:58 +13:00
Ingo Schommer
662c5259e5 BUGFIX Fixed Group->collateAncestorIDs() handling of orphans (fixes #6413) 2011-02-22 00:19:23 +13:00
Sam Minnee
1e0c4ae8d1 Merge branch '2.4'
Conflicts:
	cache/Cache.php
	cli/CliController.php
	core/Convert.php
	core/Core.php
	core/ManifestBuilder.php
	core/Object.php
	core/SSViewer.php
	core/control/ContentController.php
	core/control/ContentNegotiator.php
	core/control/FormResponse.php
	core/control/RequestHandler.php
	core/control/SilverStripeNavigatorItem.php
	core/i18n.php
	core/i18nTextCollector.php
	core/model/DataObjectSet.php
	core/model/Hierarchy.php
	core/model/Image.php
	core/model/MySQLDatabase.php
	core/model/SiteConfig.php
	core/model/SiteTree.php
	core/model/Translatable.php
	core/model/VirtualPage.php
	dev/Debug.php
	dev/SapphireTest.php
	dev/TestRunner.php
	dev/YamlFixture.php
	dev/install/MySQLDatabaseConfigurationHelper.php
	docs/en/installation/from-source.md
	docs/en/topics/themes.md
	docs/en/tutorials/4-site-search.md
	email/Mailer.php
	filesystem/File.php
	filesystem/Folder.php
	forms/ComplexTableField.php
	forms/CurrencyField.php
	forms/DateField.php
	forms/FieldSet.php
	forms/FileField.php
	forms/FileIFrameField.php
	forms/HtmlEditorConfig.php
	forms/HtmlEditorField.php
	forms/SelectionGroup.php
	forms/SimpleImageField.php
	forms/TabSet.php
	forms/TableField.php
	forms/TableListField.php
	forms/TreeDropdownField.php
	forms/TreeMultiselectField.php
	integration/Geoip.php
	javascript/SelectionGroup.js
	javascript/TreeSelectorField.js
	javascript/UpdateURL.js
	javascript/core/jquery.ondemand.js
	javascript/tiny_mce_improvements.js
	javascript/tree/tree.js
	lang/en_US.php
	search/ContentControllerSearchExtension.php
	security/Group.php
	security/Member.php
	security/PermissionCheckboxSetField.php
	security/PermissionRole.php
	security/Security.php
	static-main.php
	templates/RelationComplexTableField.ss
	templates/TableListField.ss
	tests/ConvertTest.php
	tests/DataObjectSetTest.php
	tests/DataObjectTest.php
	tests/DataObjectTest.yml
	tests/RequestHandlingTest.php
	tests/SSViewerTest.php
	tests/SiteTreePermissionsTest.php
	tests/SiteTreeTest.php
	tests/TransactionTest.php
	tests/api/RestfulServiceTest.php
	tests/control/DirectorTest.php
	tests/control/ModelAsControllerTest.php
	tests/fieldtypes/WidgetAreaEditorTest.php
	tests/forms/CurrencyFieldTest.php
	tests/forms/FormTest.php
	tests/model/DatabaseTest.php
	tests/model/ImageTest.php
	tests/search/ContentControllerSearchExtensionTest.php
	tests/security/MemberAuthenticatorTest.php
	thirdparty/.gitignore
	thirdparty/behaviour/behaviour.js
	thirdparty/firebug-lite/firebug.js
	thirdparty/firebug-lite/firebugx.js
	thirdparty/jquery-form/jquery.form.js
	thirdparty/jquery-livequery/jquery.livequery.js
	thirdparty/jquery-livequery/test/jquery.js
	thirdparty/jquery-livequery/test/test.html
	thirdparty/jquery-livequery/test/test2.html
	thirdparty/jquery-metadata/META.json
	thirdparty/jquery-metadata/README
	thirdparty/jquery-metadata/jquery.metadata.js
	thirdparty/jquery-metadata/test/index.html
	thirdparty/jquery-metadata/test/jquery.js
	thirdparty/jquery-metadata/test/test.js
	thirdparty/jquery-metadata/test/testrunner.js
	thirdparty/jquery-metadata/test/testsuite.css
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_75_ffffff_40x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_65_ffffff_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_dadada_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_222222_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_2e83ff_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_454545_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_888888_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_cd0a0a_256x240.png
	thirdparty/jquery-ui/i18n/jquery-ui-i18n.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ar.js
	thirdparty/jquery-ui/i18n/ui.datepicker-bg.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ca.js
	thirdparty/jquery-ui/i18n/ui.datepicker-cs.js
	thirdparty/jquery-ui/i18n/ui.datepicker-da.js
	thirdparty/jquery-ui/i18n/ui.datepicker-de.js
	thirdparty/jquery-ui/i18n/ui.datepicker-el.js
	thirdparty/jquery-ui/i18n/ui.datepicker-eo.js
	thirdparty/jquery-ui/i18n/ui.datepicker-es.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fa.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fi.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-he.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hu.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hy.js
	thirdparty/jquery-ui/i18n/ui.datepicker-id.js
	thirdparty/jquery-ui/i18n/ui.datepicker-is.js
	thirdparty/jquery-ui/i18n/ui.datepicker-it.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ja.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ko.js
	thirdparty/jquery-ui/i18n/ui.datepicker-lt.js
	thirdparty/jquery-ui/i18n/ui.datepicker-lv.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ms.js
	thirdparty/jquery-ui/i18n/ui.datepicker-nl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-no.js
	thirdparty/jquery-ui/i18n/ui.datepicker-pl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-pt-BR.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ro.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ru.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sk.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sq.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sr-SR.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sv.js
	thirdparty/jquery-ui/i18n/ui.datepicker-th.js
	thirdparty/jquery-ui/i18n/ui.datepicker-tr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-uk.js
	thirdparty/jquery-ui/i18n/ui.datepicker-zh-CN.js
	thirdparty/jquery-ui/i18n/ui.datepicker-zh-TW.js
	thirdparty/jquery/jquery.js
	thirdparty/jsmin/.piston.yml
	thirdparty/jsmin/jsmin.php
	thirdparty/prototype/prototype.js
	thirdparty/scriptaculous/dragdrop.js
	thirdparty/simplepie/.piston.yml
	thirdparty/spyc/.piston.yml
	thirdparty/spyc/README
	thirdparty/spyc/php4/spyc.php4
	thirdparty/spyc/php4/test.php4
	thirdparty/spyc/spyc.php
	thirdparty/spyc/spyc.yaml
	thirdparty/tinymce-advcode/dialog.html
	thirdparty/tinymce-advcode/editor_plugin_src.js
	thirdparty/tinymce-advcode/js/dialog.js
	thirdparty/tinymce/langs/en.js
	thirdparty/tinymce/plugins/advhr/langs/en_dlg.js
	thirdparty/tinymce/plugins/advhr/rule.htm
	thirdparty/tinymce/plugins/advimage/image.htm
	thirdparty/tinymce/plugins/advimage/langs/en_dlg.js
	thirdparty/tinymce/plugins/advlink/langs/en_dlg.js
	thirdparty/tinymce/plugins/advlink/link.htm
	thirdparty/tinymce/plugins/emotions/emotions.htm
	thirdparty/tinymce/plugins/emotions/langs/en_dlg.js
	thirdparty/tinymce/plugins/example/dialog.htm
	thirdparty/tinymce/plugins/fullpage/fullpage.htm
	thirdparty/tinymce/plugins/fullpage/langs/en_dlg.js
	thirdparty/tinymce/plugins/fullscreen/fullscreen.htm
	thirdparty/tinymce/plugins/inlinepopups/template.htm
	thirdparty/tinymce/plugins/media/langs/en_dlg.js
	thirdparty/tinymce/plugins/media/media.htm
	thirdparty/tinymce/plugins/paste/js/pasteword.js
	thirdparty/tinymce/plugins/paste/langs/en_dlg.js
	thirdparty/tinymce/plugins/paste/pastetext.htm
	thirdparty/tinymce/plugins/paste/pasteword.htm
	thirdparty/tinymce/plugins/searchreplace/langs/en_dlg.js
	thirdparty/tinymce/plugins/searchreplace/searchreplace.htm
	thirdparty/tinymce/plugins/spellchecker/editor_plugin.js
	thirdparty/tinymce/plugins/spellchecker/editor_plugin_src.js
	thirdparty/tinymce/plugins/style/langs/en_dlg.js
	thirdparty/tinymce/plugins/style/props.htm
	thirdparty/tinymce/plugins/table/cell.htm
	thirdparty/tinymce/plugins/table/langs/en_dlg.js
	thirdparty/tinymce/plugins/table/merge_cells.htm
	thirdparty/tinymce/plugins/table/row.htm
	thirdparty/tinymce/plugins/table/table.htm
	thirdparty/tinymce/plugins/template/langs/en_dlg.js
	thirdparty/tinymce/plugins/template/template.htm
	thirdparty/tinymce/plugins/xhtmlxtras/abbr.htm
	thirdparty/tinymce/plugins/xhtmlxtras/acronym.htm
	thirdparty/tinymce/plugins/xhtmlxtras/attributes.htm
	thirdparty/tinymce/plugins/xhtmlxtras/cite.htm
	thirdparty/tinymce/plugins/xhtmlxtras/del.htm
	thirdparty/tinymce/plugins/xhtmlxtras/ins.htm
	thirdparty/tinymce/plugins/xhtmlxtras/langs/en_dlg.js
	thirdparty/tinymce/themes/advanced/about.htm
	thirdparty/tinymce/themes/advanced/anchor.htm
	thirdparty/tinymce/themes/advanced/charmap.htm
	thirdparty/tinymce/themes/advanced/color_picker.htm
	thirdparty/tinymce/themes/advanced/image.htm
	thirdparty/tinymce/themes/advanced/langs/en.js
	thirdparty/tinymce/themes/advanced/langs/en_dlg.js
	thirdparty/tinymce/themes/advanced/link.htm
	thirdparty/tinymce/themes/advanced/source_editor.htm
	thirdparty/tinymce/themes/simple/langs/en.js
	thirdparty/tinymce/tiny_mce.js
	thirdparty/tinymce/tiny_mce_src.js
	widgets/Widget.php
2011-02-14 18:47:53 +13:00
Sam Minnee
8d05811734 Merge remote branch 'cbarberis/master' 2011-02-14 16:34:02 +13:00
Carlos Barberis
184e8bd852 ENHANCEMENT: Added allowed actions to core classes 2011-02-14 11:14:51 +13:00
Ingo Schommer
60ca784aae API CHANGE Removed Director::history(), history was no longer recorded. Removed Director::__construct(), as Director is a static utility class without instance state (fixes #6385) 2011-02-12 16:39:35 +13:00
Sean Harvey
c3f915c4d5 BUGFIX #6287 open_basedir restriction breaks RandomGenerator when trying to read dev/urandom
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115314 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Ingo Schommer
397bbe7bb5 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114760 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
25da2d1c25 MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length (from r114748)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114749 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
7280a64d6b MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL (from r114743)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114744 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
6255cdf20a BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114512 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
310f8f6a03 BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
ae1d8e2e18 BUGFIX Using RandomGenerator class in PasswordEncryptor->salt() (from r114503)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114506 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
696de5d437 BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114500 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
f8c970ec0c ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (from r114497)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114499 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
30e3f08efb MINOR Checking for class_exists() before SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists (from r114332)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114334 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Sean Harvey
28f1c20c5d MINOR Reverted r108515
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114079 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Ingo Schommer
d6c9e18333 BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113273 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:58 +13:00
Ingo Schommer
e4d3584805 ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113272 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:58 +13:00
Sean Harvey
f3cc5a2b42 ENHANCEMENT #4903 MemberLoginForm field for "You are logged in as %s" message customisation (thanks walec51!)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111891 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:56 +13:00
Ingo Schommer
486091e4ec API CHANGE Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_SecurityAdmin permissions tries to edit an ADMIN (fixes #5651)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@110856 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:50 +13:00
Sean Harvey
845b821f9e MINOR Remove whitespace if Surname field set on Member, but not FirstName
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109334 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:47 +13:00
Will Rossiter
947aeaed81 MINOR: trim space off end of firstname if surname is not set. #5925
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109330 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:47 +13:00
Sean Harvey
0cbde73445 API CHANGE #5873 DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use DataObjectSet::unshift($item) if unshifting was intended!
API CHANGE Added DataObjectSet::pop()
MINOR Unit tests for DataObjectSet::shift(), DataObjectSet::unshift() and DataObjectSet::pop()


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109156 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:46 +13:00
Sam Minnee
d612dd6a2c API CHANGE Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109103 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:46 +13:00
Sam Minnee
ce79e78de6 BUGFIX: Themed permissionFailure messages
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109102 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:46 +13:00
Sean Harvey
6d5f83ad59 BUGFIX Group::getCMSFields() should use Tab instances with a fixed name instead of translated one, leaving the translation for the tab title instead
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109083 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:45 +13:00
Andreas Piening
4659068c3f MINOR: remove SQL table alias keyword AS
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108961 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:44 +13:00
Sean Harvey
72e1120168 BUGFIX #5627 Clear session on logout
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108515 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:44 +13:00
Sean Harvey
f9257a6035 ENHANCEMENT New Member records are populated with the currently set default through i18n::set_locale()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108499 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:43 +13:00
Sean Harvey
79b6c9d9cb BUGFIX Member_ProfileForm should fallback to english text for save button if no translation defined for current language
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108408 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:41 +13:00
Ingo Schommer
6ac852e216 BUGFIX Bypass BasicAuth when in CLI mode so unit tests can run (regression from r104962)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108193 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:40 +13:00
Sean Harvey
ae6d1c8e33 MINOR Fixed incorrect word "colon" with "dot"
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108002 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:39 +13:00
Sean Harvey
2cf33bc2d7 BUGFIX #5833 Duplicate IDs when two similar date formats in Member_DatetimeOptionsetField containing different delimiters (e.g / and .) replaced to an empty string
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108001 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:39 +13:00
Ingo Schommer
78ac0fe3d6 ENHANCEMENT Allowing custom messages and permission codes in BasicAuth::protect_entire_site()
ENHANCEMENT Making $permissionCode argument optional for BasicAuth::requireLogin(). If not set the logic only checks for a valid account (but no group memberships)
ENHANCEMENT Using SS_HTTPResponse_Exception instead of header()/die() in BasicAuth::requireLogin() to make it more testable

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107867 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:38 +13:00
Ingo Schommer
7ac4a9ec4d BUGFIX Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107532 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:37 +13:00
Ingo Schommer
8dee93b523 BUGFIX Allowing dev/build in "live" mode when Security::database_is_ready() returns FALSE (typically happens when an existing SilverStripe project is upgraded and database columns in Member/Permission/Group have been added) (fixes #4957)
MINOR Using Object::create() in DevelopmentAdmin to make objects mockable
ENHANCEMENT Added Security::$force_database_is_ready to mock database_is_ready() state
ENHANCEMENT Added permission check exception in TaskRunner and DatabaseAdmin if SapphireTest::is_running_test() returns TRUE (necessary for DevelopmentAdminTest)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107415 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:36 +13:00
Sean Harvey
0df0dbd12c ENHANCEMENT Member_DatetimeOptionsetField toggle text is now translatable
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107365 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:35 +13:00
Sean Harvey
11568cf4e5 ENHANCEMENT #5352 Translatable entities for help text in Member_DatetimeOptionsetField::getFormattingHelpText()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107334 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:35 +13:00
Sean Harvey
3be26a4cec ENHANCEMENT #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107326 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:35 +13:00
Ingo Schommer
7dfb8dd43d MINOR Making $Email available in Security_passwordsent.ss template (fixes #5737)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@106876 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:32 +13:00