Commit Graph

12743 Commits

Author SHA1 Message Date
Ingo Schommer
d75f545887 Clear DB caches in SecurityTest 2013-10-20 14:23:23 +02:00
Ingo Schommer
25b6175e67 Merge remote-tracking branch 'origin/3.1'
Conflicts:
	.travis.yml
	forms/FormField.php
2013-10-20 13:52:56 +02:00
colymba
19928ff5e8 NEW GDBackend can save interlaced image
Disabled by default use config GDBackend.image_interlace: 1 to enable
2013-10-19 14:46:23 +03:00
Ingo Schommer
f532b8483b Merge remote-tracking branch 'origin/3.0' into 3.1 2013-10-19 12:01:53 +02:00
Ingo Schommer
337a29abce Merge pull request #2559 from willmorgan/cachetofile-arguments
Making cacheToFile  key more resilient against mixed/nested types
2013-10-18 07:22:06 -07:00
Ingo Schommer
36e7282f6f Merge pull request #2561 from TomSpeak/patch-3
BUG FailedLoginCount reset
2013-10-18 07:20:48 -07:00
Thomas Speak
d22ca62c6f BUG FailedLoginCount reset
If you fail your maximum login attempts and are locked out, further failed login attempts add to your already existing FailedLoginCount as it is only reset if you log in successfully. This means that if you're locked out, then try again, one failure will automatically lock you out again, regardless of what you set your max limit to.

Example:

lock_out_after_incorrect_logins: 3
FailedLoginCount: 0

The user fails three login attempts.

lock_out_after_incorrect_logins: 3
FailedLoginCount: 3

The user is now locked out.

Lockout time passes.

The user fails their 4th login.

lock_out_after_incorrect_logins: 3
FailedLoginCount: 4

This will continue to happen until the user successfully logs in, without giving them the pre-defined amount of login attempts again due to this condition being met after every incorrect login:
```php
if($this->FailedLoginCount >= self::config()->lock_out_after_incorrect_logins) {
```

FailedLoginTestCount Test Added
2013-10-18 13:48:11 +01:00
Thomas Speak
e8287cd2f5 NEW Hook for Member::registerFailedLogin
Adding a hook for registerFailedLogin so that it is possible to add some custom logic when a user fails to login

Also rearranged the write as this function could hit the DB up to 3 times. Now it will me 0 or 1 times.
2013-10-18 10:17:28 +01:00
Ingo Schommer
69c888a2ac Merge pull request #2563 from tractorcow/pulls/3.1-error-control-usage
BUG Less misuse of error control operator (@)
2013-10-18 02:06:32 -07:00
Che Van Lawrence
2be25e70ba Merge pull request #2545 from hafriedlander/fix/protocol_and_oembed
FIX oembed to avoid mixed media issues
2013-10-17 19:09:35 -07:00
Damian Mooyman
371ccca350 BUG Less misuse of error control operator (@)
This is necessary to prevent get_last_error() from returning suppressed errors when retrieving values from nested arrays
2013-10-18 14:30:51 +13:00
Cam Spiers
ac418ce99e Feature to allow that changing the SSTemplateParser through the Injector system
The motivation for this was to allow module developers to change what parser is used to parse SilverStripe templates.
This change enables people to compile their own version of the SilverStripe template parser and use it without modifying core files.
2013-10-18 12:42:39 +13:00
Nathan J. Brauer
fee54c75f0 API: Change DropdownField::getSource() to not return the emptyString value. 2013-10-18 11:16:27 +13:00
Will Rossiter
1c983bc16d API: LookupField::Field now returns an HTMLText instance.
Moved LookupField into a template, removed getSource() as the DropdownField getSource() has been simplified to just a getter
2013-10-18 10:28:17 +13:00
Will Morgan
18cb8d721c Making cacheToFile key more resilient against mixed/nested types 2013-10-17 17:36:07 +01:00
Ingo Schommer
8051f5586c Merge pull request #2539 from dhensby/patch-2
FIX Changing `public` statics to `private`
2013-10-17 04:02:08 -07:00
Daniel Hensby
a1ad45486b FIX Changing public static $priority to private
Deprecation error thrown in master whilst this is public
2013-10-17 11:55:59 +01:00
Ingo Schommer
e1b7df38ef HTML attr encoding for UploadField config
Also fixed UploadField operation with canUpload=false,
which broke the JS because no config could be found,
since the <input> field wasn't present. We can't put the data-config
attribute on the field holder, since fields can be rendered
without their field holder through FormField->SmalLFieldHolder().

Fixes https://github.com/silverstripe/silverstripe-cms/issues/874
2013-10-17 10:55:11 +02:00
Ingo Schommer
8c527eab40 Merge pull request #2524 from tractorcow/pulls/3.2-change-level-identifiers
API Better declaration of DataObject field change levels.
2013-10-17 01:24:30 -07:00
Ingo Schommer
b6c16fcbf1 Merge pull request #2554 from tractorcow/pulls/3.1-moneyfield-style-fix
BUG Fixed incorrect CSS class on MoneyField holder
2013-10-17 01:22:01 -07:00
Ingo Schommer
15845c8547 Merge pull request #2556 from tractorcow/pulls/3.1-bug-fieldgroup-name-fix
BUG Fixes serious issue with FieldList::addFieldsToTab failing to accept multiple field groups.
2013-10-17 01:21:08 -07:00
Hamish Friedlander
8801a50704 FIX oembed to avoid mixed media issues 2013-10-17 17:06:40 +13:00
Damian Mooyman
24950692cd BUG Fixes serious issue with FieldList::addFieldsToTab failing to accept multiple field groups.
Additional groups beyond the first are ignored.
Test cases included.
2013-10-17 15:38:22 +13:00
Andrew Short
688d853a95 Merge pull request #2555 from halkyon/readme_fixes
Use quotes around composer require argument for some shells.
2013-10-16 18:38:58 -07:00
Sean Harvey
d7e1a1c45f Use quotes around composer require argument for some shells.
The asterisk is a reserved character in some shells and will cause an error
if you don't put quotes around the argument, as it will be interpreted.
2013-10-17 14:36:34 +13:00
Damian Mooyman
702b6c94c4 BUG Fixed incorrect CSS class on MoneyField holder 2013-10-17 13:28:27 +13:00
Damian Mooyman
52f6581ecf API Better declaration of DataObject field change levels.
Use of const named identifiers to represent each change level rather than numbers.
2013-10-17 12:55:58 +13:00
Ingo Schommer
0d1c9602e8 Merge pull request #2550 from Zauberfisch/3.1
formatted install.php5 according to SilverStripe coding conventions
2013-10-16 15:28:36 -07:00
Ingo Schommer
559743c75f Merge pull request #2549 from Zauberfisch/3.1
suggest that arg_separator.output to be &
2013-10-16 13:53:43 -07:00
zauberfisch
48049647d8 formatted install.php5 according to SilverStripe coding conventions (spaces) 2013-10-16 21:17:22 +01:00
zauberfisch
0b4c3946ff formatted install.php5 according to SilverStripe coding conventions (tabs instead of spaces, no 1 line if with else, ...) 2013-10-16 21:11:06 +01:00
zauberfisch
c4810b8e0f changed install.php5 to respect line length limit according to SilverStripe coding conventions 2013-10-16 21:00:20 +01:00
Ingo Schommer
0d993c1aac Merge pull request #2535 from Martimiz/3.1
Strip duplicate querystrings from the url before adding document.location.search
2013-10-16 12:41:52 -07:00
zauberfisch
e357fa298e suggest that arg_separator.output to be &, if set to something else it may result in issues with url parameters 2013-10-16 20:37:15 +01:00
Ingo Schommer
472bb4d2e2 Running Behat tests on PHP 5.4 (needs integrated webserver) 2013-10-16 14:51:40 +02:00
Ingo Schommer
156140340b Regression in travis.yml ($WEBROOT undefined, matrix broken) 2013-10-16 14:47:35 +02:00
Ingo Schommer
98f79172a4 Running Travis+Behat through Selenium, save artifacts 2013-10-16 14:01:14 +02:00
Ingo Schommer
fa22aedbed Merge pull request #2533 from kinglozzer/2527-cmsform-inlineformactions
Allow non-action buttons to pass through validation (fixes #2527)
2013-10-16 02:41:23 -07:00
Loz Calver
3bbfca820b Allow non-action buttons to pass through validation (fixes #2527)
The specific example for this issue is InlineFormField - results in actionName() on non-object error. See #2527 for context.

Include parentheses for coding conventions
2013-10-16 10:39:31 +01:00
Ingo Schommer
5235a3f3a2 Installer regression from dd49834 2013-10-16 11:29:44 +02:00
Ingo Schommer
c05b7c2c8f Installer regression from dd49834 2013-10-16 11:28:33 +02:00
Ingo Schommer
814c0c4055 Fallback for i18n::get_script_direction() 2013-10-16 00:30:10 +02:00
Will Rossiter
813d34b15e FIX: Use Injector API for managing Member_Validator instance.
Updates the CMS profile page and SecurityAdmin to give developers a few ways to customise the required fields.

Added extension hook updateValidator for getValidator for things like modules to inject required fields to go along with Injector for replacing the entire class for project specific use.
2013-10-16 11:29:43 +13:00
Ingo Schommer
653d7bc1b7 Merge pull request #2532 from chillu/pulls/i18n-dir
$i18nLocaleDirection template placeholder
2013-10-15 15:19:32 -07:00
Ingo Schommer
be09129742 $i18nScriptDirection template placeholder
Optional RTL support based on Zend_Locale data.
Not set in CMS by default because it breaks the layout
quite badly without deep CSS modifications.
2013-10-16 00:05:33 +02:00
Ingo Schommer
cc6bdfe459 Merge pull request #2544 from cieszak/patch-2
Update rssfeed.md
2013-10-15 14:13:39 -07:00
cieszak
092cda89af Update rssfeed.md
add $allowed_actions
2013-10-15 23:01:23 +02:00
Ingo Schommer
7b1cbabadf Merge pull request #2536 from nyeholt/3.1
BUG Director::test now calls RequestProcessor
2013-10-15 11:05:18 -07:00
Ingo Schommer
c1e8bb6bb4 Merge pull request #2541 from kinglozzer/patch-2
Allow https YouTube oEmbed URLs
2013-10-15 10:44:48 -07:00
Loz Calver
f26b52eb91 Allow https YouTube oEmbed URLs
YouTube's oEmbed service supports a ?scheme=https parameter. See https://groups.google.com/forum/?fromgroups#!topic/youtube-api-gdata/S9Fa-Zw2Ma8
2013-10-15 16:36:49 +01:00