Commit Graph

826 Commits

Author SHA1 Message Date
Sam Minnee
e5afa25522 MINOR: Use Deprecation class to indicate deprecated methods in core. 2011-10-29 17:34:31 +13:00
Stig Lindqvist
7a4c7a6e23 MINOR Redirect user to homepage if the BackURL have been set to another site.
This might indicatate a spoofing attack. I also extracted code into it's own method to make it easier to read.
2011-10-27 22:38:29 +02:00
Stig Lindqvist
6db830605c MINOR Do a isset check before using the value.
This happens if someone accidentially access /Security/LoginForm directly.
2011-10-27 22:38:11 +02:00
Stig Lindqvist
e38dd08ea5 MINOR: Fix docblocks to reference SS_List instead of (now deprecated) DataObjectSet where appropriate 2011-10-28 15:58:55 +13:00
Hamish Friedlander
0a3e0f15de MINOR: Replace references to FieldSet (now deprecated) with references to FieldList 2011-10-28 15:58:55 +13:00
Ingo Schommer
5257c35dff MINOR Documentation 2011-10-07 14:12:49 +02:00
Ingo Schommer
0a8a17833f MINOR Quoting relation tables in new ManyManyList API 2011-10-07 14:11:07 +02:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Ingo Schommer
ce8e72cf0e MINOR Removing executable flag from all files (thanks miiihi) 2011-09-18 22:04:02 +02:00
Ingo Schommer
7d01b4042f BUGFIX Increasing length of Member.Email database column to comply with recommended RFC lengths for email addresses 2011-08-22 08:56:42 +02:00
Will Rossiter
ef6432d647 BUGFIX: Member::autoLogin() not setting alc_enc properly. PATCH via simon_w. FIXES: #6646. 2011-05-30 10:04:55 +12:00
Sam Minnee
878b348a0f Merge branch 'master' into new-orm
Conflicts:
	docs/en/reference/built-in-page-controls.md
	model/SQLQuery.php
2011-05-26 17:08:10 +12:00
ajshort
1f6f7f0862 API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
ajshort
3f132a105b API CHANGE: Replaced DataObjectSet instances with ArrayList. 2011-05-05 20:40:24 +10:00
ajshort
04e5dae22e MINOR: Updated places that expect a DataObjectSet to accept an SS_List instance. 2011-05-02 17:14:05 +10:00
Ingo Schommer
afbb4cc045 MINOR Fixed Member_ProfileForm styling, inlining into _style.css. Misc style fixes 2011-05-01 20:23:07 +12:00
Ingo Schommer
87163d5bb6 MINOR Removed unnecessary headers from Member->getCMSFields() 2011-05-01 20:23:07 +12:00
Ingo Schommer
f8b38e9adb MINOR Moving _layout.scss include from screen.css into its own file, in order to selectively block layout options like body {overflow: none;} while retaining all other cms styles (useful in a dialog context) 2011-05-01 20:23:07 +12:00
Sam Minnee
7fbb919ce8 API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
ajshort
81c0caaddb API CHANGE: Renamed DataList::filter() and DataQuery::filter() to ::where(). 2011-05-01 15:26:30 +12:00
Sam Minnee
397d19f23b BUGFIX: Fixed bug in relation to new ORM(DataObject::get() doesn't return a null anymore) 2011-05-01 15:26:28 +12:00
Sam Minnee
0de6dbc848 BUGFIX: Fixed Permission::add_to_hidden_permissions() and Permission::remove_from_hidden_permissions() 2011-05-01 15:26:28 +12:00
Sam Minnee
4a061fd071 ENHANCEMENT: Refactored MemberTableList field to make better use of DataList and ManyManyList. Refactored ComplexTableField and TableListField to, stripping out as much model logic as possible. 2011-05-01 15:26:28 +12:00
Sam Minnee
33fa7825f9 BUGFIX: Updated Member <-> Group relations to work with new ManyManyList. API CHANGE: Deprecated the special methods in Member_GroupSet. 2011-05-01 15:25:45 +12:00
Sam Minnee
de1494e3a8 ENHANCEMENT: Implemented DataList as the successor of DataObjectSet. DataList doesn't execute the query until it's actually needed, allowing for a more flexible ORM.
API CHANGE: augmentSQL is now passed a DataQuery object from which query parameters can be extracted.
API CHANGE: DataObjectDecorators that manipulate the query can now define augmentDataQueryCreation().
API CHANGE: The container class argument for DataObject::get() is deprecated.
API CHANGE: DataObject::buildSQL() and DataObject::extendedSQL() are deprecated; just use DataObject::get() now.
API CHANGE: DataObject::instance_get() and DataObject::instance_get_one() are deprecated, and can no longer be overloaded.
API CHANGE: DataObject::buildDataObjectSet() is deprecated.
API CHANGE: Cant't call manual manipulation methods on DataList such as insertFirst()
2011-05-01 15:25:45 +12:00
Ingo Schommer
79e0634537 Merge branch 'cms-ui-preparation' 2011-04-28 22:48:02 +12:00
ajshort
3a1c2df4e7 API CHANGE: Renamed DataObjectDecorator to DataExtension.
API CHANGE: Renamed LeftAndMainDecorator to LeftAndMainExtension.
MINOR: Replaced all references to decorators with extension.
2011-04-26 11:01:38 +10:00
Ingo Schommer
43491c2641 MINOR Reducing number of asset downloads by combining files in LeftAndMain->init() and including full jquery.ui.css instead of multiple @import statements 2011-04-25 21:36:51 +12:00
Ingo Schommer
d5efacbf56 BUGFIX Less fragile 'newness' check on Group->Code in Group->onBeforeWrite() (fixes #6595) 2011-04-14 21:38:07 +12:00
Julian Seidenberg
e3f15dba9e BUGFIX: %40 instead of @ when using forgot password fix (fixes #6314, thanks Fragarach 87) 2011-03-30 18:16:16 +13:00
Ingo Schommer
e1b249d0d8 BUGFIX Allowing Security controller methods to work without Page or Page_Controller classes (now moved to 'cms' module) 2011-03-29 18:07:57 +13:00
Paul Meyrick
dc36725869 MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00
Ingo Schommer
da909a0214 BUGFIX Fixed usage of htmlentities() and html_entity_decode() to be UTF8 compatible by default 2011-03-21 18:13:01 +13:00
Sam Minnee
5755c27c30 ENHANCEMENT Improved performance of DataObject::get_by_id() by setting order to "1" in the contained get_one() call 2011-03-21 18:09:12 +13:00
Ingo Schommer
2b7c633e6e MINOR Rewrite of PermissionCheckboxSetField.js from Behaviour.js to jQuery.entwine 2011-03-16 14:18:30 +13:00
Ingo Schommer
c6f3a08b7b BUGFIX Set title automatically for empty groups in Group->populateDefaults() 2011-03-16 13:31:50 +13:00
Ingo Schommer
498e5758bf BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups() 2011-03-09 15:49:41 +13:00
Julian Seidenberg
52070a0c3a ENHANCEMENT: including all of jquery-ui instead of specifying individual pieces of it. This is a larger download size, but should be quicker overall as it is just a single download instead of lots of small files. 2011-02-24 17:07:24 +13:00
Julian Seidenberg
a836456cd9 BUGFIX: updated links to new jquery ui file paths 2011-02-24 12:07:34 +13:00
Sam Minnee
d045970d83 Merge remote branch 'origin/master' 2011-02-22 10:57:59 +13:00
Sam Minnee
27246ce982 MINOR: Fixed 2.4 mergeback 2011-02-22 10:53:58 +13:00
Ingo Schommer
662c5259e5 BUGFIX Fixed Group->collateAncestorIDs() handling of orphans (fixes #6413) 2011-02-22 00:19:23 +13:00
Sam Minnee
1e0c4ae8d1 Merge branch '2.4'
Conflicts:
	cache/Cache.php
	cli/CliController.php
	core/Convert.php
	core/Core.php
	core/ManifestBuilder.php
	core/Object.php
	core/SSViewer.php
	core/control/ContentController.php
	core/control/ContentNegotiator.php
	core/control/FormResponse.php
	core/control/RequestHandler.php
	core/control/SilverStripeNavigatorItem.php
	core/i18n.php
	core/i18nTextCollector.php
	core/model/DataObjectSet.php
	core/model/Hierarchy.php
	core/model/Image.php
	core/model/MySQLDatabase.php
	core/model/SiteConfig.php
	core/model/SiteTree.php
	core/model/Translatable.php
	core/model/VirtualPage.php
	dev/Debug.php
	dev/SapphireTest.php
	dev/TestRunner.php
	dev/YamlFixture.php
	dev/install/MySQLDatabaseConfigurationHelper.php
	docs/en/installation/from-source.md
	docs/en/topics/themes.md
	docs/en/tutorials/4-site-search.md
	email/Mailer.php
	filesystem/File.php
	filesystem/Folder.php
	forms/ComplexTableField.php
	forms/CurrencyField.php
	forms/DateField.php
	forms/FieldSet.php
	forms/FileField.php
	forms/FileIFrameField.php
	forms/HtmlEditorConfig.php
	forms/HtmlEditorField.php
	forms/SelectionGroup.php
	forms/SimpleImageField.php
	forms/TabSet.php
	forms/TableField.php
	forms/TableListField.php
	forms/TreeDropdownField.php
	forms/TreeMultiselectField.php
	integration/Geoip.php
	javascript/SelectionGroup.js
	javascript/TreeSelectorField.js
	javascript/UpdateURL.js
	javascript/core/jquery.ondemand.js
	javascript/tiny_mce_improvements.js
	javascript/tree/tree.js
	lang/en_US.php
	search/ContentControllerSearchExtension.php
	security/Group.php
	security/Member.php
	security/PermissionCheckboxSetField.php
	security/PermissionRole.php
	security/Security.php
	static-main.php
	templates/RelationComplexTableField.ss
	templates/TableListField.ss
	tests/ConvertTest.php
	tests/DataObjectSetTest.php
	tests/DataObjectTest.php
	tests/DataObjectTest.yml
	tests/RequestHandlingTest.php
	tests/SSViewerTest.php
	tests/SiteTreePermissionsTest.php
	tests/SiteTreeTest.php
	tests/TransactionTest.php
	tests/api/RestfulServiceTest.php
	tests/control/DirectorTest.php
	tests/control/ModelAsControllerTest.php
	tests/fieldtypes/WidgetAreaEditorTest.php
	tests/forms/CurrencyFieldTest.php
	tests/forms/FormTest.php
	tests/model/DatabaseTest.php
	tests/model/ImageTest.php
	tests/search/ContentControllerSearchExtensionTest.php
	tests/security/MemberAuthenticatorTest.php
	thirdparty/.gitignore
	thirdparty/behaviour/behaviour.js
	thirdparty/firebug-lite/firebug.js
	thirdparty/firebug-lite/firebugx.js
	thirdparty/jquery-form/jquery.form.js
	thirdparty/jquery-livequery/jquery.livequery.js
	thirdparty/jquery-livequery/test/jquery.js
	thirdparty/jquery-livequery/test/test.html
	thirdparty/jquery-livequery/test/test2.html
	thirdparty/jquery-metadata/META.json
	thirdparty/jquery-metadata/README
	thirdparty/jquery-metadata/jquery.metadata.js
	thirdparty/jquery-metadata/test/index.html
	thirdparty/jquery-metadata/test/jquery.js
	thirdparty/jquery-metadata/test/test.js
	thirdparty/jquery-metadata/test/testrunner.js
	thirdparty/jquery-metadata/test/testsuite.css
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_75_ffffff_40x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_65_ffffff_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_dadada_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_222222_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_2e83ff_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_454545_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_888888_256x240.png
	thirdparty/jquery-ui-themes/smoothness/images/ui-icons_cd0a0a_256x240.png
	thirdparty/jquery-ui/i18n/jquery-ui-i18n.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ar.js
	thirdparty/jquery-ui/i18n/ui.datepicker-bg.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ca.js
	thirdparty/jquery-ui/i18n/ui.datepicker-cs.js
	thirdparty/jquery-ui/i18n/ui.datepicker-da.js
	thirdparty/jquery-ui/i18n/ui.datepicker-de.js
	thirdparty/jquery-ui/i18n/ui.datepicker-el.js
	thirdparty/jquery-ui/i18n/ui.datepicker-eo.js
	thirdparty/jquery-ui/i18n/ui.datepicker-es.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fa.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fi.js
	thirdparty/jquery-ui/i18n/ui.datepicker-fr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-he.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hu.js
	thirdparty/jquery-ui/i18n/ui.datepicker-hy.js
	thirdparty/jquery-ui/i18n/ui.datepicker-id.js
	thirdparty/jquery-ui/i18n/ui.datepicker-is.js
	thirdparty/jquery-ui/i18n/ui.datepicker-it.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ja.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ko.js
	thirdparty/jquery-ui/i18n/ui.datepicker-lt.js
	thirdparty/jquery-ui/i18n/ui.datepicker-lv.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ms.js
	thirdparty/jquery-ui/i18n/ui.datepicker-nl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-no.js
	thirdparty/jquery-ui/i18n/ui.datepicker-pl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-pt-BR.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ro.js
	thirdparty/jquery-ui/i18n/ui.datepicker-ru.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sk.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sl.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sq.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sr-SR.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-sv.js
	thirdparty/jquery-ui/i18n/ui.datepicker-th.js
	thirdparty/jquery-ui/i18n/ui.datepicker-tr.js
	thirdparty/jquery-ui/i18n/ui.datepicker-uk.js
	thirdparty/jquery-ui/i18n/ui.datepicker-zh-CN.js
	thirdparty/jquery-ui/i18n/ui.datepicker-zh-TW.js
	thirdparty/jquery/jquery.js
	thirdparty/jsmin/.piston.yml
	thirdparty/jsmin/jsmin.php
	thirdparty/prototype/prototype.js
	thirdparty/scriptaculous/dragdrop.js
	thirdparty/simplepie/.piston.yml
	thirdparty/spyc/.piston.yml
	thirdparty/spyc/README
	thirdparty/spyc/php4/spyc.php4
	thirdparty/spyc/php4/test.php4
	thirdparty/spyc/spyc.php
	thirdparty/spyc/spyc.yaml
	thirdparty/tinymce-advcode/dialog.html
	thirdparty/tinymce-advcode/editor_plugin_src.js
	thirdparty/tinymce-advcode/js/dialog.js
	thirdparty/tinymce/langs/en.js
	thirdparty/tinymce/plugins/advhr/langs/en_dlg.js
	thirdparty/tinymce/plugins/advhr/rule.htm
	thirdparty/tinymce/plugins/advimage/image.htm
	thirdparty/tinymce/plugins/advimage/langs/en_dlg.js
	thirdparty/tinymce/plugins/advlink/langs/en_dlg.js
	thirdparty/tinymce/plugins/advlink/link.htm
	thirdparty/tinymce/plugins/emotions/emotions.htm
	thirdparty/tinymce/plugins/emotions/langs/en_dlg.js
	thirdparty/tinymce/plugins/example/dialog.htm
	thirdparty/tinymce/plugins/fullpage/fullpage.htm
	thirdparty/tinymce/plugins/fullpage/langs/en_dlg.js
	thirdparty/tinymce/plugins/fullscreen/fullscreen.htm
	thirdparty/tinymce/plugins/inlinepopups/template.htm
	thirdparty/tinymce/plugins/media/langs/en_dlg.js
	thirdparty/tinymce/plugins/media/media.htm
	thirdparty/tinymce/plugins/paste/js/pasteword.js
	thirdparty/tinymce/plugins/paste/langs/en_dlg.js
	thirdparty/tinymce/plugins/paste/pastetext.htm
	thirdparty/tinymce/plugins/paste/pasteword.htm
	thirdparty/tinymce/plugins/searchreplace/langs/en_dlg.js
	thirdparty/tinymce/plugins/searchreplace/searchreplace.htm
	thirdparty/tinymce/plugins/spellchecker/editor_plugin.js
	thirdparty/tinymce/plugins/spellchecker/editor_plugin_src.js
	thirdparty/tinymce/plugins/style/langs/en_dlg.js
	thirdparty/tinymce/plugins/style/props.htm
	thirdparty/tinymce/plugins/table/cell.htm
	thirdparty/tinymce/plugins/table/langs/en_dlg.js
	thirdparty/tinymce/plugins/table/merge_cells.htm
	thirdparty/tinymce/plugins/table/row.htm
	thirdparty/tinymce/plugins/table/table.htm
	thirdparty/tinymce/plugins/template/langs/en_dlg.js
	thirdparty/tinymce/plugins/template/template.htm
	thirdparty/tinymce/plugins/xhtmlxtras/abbr.htm
	thirdparty/tinymce/plugins/xhtmlxtras/acronym.htm
	thirdparty/tinymce/plugins/xhtmlxtras/attributes.htm
	thirdparty/tinymce/plugins/xhtmlxtras/cite.htm
	thirdparty/tinymce/plugins/xhtmlxtras/del.htm
	thirdparty/tinymce/plugins/xhtmlxtras/ins.htm
	thirdparty/tinymce/plugins/xhtmlxtras/langs/en_dlg.js
	thirdparty/tinymce/themes/advanced/about.htm
	thirdparty/tinymce/themes/advanced/anchor.htm
	thirdparty/tinymce/themes/advanced/charmap.htm
	thirdparty/tinymce/themes/advanced/color_picker.htm
	thirdparty/tinymce/themes/advanced/image.htm
	thirdparty/tinymce/themes/advanced/langs/en.js
	thirdparty/tinymce/themes/advanced/langs/en_dlg.js
	thirdparty/tinymce/themes/advanced/link.htm
	thirdparty/tinymce/themes/advanced/source_editor.htm
	thirdparty/tinymce/themes/simple/langs/en.js
	thirdparty/tinymce/tiny_mce.js
	thirdparty/tinymce/tiny_mce_src.js
	widgets/Widget.php
2011-02-14 18:47:53 +13:00
Sam Minnee
8d05811734 Merge remote branch 'cbarberis/master' 2011-02-14 16:34:02 +13:00
Carlos Barberis
184e8bd852 ENHANCEMENT: Added allowed actions to core classes 2011-02-14 11:14:51 +13:00
Ingo Schommer
60ca784aae API CHANGE Removed Director::history(), history was no longer recorded. Removed Director::__construct(), as Director is a static utility class without instance state (fixes #6385) 2011-02-12 16:39:35 +13:00
Sean Harvey
c3f915c4d5 BUGFIX #6287 open_basedir restriction breaks RandomGenerator when trying to read dev/urandom
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115314 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Ingo Schommer
397bbe7bb5 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114760 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
25da2d1c25 MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length (from r114748)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114749 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
7280a64d6b MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL (from r114743)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114744 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
6255cdf20a BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114512 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
310f8f6a03 BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
ae1d8e2e18 BUGFIX Using RandomGenerator class in PasswordEncryptor->salt() (from r114503)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114506 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
696de5d437 BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114500 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
f8c970ec0c ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (from r114497)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114499 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
30e3f08efb MINOR Checking for class_exists() before SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists (from r114332)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114334 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Sean Harvey
28f1c20c5d MINOR Reverted r108515
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114079 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Ingo Schommer
d6c9e18333 BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113273 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:58 +13:00
Ingo Schommer
e4d3584805 ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113272 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:58 +13:00
Sean Harvey
f3cc5a2b42 ENHANCEMENT #4903 MemberLoginForm field for "You are logged in as %s" message customisation (thanks walec51!)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@111891 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:56 +13:00
Ingo Schommer
486091e4ec API CHANGE Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_SecurityAdmin permissions tries to edit an ADMIN (fixes #5651)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@110856 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:50 +13:00
Sean Harvey
845b821f9e MINOR Remove whitespace if Surname field set on Member, but not FirstName
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109334 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:47 +13:00
Will Rossiter
947aeaed81 MINOR: trim space off end of firstname if surname is not set. #5925
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109330 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:47 +13:00
Sean Harvey
0cbde73445 API CHANGE #5873 DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use DataObjectSet::unshift($item) if unshifting was intended!
API CHANGE Added DataObjectSet::pop()
MINOR Unit tests for DataObjectSet::shift(), DataObjectSet::unshift() and DataObjectSet::pop()


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109156 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:46 +13:00
Sam Minnee
d612dd6a2c API CHANGE Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109103 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:46 +13:00
Sam Minnee
ce79e78de6 BUGFIX: Themed permissionFailure messages
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109102 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:46 +13:00
Sean Harvey
6d5f83ad59 BUGFIX Group::getCMSFields() should use Tab instances with a fixed name instead of translated one, leaving the translation for the tab title instead
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@109083 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:45 +13:00
Andreas Piening
4659068c3f MINOR: remove SQL table alias keyword AS
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108961 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:44 +13:00
Sean Harvey
72e1120168 BUGFIX #5627 Clear session on logout
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108515 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:44 +13:00
Sean Harvey
f9257a6035 ENHANCEMENT New Member records are populated with the currently set default through i18n::set_locale()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108499 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:43 +13:00
Sean Harvey
79b6c9d9cb BUGFIX Member_ProfileForm should fallback to english text for save button if no translation defined for current language
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108408 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:41 +13:00
Ingo Schommer
6ac852e216 BUGFIX Bypass BasicAuth when in CLI mode so unit tests can run (regression from r104962)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108193 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:40 +13:00
Sean Harvey
ae6d1c8e33 MINOR Fixed incorrect word "colon" with "dot"
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108002 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:39 +13:00
Sean Harvey
2cf33bc2d7 BUGFIX #5833 Duplicate IDs when two similar date formats in Member_DatetimeOptionsetField containing different delimiters (e.g / and .) replaced to an empty string
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@108001 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:39 +13:00
Ingo Schommer
78ac0fe3d6 ENHANCEMENT Allowing custom messages and permission codes in BasicAuth::protect_entire_site()
ENHANCEMENT Making $permissionCode argument optional for BasicAuth::requireLogin(). If not set the logic only checks for a valid account (but no group memberships)
ENHANCEMENT Using SS_HTTPResponse_Exception instead of header()/die() in BasicAuth::requireLogin() to make it more testable

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107867 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:38 +13:00
Ingo Schommer
7ac4a9ec4d BUGFIX Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107532 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:37 +13:00
Ingo Schommer
8dee93b523 BUGFIX Allowing dev/build in "live" mode when Security::database_is_ready() returns FALSE (typically happens when an existing SilverStripe project is upgraded and database columns in Member/Permission/Group have been added) (fixes #4957)
MINOR Using Object::create() in DevelopmentAdmin to make objects mockable
ENHANCEMENT Added Security::$force_database_is_ready to mock database_is_ready() state
ENHANCEMENT Added permission check exception in TaskRunner and DatabaseAdmin if SapphireTest::is_running_test() returns TRUE (necessary for DevelopmentAdminTest)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107415 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:36 +13:00
Sean Harvey
0df0dbd12c ENHANCEMENT Member_DatetimeOptionsetField toggle text is now translatable
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107365 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:35 +13:00
Sean Harvey
11568cf4e5 ENHANCEMENT #5352 Translatable entities for help text in Member_DatetimeOptionsetField::getFormattingHelpText()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107334 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:35 +13:00
Sean Harvey
3be26a4cec ENHANCEMENT #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@107326 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:35 +13:00
Ingo Schommer
7dfb8dd43d MINOR Making $Email available in Security_passwordsent.ss template (fixes #5737)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@106876 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:32 +13:00
Ingo Schommer
862c5a8602 MINOR Fixed hardcoded error message in PasswordValidator (fixes #5734)
MINOR Added PasswordValidatorTest

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@106687 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:32 +13:00
Will Rossiter
c38dc3b1b4 APICHANGE: moved Group::addToGroupByName to $member->addToGroupByCode.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@106217 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:31 +13:00
Mark Stephens
68e3ff3481 BUGFIX: get_title_sql has string concat hardcoded as ||, fixed for MSSQL which uses +, fix for #5613
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@105337 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:28 +13:00
Sam Minnee
9140742fd3 BUGFIX: Fixed bug in basicauth failover to session member.
BUGFIX: Don't use session member for test site protection feature.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104962 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:25 +13:00
Normann Lou
c540c3e12c BUGFIX: after reset password, the site redirect to non-exisit page (SC #1)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104745 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:24 +13:00
Ingo Schommer
bdf13bd3fc MINOR Documentation
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104610 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:22 +13:00
Ingo Schommer
17c67c7869 MINOR Fixed wrong _t() notation in ChangePasswordForm (broken in r103226 and r104596)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104598 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:22 +13:00
Mateusz Uzdowski
758d294b5d BUGFIX: when using custom Member title, the join was failing - it had wrong parameters. Now changed to correctly handle the ansi sql join for all Member columns.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@104552 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:21 +13:00
Normann Lou
83efb8bb63 BUGFIX: table and column names now quoted properly
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103851 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:19 +13:00
Sean Harvey
9634ccac80 ENHANCEMENT MemberLoginForm::performLogin() now uses the authenticator_class variable set in subclasses of MemberLoginForm, without having to overload performLogin()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103710 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:17 +13:00
Ingo Schommer
d12183bb3b BUGFIX Choosing i18n::default_locale() in Member->populateDefaults() instead of "current locale". This fixes a bug where a new member created through admin/security automatically "inherits" the current locale settings of the admin creating it.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103582 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:16 +13:00
Ingo Schommer
df671a35f3 MINOR Fixed phpdoc documentation (from r103390)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103391 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:15 +13:00
Ingo Schommer
6f0df9eb19 MINOR Fixed phpdoc documentation (from r103385)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103388 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:15 +13:00
Ingo Schommer
df15a3a9f4 MINOR Returning ValidationResult from Member->onBeforeWrite() to ensure the ValidationException is compatible with MemberTableField (related to r103336)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103337 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:14 +13:00
Mateusz Uzdowski
a1dc52719c ENHANCEMENT: allow ChangePasswordForm to redirect to BackURL (from #5420)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103229 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:13 +13:00
Mateusz Uzdowski
20e348d573 BUGFIX: made the invalid password message translatable; disallow new blank password (as it makes it impossible to login); Member::checkPassword now returns ValidationResult - handle that properly (#5420, patch submitted by walec51)
MINOR: typo


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103226 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:13 +13:00
Geoff Munn
d21e7b0623 BUGFIX: default sort column now quoted
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@103182 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:13 +13:00
Andreas Piening
b305efe172 BUGFIX: exchanged MySQL CONCAT function with ANSI compliant operator
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102237 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:11 +13:00
Will Rossiter
1491fc9358 BUGFIX: fallback to the standard authenticator before throwing user_error as in some cases auth method is not passed back to the login form
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102156 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:11 +13:00
Ingo Schommer
05b4a2313e BUGFIX Logging in with an invalid email returns no error message (fixes #5332, thanks ajshort)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@102072 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:11 +13:00
Tom Rix
444d6d3137 BUGFIX avoid call to non-object
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101794 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:09 +13:00
Ingo Schommer
c7a103c0dc MINOR Removed unnecessary "show" icons in "Roles" and "Member" ComplexTableFields
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101751 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:08 +13:00
Ingo Schommer
713263b928 MINOR Fixed tab naming in Group->getCMSFields()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101718 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:07 +13:00
Geoff Munn
3dfeb93a78 BUGFIX: tables and column quoted properly
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101554 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:05 +13:00
Sean Harvey
470082d12d BUGFIX Cookies set to a value other than NULL (effectively unsetting the cookie) will now use the httpOnly parameter by default for better XSS protection (from r101045)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@101046 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:00 +13:00
Ingo Schommer
2dffb95e83 MINOR Using Behaviour.register instead of jquery.livequery in TabSet.php/tabstrip.js (already replaced with jQuery.entwine in next release, we try to reduce the dependencies to jquery plugins)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100885 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:55 +13:00
Ingo Schommer
e7806f28cf ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100799 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:53 +13:00
Ingo Schommer
e7c74e0107 MINOR Using PermissionCheckboxSetField.js instead of MemberTableField.js
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100791 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:53 +13:00
Ingo Schommer
7e7cdab53e MINOR Improved help texts around permissions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100784 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:52 +13:00
Ingo Schommer
1c4069f53c ENHANCEMENT Respecting SecurityAdmin::$hidden_permissions in PermissionRole->getCMSFields()
MINOR Setting PermissionRole $singular_name and $plural_name

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100771 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:52 +13:00
Ingo Schommer
035731cd3f MINOR Removed "only advanced users" notice in Group->getCMSFields() - this field is now sufficiently useable for all admins with access to admin/security without knowing about permission codes
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100770 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:52 +13:00
Ingo Schommer
90e8171536 API CHANGE Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour (from r100705)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100718 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:51 +13:00
Ingo Schommer
d61f45ea61 BUGFIX Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100717 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:51 +13:00
Geoff Munn
37d915bb40 BUG FIX: column names quoted properly
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100691 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:50 +13:00
Sean Harvey
3944339bd7 MINOR BasicAuth - removed unncessary extending of Object since this class only has a bunch of static functions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100626 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:49 +13:00
Luke Hudson
5feb78c04f BUGFIX: Set Member default Locale
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100527 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:48 +13:00
Sean Harvey
d91fa6fdfd MINOR Changed places of Object::extInstance() to Object::getExtensionInstance() and added a notice if extInstance is used in future
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100487 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:46 +13:00
Sean Harvey
13857c49b8 BUGFIX #5012 BasicAuth should check if there's already a current member logged in before asking for a login/password
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100466 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:46 +13:00
Luke Hudson
1e921362fc BUGFIX: Sam's fix for "Unknown column Group.SubsiteID" with new subsites
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100375 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:44 +13:00
Will Rossiter
bad4352d60 BUGFIX: use localized prefix to compare group codes rather than hard coded english string. MINOR: updated lang file
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@100370 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:44 +13:00
Ingo Schommer
6be8d8b56b MINOR Added Group->CMSTreeClasses() (required for GroupCsvBulkLoader refresh in SecurityAdmin)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99801 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:42 +13:00
Ingo Schommer
eb5b5869ff MINOR Placing 'ADMIN' permission in new 'Administrator' group at the top of the permissions list (from r99601)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99668 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:41 +13:00
Ingo Schommer
29c8e8ba07 ENHANCEMENT Only show 'HTML Editor Config' dropdown in Group->getCMSFields() if more than one option exists
BUGFIX Fixed bogus HTMLEditorConfig instance when get() is called without a valid identifier (due to NULL database columns) (from r99599)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99667 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:41 +13:00
Ingo Schommer
92384ccbfc ENHANCEMENT Showing checkboxes as disabled for inherited roles in Group->getCMSFields() (from r99597)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99666 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:41 +13:00
Ingo Schommer
0525e5f884 MINOR Localized strings in PermissionCheckboxSetField (from r99590)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99663 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:40 +13:00
Ingo Schommer
ebaf33c720 FEATURE Showing (readonly) permissions for a Member record in admin/security popup (from r99586)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99662 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:40 +13:00
Ingo Schommer
5a6683e775 ENHANCEMENT PermissionCheckboxSetField_Readonly (with all checkboxes disabled)
MINOR Re-adding support for Group and PermissionRole records in PermissionCheckboxSetField
ENHANCEMENT Added 'assigned to...' label to group permissions in PermissionCheckboxSetField - used in Member->getCMSFields() readonly permission view (from r99585)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99660 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:40 +13:00
Ingo Schommer
41b91d4a39 ENHANCEMENT Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99658 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:40 +13:00
Ingo Schommer
a179e144cb MINOR Using localized titles for permission formfields in PermissionRole and Member (from r99583)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99657 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:40 +13:00
Ingo Schommer
ba4bfaf6ff MINOR Using TreeMultiselectField instead of MemberTableField->relationAutoSetting in Group->getCMSFields() (from r99582)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99656 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:40 +13:00
Ingo Schommer
4a6acf6e35 FEATURE View and select groups for a specific member via the member popup in admin/security (requires EDIT_PERMISSIONS) (from r98880)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99648 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:40 +13:00
Ingo Schommer
09e9d77e24 MINOR Setting new 'inlineadd' permissions on MemberTableField instance in Group->getCMSFields() (from r98827)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99641 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:39 +13:00
Ingo Schommer
5c92712924 BUGFIX Setting ID = -1 on Security/lostpassword to avoid showing toplevel navigation (see #5086)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99479 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:38 +13:00
Ingo Schommer
7280144b6a BUGFIX: Take into account tablename with custom columns in get_title_sql (from r97003)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99101 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:37 +13:00
Ingo Schommer
3c3cb7fd0e BUGFIX use proper quotes for sep (from r96401)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99100 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:37 +13:00
Ingo Schommer
7a63868fd6 MINOR ability to customize the text that comes out of Member->Title
MINOR updated workflow reports (from r96352)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99099 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:37 +13:00
Sean Harvey
3d6baa81d5 BUGFIX Don't show FailedLoginCount field unless Member::$lock_out_after_incorrect_logins is enabled
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@99031 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:33 +13:00
Ingo Schommer
6b556ef90d ENHANCEMENT Added GroupCsvBulkLoader class to facilitate group imports with permission codes and hierarchy (merged from r94252)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98715 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:30 +13:00
Ingo Schommer
8f098c1341 ENHANCEMENT MemberCsvBulkLoader for easy member import with group associations (merged from r94251)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98714 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:30 +13:00
Sam Minnee
4513b0b79f MINOR: Fixed caching of login page for tests
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98538 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:29 +13:00
Sam Minnee
ec326f752e BUGFIX: Make Security/login page's ID give a different number for loggedin vs loggedout, to help with partial caching
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98534 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:28 +13:00
Sam Minnee
ff666ff25d BUGFIX: Make login form work without any theme loaded.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98432 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:28 +13:00
Ingo Schommer
96f022be85 MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98274 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:25 +13:00
Andrew Short
a0ab707feb FEATURE: Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4).
MINOR: Use a ValidationResult to log in a member so that custom errors can be generated.

From: Andrew Short <andrewjshort@gmail.com> (from r98267)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98268 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:25 +13:00
Sam Minnee
30382db462 BUGFIX: Don't register member IDs that don't exist in the DB as being logged in.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98265 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:25 +13:00
Will Rossiter
18fe161702 BUGFIX: fixed member labels not appearing in cms popup. #5025
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@98030 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:19 +13:00
Ingo Schommer
db31ff5ad1 API CHANGE Removed $blankItemText parameter from Permission::get_codes()
ENHANCEMENT Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97819 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:16 +13:00
Ingo Schommer
4557ba87aa API CHANGE Removed Member::init_db_fields(), its no longer needed due to the Member.PasswordEncyrption property changing from an ENUM to Varchar.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97818 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:16 +13:00
Sam Minnee
00e5caf49c BUGFIX: Fixed Permission::get_members_by_permission() for DB abstractions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97653 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:15 +13:00
Ingo Schommer
31280ece2c BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97480 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:13 +13:00
Ingo Schommer
51c14227b2 API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin'

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97478 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:13 +13:00
Andrew Short
168114d4e2 ENHANCEMENT: Updated Member->getMemberFormFields() to use scaffolding and to be in line with Member->getCMSFields().
From: Andrew Short <andrewjshort@gmail.com> (from r97401)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97436 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:12 +13:00
Geoff Munn
81d775f06f BUGFIX: old 2.3 passwords now handled correctly and migrated accordingly
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97357 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:11 +13:00
Geoff Munn
f4de365be8 API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email'
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@97270 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:10 +13:00
Sam Minnee
25a437e5a0 BUGFIX: Removed XSS holes (from r94823)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96773 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:07 +13:00
Sam Minnee
150457f8a2 BUGFIX: Don't let non ADMINs with permission-editing rights assign themselves ADMIN permissions. (from r89805)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96718 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:02 +13:00
Sam Minnee
66c7eb6f10 MINOR update merge info, merged in r87119 (from r88839)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96714 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:02 +13:00
Sam Minnee
51a2eeed15 MERGE merged back a whole bunch of defect fixes from trunk (from r87846)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@96712 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:02 +13:00
Geoff Munn
6b59dc3e78 BUGFIX: Fallback for arrays which do not contain 'alreadyLoggedIn' values
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@95968 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:18:00 +13:00
Mateusz Uzdowski
d6b4ad39d8 BUGFIX: adding onAfterDelete hooks to remove the no longer necessary permissions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94859 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
7cdf62fd1c MINOR: added comment
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94856 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
056dae8103 BUGFIX: orphaned permissions and subsite administrator groups were causing trouble - now with the JOIN the first global administrator group is picked up when ussing the override login.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94835 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Mateusz Uzdowski
fa3fe47284 BUGFIX: removing permissions before re-applying them (previously it just removed the components on the relation which resulted in permissions having GroupID set to 0)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94810 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:59 +13:00
Will Rossiter
cd9f6cc9b2 MINOR: removed duplicate writes for performance
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94438 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:58 +13:00
Will Rossiter
1eb9fe83c1 APICHANGE: Group::addByGroupName() now creates the group if one does not already exist (from r83010)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94430 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Andrew O'Neil
a783448266 BUGFIX: Make sure findAnAdministrator gets a global administrator when subsites is installed.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94369 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Sean Harvey
06b7dc5de3 BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete()
MINOR Added additional tests to MemberTest


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@94358 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:57 +13:00
Will Rossiter
eb64eec534 API CHANGE: removed deprecated extend calls (r93632). API CHANGE: removed fieldExists(). Use hasField() (r93633). API CHANGE removed listOfFields() (r93647). API CHANGE: removed Tag() and URL() from Image. Use getTag() and getURL(). BUGFIX: updated Image.php to use getTag() (r93639, r93646). API CHANGE: removed val(). Use XML_val() (r93650). API CHANGE: removed $add_action. Use singlar_name or lang tables (r93658). API CHANGE: removed ConfirmedFormAction (r93674). API CHANGE: removed ajax_render on CTF (r93679).
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@93685 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:53 +13:00
Ingo Schommer
03c5caea72 MINOR Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and sapphire/javascript
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@93611 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:52 +13:00
Ingo Schommer
4452101790 API CHANGE Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92878 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:38 +13:00
Normann Lou
65b1bc4839 APICHANGE: add the ability to remove some permissions specified by their code in the rendered field html of PermissionChecksetBoxField and full-covered unit tests of this ability.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92428 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:38 +13:00
Sean Harvey
c34ef6d562 BUGFIX More robust checks on the current member in Member::canEdit() and Member::canDelete() if there is no logged in member
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@92129 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sean Harvey
797715ef78 BUGFIX Fixed Group::collateFamilyIDs() when working with MSSQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91775 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sam Minnee
f9c0ce652d BUGFIX: Include salt in legacy password encryptor (from r91743)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91746 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sam Minnee
45bbebe19f BUGFIX: Made use of new BasicAuth::protect_entire_site() consistent. (from r91658)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91659 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sam Minnee
ac239d6a0b BUGFIX: Don't enable site-wide protection by default (from r91609)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91613 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:37 +13:00
Sam Minnee
723d075ffd API CHANGE: Replaced BasicAuth::enable() with BasicAuth::protect_entire_site()
API CHANGE: BasicAuth::requireLogin() no longer has an option to automatically log you in.  You can call logIn() on the object returned, instead. (from r91603)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91612 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
65c1c6fd20 NOTFORMERGE Fixed merge error from r91576
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91592 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
07fc3650a3 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665) (merged from r90949)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004) (merged from r90949)
API CHANGE Deprecated Security::encrypt_passwords() (merged from r90949)
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation (merged from r90949)
API CHANGE Removed Security::get_encryption_algorithms() (merged from r90949)
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. (merged from r90949)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91576 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
2a1abcae2a BUGFIX Legacy password hash migration in MemberAuthenticator::authenticate() which fixes the precision problems mentioned in #3004 when a user logs in (from r90950)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91572 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Ingo Schommer
710f701645 MINOR Moved Security::encryptallpasswords() to EncryptAllPasswordsTask (merged from r90948)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@91564 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:17:36 +13:00
Sean Harvey
f238823b27 BUGFIX #6287 open_basedir restriction breaks RandomGenerator when trying to read dev/urandom (from r115314)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115315 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-22 21:01:27 +00:00
Will Rossiter
bda08c6988 ENHANCEMENT: abstract generateURLSegments functionality out to Convert::raw2url() to allow non site tree objects to safely make use of the logic. BUGFIX: #5586 Group::setCode() now calls Convert::raw2url() rather than requiring a SiteTree instance
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115205 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-20 03:18:51 +00:00
Ingo Schommer
1c34d8f1b4 API CHANGE Deprecated TreeTitle(), use getTreeTitle() (in SiteTree, File, Group)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@115119 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-16 05:16:06 +00:00
Will Rossiter
9f6e3c9162 ENHANCEMENT: added requireDefaultRecords. PATCH via fragarach (#6133)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114810 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-11 00:45:05 +00:00
Ingo Schommer
4b2c64c843 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Ingo Schommer
f61a307486 MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114748 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 08:17:35 +00:00
Ingo Schommer
674d8e0f4a MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114743 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 05:48:33 +00:00
Sam Minnee
51ee52c7ab BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens (from r114500)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114549 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:45:42 +00:00
Sam Minnee
b34286caab MINOR Reverted r108515 (from r114079)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114544 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:10 +00:00
Sam Minnee
3f8a0ede40 BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group) (from r113273)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114526 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:12 +00:00
Sam Minnee
9ec31acacb ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114525 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:22:57 +00:00
Ingo Schommer
531fa04d7d BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114510 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 04:41:49 +00:00
Ingo Schommer
50f823697c MINOR Fixed regression from r114504
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114505 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:43:10 +00:00
Ingo Schommer
a0a88af255 BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114504 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:39:25 +00:00
Ingo Schommer
1dddd5252d BUGFIX Using RandomGenerator class in PasswordEncryptor->salt()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:37:35 +00:00
Ingo Schommer
c378448f19 ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114497 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:19 +00:00
Ingo Schommer
07b6d1870a MINOR Checking for class_exists() before SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114332 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-11-30 05:13:09 +00:00
Sam Minnee
ef8419f11d ENHANCEMENT #4903 MemberLoginForm field for "You are logged in as %s" message customisation (thanks walec51!) (from r111891)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112941 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 05:05:23 +00:00