silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-01 05:39:10 +02:00

Author	SHA1	Message	Date
Thomas Portelange	995d07756d	cache currentUser query (#6007 ) * cache currentUser query Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)	2016-09-15 15:45:40 +01:00
Daniel Hensby	060bf6b327	Merge branch '3.3' into 3.4	2016-08-22 16:22:37 +01:00
Daniel Hensby	088d88e978	Merge branch '3.2' into 3.3	2016-08-22 16:22:02 +01:00
Daniel Hensby	229a2b9217	Merge pull request #4133 from nimeso/patch-1	2016-08-22 11:52:47 +01:00
Daniel Hensby	d1163d87b7	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 15:52:10 +12:00
Daniel Hensby	8bbf1caae6	[SS-2016-013] FIX Uncasted member name	2016-08-15 15:52:04 +12:00
Daniel Hensby	782c18fd13	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login	2016-08-15 15:51:53 +12:00
Daniel Hensby	08384bb4d6	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 15:50:56 +12:00
Daniel Hensby	fa7f5af861	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 15:02:53 +12:00
Daniel Hensby	83e3302c04	[SS-2016-013] FIX Uncasted member name	2016-08-15 15:02:47 +12:00
Daniel Hensby	6d41db77fa	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 15:02:41 +12:00
Daniel Hensby	f85dea2e6d	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 15:02:36 +12:00
Daniel Hensby	b1f449762b	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 14:07:57 +12:00
Daniel Hensby	281b0de571	[SS-2016-013] FIX Uncasted member name	2016-08-15 14:07:51 +12:00
Daniel Hensby	2b30ade44d	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 14:07:40 +12:00
Daniel Hensby	dc47f7ec9a	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 14:07:24 +12:00
Damian Mooyman	ca754eb887	Merge 3.3 into 3.4 # Conflicts: # admin/javascript/lang/fa_IR.js # admin/javascript/lang/it.js # admin/javascript/lang/src/fa_IR.js # admin/javascript/lang/src/it.js # lang/cs.yml # lang/eo.yml # lang/fa_IR.yml # lang/fi.yml # lang/it.yml # lang/sk.yml	2016-08-05 16:48:26 +12:00
Damian Mooyman	0d5ae23f2b	Merge 3.2 into 3.3	2016-08-05 14:36:35 +12:00
Andrew Aitken-Fincham	66f2e6811b	modify getAuthenticator to fall back to get_default_authenticator	2016-08-03 10:36:43 +12:00
Daniel Hensby	c35dc508cb	Merge branch '3.3' into 3.4	2016-07-04 23:53:55 +01:00
Damian Mooyman	f1a0aef0d7	BUG fix CMS_ACCESS permission being ignored if in incorrect order in array	2016-06-28 17:45:15 +12:00
Damian Mooyman	4d1ddf0e62	BUG Prevent session hijackers from resetting a user password BUG Member::checkPassword incorrect for default admin	2016-05-16 10:54:18 +12:00
Damian Mooyman	4f06a43986	Merge 3.3 into 3 # Conflicts: # admin/javascript/lang/src/cs.js # admin/javascript/lang/src/de.js # admin/javascript/lang/src/en.js # admin/javascript/lang/src/eo.js # admin/javascript/lang/src/es.js # admin/javascript/lang/src/fi.js # admin/javascript/lang/src/fr.js # admin/javascript/lang/src/id.js # admin/javascript/lang/src/id_ID.js # admin/javascript/lang/src/it.js # admin/javascript/lang/src/ja.js # admin/javascript/lang/src/lt.js # admin/javascript/lang/src/mi.js # admin/javascript/lang/src/nb.js # admin/javascript/lang/src/nl.js # admin/javascript/lang/src/pl.js # admin/javascript/lang/src/ro.js # admin/javascript/lang/src/ru.js # admin/javascript/lang/src/sk.js # admin/javascript/lang/src/sl.js # admin/javascript/lang/src/sr.js # admin/javascript/lang/src/sr@latin.js # admin/javascript/lang/src/sr_RS.js # admin/javascript/lang/src/sr_RS@latin.js # admin/javascript/lang/src/sv.js # admin/javascript/lang/src/zh.js # javascript/lang/fr.js # javascript/lang/src/ar.js # javascript/lang/src/cs.js # javascript/lang/src/de.js # javascript/lang/src/en.js # javascript/lang/src/eo.js # javascript/lang/src/es.js # javascript/lang/src/fi.js # javascript/lang/src/fr.js # javascript/lang/src/id.js # javascript/lang/src/id_ID.js # javascript/lang/src/it.js # javascript/lang/src/ja.js # javascript/lang/src/lt.js # javascript/lang/src/mi.js # javascript/lang/src/nb.js # javascript/lang/src/nl.js # javascript/lang/src/pl.js # javascript/lang/src/ru.js # javascript/lang/src/sk.js # javascript/lang/src/sl.js # javascript/lang/src/sr.js # javascript/lang/src/sr@latin.js # javascript/lang/src/sr_RS.js # javascript/lang/src/sr_RS@latin.js # javascript/lang/src/sv.js # javascript/lang/src/zh.js # lang/it.yml	2016-05-11 14:06:23 +12:00
Daniel Hensby	d1751e3310	Merge remote-tracking branch '3.2.4' into 3.3.2	2016-05-05 12:33:21 +01:00
Daniel Hensby	cf29b2c146	Merge remote-tracking branch '3.1.19' into 3.2.4	2016-05-05 11:17:45 +01:00
Daniel Hensby	92599727b9	Merge remote-tracking branch 'security/patch/3.1/ss-2016-006' into 3.1.19	2016-05-05 01:01:49 +01:00
Daniel Hensby	7af7f8dd65	Merge remote-tracking branch 'security/patch/3.1/ss-2016-005' into 3.1.19	2016-05-05 01:01:44 +01:00
Daniel Hensby	457931d664	Merge branch '3.3' into 3	2016-05-04 23:32:10 +01:00
Damian Mooyman	2a5ba397e6	BUG Fix SS_HTTPResponse being cast as string (#5413 ) Fixes #5335	2016-05-02 08:54:19 +12:00
Daniel Hensby	1ccd3926e3	[SS-2016-001] FIX Properly check backurl on CMSSecurity@success	2016-04-20 23:58:50 +01:00
Daniel Hensby	a6bd22ab2f	[SS-2016-006] FIX dont disable XSS for login forms	2016-04-20 23:57:59 +01:00
Daniel Hensby	f32c893546	[SS-2016-005] FIX Apply brute force protection to default admin	2016-04-19 23:20:29 +01:00
Damian Mooyman	e1865151c5	Merge pull request #5098 from bummzack/5086-fix-member-validator Fix for issue #5086	2016-02-26 14:39:53 +13:00
Roman Schmid	f691a5da32	Improve `Member_Validator` to: - properly check for existing members. - allow extensions. - remove old code and replace with new syntax and add config API. Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides. Added unit-tests. Establish a link between the member and the validator for said member.	2016-02-25 16:10:52 +01:00
Damian Mooyman	8c1cafd1a0	Merge remote-tracking branch 'origin/3.3' into 3 # Conflicts: # admin/scss/_forms.scss # admin/scss/_style.scss # admin/scss/_tree.scss # javascript/TreeDropdownField.js	2016-01-19 17:08:26 +13:00
Damian Mooyman	5d240feaec	Merge remote-tracking branch 'origin/3.2' into 3.3	2016-01-19 15:08:24 +13:00
Damian Mooyman	46cbe809ac	Merge remote-tracking branch 'origin/3.1' into 3.2 # Conflicts: # docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md # docs/en/02_Developer_Guides/14_Files/01_Image.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md # docs/en/03_Upgrading/index.md # docs/en/05_Contributing/01_Code.md # forms/TreeMultiselectField.php # security/Permission.php	2016-01-19 14:00:19 +13:00
Denise Rivera	7e32268ede	display filtered roles when not an admin	2016-01-11 13:05:10 +13:00
Sam Minnee	3ee8f505b7	MINORE: Remove training whitespace. The main benefit of this is so that authors who make use of .editorconfig don't end up with whitespace changes in their PRs. Spaces vs. tabs has been left alone, although that could do with a tidy-up in SS4 after the switch to PSR-1/2. The command used was this: for match in '.ss' '.css' '.scss' '.html' '.yml' '.php' '.js' '.csv' '.inc' '.php5'; do find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+ find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" \| xargs perl -pi -e 's/ +$//' done	2016-01-07 10:15:54 +13:00
Damian Mooyman	21e1e938eb	Merge pull request #4893 from dhensby/pulls/member-regenerate-session-id FIX session_regenerate_id uses config system	2016-01-06 15:16:31 +13:00
Daniel Hensby	00544ff100	FIX session_regenerate_id uses config system	2016-01-05 22:31:58 +00:00
Daniel Hensby	4335d8ed22	FIX Members with no ID inherit logged in user permission	2016-01-05 08:16:18 +00:00
Damian Mooyman	19b10044ec	Merge remote-tracking branch 'origin/3.2' into 3	2015-12-22 17:05:07 +13:00
Damian Mooyman	6ac83f02c9	Merge pull request #4819 from SilverStripers/3 parse the string to be converted to group codes.	2015-12-22 16:53:31 +13:00
Damian Mooyman	48a30909f3	Merge remote-tracking branch 'origin/3.2' into 3 # Conflicts: # admin/javascript/LeftAndMain.BatchActions.js # css/UploadField.css # forms/HtmlEditorField.php	2015-12-22 14:07:52 +13:00
Mateusz Uzdowski	5a21b2fb15	BUG Guard against users being added to all groups on unsaved Group. If ->Members()->add() is called on an unsaved group (with ID 0), the collateFamilyIDs() will errorneously return all root Groups thinking it's looking for Groups with ParentID=0. As a result, the Member will be added to all root groups, instead of just the selected group and all its children.	2015-12-11 14:51:51 +13:00
Damian Mooyman	38e154af0a	API Disable get parameter access to site stage mode BUG Fix missing and undocumented response from Security::permissionFailure()	2015-12-07 17:39:18 +13:00
Nivanka Fonseka	411f168f00	parse the string to be converted to group codes. Two fixes. 1. parse the group code by using Convert::raw2url() as it creates duplicate records if the group code is given in upper case letters, spaces etc. 2. assigning to the $_cache_groupByCode has to be really done in the if condition rather than out of it.	2015-12-02 10:01:25 +05:30
Novusvetus	6266f909e0	API Increased Permission.Code db field to 255 characters	2015-11-27 13:54:37 +13:00
Damian Mooyman	94742fa3e2	BUG Revert method visibility regression	2015-11-27 13:10:52 +13:00

1 2 3 4 5 ...

1108 Commits