Commit Graph

4732 Commits

Author SHA1 Message Date
Will Rossiter
9f6e3c9162 ENHANCEMENT: added requireDefaultRecords. PATCH via fragarach (#6133)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114810 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-11 00:45:05 +00:00
Ingo Schommer
ae2311bcd6 BUGFIX Removed switch in MySQLDatabase->query() to directly echo queries with 'showqueries' parameter when request is called via ajax
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114782 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 23:26:22 +00:00
Ingo Schommer
43debfafe9 BUGFIX Disallow web access to sapphire/silverstripe_version to avoid information leakage
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114773 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 22:53:24 +00:00
Ingo Schommer
4b2c64c843 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Ingo Schommer
e4a786eb1a MINOR Setting Content-Type to text/plain in various error responses for RestfulServer
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114750 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 08:40:28 +00:00
Ingo Schommer
f61a307486 MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114748 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 08:17:35 +00:00
Ingo Schommer
674d8e0f4a MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114743 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 05:48:33 +00:00
Ingo Schommer
1222b4d146 ENHANCEMENT 'bypassStaticCache' cookie set in Versioned is limited to httpOnly flag (no access by JS) to improve clientside security
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114568 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-06 00:29:20 +00:00
Ingo Schommer
562eeee790 ENHANCEMENT Session::start() forces PHPSESSID cookies to be httpOnly (no access by JS) to improve clientside security
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114567 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-06 00:28:27 +00:00
Ingo Schommer
ead9dce351 MINOR Documentation in SS_Cache
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114551 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 19:46:21 +00:00
Sam Minnee
df08da0f49 MINOR: Blocking unnecessary revisions
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114550 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:46:15 +00:00
Sam Minnee
51ee52c7ab BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens (from r114500)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114549 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:45:42 +00:00
Sam Minnee
6de3e90527 FIX: Revert last commit (from r114464)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114548 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:45:20 +00:00
Sam Minnee
aaf56e190f FIX: Revert last commit (from r114463)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114547 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:44:37 +00:00
Sam Minnee
8638221adb MINOR: Added exception handling if ClassName is null in search results (from r114454)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114546 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:44:20 +00:00
Sam Minnee
1fc8bef1ce BUGFIX Including template /lang folders in i18n::include_by_locale() (implementation started in r113919) (from r114208)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114545 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:38 +00:00
Sam Minnee
b34286caab MINOR Reverted r108515 (from r114079)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114544 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:43:10 +00:00
Sam Minnee
05d6df2193 MINOR Fixed php tag in SecurityTokenTest, should be "<?php" not "<?" (from r114016)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114543 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:41:38 +00:00
Sam Minnee
312c7aec07 BUGFIX #6201 Use of set_include_path() did not always include sapphire paths in some environments (from r113976)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114542 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:40:28 +00:00
Sam Minnee
e340ccb1ad MINOR Fixed PHP strict standard where non-variables cannot be passed by reference (from r113968)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114541 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:39:31 +00:00
Sam Minnee
edc7a46d21 MINOR Fixed spaces with tabs in Core (from r113924)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114540 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:37:31 +00:00
Sam Minnee
567c0b4939 MINOR Fixed spaces with tabs for Core::getTempFolder() (from r113923)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114539 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:37:15 +00:00
Sam Minnee
68747773ae MINOR Updated cs_CZ and sk_SK translations in sapphire/javascript (fixes #6085, thanks Pike) (from r113690)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114538 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:36:57 +00:00
Sam Minnee
b7777cd67d BUGFIX ErrorPage::requireDefaultRecords() case where no assets directory causes an fopen() error. Ensure assets directory is created before attempting to write error page files (from r113590)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114537 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:36:05 +00:00
Sam Minnee
a2475141c6 MINOR Fixed output spelling mistake and formatting in SapphireTest::delete_all_temp_dbs() (from r113450)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114536 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:48 +00:00
Sam Minnee
400157c8bf MINOR Fixed RSSFeedTest which should put test configuration code into setUp() and tearDown() methods. If the test fails halfway through, these will get called to clean up the state (from r113430)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114535 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:33 +00:00
Sam Minnee
1a3897ab1a ENHANCEMENT Validation for uploaded files (from r113420)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114534 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:35:06 +00:00
Sam Minnee
c24ed58d2d BUGFIX Better checking of file validity (#6093) Thanks Pigeon (from r113419)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114533 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:34:42 +00:00
Sam Minnee
100e50c700 BUGFIX Ensure that SearchForm searchEngine() call properly escapes the Relevance field for ANSI compliance (from r113295)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114532 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:30:51 +00:00
Sam Minnee
854e0e30b4 ENHANCEMENT Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() (from r113284)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114531 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:30:32 +00:00
Sam Minnee
770281b65c BUGFIX Clear static marking caches on Hierarchy->flushCache() (from r113277)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114530 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:26:40 +00:00
Sam Minnee
38601b96f8 BUGFIX Fixed ComplexTableField and TableListField GET actions against CSRF attacks (with Form_SecurityToken->checkRequest()) (from r113276)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114529 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:26:03 +00:00
Sam Minnee
5c0b2182ae API CHANGE Added security token to TableListField->Link() in order to include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection (from r113275)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114528 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:58 +00:00
Sam Minnee
c63b00f92a MINOR Using SecurityToken in ViewableData->getSecurityID() (from r113274)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114527 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:37 +00:00
Sam Minnee
3f8a0ede40 BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group) (from r113273)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114526 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:24:12 +00:00
Sam Minnee
9ec31acacb ENHANCEMENT Added SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114525 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:22:57 +00:00
Sam Minnee
ecaa735db2 BUGFIX ModelViewer doesn't work due to minor bug introduced by making $_CLASS_MANIFEST keys lowercase (fixes #6144, thanks daniel.lindkvist) (from r113249)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114524 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:20:33 +00:00
Sam Minnee
662f581b24 BUGFIX Fixed month conversion in DateField_View_JQuery::convert_iso_to_jquery_format() (fixes #6124, thanks mbren and natmchugh) (from r113247)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114523 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:20:13 +00:00
Sam Minnee
c3fa7406ab MINOR Documentation (from r113241)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114522 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:18:58 +00:00
Sam Minnee
24f2c51fa2 BUGFIX: removed taiwans province of china (from r113193)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114521 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:17:34 +00:00
Sam Minnee
75c6c4941c BUGFIX: Use correct language code for jquery-ui date picker for en_US (from r113107)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114520 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:17:16 +00:00
Sam Minnee
e3d109763a MINOR: updated typo in comment for Cache. (from r112982)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114519 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:16:59 +00:00
Sam Minnee
fc869c1d86 MINOR: Fix to SapphireInfo for git-svn checkouts. (from r112962)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114518 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 08:06:29 +00:00
Ingo Schommer
3e8704c882 BUGFIX Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114515 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 05:23:37 +00:00
Ingo Schommer
531fa04d7d BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114510 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 04:41:49 +00:00
Ingo Schommer
50f823697c MINOR Fixed regression from r114504
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114505 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:43:10 +00:00
Ingo Schommer
a0a88af255 BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114504 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:39:25 +00:00
Ingo Schommer
1dddd5252d BUGFIX Using RandomGenerator class in PasswordEncryptor->salt()
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114503 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:37:35 +00:00
Ingo Schommer
8b220b923a ENHANCEMENT Using RandomGenerator in Form->getExtraFields() "SecurityID" token creation
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114498 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:48 +00:00
Ingo Schommer
c378448f19 ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114497 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:18:19 +00:00