tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
16,426 Commits 29 Branches 513 Tags 147 MiB
Commit Graph

58 Commits

Author SHA1 Message Date
Loz Calver 82c0632f46
Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes (fixes #7208) 2017-07-26 09:54:29 +01:00
Daniel Hensby a5c84b12ab
FIX Order of conditionals for getting default admin 2017-06-12 11:54:05 +01:00
Daniel Hensby 447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-05-25 16:14:52 +01:00
Damian Mooyman 4f06a43986 Merge 3.3 into 3 
# Conflicts:
#	admin/javascript/lang/src/cs.js
#	admin/javascript/lang/src/de.js
#	admin/javascript/lang/src/en.js
#	admin/javascript/lang/src/eo.js
#	admin/javascript/lang/src/es.js
#	admin/javascript/lang/src/fi.js
#	admin/javascript/lang/src/fr.js
#	admin/javascript/lang/src/id.js
#	admin/javascript/lang/src/id_ID.js
#	admin/javascript/lang/src/it.js
#	admin/javascript/lang/src/ja.js
#	admin/javascript/lang/src/lt.js
#	admin/javascript/lang/src/mi.js
#	admin/javascript/lang/src/nb.js
#	admin/javascript/lang/src/nl.js
#	admin/javascript/lang/src/pl.js
#	admin/javascript/lang/src/ro.js
#	admin/javascript/lang/src/ru.js
#	admin/javascript/lang/src/sk.js
#	admin/javascript/lang/src/sl.js
#	admin/javascript/lang/src/sr.js
#	admin/javascript/lang/src/sr@latin.js
#	admin/javascript/lang/src/sr_RS.js
#	admin/javascript/lang/src/sr_RS@latin.js
#	admin/javascript/lang/src/sv.js
#	admin/javascript/lang/src/zh.js
#	javascript/lang/fr.js
#	javascript/lang/src/ar.js
#	javascript/lang/src/cs.js
#	javascript/lang/src/de.js
#	javascript/lang/src/en.js
#	javascript/lang/src/eo.js
#	javascript/lang/src/es.js
#	javascript/lang/src/fi.js
#	javascript/lang/src/fr.js
#	javascript/lang/src/id.js
#	javascript/lang/src/id_ID.js
#	javascript/lang/src/it.js
#	javascript/lang/src/ja.js
#	javascript/lang/src/lt.js
#	javascript/lang/src/mi.js
#	javascript/lang/src/nb.js
#	javascript/lang/src/nl.js
#	javascript/lang/src/pl.js
#	javascript/lang/src/ru.js
#	javascript/lang/src/sk.js
#	javascript/lang/src/sl.js
#	javascript/lang/src/sr.js
#	javascript/lang/src/sr@latin.js
#	javascript/lang/src/sr_RS.js
#	javascript/lang/src/sr_RS@latin.js
#	javascript/lang/src/sv.js
#	javascript/lang/src/zh.js
#	lang/it.yml
 2016-05-11 14:06:23 +12:00
Daniel Hensby cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4 2016-05-05 11:17:45 +01:00
Daniel Hensby f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin 2016-04-19 23:20:29 +01:00
Sam Minnee 3ee8f505b7 MINORE: Remove training whitespace. 
The main benefit of this is so that authors who make use of
.editorconfig don't end up with whitespace changes in their PRs.

Spaces vs. tabs has been left alone, although that could do with a
tidy-up in SS4 after the switch to PSR-1/2.

The command used was this:

for match in '*.ss' '*.css' '*.scss' '*.html' '*.yml' '*.php' '*.js' '*.csv' '*.inc' '*.php5'; do
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" -exec sed -E -i '' 's/[[:space:]]+$//' {} \+
	find . -path ./thirdparty -not -prune -o -path ./admin/thirdparty -not -prune -o -type f -name "$match" | xargs perl -pi -e 's/ +$//'
done
 2016-01-07 10:15:54 +13:00
Damian Mooyman 88fdc75456 Merge remote-tracking branch 'composer/3.1' into 3 
Conflicts:
	.editorconfig
	docs/en/00_Getting_Started/00_Server_Requirements.md
	docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_IIS7.md
	docs/en/00_Getting_Started/01_Installation/04_Other_installation_Options/Windows_Platform_Installer.md
	docs/en/00_Getting_Started/04_Directory_Structure.md
	docs/en/00_Getting_Started/index.md
	docs/en/01_Tutorials/01_Building_A_Basic_Site.md
	docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
	docs/en/01_Tutorials/03_Forms.md
	docs/en/01_Tutorials/04_Site_Search.md
	docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
	docs/en/01_Tutorials/index.md
	docs/en/02_Developer_Guides/00_Model/01_Data_Model_and_ORM.md
	docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md
	docs/en/02_Developer_Guides/01_Templates/06_Themes.md
	docs/en/02_Developer_Guides/03_Forms/How_Tos/Simple_Contact_Form.md
	docs/en/02_Developer_Guides/05_Extending/05_Injector.md
	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
	docs/en/02_Developer_Guides/10_Email/index.md
	docs/en/02_Developer_Guides/11_Integration/01_RestfulService.md
	docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
	docs/en/02_Developer_Guides/14_Files/index.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/03_CMS_Layout.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Tree.md
	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_Site_Reports.md
	docs/en/02_Developer_Guides/18_Cookies_And_Sessions/01_Cookies.md
	docs/en/04_Changelogs/3.1.9.md
	docs/en/05_Contributing/00_Issues_and_Bugs.md
	docs/en/05_Contributing/02_Release_Process.md
	docs/en/05_Contributing/03_Documentation.md
	filesystem/File.php
	filesystem/GD.php
	model/DataDifferencer.php
	model/Versioned.php
	security/BasicAuth.php
	security/Member.php
	tests/filesystem/FileTest.php
	tests/forms/uploadfield/UploadFieldTest.php
	tests/model/VersionedTest.php
	tests/security/BasicAuthTest.php
 2015-01-15 18:52:46 +13:00
Damian Mooyman ce93a8a98e Resolve merge regressions 2014-11-19 11:05:07 +13:00
Damian Mooyman 0b1f297873 Merge remote-tracking branch 'origin/3.1' 
Conflicts:
	.travis.yml
	README.md
	admin/code/LeftAndMain.php
	admin/css/screen.css
	admin/scss/screen.scss
	api/RestfulService.php
	conf/ConfigureFromEnv.php
	control/injector/ServiceConfigurationLocator.php
	control/injector/SilverStripeServiceConfigurationLocator.php
	core/ClassInfo.php
	core/Object.php
	css/AssetUploadField.css
	css/ComplexTableField_popup.css
	dev/CSSContentParser.php
	dev/DevelopmentAdmin.php
	docs/en/changelogs/index.md
	docs/en/misc/contributing/code.md
	docs/en/reference/execution-pipeline.md
	filesystem/GD.php
	filesystem/ImagickBackend.php
	filesystem/Upload.php
	forms/Form.php
	forms/FormField.php
	forms/HtmlEditorConfig.php
	forms/gridfield/GridFieldDetailForm.php
	forms/gridfield/GridFieldSortableHeader.php
	lang/en.yml
	model/Aggregate.php
	model/DataList.php
	model/DataObject.php
	model/DataQuery.php
	model/Image.php
	model/MySQLDatabase.php
	model/SQLQuery.php
	model/fieldtypes/HTMLText.php
	model/fieldtypes/Text.php
	scss/AssetUploadField.scss
	search/filters/SearchFilter.php
	security/Authenticator.php
	security/LoginForm.php
	security/Member.php
	security/MemberAuthenticator.php
	security/MemberLoginForm.php
	security/Security.php
	tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
	tests/control/HTTPTest.php
	tests/control/RequestHandlingTest.php
	tests/filesystem/UploadTest.php
	tests/forms/FormTest.php
	tests/forms/NumericFieldTest.php
	tests/model/DataListTest.php
	tests/model/DataObjectTest.php
	tests/model/TextTest.php
	tests/security/MemberAuthenticatorTest.php
	tests/security/SecurityDefaultAdminTest.php
	tests/view/SSViewerCacheBlockTest.php
	tests/view/SSViewerTest.php
 2014-11-18 12:45:54 +13:00
Damian Mooyman 9d78eb7fe6 BUG Fix BasicAuth not resetting failed login counts on authentication 2014-10-24 14:19:12 +13:00
Damian Mooyman 53c40a94fa API Enable re-authentication within the CMS if a user session is lost 
BUG Resolve issue with error redirection being ignored within CMS
BUG Fix issue with invalid securityID being re-emitted on failure
 2014-10-14 15:19:48 +13:00
Ingo Schommer e56ad9b37c Don't clear BackURL after MemberAuthenticator::authenticate() 
It breaks logic flow, e.g. when

Its called by BasicAuth:requireLogin() when basic auth is enabled,
before any controller logic kicks in (on every HTTP request).
This means you can't use session-based BackURLs with basic auth enabled,
breaking flows like redirection after Facebook logins.

I can't see why a clear() was necessary here, looks like a overly
cautious way to prevent infinite loops? Can't see how those
would be caused by requireLogin() though.

Been there since all the way back in 2007: a377a67e54
 2014-08-25 23:12:52 +12:00
Damian Mooyman eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman d8e9af8af8 API New Database abstraction layer. Ticket #7429 
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
 2014-07-09 18:04:05 +12:00
Kirk Mayo 632884252b NEW: Updating out of date URLs in the framework source code and docs 2014-02-07 15:10:44 +13:00
Ingo Schommer 3334eafcb1 API Marked statics private, use Config API instead (#8317) 
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
 2013-03-24 17:20:53 +01:00
Simon Welsh b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Sam Minnee 1f7fc1f76a FIX Remove instances of lines longer than 120c 
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
 2012-09-30 17:18:13 +13:00
Simon Welsh f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Fred Condo d370423825 Clean up trailing ?> per coding standard 
All sapphire but the lang directory
 2012-02-12 12:40:16 -08:00
Stig Lindqvist 6db830605c MINOR Do a isset check before using the value. 
This happens if someone accidentially access /Security/LoginForm directly.
 2011-10-27 22:38:11 +02:00
Ingo Schommer ce8e72cf0e MINOR Removing executable flag from all files (thanks miiihi) 2011-09-18 22:04:02 +02:00
Sam Minnee 890ac94a6a MINOR: Several changes merged from branches/2.4 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112060 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-10-13 01:35:19 +00:00
Ingo Schommer b69b03b9e0 API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email' (from r97270) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102440 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-04-12 05:00:05 +00:00
Ingo Schommer 61e27830c6 MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) (merged from r98274) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99701 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-02-23 04:05:34 +00:00
Andrew Short 5e9b78b798 FEATURE: Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4). 
MINOR: Use a ValidationResult to log in a member so that custom errors can be generated.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@98267 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-02-05 00:36:25 +00:00
Ingo Schommer e4ca24c7e2 BUGFIX Legacy password hash migration in MemberAuthenticator::authenticate() which fixes the precision problems mentioned in #3004 when a user logs in 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90950 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-11-06 02:23:30 +00:00
Sam Minnee 7f5838ce3d BUGFIX: MemberAuthenticator::authenticate() returns a member object or false, in keeping with the current docs. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@80250 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-06-28 02:48:33 +00:00
Andrew O'Neil 60f75c5ca4 Merged changes from 2.3 branch 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71172 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-02-01 23:49:53 +00:00
Sam Minnee 96c5be8252 Updating queries to be more DB agnostic 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-24 09:31:14 +00:00
Sam Minnee 93438e0be2 API CHANGE: Adding double quotes to all table and field references (a work in progress) 
API CHANGE: DataObject::get()'s GROUP BY clause is only generated for MySQL as it needs to be improved for other databases to accept it.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66427 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-23 23:28:16 +00:00
Sam Minnee 788ec0e536 Fixed MemberAuthenticator::authenticationFailedUnknownUser code 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60582 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-13 01:48:54 +00:00
Hayden Smith ca6c248de1 Merged [47069]: Replaced explicit calls to AccessLogEntry::create with more flexible calls to extensions. AccessLogEntry to be refactored into separate module. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60504 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-12 20:59:32 +00:00
Ingo Schommer 4735f91ab8 (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60352 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-11 03:39:14 +00:00
Ingo Schommer b8adcd8aad (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60289 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-11 00:21:44 +00:00
Ingo Schommer ad4d506f82 (merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60287 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-08-11 00:14:48 +00:00
Ingo Schommer 60860cc1b9 MINOR Unified @package PHPdoc (added where missing, removed duplicates) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@56212 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-06-15 13:33:53 +00:00
Sam Minnee 739bda485f Merged revisions 52401 via svnmerge from 
http://svn.silverstripe.com/open/modules/sapphire/branches/2.2.2

........
  r52401 | sminnee | 2008-04-09 22:06:35 +1200 (Wed, 09 Apr 2008) | 1 line
  
  Fixed Authenticators to work with r52400
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53517 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-04-26 06:51:52 +00:00
Sam Minnee a1f8892c52 Merged revisions 52151 via svnmerge from 
http://svn.silverstripe.com/open/modules/sapphire/branches/govtsecurity

........
  r52151 | sminnee | 2008-04-05 11:14:26 +1300 (Sat, 05 Apr 2008) | 1 line
  
  Lock users out after 5 failed log-ins
........


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@53466 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-04-26 06:32:05 +00:00
Matt Peel 7d13ba7fb8 Reverted geoffm's accidental commit to /open 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@50107 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-02-25 02:10:37 +00:00
Geoff Munn bf3c09bec6 First post 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@50105 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-02-25 01:06:39 +00:00
Sam Minnee b1d2e3906b API Documentation updates 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@47766 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-01-09 04:18:36 +00:00
Sam Minnee d27937f448 Updated API documentation package tags 
Fixed some whitespace

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@47725 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-01-08 06:37:50 +00:00
Ingo Schommer 393caf4287 FEATURE made sapphire i18n-capable 
FEATURE a little bit of german translation

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@43842 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2007-10-25 02:47:45 +00:00
Andrew O'Neil c7231c6935 mlanthaler: Fixed typo and updated docBlock (merged from gsoc branch, r42439) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42972 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2007-10-02 22:18:45 +00:00
Ingo Schommer 3bcf84de92 ENHANCEMENT: Coding conventions (check_default_admin()) 
ENHANCEMENT: only include tab-styling/js when more than one login-method is available

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42731 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2007-09-27 21:13:59 +00:00
Ingo Schommer e7993a1bb0 BUGFIX: removed Security::get_default_username() and Security::get_default_password() 
had rather severe security implications due to the way PHP handles static methods as instance methods,
combined with silverstripe's url->method-mapping
(EPIC FALE! on my behalf...)
added Security::checkDefaultAdmin()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42204 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2007-09-17 21:51:42 +00:00
Ingo Schommer 6205cff4f1 Changed $username/$password to $default_username/$default_password, 
respecting Security::setDefaultAdmin() in MemberAuthenticator? 
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@42156 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2007-09-16 17:39:41 +00:00
Ingo Schommer 7d600b025d mlanthaler: Refactored the created code since the coding conventions for static methods were changed (ticket #49). 
(merged from branches/gsoc)


git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@41982 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2007-09-16 00:44:30 +00:00