tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
15,965 Commits 31 Branches 527 Tags 162 MiB
a893e2aa0f
Commit Graph

1120 Commits

Author SHA1 Message Date
Daniel Hensby
beeed8155a
Merge branch '3.4' into 3 2016-09-16 11:56:01 +01:00
Thomas Portelange
995d07756d cache currentUser query (#6007) 
* cache currentUser query

Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)
 2016-09-15 15:45:40 +01:00
Daniel Hensby
3fd9fe3aa0
Merge branch '3.4' into 3 2016-09-07 09:22:06 +01:00
Daniel Hensby
060bf6b327
Merge branch '3.3' into 3.4 2016-08-22 16:22:37 +01:00
Daniel Hensby
088d88e978
Merge branch '3.2' into 3.3 2016-08-22 16:22:02 +01:00
Daniel Hensby
229a2b9217
Merge pull request #4133 from nimeso/patch-1 2016-08-22 11:52:47 +01:00
Damian Mooyman
d88516203c Merge 3.4 into 3 2016-08-15 19:05:20 +12:00
Daniel Hensby
d1163d87b7 [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 15:52:10 +12:00
Daniel Hensby
8bbf1caae6 [SS-2016-013] FIX Uncasted member name 2016-08-15 15:52:04 +12:00
Daniel Hensby
782c18fd13 [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 2016-08-15 15:51:53 +12:00
Daniel Hensby
08384bb4d6 [SS-2016-008] Reset Member::Salt on password change 2016-08-15 15:50:56 +12:00
Daniel Hensby
fa7f5af861 [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 15:02:53 +12:00
Daniel Hensby
83e3302c04 [SS-2016-013] FIX Uncasted member name 2016-08-15 15:02:47 +12:00
Daniel Hensby
6d41db77fa [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
 2016-08-15 15:02:41 +12:00
Daniel Hensby
f85dea2e6d [SS-2016-008] Reset Member::Salt on password change 2016-08-15 15:02:36 +12:00
Daniel Hensby
b1f449762b [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 14:07:57 +12:00
Daniel Hensby
281b0de571 [SS-2016-013] FIX Uncasted member name 2016-08-15 14:07:51 +12:00
Daniel Hensby
2b30ade44d [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
 2016-08-15 14:07:40 +12:00
Daniel Hensby
dc47f7ec9a [SS-2016-008] Reset Member::Salt on password change 2016-08-15 14:07:24 +12:00
Damian Mooyman
3c1a5d2a46 Merge pull request #5872 from dhensby/pulls/3/injector-for-cmslogin 
FIX Use create syntax for CMSMemberLoginForm remember me form
 2016-08-12 14:10:56 +12:00
Daniel Hensby
86add3e021
FIX Use create syntax for CMSMemberLoginForm remember me form 2016-08-07 20:20:20 +01:00
Damian Mooyman
7de5b998e1 Merge 3.4 into 3 2016-08-05 19:12:25 +12:00
Damian Mooyman
ca754eb887 Merge 3.3 into 3.4 
# Conflicts:
#	admin/javascript/lang/fa_IR.js
#	admin/javascript/lang/it.js
#	admin/javascript/lang/src/fa_IR.js
#	admin/javascript/lang/src/it.js
#	lang/cs.yml
#	lang/eo.yml
#	lang/fa_IR.yml
#	lang/fi.yml
#	lang/it.yml
#	lang/sk.yml
 2016-08-05 16:48:26 +12:00
Damian Mooyman
0d5ae23f2b Merge 3.2 into 3.3 2016-08-05 14:36:35 +12:00
Andrew Aitken-Fincham
66f2e6811b modify getAuthenticator to fall back to get_default_authenticator 2016-08-03 10:36:43 +12:00
Damian Mooyman
d08ab6ac81
API Allow X-Frame-Options to be configured 
Fixes #2970
 2016-07-15 14:08:14 +12:00
Daniel Hensby
a449045b09
Merge branch '3.4' into 3 2016-07-04 23:54:27 +01:00
Daniel Hensby
c35dc508cb
Merge branch '3.3' into 3.4 2016-07-04 23:53:55 +01:00
Daniel Hensby
ee326f6394
Merge branch 'hailwood/patch-5' into 3 2016-07-01 14:53:02 +01:00
Matthew Hailwood
4f0969f119
Make lost password url a config option like login_url and logout_url 
Also makes the login_url, logout_url and new lost_password_url functions
return their link relative to the base url rather than assuming the base tag
 2016-07-01 14:47:51 +01:00
Damian Mooyman
f1a0aef0d7
BUG fix CMS_ACCESS permission being ignored if in incorrect order in array 2016-06-28 17:45:15 +12:00
Daniel Hensby
19b9413432
NEW Use injector for MemberLoginForm fields 2016-06-10 22:50:38 +01:00
Stevie Mayhew
b1df9dcb1d BUGFIX: check that we have a token and a UID before attempting a member auto login 2016-05-20 09:19:08 +12:00
Damian Mooyman
4d1ddf0e62
BUG Prevent session hijackers from resetting a user password 
BUG Member::checkPassword incorrect for default admin
 2016-05-16 10:54:18 +12:00
Damian Mooyman
4f06a43986 Merge 3.3 into 3 
# Conflicts:
#	admin/javascript/lang/src/cs.js
#	admin/javascript/lang/src/de.js
#	admin/javascript/lang/src/en.js
#	admin/javascript/lang/src/eo.js
#	admin/javascript/lang/src/es.js
#	admin/javascript/lang/src/fi.js
#	admin/javascript/lang/src/fr.js
#	admin/javascript/lang/src/id.js
#	admin/javascript/lang/src/id_ID.js
#	admin/javascript/lang/src/it.js
#	admin/javascript/lang/src/ja.js
#	admin/javascript/lang/src/lt.js
#	admin/javascript/lang/src/mi.js
#	admin/javascript/lang/src/nb.js
#	admin/javascript/lang/src/nl.js
#	admin/javascript/lang/src/pl.js
#	admin/javascript/lang/src/ro.js
#	admin/javascript/lang/src/ru.js
#	admin/javascript/lang/src/sk.js
#	admin/javascript/lang/src/sl.js
#	admin/javascript/lang/src/sr.js
#	admin/javascript/lang/src/sr@latin.js
#	admin/javascript/lang/src/sr_RS.js
#	admin/javascript/lang/src/sr_RS@latin.js
#	admin/javascript/lang/src/sv.js
#	admin/javascript/lang/src/zh.js
#	javascript/lang/fr.js
#	javascript/lang/src/ar.js
#	javascript/lang/src/cs.js
#	javascript/lang/src/de.js
#	javascript/lang/src/en.js
#	javascript/lang/src/eo.js
#	javascript/lang/src/es.js
#	javascript/lang/src/fi.js
#	javascript/lang/src/fr.js
#	javascript/lang/src/id.js
#	javascript/lang/src/id_ID.js
#	javascript/lang/src/it.js
#	javascript/lang/src/ja.js
#	javascript/lang/src/lt.js
#	javascript/lang/src/mi.js
#	javascript/lang/src/nb.js
#	javascript/lang/src/nl.js
#	javascript/lang/src/pl.js
#	javascript/lang/src/ru.js
#	javascript/lang/src/sk.js
#	javascript/lang/src/sl.js
#	javascript/lang/src/sr.js
#	javascript/lang/src/sr@latin.js
#	javascript/lang/src/sr_RS.js
#	javascript/lang/src/sr_RS@latin.js
#	javascript/lang/src/sv.js
#	javascript/lang/src/zh.js
#	lang/it.yml
 2016-05-11 14:06:23 +12:00
Daniel Hensby
d1751e3310
Merge remote-tracking branch '3.2.4' into 3.3.2 2016-05-05 12:33:21 +01:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4 2016-05-05 11:17:45 +01:00
Daniel Hensby
92599727b9
Merge remote-tracking branch 'security/patch/3.1/ss-2016-006' into 3.1.19 2016-05-05 01:01:49 +01:00
Daniel Hensby
7af7f8dd65
Merge remote-tracking branch 'security/patch/3.1/ss-2016-005' into 3.1.19 2016-05-05 01:01:44 +01:00
Daniel Hensby
457931d664
Merge branch '3.3' into 3 2016-05-04 23:32:10 +01:00
Damian Mooyman
2a5ba397e6 BUG Fix SS_HTTPResponse being cast as string (#5413) 
Fixes #5335
 2016-05-02 08:54:19 +12:00
Daniel Hensby
1ccd3926e3
[SS-2016-001] FIX Properly check backurl on CMSSecurity@success 2016-04-20 23:58:50 +01:00
Daniel Hensby
a6bd22ab2f
[SS-2016-006] FIX dont disable XSS for login forms 2016-04-20 23:57:59 +01:00
Daniel Hensby
f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin 2016-04-19 23:20:29 +01:00
Damian Mooyman
e1865151c5 Merge pull request #5098 from bummzack/5086-fix-member-validator 
Fix for issue #5086
 2016-02-26 14:39:53 +13:00
Roman Schmid
f691a5da32 Improve Member_Validator to: 
- properly check for existing members.
- allow extensions.
- remove old code and replace with new syntax and add config API.

Fix issue in Group code where Member_Validator was instantiated via "new" which didn't allow injector overrides.
Added unit-tests.

Establish a link between the member and the validator for said member.
 2016-02-25 16:10:52 +01:00
Damian Mooyman
8c1cafd1a0 Merge remote-tracking branch 'origin/3.3' into 3 
# Conflicts:
#	admin/scss/_forms.scss
#	admin/scss/_style.scss
#	admin/scss/_tree.scss
#	javascript/TreeDropdownField.js
 2016-01-19 17:08:26 +13:00
Damian Mooyman
5d240feaec Merge remote-tracking branch 'origin/3.2' into 3.3 2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac Merge remote-tracking branch 'origin/3.1' into 3.2 
# Conflicts:
#	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
#	docs/en/02_Developer_Guides/14_Files/01_Image.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
#	docs/en/03_Upgrading/index.md
#	docs/en/05_Contributing/01_Code.md
#	forms/TreeMultiselectField.php
#	security/Permission.php
 2016-01-19 14:00:19 +13:00
Denise Rivera
7e32268ede display filtered roles when not an admin 2016-01-11 13:05:10 +13:00