Commit Graph

203 Commits

Author SHA1 Message Date
Ingo Schommer
f61a307486 MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114748 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 08:17:35 +00:00
Ingo Schommer
674d8e0f4a MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114743 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 05:48:33 +00:00
Ingo Schommer
50f823697c MINOR Fixed regression from r114504
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114505 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:43:10 +00:00
Ingo Schommer
a0a88af255 BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114504 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-05 00:39:25 +00:00
Sam Minnee
d8a8635374 API CHANGE Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_SecurityAdmin permissions tries to edit an ADMIN (fixes #5651) (from r110856)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112861 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 02:46:26 +00:00
Sam Minnee
102375954a MINOR Remove whitespace if Surname field set on Member, but not FirstName (from r109334)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112824 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 01:24:43 +00:00
Sam Minnee
00ddc0ff83 MINOR: trim space off end of firstname if surname is not set. #5925 (from r109330)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112822 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 01:23:44 +00:00
Sam Minnee
496e9bcef6 API CHANGE #5873 DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use DataObjectSet::unshift($item) if unshifting was intended!
API CHANGE Added DataObjectSet::pop()
MINOR Unit tests for DataObjectSet::shift(), DataObjectSet::unshift() and DataObjectSet::pop() (from r109156)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112817 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 01:20:56 +00:00
Sam Minnee
cf6907931b API CHANGE Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site (from r109103)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112781 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:55:33 +00:00
Sam Minnee
60c78eb54d ENHANCEMENT New Member records are populated with the currently set default through i18n::set_locale() (from r108499)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112753 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:37:43 +00:00
Sam Minnee
066bf90f02 BUGFIX Member_ProfileForm should fallback to english text for save button if no translation defined for current language (from r108408)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112727 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:54:17 +00:00
Sam Minnee
bd96d249f0 MINOR Fixed incorrect word "colon" with "dot" (from r108002)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112704 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:37:11 +00:00
Sam Minnee
7254c00aef BUGFIX #5833 Duplicate IDs when two similar date formats in Member_DatetimeOptionsetField containing different delimiters (e.g / and .) replaced to an empty string (from r108001)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112703 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:34:09 +00:00
Ingo Schommer
577e82a123 BUGFIX Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772) (from r107532)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112602 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:52:38 +00:00
Ingo Schommer
ad7267aa4c ENHANCEMENT Member_DatetimeOptionsetField toggle text is now translatable (from r107365)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112570 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:23:43 +00:00
Ingo Schommer
6959909cb6 ENHANCEMENT #5352 Translatable entities for help text in Member_DatetimeOptionsetField::getFormattingHelpText() (from r107334)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112569 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:23:22 +00:00
Ingo Schommer
47762cdf5b ENHANCEMENT #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field (from r107326)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112568 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:23:02 +00:00
Ingo Schommer
39b056024f APICHANGE: moved Group::addToGroupByName to $member->addToGroupByCode. (from r106217)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112528 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 03:00:48 +00:00
Ingo Schommer
95e1efb4bf BUGFIX: get_title_sql has string concat hardcoded as ||, fixed for MSSQL which uses +, fix for #5613 (from r105337)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112497 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 02:48:51 +00:00
Ingo Schommer
589adbfde3 BUGFIX: when using custom Member title, the join was failing - it had wrong parameters. Now changed to correctly handle the ansi sql join for all Member columns. (from r104552)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112351 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-15 00:28:57 +00:00
Ingo Schommer
d46c3c877f BUGFIX: table and column names now quoted properly (from r103851)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112322 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-14 23:50:36 +00:00
Sam Minnee
1e925a9e91 BUGFIX Choosing i18n::default_locale() in Member->populateDefaults() instead of "current locale". This fixes a bug where a new member created through admin/security automatically "inherits" the current locale settings of the admin creating it. (from r103582)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112149 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:57:49 +00:00
Sam Minnee
eb43fb14ef MINOR Returning ValidationResult from Member->onBeforeWrite() to ensure the ValidationException is compatible with MemberTableField (related to r103336) (from r103337)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112133 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:42:49 +00:00
Sam Minnee
50c5887aec BUGFIX: exchanged MySQL CONCAT function with ANSI compliant operator (from r102237)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112063 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 01:37:24 +00:00
Sam Minnee
1a12f98382 BUGFIX avoid call to non-object (from r101794)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112038 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 01:09:02 +00:00
Sam Minnee
df0e553eee BUGFIX: tables and column quoted properly (from r101554)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112003 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 00:48:57 +00:00
Sam Minnee
9f2ca79c67 BUGFIX Cookies set to a value other than NULL (effectively unsetting the cookie) will now use the httpOnly parameter by default for better XSS protection (from r101045) (from r101046)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@111570 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-04 04:40:50 +00:00
Andreas Piening
1941c6042c ENHANCEMENT Creating default "Content Authors" group with limited rights if no other groups exist.
MINOR Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
MINOR Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords() (from r100799)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@108804 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-08-03 01:05:27 +00:00
Ingo Schommer
b9e75f9cef BUGFIX: Set Member default Locale (from r100527)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@105595 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-05-25 04:15:13 +00:00
Ingo Schommer
c3e001f82c BUGFIX: Take into account tablename with custom columns in get_title_sql (from r97003) (from r99101)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102848 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 04:08:51 +00:00
Ingo Schommer
a9c9aaef67 BUGFIX use proper quotes for sep (from r96401) (from r99100)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102847 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 04:08:37 +00:00
Ingo Schommer
ae7439a4c3 MINOR ability to customize the text that comes out of Member->Title
MINOR updated workflow reports (from r96352) (from r99099)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102846 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 04:08:22 +00:00
Ingo Schommer
1260790685 BUGFIX Don't show FailedLoginCount field unless Member::$lock_out_after_incorrect_logins is enabled (from r99031)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102822 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-14 03:51:34 +00:00
Ingo Schommer
3a1868e8cf BUGFIX: fixed member labels not appearing in cms popup. #5025 (from r98030)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102567 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-13 01:49:24 +00:00
Ingo Schommer
feb30e194f API CHANGE Removed Member::init_db_fields(), its no longer needed due to the Member.PasswordEncyrption property changing from an ENUM to Varchar. (from r97818)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102535 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 23:40:58 +00:00
Ingo Schommer
426190bc9e API CHANGE Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
API CHANGE Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
ENHANCEMENT Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
MINOR Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin' (from r97478)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102493 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:16:26 +00:00
Ingo Schommer
c604341a1d API CHANGE Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@100705 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-03-09 04:10:38 +00:00
Ingo Schommer
f4e284a3c1 BUGFIX Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@100704 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-03-09 04:08:52 +00:00
Ingo Schommer
09de9f7834 ENHANCEMENT Only show 'HTML Editor Config' dropdown in Group->getCMSFields() if more than one option exists
BUGFIX Fixed bogus HTMLEditorConfig instance when get() is called without a valid identifier (due to NULL database columns)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99599 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-22 09:38:15 +00:00
Ingo Schommer
11ad275522 FEATURE Showing (readonly) permissions for a Member record in admin/security popup
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99586 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-22 04:37:36 +00:00
Ingo Schommer
aea2f94a5e FEATURE View and select groups for a specific member via the member popup in admin/security (requires EDIT_PERMISSIONS)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@98880 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-12 04:01:42 +00:00
Andrew Short
5e9b78b798 FEATURE: Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4).
MINOR: Use a ValidationResult to log in a member so that custom errors can be generated.

From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@98267 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-05 00:36:25 +00:00
Andrew Short
bbd9f2a2b5 ENHANCEMENT: Updated Member->getMemberFormFields() to use scaffolding and to be in line with Member->getCMSFields().
From: Andrew Short <andrewjshort@gmail.com>

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@97401 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-01-21 22:59:19 +00:00
Sean Harvey
35628832d6 BUGFIX #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete()
MINOR Added additional tests to MemberTest (from r94358)

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@95601 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-12-16 05:39:39 +00:00
Will Rossiter
2ff4631c1f API CHANGE: removed listOfFields() function. Use custom code instead.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@93647 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-26 21:24:38 +00:00
Ingo Schommer
1b138d6916 MINOR Removed layout_helpers.js dependency
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92516 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:30:42 +00:00
Ingo Schommer
a11db29672 MINOR Changed paths to moved thirdparty dependencies (mostly from /jsparty to /sapphire/thirdparty, /cms/javascript and /sapphire/javascript)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92502 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 02:29:59 +00:00
Ingo Schommer
48c0418840 BUGFIX More robust checks on the current member in Member::canEdit() and Member::canDelete() if there is no logged in member (from r92129)
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@92458 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-21 01:43:16 +00:00
Ingo Schommer
e675381cd4 ENHANCEMENT Pluggable password encryption through PasswordEncryptor class (#3665)
BUGFIX Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004)
API CHANGE Deprecated Security::encrypt_passwords()
API CHANGE Deprecated Security::$useSalt, use custom PasswordEncryptor implementation
API CHANGE Removed Security::get_encryption_algorithms()
API CHANGE MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
API CHANGE Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others.

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90949 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-06 02:23:21 +00:00
Tom Rix
8216448da3 MINOR run checks before running hasMethod, as an extension does not neccessairily have that method.
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90691 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-11-03 02:33:53 +00:00