Damian Mooyman
43f49e8434
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
admin/code/ModelAdmin.php
control/Director.php
model/SQLQuery.php
security/Member.php
tests/control/HTTPTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
tests/view/SSViewerTest.php
2015-03-31 19:54:15 +13:00
Loz Calver
a61c08d031
FIX: Security::$default_message_set Config value unusable
2015-03-17 15:51:31 +00:00
Damian Mooyman
0b1f297873
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
README.md
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/screen.scss
api/RestfulService.php
conf/ConfigureFromEnv.php
control/injector/ServiceConfigurationLocator.php
control/injector/SilverStripeServiceConfigurationLocator.php
core/ClassInfo.php
core/Object.php
css/AssetUploadField.css
css/ComplexTableField_popup.css
dev/CSSContentParser.php
dev/DevelopmentAdmin.php
docs/en/changelogs/index.md
docs/en/misc/contributing/code.md
docs/en/reference/execution-pipeline.md
filesystem/GD.php
filesystem/ImagickBackend.php
filesystem/Upload.php
forms/Form.php
forms/FormField.php
forms/HtmlEditorConfig.php
forms/gridfield/GridFieldDetailForm.php
forms/gridfield/GridFieldSortableHeader.php
lang/en.yml
model/Aggregate.php
model/DataList.php
model/DataObject.php
model/DataQuery.php
model/Image.php
model/MySQLDatabase.php
model/SQLQuery.php
model/fieldtypes/HTMLText.php
model/fieldtypes/Text.php
scss/AssetUploadField.scss
search/filters/SearchFilter.php
security/Authenticator.php
security/LoginForm.php
security/Member.php
security/MemberAuthenticator.php
security/MemberLoginForm.php
security/Security.php
tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
tests/control/HTTPTest.php
tests/control/RequestHandlingTest.php
tests/filesystem/UploadTest.php
tests/forms/FormTest.php
tests/forms/NumericFieldTest.php
tests/model/DataListTest.php
tests/model/DataObjectTest.php
tests/model/TextTest.php
tests/security/MemberAuthenticatorTest.php
tests/security/SecurityDefaultAdminTest.php
tests/view/SSViewerCacheBlockTest.php
tests/view/SSViewerTest.php
2014-11-18 12:45:54 +13:00
Sean Harvey
0e07f1a7f5
Merge remote-tracking branch 'origin/3.0' into 3.1
2014-08-22 17:50:36 +12:00
Ingo Schommer
1661213e5b
FIX Opt-out pf form message escaping ( fixes #2796 )
...
This fixes a limitation introduced through http://www.silverstripe.org/ss-2013-008-xss-in-numericfield-validation/ .
Form messages used to accept HTML, now they’re escaped by default, effectively removing the ability
to pass in HTML and take care of escaping manually.
We pass through HTML to message in core through the CTF system, so this needs to be fixed.
It’s an alternative fix to https://github.com/silverstripe/silverstripe-framework/pull/2803 .
2014-08-22 16:59:34 +12:00
Damian Mooyman
eb069e605d
Remove all redundant whitespace
2014-08-19 09:17:15 +12:00
Damian Mooyman
d8e9af8af8
API New Database abstraction layer. Ticket #7429
...
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
2014-07-09 18:04:05 +12:00
Damian Mooyman
1dcaf36c9b
Fix merge regressions
2014-04-22 13:28:44 +12:00
Damian Mooyman
982ad569b9
Merge remote-tracking branch 'origin/3.1'
2014-04-22 12:09:51 +12:00
Damian Mooyman
997077ae83
API Security.remember_username to disable login form autocompletion
2014-04-11 09:05:25 +12:00
Simon Welsh
d431e98ecf
Merge branch '3.1'
...
Conflicts:
forms/Form.php
forms/FormField.php
security/Member.php
security/MemberLoginForm.php
2014-03-10 22:58:49 +13:00
Ingo Schommer
c047a7b990
Reset FailedLoginCount on successful password reset
2014-03-03 17:47:16 +13:00
micmania1
229bea399b
added logout url to Security and deprecated Security::set_login_url in favour of config
2013-12-20 21:55:54 +00:00
Ingo Schommer
d75f545887
Clear DB caches in SecurityTest
2013-10-20 14:23:23 +02:00
Ingo Schommer
b58e2dbe3a
Member.lock_out_delay_mins configurable, password security docs
2013-07-11 09:47:28 +02:00
Ingo Schommer
fb784af738
API Enforce $allowed_actions in RequestHandler->checkAccessAction()
...
See discussion at https://groups.google.com/forum/?fromgroups#!topic/silverstripe-dev/Dodomh9QZjk
Fixes an access issue where all public methods on FormField were allowed,
and not checked for $allowed_actions. Before this patch you could e.g.
call FormField->Value() on the first field by using action_Value.
Removes the following assertion because it only worked due to RequestHandlingTest_AllowedControllerExtension
*not* having $allowed_extensions declared: "Actions on magic methods are only accessible if explicitly allowed on the controller."
2013-06-24 14:50:40 +02:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Sam Minnee
d8bfc0bb48
API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself.
2013-01-29 18:03:47 +01:00
Mateusz Uzdowski
a8b0e44d98
API Hash autologin tokens before storing in the database.
...
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Sean Harvey
007ed25c0b
MINOR Fixing broken tests
2012-04-20 15:05:18 +12:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814
MINOR Add newline to end of files without one
2012-04-15 10:50:19 +12:00
Sam Minnee
ec73555db4
MINOR: Text fix.
2011-10-29 17:36:38 +13:00
Simon Welsh
2c0257e9b9
Cast the header value to string as PHPUnit can't handle it being NULL.
2011-10-29 15:24:06 +13:00
Ingo Schommer
2870eb9212
MINOR Changed $fixture_path to relative filenames in all sapphire test cases in order to allow easier file moving and less verbosity in tests
2011-03-30 23:04:48 +13:00
Ingo Schommer
65e7b83421
MINOR Made login form redirection test in SecurityTest explicit, rather than implicit through testLogInAsSomeoneElse()
2011-03-29 18:08:33 +13:00
Paul Meyrick
dc36725869
MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency
...
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00
Ingo Schommer
d099c7e5ba
BUGFIX Unregistering custom Authenticators in SecurityTest->setUp()
2011-03-21 18:13:01 +13:00
Ingo Schommer
a7e9be3bc4
BUGFIX Fixing SecurityTest to clear any custom settings in Security::$force_database_is_ready before making assertions
2011-03-21 18:12:59 +13:00
Ingo Schommer
4b2c64c843
BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-12-09 21:18:49 +00:00
Sam Minnee
b7f21302bc
MINOR Fixed failing test as session being set before logging out and losing BackURL (from r108518)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112759 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-19 00:47:19 +00:00
Sam Minnee
0e3693f99e
BUGFIX: tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file (from r107940)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112702 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-18 22:33:41 +00:00
Ingo Schommer
caa2a292bb
BUGFIX: SecurityTest tests would fail on sites which had set a non-default unique identifier field for Members (from r104016)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112329 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-14 23:53:44 +00:00
Sam Minnee
51375f7cc6
ENHANCEMENT: added tests for checking the change password functionality, including the resulting redirection (from #5420 ) (from r103250)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112128 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 03:39:04 +00:00
Sam Minnee
890ac94a6a
MINOR: Several changes merged from branches/2.4
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112060 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-10-13 01:35:19 +00:00
Ingo Schommer
6450810b4c
BUGFIX Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027 ) (from r97480)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102494 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-04-12 21:17:07 +00:00
Ingo Schommer
61e27830c6
MINOR Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268) (merged from r98274)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@99701 467b73ca-7a2a-4603-9d3b-597d59a354a9
2010-02-23 04:05:34 +00:00
Ingo Schommer
5e3cffec1f
BUGFIX More robust URL handling in SecurityTest to avoid failing on custom /admin redirects
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85514 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-09-01 06:48:31 +00:00
Sean Harvey
13b358a8dd
Merged from branches/2.3
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-04-29 00:07:39 +00:00
Sam Minnee
41fb93b344
ENHANCEMENT #3032 ajshort: Use static methods for accessing static data
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73036 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-03-14 00:16:32 +00:00
Ingo Schommer
6d708765fe
BUGFIX Fixed redirection to external URLs through Security/login with BackURL parameter
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71708 467b73ca-7a2a-4603-9d3b-597d59a354a9
2009-02-11 21:08:28 +00:00
Sam Minnee
96c5be8252
Updating queries to be more DB agnostic
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-24 09:31:14 +00:00
Sam Minnee
12e62c6329
ENHANCEMENT: Change MySQLDatabase connection to operate in ANSI SQL mode, to ease the transition to DB abstraction
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66399 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-11-22 03:51:04 +00:00
Ingo Schommer
2b15a2d5b5
BUGFIX Using _t() to check content strings in unit tests and avoid tests failing when i18n is enabled
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@64042 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-10 02:20:33 +00:00
Hayden Smith
634ed7b70c
Merged from branches/nzct-trunk. Use 'svn log -c <changeset> -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField.
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@63806 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-10-08 02:00:12 +00:00
Sam Minnee
12a62b9f62
Updated SecurityTest to use new FunctionalTest system consistently
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60427 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 23:04:25 +00:00
Sam Minnee
8536a47b7c
Update SecurityTest to use the FunctionalTest base-class
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60394 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 05:27:18 +00:00
Ingo Schommer
2d8434a43f
(merged from branches/roa. use "svn log -c <changeset> -g <module-svn-path>" for detailed commit message)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@60327 467b73ca-7a2a-4603-9d3b-597d59a354a9
2008-08-11 02:57:59 +00:00