silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-09-04 16:51:25 +02:00

Author	SHA1	Message	Date
Damian Mooyman	50aa1f22a6	Merge branch '3.6' into 3	2017-12-07 13:20:58 +13:00
Damian Mooyman	d6a93f5215	Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6 # Conflicts: # security/Member.php	2017-12-06 17:26:45 +13:00
Damian Mooyman	91cf85087b	Merge remote-tracking branch 'origin/3.5' into 3.6	2017-12-06 17:21:09 +13:00
Damian Mooyman	6ba00e829a	[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt	2017-11-30 15:53:50 +13:00
Daniel Hensby	2ad3cc07d5	FIX Update meber passwordencryption to default on password change	2017-11-23 21:17:31 +00:00
Daniel Hensby	b49d1d7fbd	Merge branch '3.6' into 3	2017-09-28 17:17:19 +01:00
Daniel Hensby	bd7abc73de	Merge branch '3.5.5' into 3.6.2	2017-09-20 16:26:30 +01:00
Daniel Hensby	72702dbd50	Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack [SS-2017-005] User enumeration via timing attack mitigated	2017-09-20 11:39:39 +01:00
Daniel Hensby	f0262a8fd9	[SS-2017-005] User enumeration via timing attack mitigated	2017-09-20 11:33:22 +01:00
Daniel Hensby	091d99f599	FIX Authenticators are more resilient to incomplete configuration	2017-09-12 15:57:03 +01:00
Daniel Hensby	23a726f385	Merge branch '3.6' into 3	2017-08-14 13:43:28 +01:00
Daniel Hensby	a3b72c500d	Merge branch '3.5' into 3.6	2017-08-14 12:55:09 +01:00
Loz Calver	82c0632f46	Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes (fixes #7208 )	2017-07-26 09:54:29 +01:00
Daniel Hensby	1e5592a3d9	Merge branch '3.5' into 3.6	2017-06-27 13:14:39 +01:00
Daniel Hensby	6f2b08b962	Merge branch '3.6' into 3	2017-06-14 12:02:27 +01:00
Daniel Hensby	ecc88b2cbe	Merge branch '3.5' into 3.6	2017-06-14 12:02:06 +01:00
Daniel Hensby	a5c84b12ab	FIX Order of conditionals for getting default admin	2017-06-12 11:54:05 +01:00
Daniel Hensby	21d2e5cad1	Merge branch '3.6' into 3	2017-05-31 00:12:14 +01:00
Daniel Hensby	cda7e8dc39	Merge remote-tracking branch 'security/3.5.4' into 3.6.0	2017-05-29 01:29:05 +01:00
Daniel Hensby	24166700e8	Merge remote-tracking branch 'security/3.4.6' into 3.5.4	2017-05-29 01:02:35 +01:00
Daniel Hensby	447ce0f84f	[SS-2017-002] FIX Lock out users who dont exist in the DB	2017-05-25 16:14:52 +01:00
Damian Mooyman	f16d7e1838	API Deprecate unused / undesirable create_new_password implementation	2017-05-08 17:41:37 +12:00
Loz Calver	05a737c5fc	Allow RandomGenerator to use random_bytes() in PHP 7	2017-04-05 11:05:28 +10:00
Joe Harvey	0d0d18612d	Adding extension hooks to Member isLockedOut() and registerSuccessfulLogin()	2017-03-30 11:07:51 +01:00
Robbie Averill	2f6f5b5eff	Do not send the header if it is not defined	2017-01-11 08:26:04 +13:00
Robbie Averill	cb2dcc75f1	Add X-Robots-Tag noindex,nofollow header from Security controller to prevent indexing	2017-01-09 16:13:39 +13:00
Daniel Hensby	69974d940a	Merge branch '3.3' into 3.4	2016-11-18 11:33:39 +00:00
Daniel Hensby	0ae4b57754	Merge branch '3.2' into 3.3	2016-11-18 11:32:36 +00:00
Daniel Hensby	5df077f24d	Merge branch '3.1' into 3.2	2016-11-18 11:29:19 +00:00
Daniel Hensby	8e5f786b8d	Merge branch '3.4' into 3.5.0	2016-11-15 11:43:16 +00:00
Daniel Hensby	3f4445641d	Merge branch '3.3' into 3.4	2016-11-15 11:35:38 +00:00
Daniel Hensby	c7778a1e9a	Merge branch '3.2' into 3.3	2016-11-15 11:19:27 +00:00
Daniel Hensby	06d0210233	Merge branch '3.1' into 3.2	2016-11-15 11:18:46 +00:00
Daniel Hensby	17097a4d11	[SS-2016-016] FIX Properly escape backURL for template injection	2016-11-10 17:00:03 +00:00
Daniel Hensby	5a7cde0e10	Merge branch '3.4' into 3.5.0	2016-11-09 16:14:40 +00:00
Loz Calver	6bf36fbd30	FIX: Correct return type for Member::currentUser()	2016-11-09 14:20:44 +00:00
Daniel Hensby	beeed8155a	Merge branch '3.4' into 3	2016-09-16 11:56:01 +01:00
Thomas Portelange	995d07756d	cache currentUser query (#6007 ) * cache currentUser query Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)	2016-09-15 15:45:40 +01:00
Daniel Hensby	3fd9fe3aa0	Merge branch '3.4' into 3	2016-09-07 09:22:06 +01:00
Daniel Hensby	060bf6b327	Merge branch '3.3' into 3.4	2016-08-22 16:22:37 +01:00
Daniel Hensby	088d88e978	Merge branch '3.2' into 3.3	2016-08-22 16:22:02 +01:00
Daniel Hensby	229a2b9217	Merge pull request #4133 from nimeso/patch-1	2016-08-22 11:52:47 +01:00
Damian Mooyman	d88516203c	Merge 3.4 into 3	2016-08-15 19:05:20 +12:00
Daniel Hensby	d1163d87b7	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 15:52:10 +12:00
Daniel Hensby	8bbf1caae6	[SS-2016-013] FIX Uncasted member name	2016-08-15 15:52:04 +12:00
Daniel Hensby	782c18fd13	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login	2016-08-15 15:51:53 +12:00
Daniel Hensby	08384bb4d6	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 15:50:56 +12:00
Daniel Hensby	fa7f5af861	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 15:02:53 +12:00
Daniel Hensby	83e3302c04	[SS-2016-013] FIX Uncasted member name	2016-08-15 15:02:47 +12:00
Daniel Hensby	6d41db77fa	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 15:02:41 +12:00

1 2 3 4 5 ...

1160 Commits