tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-03 01:49:37 +02:00
Code Issues Projects Releases Wiki Activity
23,979 Commits 29 Branches 516 Tags 147 MiB
b8f0b8ca4f
Commit Graph

377 Commits

Author SHA1 Message Date
Florian Thoma
3e2ca3027b destroy session on logout instead of restarting it 2021-07-20 12:05:16 +10:00
Steve Boyd
e812999632 Merge branch '4.7' into 4.8 2021-06-21 14:58:40 +12:00
Steve Boyd
b625ba99b3 ENH Remove wording for authenticated devices being manageable 2021-06-18 09:50:13 +12:00
Steve Boyd
7ed7ad0254 FIX Ensure changing a password to blank is validated 2021-06-17 12:05:20 +12:00
Garion Herman
debf1ae9fb
Merge pull request #9887 from lekoala/patch-18 2021-04-24 21:05:29 +12:00
Steve Boyd
bcccc63d33 API Methods to override logout_accross_devices 2021-04-19 13:13:35 +12:00
Maxime Rainville
fdd23a3675 Merge branch '4.7' into 4 2021-04-14 11:35:58 +12:00
André Kiste
e2777ded8e • Add missing string 
• Move attribute to login-forms
 2021-04-13 15:33:49 +12:00
André Kiste
bbcc187c02 Update conflicting translations. 
Revert removal of translations.
 2021-04-12 11:42:57 +12:00
André Kiste
8692aabe9b Use new designs 2021-04-08 12:32:12 +12:00
Steve Boyd
1c7fd287a1 ENH Reduce default token period from 90 to 30 days 2021-04-06 13:22:10 +12:00
Maxime Rainville
66fa597b3b
FIX Better handling of remember me token when login across devices is disabled (#9895) 
* BUG Make sure remember me tokens are not invalidated when logging out without the logout_across_devices flag

* Remove unneeded comment
 2021-03-31 11:31:52 +13:00
André Kiste
44fae4497b Better describe the 'keep me signed in' checkbox 2021-03-30 13:19:55 +13:00
Thomas Portelange
22b2d58b5a
Update src/Security/Member.php 
Co-authored-by: Steve Boyd <emteknetnz@gmail.com>
 2021-03-22 09:02:18 +01:00
Thomas Portelange
19052e6924
Update src/Security/Member.php 
Co-authored-by: Steve Boyd <emteknetnz@gmail.com>
 2021-03-22 09:02:13 +01:00
Thomas Portelange
0586c55e62
prevent spaces in emails 
so this is not the first time a customer of mine is just copy pasting stuff in emails fields and somehow, a space at the end skips validation. this update ensure there is no space before or after the email, it would probably save a lot of time for everyone to have this build in.
it's probably better to fix it here rather than at form level because this also happens for csv imports etc
 2021-03-19 10:11:02 +01:00
William Desportes
c932d7e7fb
Fix the phpdoc blocks 2020-12-21 22:23:23 +01:00
Robbie Averill
7184703a57
Merge pull request #9516 from alessandromarotta/isLockectOut-call-LoginAttempt-getByEmail 
isLockedOut() in Member.php call LoginAttempt::getByEmail but it passes to it the unique_identifier_field instead $this->Email
 2020-10-01 17:43:30 -07:00
Robbie Averill
27bd5d12e3 ENH Replace E_USER_ERROR errors with exceptions 2020-09-24 23:51:21 -07:00
Dan Hensby
ae0ece2b02
Merge pull request #9665 from creative-commoners/pulls/4/php8-fqcn-token 2020-09-18 20:44:22 +01:00
Steve Boyd
ab50e2cc51 Merge branch '4.6' into 4 2020-09-15 13:44:57 +12:00
Maxime Rainville
8bcfa57342 BUG Make PasswordEncryptor::check more resistent to timing attacks 2020-09-10 22:17:50 +12:00
Maxime Rainville
adaf793ddb
BUG Always validate Member credentials against DRAFT stage (#9671) 2020-09-08 11:47:04 +12:00
Sam Minnee
622cf8b914 FIX: Drop parameter names in Injector instantiation to preserve behaviour in PHP 8 
Fixes #9667
 2020-09-07 17:24:00 +12:00
Loz Calver
7377d094c0 FIX: Include missing security page titles when CMS not installed (fixes #9648) 2020-08-21 14:55:06 +01:00
Nicolaas
65e0233258
PATCH: using standard way to refer to classes Group and PermissionRoleCode 2020-07-14 07:50:05 +12:00
Alessandro Marotta
f3d1e308e5 Update Member.php 
The public function isLockedOut() in Member.php call LoginAttempt::getByEmail but serves to it the unique_identifier_field.

This PR could allow to extensions to patch the use of uniqueidentifierfield (otherwise it would be necessary to extends the Member Class to override the isLockedOut function, with a lot of problems)
 2020-05-10 19:07:22 +02:00
Daniel Hensby
42cee6f5fb
Merge pull request #9489 from mattclegg/1587548067 
DOCS: Fix typos
 2020-04-22 12:28:02 +01:00
Daniel Hensby
826d1fa4eb
Merge pull request #9491 from mattclegg/1587548119 
DOCS: Remove unnecessary `return`
 2020-04-22 12:22:15 +01:00
mattclegg
2f717a4d90
DOCS: Remove unnecessary return 2020-04-22 15:50:12 +05:45
mattclegg
d521a52a33
DOCS: Fix typos 2020-04-22 15:20:11 +05:45
Daniel Hensby
237b2d5f74
Convert array delcarations to short array syntax 2020-04-20 18:58:09 +01:00
Serge Latyntcev
cb36aab80c Merge branch '4.5' into 4 2020-04-15 14:49:19 +12:00
mattclegg
e968f5cb86
DOCS: Remove outdated TODO 2020-04-14 15:00:08 +05:45
Robbie Averill
f77f725355
Merge pull request #9447 from mattclegg/docs__GridFieldDetailForm_ItemRequest-httpError 
[DOCS] Better debug text for errors generated by GridFieldDetailForm_ItemRequest
 2020-04-02 13:05:49 -07:00
Dan Hensby
9e0ed0a50a
Fix spaces around concatenation operator 2020-04-02 12:09:22 +01:00
Dan Hensby
5bf2ac83ee
Merge branch '4.5' into 4 2020-04-01 19:23:47 +01:00
Matt Clegg
e80f1b2b83
[DOCS] Member::logInAs is not a valid example 
Member::logInAs doesn't exist as a static function.

Additionally, `logInAs` does exist as a function in SapphireTest.php, so, should this be updated to also use `Member::actAs` for consistency?
 2020-03-31 18:20:21 +05:45
Robbie Averill
5002f514b3
FIX Capitalisation fixes in welcome back message (#9439) 2020-03-23 15:54:30 +13:00
mattclegg
06dab6b539
[BUGFIX] silverstripe/admin is not required to be installed 
If the silverstripe/admin module is not installed then the javascript/css requirements fail to load
 2020-03-16 18:54:01 +05:45
Serge Latyntsev
bd2ccf70fa
Merge pull request #9282 from open-sausages/pulls/4/docs/clarify-basic-auth 
DOCS Clarify BasicAuth limitations
 2019-10-22 14:01:51 +13:00
Serge Latyntcev
33a28394d6 Merge branch '4.4' into 4 2019-10-18 15:59:28 +13:00
Serge Latyntcev
0cf5d4cbe2 Merge branch '4.3' into 4.4 2019-10-18 15:58:13 +13:00
Serge Latyntcev
46b9530d88 PSR2 linting fixes 2019-10-18 15:31:39 +13:00
Serge Latyntcev
7873efde9c Merge branch '4.4' into 4 2019-10-18 10:58:19 +13:00
Ingo Schommer
8dcda91538 DOCS Clarify BasicAuth limitations 2019-10-10 10:41:39 +13:00
Damian Mooyman
d7752b7945
Run PSR2 Lint cleaner 2019-10-04 13:26:31 +13:00
Robbie Averill
e49cec3a00
Merge pull request #9247 from jakxnz/pulls/4/record-login-attempt-outputs 
ENHANCEMENT: MemberAuthenticator::recordLoginAttempt() outputs
 2019-10-03 10:46:34 -07:00
Serge Latyntcev
88fde6e7c3 Merge branch '4.4' into 4 2019-09-24 17:29:06 +12:00
Serge Latyntcev
50a1aa4c4d Merge branch '4.3' into 4.4 2019-09-24 17:28:31 +12:00
Aaron Carlino
b002ef1171 Merge branch '4.4' into 4 2019-09-24 17:26:50 +12:00
Serge Latyntcev
8b7063a8e2 [CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution 2019-09-24 16:03:48 +12:00
Serge Latyntcev
eccfa9b10d [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
 2019-09-24 16:03:48 +12:00
Serge Latyntcev
5af205993d [CVE-2019-12617] Fix access escalation for CMS users with limited access through permission cache pollution 2019-09-24 16:00:51 +12:00
Serge Latyntcev
569237c0f4 [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
 2019-09-24 16:00:51 +12:00
Jackson Darlow
a033662a3a MemberAuthenticator::recordLoginAttempt() outputs 2019-09-24 14:24:59 +12:00
Robbie Averill
3cfc21c405
Merge pull request #9241 from open-sausages/pulls/4.4.3/fix-file-permission 
Fix administrators not being able to see files that are restricted to groups
 2019-09-23 11:13:26 -07:00
Loz Calver
efdb9cc718 FIX: run member CMS validator when editing via groups (fixes #9184) 2019-09-23 16:59:58 +01:00
bergice
6a1c6ecec6 Fix administrators not being able to see files that are restricted to groups 
Resolves https://github.com/silverstripe/silverstripe-asset-admin/issues/777
 2019-09-23 16:44:28 +12:00
Serge Latyntsev
233e0e7aa0 ENH PasswordExpirationMiddleware implementation (#9207) 2019-09-12 14:34:06 +12:00
Robbie Averill
e8c2f963fd FIX Member::getLastName() now correctly returns the Member surname 2019-09-06 12:12:27 -07:00
Hels666
22a6a5b1e3 NEW Add getLastName() method to Member.php (#9222) 
* Add getLastName() method to Member.php

Add getLastName() method to Silverstripe\Security\Member.php to allow use of $LastName instead of $Surname in templates as it is a common mistake made

this is for issue #9219
as discussed in Slack on 04-Sep-2019

* Minor doc block clean-up

* Update src/Security/Member.php - typo fix

Co-Authored-By: Guy Marriott <guy@scopey.co.nz>
 2019-09-06 20:31:22 +12:00
Maxime Rainville
dd40d53e6b Merge branch '4.4' into 4 2019-09-04 09:46:33 +12:00
Maxime Rainville
24015c7767 Merge branch '4.3' into 4.4 2019-09-04 09:42:09 +12:00
Robbie Averill
0b991cc039
Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group 
Bug : Add html_entity_decode to group parents
 2019-08-30 09:51:52 +12:00
Dileep Ratnayake
fe4eb5dd2a
Update src/Security/Group.php 
Co-Authored-By: Maxime Rainville <maxime@rainville.me>
 2019-08-29 15:44:41 +12:00
Maxime Rainville
73f43c6f42 BUG Remove placeholder text on new group form 2019-08-28 17:14:19 +12:00
Dileep Ratnayake
9b7075ed5d
Update Group.php 2019-08-27 16:22:00 +12:00
Dileep Ratnayake
a976a1688b
Update Group.php 
move to private method
 2019-08-27 16:21:08 +12:00
Dileep Ratnayake
40e5c4ec59
Update Group.php 
use of convert::raw2xml, rename $grp to $group
 2019-08-27 16:19:40 +12:00
Dileep Ratnayake
4f8240bd48
Update src/Security/Group.php 
Co-Authored-By: Andre Kiste <bergice@users.noreply.github.com>
 2019-08-27 12:19:03 +12:00
Dileep Ratnayake
f7a602137a
add html_entity_decode to breadcrumbs 2019-08-27 11:49:17 +12:00
Robbie Averill
a5d6b998fc Merge branch '4.4' into 4 2019-08-16 16:40:39 +12:00
Robbie Averill
bae7e32680 FIX Member::changePassword() no longer applies password validation rules to the hashed value 2019-08-16 09:06:07 +12:00
Robbie Averill
0672f8b76b NEW HTTPRequest now has hasSession() to determine whether a session exists for it 2019-08-02 11:29:23 +12:00
Robbie Averill
3224c9971b Merge branch '4.4' into 4 2019-08-02 11:24:54 +12:00
Robbie Averill
3b96c51688 Merge branch '4.3' into 4.4 2019-08-02 11:24:45 +12:00
Robbie Averill
5c794dfcdd FIX Prevent setting session value when no session exists yet 2019-07-29 17:16:01 +02:00
Serge Latyntcev
29a663c65d Merge branch '4.4' into 4 2019-07-15 09:24:49 +12:00
Serge Latyntsev
7ef13e7ef6 FIX Confirmation components to respect SS_BASE_URL (#9074) 2019-07-05 16:05:41 +12:00
Aaron Carlino
d04e54c1be Merge branch '4.4' into 4 2019-06-10 17:33:30 +12:00
Aaron Carlino
c747b1f8d3 Merge branch '4.3' into 4.4 2019-06-10 17:32:07 +12:00
Aaron Carlino
f766555d61 Merge branch '4.2' into 4.3 2019-06-10 17:27:05 +12:00
Serge Latyntcev
ca56e8d78e [CVE-2019-12246] Denial of Service on flush and development URL tools 2019-06-10 17:23:56 +12:00
Robbie Averill
d873779956 API checkHistoricalPasswords(), characterStrength() and minLength() are now correctly deprecated from 4.5.0 onwards 2019-05-27 09:12:32 +12:00
Aaron Carlino
dfa90715f7 Merge branch '4.4' into 4 2019-05-13 16:08:05 +12:00
Guy Marriott
abaeeb9432
Merge branch '4.3' into 4.4 2019-05-13 15:56:41 +12:00
Guy Marriott
53cb804929
Merge branch '4.2' into 4.3 2019-05-13 15:56:23 +12:00
matt-in-a-hat
db0e6f7104 Fix password validation min length message 
When relying on static config instead of an explicitly set minLength then this message would show without the value, like "it must be  or more characters long".
 2019-05-13 13:43:29 +12:00
Indy Griffiths
5dc57518c2
NEW Filter out authenticators that are falsy 
Use-case: if a module is defining its own authenticator and you want to disable it, as it seems we don't have `unregister_authenticator()` anymore and I can't spot how to remove YAML-based injected properties, then this lets you mark it as null or false to prevent it from erroring out when it attempts to call `supportedServices()`
 2019-05-04 20:58:48 +12:00
Robbie Averill
7775f82584 FIX Handle falsy return value when setting form field value in setAuthenticatorClass() 2019-02-01 19:39:15 +03:00
Robbie Averill
ebfab45e23 API LoginForm::authentiator_class is now deprecated, use getters or setters instead 2019-02-01 19:39:15 +03:00
Maxime Rainville
868258926f
Implement feedback on PSR-19 compatibility 2019-01-30 11:57:17 +13:00
Robbie Averill
b0fc161235
Merge branch '4' into pulls/4/deprecating-declared-permissions 2019-01-29 09:33:44 +02:00
Robbie Averill
47fbaebb92
Alter deprecation version numbers 
Co-Authored-By: ScopeyNZ <guy@scopey.co.nz>
 2018-11-06 00:07:24 +13:00
Guy Marriott
2ff7ee6752
NEW Deprecate RandomGenerator::generateEntropy in favour of using random_bytes directly 2018-11-01 19:51:15 +13:00
Maxime Rainville
0703c1a94e API Deprecating Permission::$declared_permissions and related methods/props 2018-11-01 09:28:05 +13:00
micmania1
1e83dff4ed BUGFIX #828 optimised query in graphql asset admin 2018-10-18 18:34:03 +13:00
Robbie Averill
ee24413c30 Merge branch '4.2' into 4 2018-10-03 15:28:05 +02:00
Robbie Averill
231d6d9a9f FIX New members now receive the configured default locale, not the current locale 2018-09-28 16:25:10 +02:00
Robbie Averill
4d14e9b6b1
Merge pull request #8421 from creative-commoners/pulls/4.3/psr-5-deprecations 
Update deprecation PHPDocs to be PSR-5 compliant
 2018-09-28 14:18:54 +02:00
Robbie Averill
f842ee2eec Update deprecation PHPDocs to be PSR-5 compliant 
See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated
 2018-09-28 10:49:14 +02:00
Robbie Averill
adb4d1f92d MINOR Reduce some code complexity, update array syntax and injected SQLSelect etc 2018-09-27 16:40:23 +02:00
Simon Gow
c269a987d5 Performance issues with BasicAuth and LoginAttempts 
Two functions interact with the LoginAttempt object which when used in conjunction with BasicAuth result in significant performance degradation over time, as the LoginAttempts Table fills.

This fix adds an index to the lookup column EmailHashed and removes the Email filter part of getByEmail() so it can use the index resulting in a much faster query.

For more information see https://github.com/silverstripe/silverstripe-framework/issues/8389
 2018-09-20 13:34:03 +12:00
Robbie Averill
373a8afeb5 Merge branch '4.2' into 4 2018-09-06 13:26:46 +02:00
Ingo Schommer
f7d85fe794 Make sure that CMS requests disable caching 
Original author: @dhensby

Forward port from 3.7 fix at https://github.com/silverstripe/silverstripe-framework/pull/8318
 2018-09-05 11:38:41 +12:00
Robbie Averill
83e461abbf Merge branch '4.2' into 4 2018-08-27 16:15:57 +12:00
Robbie Averill
373326e49c
Merge pull request #8324 from creative-commoners/pulls/4.2/request-before-init 
FIX Pass request to dummy controller before calling init
 2018-08-21 12:08:14 +12:00
Robbie Averill
18fff5c16c Remove past tense for "log in" in expired token message 2018-08-20 22:31:23 +12:00
Robbie Averill
dbab696690 FIX Message when changing password with invalid token now contains correct links to login 
The Security controller should be used to return these links rather than the
ChangePasswordHandler
 2018-08-20 22:30:12 +12:00
Robbie Averill
873873dc30 FIX Pass request to dummy controller before calling init 2018-08-15 10:14:25 +12:00
Anh Le
68f75a9e25
Password changing notification issue on new member 
With `notify_password_change = true`, new member is receiving notification email regarding password changing when they should not.
 2018-08-13 14:13:05 +07:00
Ingo Schommer
2d6964c243
Merge pull request #8261 from open-sausages/pulls/4/secure-remember-me-cookie 
NEW Option for secure "remember me" cookie
 2018-07-31 09:19:15 +12:00
Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie 
Fixes #8234
 2018-07-30 16:41:49 +01:00
Ingo Schommer
93b0884e19 BUG Lazy session state (fixes #8267) 
Fixes regression from 3.x, where sessions where lazy started as required:
Either because an existing session identifier was sent through with the request,
or because new session data needed to be persisted as part of the request execution.

Without this lazy starting, *every* request will get a session,
which makes all those responses uncacheable by HTTP layers.

Note that 4.x also changed the $data vs. $changedData payloads:
In 3.x, they both contained key/value pairs.
In 4.x, $data contains key/value, while $changedData contains key/boolean to declare isChanged.
While this reduces duplication in the class, it also surfaced a bug which was latent in 3.x:
When an existing session is lazily resumed via start(), $data is set back to an empty array.
In 3.x, any changed data before this point was *also* retained in $changedData,
ensuring it gets merged into existing $_SESSION data.
In 4.x, this clears out data - hence the need for a more complex merge logic.

Since isset($this->data) is no longer an accurate indicator of a started session,
we introduce a separate $this->started flag.

Note that I've chosen not to make lazy an opt-in (e.g. via start($request, $lazy=false)).
We already have a distinction between lazy starting via init(), and force starting via start().
 2018-07-19 13:32:04 +12:00
Daniel Hensby
560fe9820a FIX remove personal information from password reset confirmation screen 2018-07-05 14:19:15 +12:00
Robbie Averill
e0993043f8 Merge branch '4.1' into 4 2018-05-30 15:08:39 +12:00
Robbie Averill
c8b0bc0ad7 Merge branch '4.0' into 4.1 
# Conflicts:
  #	src/ORM/DataObject.php
  #	tests/php/ORM/DataObjectDuplicationTest.php
  #	tests/php/ORM/DataObjectDuplicationTest/Class1.php
 2018-05-30 14:52:07 +12:00
Robbie Averill
ea16e28aa7 Merge branch '4.1' into 4 2018-05-28 18:33:56 +12:00
Robbie Averill
6d98a912c9 Merge branch 'heads/4.1.1' into 4.1 2018-05-28 18:26:20 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
722202fef4 Merge remote-tracking branch 'origin/4.0.4' into 4.1.1 
# Conflicts:
  #	src/Control/Director.php
 2018-05-24 15:41:11 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010 
[SS-2018-010] Fix regression of SS-2017-002
 2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
azt3k
6b39b25e20
Fixes a count() php warning without an api change 
Warning: count(): Parameter must be an array or an object that implements Countable in /path/to/vendor/silverstripe/framework/src/Security/Member.php on line 1355
 2018-04-27 09:31:07 +01:00
Damian Mooyman
9a12fac218
BUG Prevent password validator min score producing false negatives 
Replaces #7995
 2018-04-18 10:35:31 +12:00
Daniel Hensby
70effc7046
Revert "ENHANCEMENT Add config var to skip confirm logout (#7977)" 
This reverts commit 47bcac930d.
 2018-04-04 13:51:18 +01:00
Andrew Aitken-Fincham
47bcac930d ENHANCEMENT Add config var to skip confirm logout (#7977) 2018-04-04 09:43:49 +12:00
Damian Mooyman
386ef27f65
Update requesthandlers with missing extension points 2018-03-23 15:28:00 +13:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-03-13 14:26:18 +13:00
Joe Harvey
bf2cee3989 Bugfix - Correct duplicate nesting of 'Content' to be returned to template 
In scenarios where:

- No member is logged in
- An 'AutoLoginHash' is provided via the 't' (token) query param
- The token isn't valid (determined by Member::validateAutoLoginToken())

The message which is intended to be returned to the end-user via $Content
in the template, is mistakenly double nested in ['Content' => ['Content' => 'Message']]
this leads to "The method forTemplate() doesn't exist on ArrayData" errors.

See - https://github.com/silverstripe/silverstripe-framework/issues/7866
 2018-03-07 14:14:05 +00:00
JorisDebonnet
3e0984db49
Delete orphaned Group_Members records after deleting a Member 2018-02-27 19:47:26 +01:00
Daniel Hensby
c04ff8c55a
Merge branch '4.0' into 4.1 2018-02-21 13:40:30 +00:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records 2018-02-20 12:20:18 +13:00
Daniel Hensby
7ec5fa2c8d
Merge branch '4.0' into 4.1 2018-02-09 15:19:15 +00:00
Daniel Hensby
e298fcc345
Merge branch '3.6' into 4.0 2018-02-09 14:32:58 +00:00
Damian Mooyman
2f1f5c0caa
Merge remote-tracking branch 'origin/4.0' into 4 2018-02-07 11:48:46 +13:00
Daniel Hensby
660dfd34a8
FIX Issue where default admin has no password encryption 2018-02-06 20:18:32 +00:00
Damian Mooyman
e359948eb3
Merge remote-tracking branch 'origin/4.0' into 4 
# Conflicts:
#	src/Core/CoreKernel.php
 2018-02-05 17:52:38 +13:00
Simon Erkelens
a071672b48 [bugfix] $request == null breaks 
The $request incoming as null was not properly detected by the if/elseif structure.
 2018-02-05 13:02:07 +13:00
Damian Mooyman
bc2fc7f2db
BUG Prevent invalid members being written to database if validation_enabled is false 2018-02-01 16:24:31 +13:00
Christopher Joe
456871fd91 Enhancement Updated PasswordValidator to fallback to config options - still retains instance variables 2018-01-31 10:54:43 +13:00
Damian Mooyman
bca47029c4
Merge remote-tracking branch 'origin/4.0' into 4 
# Conflicts:
#	src/Control/SimpleResourceURLGenerator.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
 2018-01-25 12:53:15 +13:00
Damian Mooyman
a3c52f901a
Merge remote-tracking branch 'origin/4.0' into 4 
# Conflicts:
#	src/Core/TempFolder.php
#	src/ORM/DataObject.php
#	src/View/ThemeResourceLoader.php
#	src/includes/constants.php
#	tests/php/Control/SimpleResourceURLGeneratorTest.php
#	tests/php/Forms/HTMLEditor/HTMLEditorFieldTest.php
#	tests/php/View/RequirementsTest.php
 2018-01-22 14:57:05 +13:00
Damian Mooyman
60fa7558d3
BUG Fix double casting in login authenticator name 
Fixes #7769
 2018-01-22 14:06:24 +13:00
Daniel Hensby
db610aaf3b
Fixing string concat CS issues 2018-01-16 18:39:30 +00:00
Damian Mooyman
f86b855c90
BUG Prevent basic-auth from disallowing logout 
Fixes #7555
 2018-01-16 15:24:20 +13:00
Damian Mooyman
c4ff8443bb
API Shift basic auth checking into middleware 
Fixes #7554
 2017-12-20 11:39:04 +13:00