silverstripe-framework

mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00

Author	SHA1	Message	Date
Robbie Averill	2f6f5b5eff	Do not send the header if it is not defined	2017-01-11 08:26:04 +13:00
Robbie Averill	cb2dcc75f1	Add X-Robots-Tag noindex,nofollow header from Security controller to prevent indexing	2017-01-09 16:13:39 +13:00
Daniel Hensby	8e5f786b8d	Merge branch '3.4' into 3.5.0	2016-11-15 11:43:16 +00:00
Daniel Hensby	3f4445641d	Merge branch '3.3' into 3.4	2016-11-15 11:35:38 +00:00
Daniel Hensby	c7778a1e9a	Merge branch '3.2' into 3.3	2016-11-15 11:19:27 +00:00
Daniel Hensby	06d0210233	Merge branch '3.1' into 3.2	2016-11-15 11:18:46 +00:00
Daniel Hensby	17097a4d11	[SS-2016-016] FIX Properly escape backURL for template injection	2016-11-10 17:00:03 +00:00
Daniel Hensby	5a7cde0e10	Merge branch '3.4' into 3.5.0	2016-11-09 16:14:40 +00:00
Loz Calver	6bf36fbd30	FIX: Correct return type for Member::currentUser()	2016-11-09 14:20:44 +00:00
Daniel Hensby	beeed8155a	Merge branch '3.4' into 3	2016-09-16 11:56:01 +01:00
Thomas Portelange	995d07756d	cache currentUser query (#6007 ) * cache currentUser query Various modules can call a lot of time Member::currentUser(). We can avoid querying the database multiple times. Cache is implemented as a static array inside the method and store the data byID, in case the currentUserID changes within the same request (not very likely, but..)	2016-09-15 15:45:40 +01:00
Daniel Hensby	3fd9fe3aa0	Merge branch '3.4' into 3	2016-09-07 09:22:06 +01:00
Daniel Hensby	060bf6b327	Merge branch '3.3' into 3.4	2016-08-22 16:22:37 +01:00
Daniel Hensby	088d88e978	Merge branch '3.2' into 3.3	2016-08-22 16:22:02 +01:00
Daniel Hensby	229a2b9217	Merge pull request #4133 from nimeso/patch-1	2016-08-22 11:52:47 +01:00
Damian Mooyman	d88516203c	Merge 3.4 into 3	2016-08-15 19:05:20 +12:00
Daniel Hensby	d1163d87b7	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 15:52:10 +12:00
Daniel Hensby	8bbf1caae6	[SS-2016-013] FIX Uncasted member name	2016-08-15 15:52:04 +12:00
Daniel Hensby	782c18fd13	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login	2016-08-15 15:51:53 +12:00
Daniel Hensby	08384bb4d6	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 15:50:56 +12:00
Daniel Hensby	fa7f5af861	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 15:02:53 +12:00
Daniel Hensby	83e3302c04	[SS-2016-013] FIX Uncasted member name	2016-08-15 15:02:47 +12:00
Daniel Hensby	6d41db77fa	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 15:02:41 +12:00
Daniel Hensby	f85dea2e6d	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 15:02:36 +12:00
Daniel Hensby	b1f449762b	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 14:07:57 +12:00
Daniel Hensby	281b0de571	[SS-2016-013] FIX Uncasted member name	2016-08-15 14:07:51 +12:00
Daniel Hensby	2b30ade44d	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 14:07:40 +12:00
Daniel Hensby	dc47f7ec9a	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 14:07:24 +12:00
Daniel Hensby	1c7d5de51b	[SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled	2016-08-15 13:24:06 +12:00
Daniel Hensby	6817c57f64	[SS-2016-013] FIX Uncasted member name	2016-08-15 13:21:14 +12:00
Daniel Hensby	6606d98663	[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts	2016-08-15 13:20:02 +12:00
Daniel Hensby	298f61521c	[SS-2016-008] Reset `Member::Salt` on password change	2016-08-15 13:19:02 +12:00
Damian Mooyman	3c1a5d2a46	Merge pull request #5872 from dhensby/pulls/3/injector-for-cmslogin FIX Use create syntax for CMSMemberLoginForm remember me form	2016-08-12 14:10:56 +12:00
Daniel Hensby	86add3e021	FIX Use create syntax for CMSMemberLoginForm remember me form	2016-08-07 20:20:20 +01:00
Damian Mooyman	7de5b998e1	Merge 3.4 into 3	2016-08-05 19:12:25 +12:00
Damian Mooyman	ca754eb887	Merge 3.3 into 3.4 # Conflicts: # admin/javascript/lang/fa_IR.js # admin/javascript/lang/it.js # admin/javascript/lang/src/fa_IR.js # admin/javascript/lang/src/it.js # lang/cs.yml # lang/eo.yml # lang/fa_IR.yml # lang/fi.yml # lang/it.yml # lang/sk.yml	2016-08-05 16:48:26 +12:00
Damian Mooyman	0d5ae23f2b	Merge 3.2 into 3.3	2016-08-05 14:36:35 +12:00
Andrew Aitken-Fincham	66f2e6811b	modify getAuthenticator to fall back to get_default_authenticator	2016-08-03 10:36:43 +12:00
Damian Mooyman	d08ab6ac81	API Allow X-Frame-Options to be configured Fixes #2970	2016-07-15 14:08:14 +12:00
Daniel Hensby	a449045b09	Merge branch '3.4' into 3	2016-07-04 23:54:27 +01:00
Daniel Hensby	c35dc508cb	Merge branch '3.3' into 3.4	2016-07-04 23:53:55 +01:00
Daniel Hensby	ee326f6394	Merge branch 'hailwood/patch-5' into 3	2016-07-01 14:53:02 +01:00
Matthew Hailwood	4f0969f119	Make lost password url a config option like login_url and logout_url Also makes the login_url, logout_url and new lost_password_url functions return their link relative to the base url rather than assuming the base tag	2016-07-01 14:47:51 +01:00
Damian Mooyman	f1a0aef0d7	BUG fix CMS_ACCESS permission being ignored if in incorrect order in array	2016-06-28 17:45:15 +12:00
Daniel Hensby	19b9413432	NEW Use injector for MemberLoginForm fields	2016-06-10 22:50:38 +01:00
Stevie Mayhew	b1df9dcb1d	BUGFIX: check that we have a token and a UID before attempting a member auto login	2016-05-20 09:19:08 +12:00
Damian Mooyman	4d1ddf0e62	BUG Prevent session hijackers from resetting a user password BUG Member::checkPassword incorrect for default admin	2016-05-16 10:54:18 +12:00
Damian Mooyman	4f06a43986	Merge 3.3 into 3 # Conflicts: # admin/javascript/lang/src/cs.js # admin/javascript/lang/src/de.js # admin/javascript/lang/src/en.js # admin/javascript/lang/src/eo.js # admin/javascript/lang/src/es.js # admin/javascript/lang/src/fi.js # admin/javascript/lang/src/fr.js # admin/javascript/lang/src/id.js # admin/javascript/lang/src/id_ID.js # admin/javascript/lang/src/it.js # admin/javascript/lang/src/ja.js # admin/javascript/lang/src/lt.js # admin/javascript/lang/src/mi.js # admin/javascript/lang/src/nb.js # admin/javascript/lang/src/nl.js # admin/javascript/lang/src/pl.js # admin/javascript/lang/src/ro.js # admin/javascript/lang/src/ru.js # admin/javascript/lang/src/sk.js # admin/javascript/lang/src/sl.js # admin/javascript/lang/src/sr.js # admin/javascript/lang/src/sr@latin.js # admin/javascript/lang/src/sr_RS.js # admin/javascript/lang/src/sr_RS@latin.js # admin/javascript/lang/src/sv.js # admin/javascript/lang/src/zh.js # javascript/lang/fr.js # javascript/lang/src/ar.js # javascript/lang/src/cs.js # javascript/lang/src/de.js # javascript/lang/src/en.js # javascript/lang/src/eo.js # javascript/lang/src/es.js # javascript/lang/src/fi.js # javascript/lang/src/fr.js # javascript/lang/src/id.js # javascript/lang/src/id_ID.js # javascript/lang/src/it.js # javascript/lang/src/ja.js # javascript/lang/src/lt.js # javascript/lang/src/mi.js # javascript/lang/src/nb.js # javascript/lang/src/nl.js # javascript/lang/src/pl.js # javascript/lang/src/ru.js # javascript/lang/src/sk.js # javascript/lang/src/sl.js # javascript/lang/src/sr.js # javascript/lang/src/sr@latin.js # javascript/lang/src/sr_RS.js # javascript/lang/src/sr_RS@latin.js # javascript/lang/src/sv.js # javascript/lang/src/zh.js # lang/it.yml	2016-05-11 14:06:23 +12:00
Daniel Hensby	d1751e3310	Merge remote-tracking branch '3.2.4' into 3.3.2	2016-05-05 12:33:21 +01:00
Daniel Hensby	cf29b2c146	Merge remote-tracking branch '3.1.19' into 3.2.4	2016-05-05 11:17:45 +01:00

1 2 3 4 5 ...

1133 Commits