Simon Erkelens
774d44a574
Authentication documentation rewrite
2017-08-28 16:28:30 +12:00
Aaron Carlino
50c8a02bff
remove tabs
2017-08-07 15:11:17 +12:00
Aaron Carlino
e4935123d8
Remove a few more references
2017-08-07 14:01:38 +12:00
Aaron Carlino
6c0629f025
Remove more deprecated APIs
2017-08-07 14:01:38 +12:00
Aaron Carlino
e4fba5a7b1
add use statements
2017-08-07 14:01:38 +12:00
Aaron Carlino
84feab5a68
Yeah psr2 functions
2017-08-07 14:01:38 +12:00
Aaron Carlino
4c7a068b28
classes psr2
2017-08-07 14:01:38 +12:00
Aaron Carlino
2414eaeafd
Yay, clean arrays
2017-08-07 14:01:38 +12:00
Aaron Carlino
eb1695c03d
Replace all legacy ::: syntax with GFMD tags
2017-08-07 14:01:38 +12:00
Saophalkun Ponlu
63ba092765
FIX Add namespaces in markdown docs ( #7088 )
...
* FIX Add namespaces in markdown docs
* FIX Convert doc [link] to [link-text](link-uri)
2017-07-03 13:22:12 +12:00
Sam Minnee
ccc86306b6
NEW: Add TrustedProxyMiddleware
...
API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config
API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config
API: Front-End-Https = “on” header no longer supported
This middleware replaces the TRUSTED_PROXY setting and shifts its
configuration out of the env vars and bootstrap and into the Director
flow.
2017-06-27 13:32:39 +12:00
Simon Erkelens
2b26cafcff
Separate out the log-out handling.
...
Repairing tests and regressions
Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()`
Fix for the logout handler to properly logout, some minor wording updates
Remove the login hashes for the member when logging out.
BasicAuth to use `HTTPRequest`
2017-06-07 21:11:58 +12:00
Simon Gow
5f82997690
Secure Coding - Security Headers, Force HTTPS and Cookies
...
- Amending best practices for secure coding to enforce HTTPS
- Add security headers to enforce HTTPS
- Ensure secure cookies are used.
- Added links for testing, changed documentation as part of peer review.
- Arrange headers to work with HTTP interface.
- fixed Cache-Control case
- Added reference to Secure Sessions.
- Replaced Cardinality with unique
- Fixed innacurate reference to decendant.
- Consistent spelling
- Databases over DBMSs
2017-04-13 13:59:02 +12:00
Daniel Hensby
6e096f6172
DOCS Updated environment management docs to use .env file
2017-01-31 21:28:51 +00:00
Damian Mooyman
7d67c5b9bd
API Allow users to act-as another
2017-01-16 09:04:20 +13:00
Robbie Averill
c620063608
DOCS Update docs to reference PageController
without an underscore, implement some PSR-2
2017-01-11 09:59:28 +13:00
Damian Mooyman
bfd9cb1aca
Rename SS_ prefixed classes ( #5974 )
2016-09-09 18:43:05 +12:00
Ingo Schommer
c96e031367
Moved coding conventions docs into contributing folder
...
Also created a contributing/coding_conventions landing page separately from the PHP ones, since we now need to account for JS and CSS conventions as well
2016-06-13 08:30:44 +12:00
Damian Mooyman
d52db0ba34
Merge 3 into master
...
# Conflicts:
# .travis.yml
# admin/css/ie7.css
# admin/css/ie7.css.map
# admin/css/ie8.css.map
# admin/css/screen.css
# admin/css/screen.css.map
# admin/javascript/LeftAndMain.js
# admin/scss/_style.scss
# admin/scss/_uitheme.scss
# control/HTTPRequest.php
# core/Object.php
# css/AssetUploadField.css
# css/AssetUploadField.css.map
# css/ConfirmedPasswordField.css.map
# css/Form.css.map
# css/GridField.css.map
# css/TreeDropdownField.css.map
# css/UploadField.css
# css/UploadField.css.map
# css/debug.css.map
# dev/Debug.php
# docs/en/00_Getting_Started/00_Server_Requirements.md
# docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
# docs/en/02_Developer_Guides/06_Testing/index.md
# docs/en/02_Developer_Guides/14_Files/02_Images.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Extend_CMS_Interface.md
# filesystem/File.php
# filesystem/Folder.php
# filesystem/GD.php
# filesystem/Upload.php
# forms/ToggleField.php
# forms/Validator.php
# javascript/lang/en_GB.js
# javascript/lang/fr.js
# javascript/lang/src/en.js
# javascript/lang/src/fr.js
# model/Image.php
# model/UnsavedRelationList.php
# model/Versioned.php
# model/connect/MySQLDatabase.php
# model/fieldtypes/DBField.php
# model/fieldtypes/Enum.php
# scss/AssetUploadField.scss
# scss/UploadField.scss
# templates/email/ChangePasswordEmail.ss
# templates/forms/DropdownField.ss
# tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php
# tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php
# tests/forms/EnumFieldTest.php
# tests/security/MemberTest.php
# tests/security/MemberTest.yml
# tests/security/SecurityTest.php
2016-04-29 17:50:55 +12:00
Daniel Hensby
745faebd81
Merge 3.2 into 3.3
...
Conflicts:
.travis.yml
2016-04-26 00:17:09 +01:00
Damian Mooyman
b8e7f9a934
Standardise spelling of "customise"
...
Fixes #3988
2016-03-30 13:17:28 +13:00
Ingo Schommer
f36b110db3
Merge remote-tracking branch 'origin/3.3'
2016-03-04 17:06:04 +13:00
Damian Mooyman
24a6c53645
Merge branch '3.2' into 3.3
...
# Conflicts:
# admin/code/ModelAdmin.php
# lang/cs.yml
# lang/lt.yml
# lang/sk.yml
2016-02-29 17:03:22 +13:00
Damian Mooyman
2c1f837442
Merge branch '3.1' into 3.2
...
# Conflicts:
# docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
# docs/en/01_Tutorials/03_Forms.md
# docs/en/02_Developer_Guides/00_Model/08_SQL_Query.md
# docs/en/02_Developer_Guides/00_Model/10_Versioning.md
# docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
# docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
# docs/en/02_Developer_Guides/09_Security/01_Access_Control.md
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/14_Files/index.md
# lang/cs.yml
# lang/fi.yml
# lang/sk.yml
2016-02-29 16:59:20 +13:00
Damian Mooyman
3b0a9f4ba2
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# admin/javascript/LeftAndMain.Menu.js
# control/HTTPRequest.php
# css/GridField.css
# css/GridField.css.map
# docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md
# docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md
# docs/en/02_Developer_Guides/06_Testing/index.md
# docs/en/02_Developer_Guides/14_Files/01_File_Management.md
# docs/en/02_Developer_Guides/14_Files/02_Images.md
# filesystem/Upload.php
# javascript/HtmlEditorField.js
# model/Image.php
# model/connect/MySQLDatabase.php
# model/fieldtypes/Enum.php
# model/versioning/Versioned.php
# scss/GridField.scss
2016-02-25 14:51:59 +13:00
Damian Mooyman
5f2d3f31d7
Merge remote-tracking branch 'origin/3.2' into 3.3
...
# Conflicts:
# dev/DevelopmentAdmin.php
# docs/en/02_Developer_Guides/08_Performance/02_HTTP_Cache_Headers.md
# lang/cs.yml
# lang/lt.yml
2016-02-24 17:29:06 +13:00
Damian Mooyman
ff5ed6efeb
Merge remote-tracking branch 'origin/3.2.2' into 3.2
2016-02-24 17:03:43 +13:00
Damian Mooyman
06d5050321
Merge remote-tracking branch 'origin/3.1.17' into 3.1
2016-02-24 16:54:18 +13:00
Ingo Schommer
37059eb6b3
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:47:16 +13:00
Ingo Schommer
faa94d51d5
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-24 11:33:54 +13:00
Ingo Schommer
893e49703d
[ss-2016-003] Hostname, IP and Protocol Spoofing through HTTP Headers
2016-02-18 17:28:54 +13:00
David Alexander
903379bde2
DOCS 3.2 : fixing api: links now that api: tag parser working
...
fixed a couple of external links
fixed a docs link
2016-02-17 18:02:38 -07:00
David Alexander
febbd35b51
DOCS 3.1 : fixing api: links
...
missed one
2016-02-17 03:00:22 -07:00
Jean-Fabien Barrois
bab1f230bf
NEW Cross device "Remember Me" feature
...
At the moment, using the "Remember me" function on more than one device will only work with the last device used. Previous devices will not auto login.
This PR introduces a new DataObject for storing hashed tokens against multiple devices. Developers can configure if logging out should discard all tokens, or only the one used on the device logging out; token expiry date is 90 days by default but configurable. For added security, the old behaviour can still be enforced if multiple tokens are not desired.
See silverstripe#1574 for additional background
2016-02-10 09:42:08 +13:00
Damian Mooyman
e6b877df27
Merge remote-tracking branch 'origin/3'
...
# Conflicts:
# control/Director.php
# control/HTTP.php
# core/startup/ParameterConfirmationToken.php
# docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md
# docs/en/00_Getting_Started/04_Directory_Structure.md
# docs/en/00_Getting_Started/05_Coding_Conventions.md
# docs/en/01_Tutorials/01_Building_A_Basic_Site.md
# docs/en/01_Tutorials/02_Extending_A_Basic_Site.md
# docs/en/01_Tutorials/03_Forms.md
# docs/en/01_Tutorials/04_Site_Search.md
# docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md
# docs/en/02_Developer_Guides/12_Search/01_Searchcontext.md
# docs/en/02_Developer_Guides/13_i18n/index.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/06_Javascript_Development.md
# docs/en/03_Upgrading/index.md
# docs/en/changelogs/index.md
# docs/en/howto/customize-cms-menu.md
# docs/en/howto/navigation-menu.md
# docs/en/index.md
# docs/en/installation/index.md
# docs/en/installation/windows-manual-iis-6.md
# docs/en/misc/contributing/code.md
# docs/en/misc/contributing/issues.md
# docs/en/misc/module-release-process.md
# docs/en/reference/dataobject.md
# docs/en/reference/execution-pipeline.md
# docs/en/reference/grid-field.md
# docs/en/reference/modeladmin.md
# docs/en/reference/rssfeed.md
# docs/en/reference/templates.md
# docs/en/topics/commandline.md
# docs/en/topics/debugging.md
# docs/en/topics/email.md
# docs/en/topics/forms.md
# docs/en/topics/index.md
# docs/en/topics/module-development.md
# docs/en/topics/modules.md
# docs/en/topics/page-type-templates.md
# docs/en/topics/page-types.md
# docs/en/topics/search.md
# docs/en/topics/testing/index.md
# docs/en/topics/testing/testing-guide-troubleshooting.md
# docs/en/topics/theme-development.md
# docs/en/tutorials/1-building-a-basic-site.md
# docs/en/tutorials/2-extending-a-basic-site.md
# docs/en/tutorials/3-forms.md
# docs/en/tutorials/4-site-search.md
# docs/en/tutorials/5-dataobject-relationship-management.md
# docs/en/tutorials/building-a-basic-site.md
# docs/en/tutorials/dataobject-relationship-management.md
# docs/en/tutorials/extending-a-basic-site.md
# docs/en/tutorials/forms.md
# docs/en/tutorials/index.md
# docs/en/tutorials/site-search.md
# main.php
# model/SQLQuery.php
# security/ChangePasswordForm.php
# security/MemberLoginForm.php
# tests/control/ControllerTest.php
# tests/core/startup/ParameterConfirmationTokenTest.php
# tests/model/SQLQueryTest.php
# tests/security/SecurityTest.php
# tests/view/SSViewerTest.php
# view/SSTemplateParser.php
# view/SSTemplateParser.php.inc
# view/SSViewer.php
2016-01-20 13:16:27 +13:00
Damian Mooyman
5d240feaec
Merge remote-tracking branch 'origin/3.2' into 3.3
2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac
Merge remote-tracking branch 'origin/3.1' into 3.2
...
# Conflicts:
# docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
# docs/en/02_Developer_Guides/14_Files/01_Image.md
# docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
# docs/en/03_Upgrading/index.md
# docs/en/05_Contributing/01_Code.md
# forms/TreeMultiselectField.php
# security/Permission.php
2016-01-19 14:00:19 +13:00
David Alexander
5c99e33eb2
DOCS 3.1 - fixes broken internal links
2016-01-14 23:59:53 +13:00
Damian Mooyman
037467beae
API Asset Access Control implementation
2016-01-13 18:18:22 +13:00
Damian Mooyman
3e7eecf978
API Remove SQLQuery
2015-10-23 16:26:04 +13:00
Damian Mooyman
f10785350e
Merge remote-tracking branch 'origin/3.2' into 3
...
Conflicts:
docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md
2015-09-09 14:50:47 +12:00
Damian Mooyman
309ac0d196
Merge remote-tracking branch 'origin/3.1' into 3.2
...
Conflicts:
.travis.yml
admin/code/CMSProfileController.php
admin/tests/LeftAndMainTest.php
control/HTTP.php
security/Permission.php
tests/forms/FormTest.php
tests/model/ArrayListTest.php
tests/security/PermissionTest.php
2015-09-09 14:35:29 +12:00
Stevie Mayhew
1b57e0ca5b
FEATURE: implement getter and setter usage for response
2015-08-29 10:24:06 +12:00
Daniel Hensby
209bb94319
DOCS Adding docs for special Permission cases
2015-08-26 23:32:07 +01:00
Damian Mooyman
4d37e21bc6
Cleanup 3.2 changelog for release
2015-06-15 16:19:08 +12:00
Damian Mooyman
8331171f2c
Merge remote-tracking branch 'origin/3.1' into 3
...
Conflicts:
.scrutinizer.yml
admin/javascript/LeftAndMain.Panel.js
core/startup/ParameterConfirmationToken.php
dev/Debug.php
dev/FixtureBlueprint.php
docs/en/00_Getting_Started/05_Coding_Conventions.md
docs/en/00_Getting_Started/index.md
docs/en/02_Developer_Guides/01_Templates/01_Syntax.md
filesystem/File.php
filesystem/Folder.php
forms/FieldList.php
forms/LabelField.php
forms/MoneyField.php
forms/TextField.php
forms/TreeDropdownField.php
forms/Validator.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldExportButton.php
lang/de.yml
lang/fi.yml
model/DataObject.php
model/SQLQuery.php
parsers/ShortcodeParser.php
security/ChangePasswordForm.php
security/Security.php
tests/control/DirectorTest.php
tests/core/startup/ParameterConfirmationTokenTest.php
tests/dev/FixtureBlueprintTest.php
tests/forms/FieldListTest.php
tests/forms/MoneyFieldTest.php
tests/model/SQLQueryTest.php
tests/security/SecurityTest.php
2015-06-02 19:13:38 +12:00
Damian Mooyman
0319f7855b
FIX Incorrect env setting in 3.1.13
2015-06-02 12:27:08 +12:00
Will Morgan
e930bcf7b9
Merge pull request #4225 from camfindlay/patch-26
...
DOCS Fix issue with bullets and backticks thinking they are code blocks
2015-05-28 13:39:36 +01:00
Marcus Nyeholt
9c8fa51321
FIX Allow users to specify allowed hosts
...
Allow users to explicitly state which Hosts are allowed to be requested via
this application instance to avoid Host: header forgery attacks.
2015-05-28 15:58:39 +10:00
Damian Mooyman
75137dbab2
Ensure only trusted proxy servers have control over certain HTTP headers
2015-05-28 10:12:46 +12:00