94 Commits

Author	SHA1	Message	Date
Matt Peel	7083f016c1	Update secure coding standards ... As of SS4.0.0 and the introduction of TrustedProxyMiddleware, the default now if no trusted proxies are defined is that nothing is a trusted proxy, whereas in SS3 a missing declaration was treated as everything being allowed.	2019-09-10 12:55:24 +12:00
Robbie Averill	3224c9971b	Merge branch '4.4' into 4	2019-08-02 11:24:54 +12:00
Robbie Averill	3b96c51688	Merge branch '4.3' into 4.4	2019-08-02 11:24:45 +12:00
Robbie Averill	2d2b0b82f0	DOCS Fix incorrect rendering of note on list item ... [ci skip]	2019-07-25 12:03:12 +02:00
Ingo Schommer	4d93e48b10	DOCS Add silverstripe/login-forms (#9112) ... See https://github.com/silverstripe/recipe-cms/issues/26. Dependant on https://github.com/silverstripe/silverstripe-installer/pull/257.	2019-07-16 10:11:37 +12:00
Erlend Mongstad	80b097eb68	Added missing Permission class to example ... Following the example will give the following error; ```[Emergency] Uncaught Error: Class {my namespace}\Permission not found``` Added the missing class	2019-04-17 02:36:13 +02:00
Robbie Averill	af8d268cc7	DOCS Update documentation for password validation rule configuration	2018-11-13 10:55:26 +02:00
Ingo Schommer	114b0a5ea7	NEW Option for secure "remember me" cookie ... Fixes #8234	2018-07-30 16:41:49 +01:00
Ingo Schommer	259aa06010	DOCS More resilient example domain ... myapp.com is owned, example.com is specifically reserved for documentation use cases: https://en.wikipedia.org/wiki/Example.com [ci skip]	2018-06-26 10:13:36 +12:00
Ingo Schommer	2e1e8e07b9	DOCS Consistent app/ folder and composer use ... - Stronger wording around "use composer" - Consistent domain and email address naming - Removed example for publishing non-composer modules (those shouldn't be encouraged) - Removed instructions for installing modules from archives [ci skip]	2018-06-25 10:40:19 +12:00
Damian Mooyman	3ea98cdb13	Migrate documentation from 3.x	2018-06-13 14:50:02 +12:00
Robbie Averill	c3e5ab2258	Merge pull request #65 from silverstripe-security/pulls/4.2/ss-2018-009 ... [SS-2018-009] Allow forced redirects to HTTPS for responses with basic authentication	2018-05-28 18:57:38 +12:00
Ingo Schommer	9097a95de2	Cookie lifetime docs	2018-05-21 11:36:53 +12:00
Ingo Schommer	5445a0d3fc	Corrected login data usage docs	2018-05-21 11:36:45 +12:00
Ingo Schommer	78fe189c6d	Merge pull request #8003 from open-sausages/pulls/4/docs-personal-data ... Docs for personal data usage in core	2018-05-17 17:11:56 +12:00
Kairat Jenishev	b4ba3cbd1f	DOCS Fix broken links and headers	2018-05-03 16:42:52 +01:00
Robbie Averill	1505a89a63	Update to include note about auto redirect to HTTPS for basic auth	2018-04-24 16:42:52 +12:00
Ingo Schommer	1b882e802e	Docs for personal data usage in core ... See https://github.com/silverstripe/silverstripe-framework/issues/7791	2018-04-13 13:23:05 +12:00
Damian Mooyman	625f7b4eee	Merge remote-tracking branch 'origin/4.0' into 4.1	2018-03-13 14:26:18 +13:00
cpenny	fdbf4c2134	Updated docs for Rate Limiting.	2018-03-09 08:15:11 +13:00
Gorrie Coe	3ae8838285	Added Name to example	2017-12-12 14:40:34 +13:00
Gorrie Coe	849038a60b	Added after priority to replace default authenticator.	2017-12-12 12:52:52 +13:00
Damian Mooyman	cdfb413395	Code block whitespace / formatting cleanup	2017-10-27 15:38:27 +13:00
Aaron Carlino	e7274b0ee4	Add namespaces	2017-10-27 12:45:26 +13:00
Daniel Hensby	c077abf353	DOCS new rate limiting docs	2017-09-27 17:40:04 +01:00
Simon Erkelens	774d44a574	Authentication documentation rewrite	2017-08-28 16:28:30 +12:00
Aaron Carlino	50c8a02bff	remove tabs	2017-08-07 15:11:17 +12:00
Aaron Carlino	e4935123d8	Remove a few more references	2017-08-07 14:01:38 +12:00
Aaron Carlino	6c0629f025	Remove more deprecated APIs	2017-08-07 14:01:38 +12:00
Aaron Carlino	e4fba5a7b1	add use statements	2017-08-07 14:01:38 +12:00
Aaron Carlino	84feab5a68	Yeah psr2 functions	2017-08-07 14:01:38 +12:00
Aaron Carlino	4c7a068b28	classes psr2	2017-08-07 14:01:38 +12:00
Aaron Carlino	2414eaeafd	Yay, clean arrays	2017-08-07 14:01:38 +12:00
Aaron Carlino	eb1695c03d	Replace all legacy ::: syntax with GFMD tags	2017-08-07 14:01:38 +12:00
Saophalkun Ponlu	63ba092765	FIX Add namespaces in markdown docs (#7088) ... * FIX Add namespaces in markdown docs * FIX Convert doc [link] to [link-text](link-uri)	2017-07-03 13:22:12 +12:00
Sam Minnee	ccc86306b6	NEW: Add TrustedProxyMiddleware ... API: SS_TRUSTED_PROXY_HOST_HEADER replace with middleware config API: SS_TRUSTED_PROXY_PROTOCOL_HEADER replace with middleware config API: SS_TRUSTED_PROXY_IP_HEADER replace with middleware config API: Front-End-Https = “on” header no longer supported This middleware replaces the TRUSTED_PROXY setting and shifts its configuration out of the env vars and bootstrap and into the Director flow.	2017-06-27 13:32:39 +12:00
Simon Erkelens	2b26cafcff	Separate out the log-out handling. ... Repairing tests and regressions Consistently use `Security::getCurrentUser()` and `Security::setCurrentUser()` Fix for the logout handler to properly logout, some minor wording updates Remove the login hashes for the member when logging out. BasicAuth to use `HTTPRequest`	2017-06-07 21:11:58 +12:00
Simon Gow	5f82997690	Secure Coding - Security Headers, Force HTTPS and Cookies ... - Amending best practices for secure coding to enforce HTTPS - Add security headers to enforce HTTPS - Ensure secure cookies are used. - Added links for testing, changed documentation as part of peer review. - Arrange headers to work with HTTP interface. - fixed Cache-Control case - Added reference to Secure Sessions. - Replaced Cardinality with unique - Fixed innacurate reference to decendant. - Consistent spelling - Databases over DBMSs	2017-04-13 13:59:02 +12:00
Daniel Hensby	6e096f6172	DOCS Updated environment management docs to use .env file	2017-01-31 21:28:51 +00:00
Damian Mooyman	7d67c5b9bd	API Allow users to act-as another	2017-01-16 09:04:20 +13:00
Robbie Averill	c620063608	DOCS Update docs to reference PageController without an underscore, implement some PSR-2	2017-01-11 09:59:28 +13:00
Damian Mooyman	bfd9cb1aca	Rename SS_ prefixed classes (#5974)	2016-09-09 18:43:05 +12:00
Ingo Schommer	c96e031367	Moved coding conventions docs into contributing folder ... Also created a contributing/coding_conventions landing page separately from the PHP ones, since we now need to account for JS and CSS conventions as well	2016-06-13 08:30:44 +12:00
Damian Mooyman	d52db0ba34	Merge 3 into master ... # Conflicts: # .travis.yml # admin/css/ie7.css # admin/css/ie7.css.map # admin/css/ie8.css.map # admin/css/screen.css # admin/css/screen.css.map # admin/javascript/LeftAndMain.js # admin/scss/_style.scss # admin/scss/_uitheme.scss # control/HTTPRequest.php # core/Object.php # css/AssetUploadField.css # css/AssetUploadField.css.map # css/ConfirmedPasswordField.css.map # css/Form.css.map # css/GridField.css.map # css/TreeDropdownField.css.map # css/UploadField.css # css/UploadField.css.map # css/debug.css.map # dev/Debug.php # docs/en/00_Getting_Started/00_Server_Requirements.md # docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md # docs/en/02_Developer_Guides/06_Testing/index.md # docs/en/02_Developer_Guides/14_Files/02_Images.md # docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Extend_CMS_Interface.md # filesystem/File.php # filesystem/Folder.php # filesystem/GD.php # filesystem/Upload.php # forms/ToggleField.php # forms/Validator.php # javascript/lang/en_GB.js # javascript/lang/fr.js # javascript/lang/src/en.js # javascript/lang/src/fr.js # model/Image.php # model/UnsavedRelationList.php # model/Versioned.php # model/connect/MySQLDatabase.php # model/fieldtypes/DBField.php # model/fieldtypes/Enum.php # scss/AssetUploadField.scss # scss/UploadField.scss # templates/email/ChangePasswordEmail.ss # templates/forms/DropdownField.ss # tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsFormsContext.php # tests/behat/features/bootstrap/SilverStripe/Framework/Test/Behaviour/CmsUiContext.php # tests/forms/EnumFieldTest.php # tests/security/MemberTest.php # tests/security/MemberTest.yml # tests/security/SecurityTest.php	2016-04-29 17:50:55 +12:00
Daniel Hensby	745faebd81	Merge 3.2 into 3.3 ... Conflicts: .travis.yml	2016-04-26 00:17:09 +01:00
Damian Mooyman	b8e7f9a934	Standardise spelling of "customise" ... Fixes #3988	2016-03-30 13:17:28 +13:00
Ingo Schommer	f36b110db3	Merge remote-tracking branch 'origin/3.3'	2016-03-04 17:06:04 +13:00
Damian Mooyman	24a6c53645	Merge branch '3.2' into 3.3 ... # Conflicts: # admin/code/ModelAdmin.php # lang/cs.yml # lang/lt.yml # lang/sk.yml	2016-02-29 17:03:22 +13:00
Damian Mooyman	2c1f837442	Merge branch '3.1' into 3.2 ... # Conflicts: # docs/en/01_Tutorials/02_Extending_A_Basic_Site.md # docs/en/01_Tutorials/03_Forms.md # docs/en/02_Developer_Guides/00_Model/08_SQL_Query.md # docs/en/02_Developer_Guides/00_Model/10_Versioning.md # docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md # docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md # docs/en/02_Developer_Guides/09_Security/01_Access_Control.md # docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md # docs/en/02_Developer_Guides/14_Files/01_Image.md # docs/en/02_Developer_Guides/14_Files/index.md # lang/cs.yml # lang/fi.yml # lang/sk.yml	2016-02-29 16:59:20 +13:00
Damian Mooyman	3b0a9f4ba2	Merge remote-tracking branch 'origin/3' ... # Conflicts: # admin/javascript/LeftAndMain.Menu.js # control/HTTPRequest.php # css/GridField.css # css/GridField.css.map # docs/en/02_Developer_Guides/03_Forms/Field_types/01_Common_Subclasses.md # docs/en/02_Developer_Guides/06_Testing/00_Unit_Testing.md # docs/en/02_Developer_Guides/06_Testing/index.md # docs/en/02_Developer_Guides/14_Files/01_File_Management.md # docs/en/02_Developer_Guides/14_Files/02_Images.md # filesystem/Upload.php # javascript/HtmlEditorField.js # model/Image.php # model/connect/MySQLDatabase.php # model/fieldtypes/Enum.php # model/versioning/Versioned.php # scss/GridField.scss	2016-02-25 14:51:59 +13:00