Daniel Hensby
2b4954035f
NEW Add better HTTP cache-control manipulation ( #8086 )
2018-06-08 11:56:31 +12:00
Robbie Averill
7b23a548aa
FIX PHP 5.3 compat for referencing $this in closure, and make method public for same reason
...
sdf
2018-05-29 14:55:21 +12:00
Robbie Averill
4a9e991edb
Merge branch '3.6' into 3
2018-05-28 17:44:48 +12:00
Robbie Averill
dae8fefb1e
Merge remote-tracking branch 'origin/3.5' into 3.6
2018-05-28 17:43:55 +12:00
Damian Mooyman
5771388821
[ss-2018-001] Restrict non-admins from being assigned to admin groups
2018-05-09 15:12:40 +12:00
Damian Mooyman
47a9cdfd49
ENHANCEMENT Backport of querystring work to 3.x ( #8026 )
...
* WIP Backport of querystring work to 3.x
* Remove dataextension requirement
* Fix up bootstrapping
* more backporting
* Bug fix some tests
* Fix up some tests
* Fix support for custom stages
Don't set empty stage
* Better cache typehint
* Make sure useDraftSite(false) re-enables secure site
* Remove unnecessary guard around controller property
2018-05-08 10:04:44 +12:00
Daniel Hensby
c31251911c
Merge branch '3.6' into 3
2018-04-18 13:14:46 +01:00
Robbie Averill
51d4d2c11e
Update some phpdocs that had typos, missing parts or incorrect formats
2018-04-11 20:12:38 +12:00
Damian Mooyman
f4b13fb2c4
Merge remote-tracking branch 'origin/3.6' into 3
...
# Conflicts:
# model/DataQuery.php
2018-02-05 16:53:15 +13:00
Damian Mooyman
4da99efd5d
Merge remote-tracking branch 'origin/3.5' into 3.6
2018-01-31 16:03:42 +13:00
Daniel Hensby
9103816333
NEW Add php 7.2 support
2018-01-30 16:50:32 +00:00
Damian Mooyman
cf69d04866
BUG Fix ping including requirements
...
Fixes #7802
2018-01-26 10:26:18 +13:00
Damian Mooyman
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete
...
FIX: Fix Member_GroupSet::removeAll() (fixes #3948 )
2018-01-25 09:20:30 +13:00
Loz Calver
c2cd6b3832
FIX: Fix Member_GroupSet::removeAll() ( fixes #3948 )
2018-01-24 17:17:20 +00:00
Steve Boyd
f214cd52e0
Ensure currentUserID() returns an int
...
Cast $id returned from Session as an int to ensure it's never returned as a string
2018-01-23 13:37:06 +13:00
Damian Mooyman
3346b37ef0
Merge branch '3.6' into 3
2017-12-08 11:53:49 +13:00
Damian Mooyman
052f11a427
Remove merge artifact
2017-12-08 11:52:48 +13:00
Damian Mooyman
50aa1f22a6
Merge branch '3.6' into 3
2017-12-07 13:20:58 +13:00
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6
...
# Conflicts:
# security/Member.php
2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6
2017-12-06 17:21:09 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt
2017-11-30 15:53:50 +13:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change
2017-11-23 21:17:31 +00:00
Daniel Hensby
b49d1d7fbd
Merge branch '3.6' into 3
2017-09-28 17:17:19 +01:00
Daniel Hensby
bd7abc73de
Merge branch '3.5.5' into 3.6.2
2017-09-20 16:26:30 +01:00
Daniel Hensby
72702dbd50
Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
...
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:39:39 +01:00
Daniel Hensby
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:33:22 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration
2017-09-12 15:57:03 +01:00
Daniel Hensby
23a726f385
Merge branch '3.6' into 3
2017-08-14 13:43:28 +01:00
Daniel Hensby
a3b72c500d
Merge branch '3.5' into 3.6
2017-08-14 12:55:09 +01:00
Loz Calver
82c0632f46
Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes ( fixes #7208 )
2017-07-26 09:54:29 +01:00
Daniel Hensby
1e5592a3d9
Merge branch '3.5' into 3.6
2017-06-27 13:14:39 +01:00
Daniel Hensby
6f2b08b962
Merge branch '3.6' into 3
2017-06-14 12:02:27 +01:00
Daniel Hensby
ecc88b2cbe
Merge branch '3.5' into 3.6
2017-06-14 12:02:06 +01:00
Daniel Hensby
a5c84b12ab
FIX Order of conditionals for getting default admin
2017-06-12 11:54:05 +01:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3
2017-05-31 00:12:14 +01:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0
2017-05-29 01:29:05 +01:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4
2017-05-29 01:02:35 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB
2017-05-25 16:14:52 +01:00
Damian Mooyman
f16d7e1838
API Deprecate unused / undesirable create_new_password implementation
2017-05-08 17:41:37 +12:00
Loz Calver
05a737c5fc
Allow RandomGenerator to use random_bytes() in PHP 7
2017-04-05 11:05:28 +10:00
Joe Harvey
0d0d18612d
Adding extension hooks to Member isLockedOut() and registerSuccessfulLogin()
2017-03-30 11:07:51 +01:00
Robbie Averill
2f6f5b5eff
Do not send the header if it is not defined
2017-01-11 08:26:04 +13:00
Robbie Averill
cb2dcc75f1
Add X-Robots-Tag noindex,nofollow header from Security controller to prevent indexing
2017-01-09 16:13:39 +13:00
Daniel Hensby
69974d940a
Merge branch '3.3' into 3.4
2016-11-18 11:33:39 +00:00
Daniel Hensby
0ae4b57754
Merge branch '3.2' into 3.3
2016-11-18 11:32:36 +00:00
Daniel Hensby
5df077f24d
Merge branch '3.1' into 3.2
2016-11-18 11:29:19 +00:00
Daniel Hensby
8e5f786b8d
Merge branch '3.4' into 3.5.0
2016-11-15 11:43:16 +00:00
Daniel Hensby
3f4445641d
Merge branch '3.3' into 3.4
2016-11-15 11:35:38 +00:00
Daniel Hensby
c7778a1e9a
Merge branch '3.2' into 3.3
2016-11-15 11:19:27 +00:00
Daniel Hensby
06d0210233
Merge branch '3.1' into 3.2
2016-11-15 11:18:46 +00:00