Julian Seidenberg
17e0432252
BUG adding a more descriptive message when the CMS session times out. It used to say "Forbidden", now it says "Not logged in".
2013-08-06 17:27:37 +12:00
Hamish Friedlander
0a79ac3592
Merge branch 'origin/3.1'
...
Conflicts:
templates/forms/CheckboxSetField.ss
templates/forms/FormField_holder.ss
templates/forms/OptionsetField.ss
2013-07-19 16:25:38 +12:00
Mateusz Uzdowski
d4a6f7304e
BUG First error should take precedence here. No further checks needed.
2013-07-19 08:54:52 +12:00
Ingo Schommer
d4a1e6d294
BUG Prevent clickjacking in CMS and Security controllers ( fixes #2215 )
2013-07-14 22:44:09 +02:00
Ingo Schommer
b58e2dbe3a
Member.lock_out_delay_mins configurable, password security docs
2013-07-11 09:47:28 +02:00
Simon Welsh
fbce9fd7cd
Merge branch '3.1'
...
Conflicts:
.travis.yml
docs/en/misc/contributing/code.md
javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Simon Welsh
1d5ac5876b
Only redirect on logout if we're not already redirecting
2013-06-27 09:49:10 +12:00
Tom Densham
3596892001
FIX: GridField button styling
...
Remove all top/bottom margins from buttons and apply to GridFieldButtonRow component. Ensure that all buttons are added to a suitable GridFieldButtonRow in ModelAdmin, SecurityAdmin and Group.
2013-06-21 14:22:00 +01:00
Ingo Schommer
94b4237372
Merge remote-tracking branch 'origin/3.1'
2013-06-19 11:17:33 +02:00
Will Morgan
db3eed1f9a
Using Injector pattern for ValidationResult in Member
2013-06-18 15:49:58 +01:00
Stig Lindqvist
2eafd63297
Merge pull request #2077 from halkyon/changepassword_validation_redirection_issue
...
BUG If BackURL set, validation errors send the user to wrong place.
2013-06-07 22:44:13 -07:00
Sean Harvey
83bff54ec2
BUG If BackURL set, validation errors send the user to wrong place.
...
If there's validation errors in the ChangePasswordForm, the user
is taken to the BackURL because redirectBack() will go there if
it's set.
Instead of this, just redirect back to the "changepassword" action
on the Security controller.
2013-06-08 11:34:58 +12:00
Sean Harvey
7862ececbd
Allow PasswordValidator to be translated
2013-06-08 10:48:27 +12:00
Will Morgan
1c0ae76f8e
Adding passwordless message instead of throwing an exception
2013-06-07 16:52:44 +02:00
Ingo Schommer
88536998b9
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
2013-05-31 18:08:59 +02:00
Sam Minnée
5d76048275
Merge pull request #1780 from hdrlab/patch-4
...
Disable ID based partial caching for all security actions
2013-05-24 23:53:04 -07:00
Sam Minnée
628391e3f1
Merge pull request #1979 from nedmas/patch-1
...
BUGFIX: singleton('Group')->Members() fails
2013-05-24 19:45:54 -07:00
Ingo Schommer
016368afdc
Merge pull request #1994 from mateusz/logout-cleanup
...
BUG Clean up the logOut and session destructon routines.
2013-05-24 16:01:42 -07:00
Tom Densham
d36fbfb1b2
BUGFIX: singleton('Group')->Members() fails
...
Running Members() on a Group that has no Db record causes UnsavedRelationList to be returned by DirectMembers() which in turn causes alterDataQuery() to fall over when called on an UnsavedRelationList. This just adds a simple check to prevent it.
2013-05-23 17:31:19 +02:00
Sam Minnee
d97ca43cd0
Merge branch '3.1'
...
Conflicts:
README.md
dev/install/install.php5
forms/ConfirmedPasswordField.php
tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Sean Harvey
ac2216dabc
Merge pull request #1969 from robert-h-curry/patch-1
...
Only show direct members of a group in the members field
2013-05-22 20:28:17 -07:00
Mateusz Uzdowski
2f7fd967b2
BUG Clean up the logOut and session destructon routines.
2013-05-23 13:27:41 +12:00
Ingo Schommer
ee784c3663
Fix priority of Member->getHtmlEditorConfigForCMS() ( silverstripe/silverstripe-cms#728 )
2013-05-22 21:31:42 +02:00
Robert Curry
aeb5a2e42a
Only show direct members of a group in the members field
...
The call to Members() includes members of child groups, which was causing any members added through the grid field to be added to the child groups as well.
2013-05-22 18:48:36 +12:00
Sean Harvey
abad856534
Use create() to instantiate Member_GroupSet on Member::Groups()
...
Keeps it consistent with how HasManyList and ManyManyList are
instantiated in DataObject.
2013-05-22 13:56:36 +12:00
Sean Harvey
15f7c884f8
Merge pull request #1756 from halkyon/permission_denied_hook
...
BUG Security::permissionFailure() fixing permissionDenied hook inconsistency
2013-05-13 02:15:58 -07:00
Will Morgan
17e31fc609
Merge pull request #1 from silverstripe/master
...
Syncing back because I suck at Git
2013-05-08 03:45:51 -07:00
Ingo Schommer
3e88c98ca5
API Restrict MemberLoginForm to POST requests for increased security
...
CVE-2013-2653 - Thanks to Fara Rustein of Deloitte Argentina for reporting.
2013-05-08 10:25:28 +02:00
Josua2012
59be4a3be0
Allow custom ChangePasswordForm form
...
With this modification we can use Object::useCustomClass() to create a
custom ChangePasswordForm form:
Object::useCustomClass('ChangePasswordForm',
'CustomChangePasswordForm');
2013-05-08 09:39:39 +02:00
Ingo Schommer
6c2e791a48
Merge remote-tracking branch 'origin/3.1'
2013-04-29 08:59:06 +02:00
Will Morgan
8f6451612b
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-28 09:58:42 +12:00
Will Morgan
0de8a8a304
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-27 13:29:13 +02:00
Will Morgan
c61f050757
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-27 13:22:00 +02:00
Will Morgan
72a7f0e672
AJAX friendly responses for Security class
...
Final work around issue #1802 - creating templates for complex layout
operations and removing HTML from this controller.
2013-04-26 12:29:35 +01:00
hdrlab
22f5c06fd3
Disable ID based partial caching for all security actions
...
Disables ID based partial caching for all security actions so that actions such as Security/lostpassword and Security/passwordsent work properly even if partial caching is used.
2013-04-19 16:45:05 +12:00
Marvin Dickhaus
ea558828c9
Group description in CMSFields
2013-04-14 22:11:19 +02:00
Sean Harvey
1eadff5a4f
BUG Security::permissionFailure() fixing permissionDenied hook inconsistency
...
permissionDenied only works if Security::permissionFailure() is called when
there's currently no logged in Member. This fixes it so failed attempts
with logged in Member also includes the permissionDenied hook.
In addition, fix an undefined $member variable
2013-04-12 10:59:00 +12:00
Ingo Schommer
0343a77d30
Merge remote-tracking branch 'origin/3.1'
2013-04-11 11:42:04 +02:00
Ingo Schommer
7d6edccb0a
Marked Security.token as private
2013-04-09 01:48:20 +02:00
Ingo Schommer
97819b3f21
Correct encoding in MemberLoginForm->forgotPassword() URLs ( fixes #6126 )
2013-04-05 11:15:34 +02:00
Ingo Schommer
cfafa19cc3
FIX Disallow group removal when member is edited in groups view
...
It would invalidate this view. Only allow group editing
for new members added to this group (with a group default),
and for members edited through the "root" view.
2013-04-05 00:51:24 +02:00
Will Rossiter
70144ad549
FIX: Groups should be able to have titles longer than 50 characters (Fixes: open/5611)
2013-03-26 22:05:37 +13:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
4cd6d00159
Fixed forceExpiry() usage
2013-03-19 10:49:52 +01:00
Ingo Schommer
b416e50bff
Fixed deprecations
2013-03-19 10:38:14 +01:00
Ingo Schommer
bea1b9002d
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
control/HTTP.php
2013-02-26 13:28:35 +01:00
Ingo Schommer
0c6ac1960e
Fixed whitespace usage
2013-02-18 15:43:52 +01:00
Ingo Schommer
92458d9f43
Fixed line lengths
2013-02-18 14:41:49 +01:00
Hamish Friedlander
7efae6b95f
Merge remote-tracking branch 'origin/3.0' into 3.1
2013-02-18 14:31:57 +13:00
Ingo Schommer
30096ee730
BUGFIX Keep Member.PasswordEncryption setting on empty passwords
...
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
14a56c18e9
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
control/Director.php
2013-02-07 21:45:16 +01:00
Ingo Schommer
79eacb2439
FIX Group->canEdit() correct non-admin checks ( fixes #8250 )
...
Due to changed return value of DataObject::get(),
the (negated) check always returned false.
This wasn't noticed in 3.0 because Group->canEdit() is rarely
enforced, but does become noticeable in 3.1 where GridField
checks those object-level permissions.
Thanks to @purplespider for reporting!
2013-02-07 09:19:57 +01:00
Ingo Schommer
18c9a95996
API Removed 'BadLoginURL' session var from MemberLoginForm
...
It was never set in core, and is generally undocumented,
hence just unnecessarily increases the security surface
of this sensitive class.
2013-02-05 22:49:06 +01:00
Ingo Schommer
634c91c6ff
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
email/Mailer.php
2013-01-30 12:46:24 +01:00
Simon Welsh
c9f728fefb
FIX Only check the remember token if a user exists
2013-01-30 09:17:47 +13:00
jean
c048a019f6
BUGFIX Avoid infinite redirection when logging out and when showing a custom login page after displaying the draft version of a page.
2013-01-29 19:24:37 +01:00
Sam Minnee
5f9348b016
FIX: Ensure that Security views respect redirections triggered by Page_Controller::init()
...
Sometimes Page_Controller::init() will trigger a redirection. For example, it may redirect to a
canonical URL. In this case, the Security views, which co-opt Page_Controller, need to respect
this.
2013-01-29 18:19:15 +01:00
Sam Minnee
f54697930e
API CHANGE: Add a PermissionFailureException that can be thrown to trigger a log-in.
2013-01-29 18:10:42 +01:00
Sam Minnee
d8bfc0bb48
API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself.
2013-01-29 18:03:47 +01:00
Ingo Schommer
c11b3918fc
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
admin/css/screen.css
admin/scss/_style.scss
core/PaginatedList.php
email/Mailer.php
2013-01-21 11:14:57 +01:00
Ingo Schommer
e74ec57756
BUG Permission checkbox display on members ( fixes #8193 )
2013-01-17 19:36:53 +01:00
Ingo Schommer
f07ad307e4
API Removed non-functional $join argument from DataObject::get() and other APIs
...
See 68bb74820
2013-01-09 18:28:55 +01:00
Ingo Schommer
22eeaa4ac1
BUG Members should not be allowed to delete themselves ( fixes #8121 )
2012-12-16 23:53:45 +01:00
Ingo Schommer
d13c53fda6
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
tests/model/DataQueryTest.php
2012-12-14 10:57:28 +01:00
Justin Martin
a355e1d03d
BUG: Set visibility on login form methods to public.
2012-12-14 13:42:11 +13:00
Hamish Friedlander
27113f82c3
API Make DataList and ArrayList immutable
...
In 3.0 there was some confusion about whether DataLists and ArrayLists
were mutable or not. If DataLists were immutable, they'd return the result, and your code
would look like
$list = $list->filter(....);
If DataLists were mutable, they'd operate on themselves, returning nothing, and your code
would look like
$list->filter(....);
This makes all DataLists and ArrayList immutable for all _searching_ operations.
Operations on DataList that modify the underlying SQL data store remain mutating.
- These functions no longer mutate the existing object, and if you do not capture the value
returned by them will have no effect:
ArrayList#reverse
ArrayList#sort
ArrayList#filter
ArrayList#exclude
DataList#dataQuery (use DataList#alterDataQuery to modify dataQuery in a safe manner)
DataList#where
DataList#limit
DataList#sort
DataList#addFilter
DataList#applyFilterContext
DataList#innerJoin
DataList#leftJoin
DataList#find
DataList#byIDs
DataList#reverse
- DataList#setDataQueryParam has been added as syntactic sugar around the most common
cause of accessing the dataQuery directly - setting query parameters
- RelationList#setForeignID has been removed. Always use RelationList#forForeignID
when querying, and overload RelationList#foreignIDList when subclassing.
- Relatedly,the protected variable RelationList->foreignID has been removed, as the ID is
now stored on a query parameter. Use RelationList#getForeignID to read it.
2012-12-14 13:30:35 +13:00
Ingo Schommer
644cc79ebb
API Removed methods previously deprecated in 3.0
2012-12-14 01:16:47 +01:00
Ingo Schommer
c6b1d4aa6b
API Storing alternative DB name in cookie rather than session
...
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.
Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.
Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
2012-12-13 23:21:48 +01:00
Ingo Schommer
2369cc4f42
Moved group member listing utility buttons after field
...
Stay consistent with main member listing in admin/security,
and de-emphasize their importantce. Having the "link existing"
closer to the actual table is a much stronger UI coupling.
2012-12-13 10:15:03 +01:00
Ingo Schommer
5fed5b91c9
API Moved email bounce handling to new 'emailbouncehandler' module
2012-12-12 23:36:42 +01:00
Simon Welsh
b0121b541c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 00:12:11 +13:00
Ingo Schommer
c55c7c33f8
Merge branch '3.0'
...
Conflicts:
admin/code/CMSProfileController.php
composer.json
tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Sean Harvey
587d669861
Removing deprecated PasswordEncryptor::compare() method
...
Use PasswordEncryptor::check() instead
2012-11-15 14:43:16 +13:00
Sean Harvey
f122b103a1
Remove deprecated Group::addToGroupByName()
...
Use $member->addToGroupByCode($groupcode) instead
2012-11-15 14:43:15 +13:00
Mateusz Uzdowski
a8b0e44d98
API Hash autologin tokens before storing in the database.
...
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sean Harvey
169366a011
Merge branch '3.0'
2012-11-06 13:04:21 +13:00
Sean Harvey
3451da001a
BUG Fixing session keep alive for non-ADMIN users
...
SecurityAdmin isn't always available for CMS users, as they might
not have permission to view that section. This fixes the problem
with session keep alive by moving the ping to Security/ping, which
is available for all users.
2012-11-05 15:41:10 +13:00
Will Rossiter
69ea73b4ed
Merge pull request #777 from halkyon/field_edit3
...
Member_ProfileForm respect canEdit() permissions on Member
2012-10-27 20:11:46 -07:00
Sean Harvey
f6a90467e4
Merge branch '3.0'
2012-10-15 10:10:01 +13:00
Damian Mooyman
c99991ba7a
BUG Dummy Page_Controller initiated during login now is correctly initialised via dependency injection
2012-10-11 13:45:54 +13:00
Ingo Schommer
d1ee7612f5
Merge remote-tracking branch 'origin/3.0'
2012-10-08 16:48:52 +02:00
Saophalkun Ponlu
e3a27ea7da
CMS member profile now is no longer in a popup ( #7880 )
2012-10-08 12:57:55 +02:00
Sean Harvey
0cce58040a
BUG Fix deprecated use of dataFieldByName() in Member_Validator
2012-10-08 09:26:28 +13:00
Ingo Schommer
56f7ce1dcf
Merge remote-tracking branch 'origin/3.0'
...
Conflicts:
control/Cookie.php
control/Director.php
control/HTTPResponse.php
model/Database.php
model/MySQLDatabase.php
model/SQLQuery.php
view/Requirements.php
view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
b75c4b84ec
Localization for PermissionCheckboxSetField
2012-09-28 16:41:25 +02:00
Jeremy Bridson
07bc75c281
ENHANCEMENT: open/7881 - removed disabled checkboxes and replaced them with green ticks. Added help text above the list of permissions. Removed action buttons by fade out when user goes to users permissions tab.
2012-09-28 16:37:35 +02:00
Ingo Schommer
91e4fde96f
ENHANCEMENT "Readonly" behaviour for CMS tabs
2012-09-28 16:37:35 +02:00
Simon Welsh
1e629f4585
Merge branch '3.0'
...
Conflicts:
control/Cookie.php
control/Director.php
dev/Profiler.php
view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Sean Harvey
9c2be0f025
Merge branch '3.0'
2012-09-17 15:16:52 +12:00
Josh
399b2a23da
FIXED: collateFamilyIDs() nested groups throws error
...
http://open.silverstripe.org/ticket/7835
2012-09-14 12:12:37 -03:00
Ingo Schommer
6544c8fc13
Merge remote-tracking branch 'origin/3.0'
2012-09-11 14:05:45 +02:00
Ingo Schommer
5eca675146
Fixed PermissionRole field localization
2012-09-11 13:53:09 +02:00
Sean Harvey
5cbd2dbeb4
BUG CMSProfileController::Member_ProfileForm() respecting canEdit() permissions on Member
...
CMSProfileController currently checks canView() which ensures that a logged in CMS
Member can access the profile controller, but when saving the record on Member_ProfileForm
there is no check for canEdit(), so extended permissions don't get respected.
This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests
to check permissions.
2012-09-07 11:24:47 +12:00
Sean Harvey
dcf5d217ad
BUG Fixing deprecated usage of dataFieldByName() in Member_Validator
2012-09-07 11:24:41 +12:00
Ingo Schommer
55892fedd8
Merge remote-tracking branch 'origin/3.0'
2012-08-15 20:32:16 +02:00
Roland Lehmann
701da8b822
Updated translations; i18n for fieldLabels
2012-08-15 20:30:30 +02:00
Ingo Schommer
3bce3550d3
Merge remote-tracking branch 'origin/3.0'
2012-08-12 22:21:06 +02:00
Naomi Guyer
ae52be54f0
FIX: Missing last login time (fixes 7666)
...
Add in missing user login time
2012-08-10 18:08:53 +12:00
Hamish Friedlander
95d0be636c
Merge remote-tracking branch 'origin/3.0'
2012-07-25 11:44:53 +12:00
Hamish Friedlander
b7691077cf
API Prep forForeignID for immutability in 3.1 per 7673
2012-07-23 10:31:47 +12:00
Ingo Schommer
4b9ccabcf6
Merge pull request #603 from willrossi/trac7296
...
FIX: ensure permissions_for_member() accounts for denied permissions
2012-07-05 09:26:04 -07:00
Sean Harvey
bea58b1193
Merge pull request #607 from willrossi/trac6416
...
FIX: check GetRandom() exists for RandomGenerator.
2012-07-01 18:38:53 -07:00
Sean Harvey
a4ff1d3613
FIX: check GetRandom() exists for RandomGenerator
...
See http://open.silverstripe.org/ticket/6416
2012-07-01 21:05:10 +12:00
Will Rossiter
f9ea5430bb
API: add SecurityToken::reset() as a shortcut for regenerating a secure token.
...
See http://open.silverstripe.org/ticket/6303
2012-07-01 20:53:58 +12:00
Will Rossiter
9babb01a4b
FIX: ensure that permissions_for_member() accounts for denied permissions.
...
Taken from http://open.silverstripe.org/ticket/7296 . PermissionTest extended to validate that permissions_for_member() includes permissions denied pre applying patch. PermissionTest passes post patch.
2012-07-01 17:55:20 +12:00
Will Rossiter
a4bce3fc44
ENHANCEMENT: remove dependencies between framework tests and cms module.
2012-06-20 16:17:29 +02:00
Sam Minnee
3f0136749b
API CHANGE: Add Security::ignore_disallowed_actions() to allow site features to be disabled when permissions have failed, rather than redirecting to the log-in form. (Trac #7097 )
2012-06-15 15:17:48 +12:00
Sean Harvey
8b2cb9a7d9
BUGFIX Declare PasswordEncryptor_Blowfish::get_cost() as static
2012-06-15 12:13:33 +12:00
Cam Spiers
9139f737b8
ENHANCEMENT: Added the ability to set a cost (the property was protected before and there were no setters and getters) and enforced the php requirements on the cost string used in the salt of crypt. Specifically, two digit from 04-31. Updated unit tests for blowfish algorithm to actually use the salt generation function and to test the newly implemented cost setting and getting functionality.
2012-06-14 15:13:11 +12:00
Ingo Schommer
2a52ce2ff8
MINOR Fixed duplicate help text on Group->getCMSFields()
2012-06-13 15:04:40 +02:00
Marcus Nyeholt
82a1e7d282
MINOR Use injector for creating Member_GroupSet object
...
MINOR Use injector for creating many many list objects
MINOR Use injector for creating objects from within the DataList
MINOR Use Injector::inst() for creating objects; cannot rely on this->injector being present due to many classes being created with 'new', so use inst() directly
MINOR Remove injector autoset property for now; automatically setting it breaks a few test cases that don't know about it for now, and it's not needed just yet
2012-06-05 01:33:44 +10:00
Sean Harvey
c3eabffcb9
MINOR Use shorthand {class}::get() syntax instead of DataList::create()
...
in core code.
2012-05-28 21:13:42 +12:00
Sean Harvey
45465dca91
Merge pull request #483 from halkyon/cms_ping_keepalive
...
Re-instate CMS ping to ensure sessions are kept alive
2012-05-23 15:55:22 -07:00
Sean Harvey
1ed5e3c9be
Merge pull request #485 from halkyon/deprecate_director_statics_for_controller
...
Deprecate director controller static functions
2012-05-23 15:54:57 -07:00
Sean Harvey
60c72c40d9
API CHANGE Use of the DropdownField $emptyString argument is now
...
properly deprecated (has been marked as deprecated since 2.3). Please
use setEmptyString() on the DropdownField instance instead.
2012-05-23 22:59:40 +12:00
Sean Harvey
77c2365b87
MINOR Replacing deprecated static function calls to Director with
...
current Controller instance replacements.
2012-05-23 21:50:02 +12:00
Sean Harvey
ecf847b61c
ENHANCEMENT Re-instate pinging every 5 minutes in the CMS as a measure
...
to keep sessions alive. Moved Security/ping to admin/security/ping
2012-05-23 17:15:17 +12:00
Ingo Schommer
69fbdad722
MINOR Removed non-functional "close popup" link from profile editing in CMS ( fixes #7343 )
2012-05-20 14:03:50 +02:00
Sean Harvey
e5e8f489a2
Merge branch (pull request #247 ) 'template-global-fixes' of https://github.com/sminnee/sapphire into sminnee-template-global-fixes
2012-05-19 15:39:59 +12:00
Andrew O'Neil
becdd85421
BUGFIX: Fix checking for flawed blowfish encryption
2012-05-16 16:40:12 +12:00
Stig Lindqvist
bbe3879eaa
BUGFIX: Member::mapInGroups() throws SQL error
...
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
2012-05-10 13:53:54 +12:00
Ingo Schommer
15e8e10f5e
Merge pull request #411 from ajoneil/blowfish
...
MINOR: Fix coding conventions
2012-05-07 15:56:03 -07:00
Andrew O'Neil
0c0a91e3c1
MINOR: Fix coding conventions
2012-05-08 10:33:03 +12:00
Stig Lindqvist
a16b75d459
Merge pull request #405 from halkyon/member_changes2
...
API CHANGE Removed Member_SignupEmail and deprecate sendInfo() on Member
2012-05-06 21:47:05 -07:00
Andrew O'Neil
f6c98b1992
BUGFIX: Increase size of varchar fields on MemberPassword to match those defined in Member. This fixes issues when the password hash is longer than 50 characters, and was being truncated when saved in MemberPassword.
2012-05-07 15:04:25 +12:00
Andrew O'Neil
5cf3720bf0
ENHANCEMENT: Use the best blowfish encryption available - this fixes fragility between PHP versions and system installations
2012-05-07 15:04:09 +12:00
Andrew O'Neil
89fc8e5fdd
APICHANGE: PasswordEncryptor::check() allows for more powerful password checking, deprecating PasswordEncryptor::compare()
2012-05-07 15:03:53 +12:00
Sean Harvey
d4154dae9e
API CHANGE Deprecate Member::sendInfo(), use Member_ChangePasswordEmail and Member_ForgotPasswordEmail class directly instead.
2012-05-05 10:04:46 +12:00
Sean Harvey
fd0ec1c47f
API CHANGE Removed Member_SignupEmail, use your own custom sign up Email class instead.
2012-05-05 10:04:23 +12:00
Sam Minnee
de4a865fb8
BUGFIX: Fixed blowfish encryption for PHP < 5.3.7 ( #7276 )
2012-05-04 11:50:26 +12:00
Ingo Schommer
68051fdb96
Merge pull request #371 from halkyon/sapphire
...
---
Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
151abde17d
Merge pull request #388 from chillu/trac/7170-i18n-sprintf-injections
...
#7170 i18n sprintf injections
2012-05-02 16:18:30 -07:00
Sean Harvey
6483cdd204
Merge pull request #382 from chillu/trac/7217-group-default-on-member
...
Group default on member (#7217 )
2012-05-01 21:43:05 -07:00
Andrew O'Neil
a2e9c001d7
MINOR: Fix style according to style guidelines, and add a comment about use of "$2y" instead of "$2a"
2012-05-02 14:59:39 +12:00
Andrew O'Neil
fa60f9e8b2
ENHANCEMENT: Implement blowfish encryption and use it by default. ( #7111 )
2012-05-02 13:51:29 +12:00
Ingo Schommer
7b18d9d0da
MINOR Switching _t() calls from sprintf() to using injection parameters ( #7170 )
2012-05-01 22:17:00 +02:00
Sean Harvey
0882741f54
API CHANGE Renamed setModel for DataModel instances to setDataModel for
...
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Ingo Schommer
f873707e9d
ENHANCEMENT Prepopulating group on new members ( fixes #7217 )
2012-04-30 14:35:25 +02:00
Ingo Schommer
ffe698ca1e
MINOR Placeholder text for adding a group in Member->getCMSFields() ( fixes #7217 )
2012-04-30 10:29:09 +02:00
Sean Harvey
f63d137d49
ENHANCEMENT Session::start() now only called when there is changed
...
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Sean Harvey
8a6671d72e
BUGFIX Member::onChangeGroups() should allow ADMIN permission grant if the logged in user is an ADMIN
2012-04-27 12:27:46 +12:00
Ingo Schommer
7f62ad0f3e
Merge branch 'master' into 7094-combine-tree-edit-view
2012-04-18 14:19:55 +02:00
Sean Harvey
926daa29e2
BUGFIX Revert remove of function_exists() check for mcrypt in
...
7d84aff01e
, as we don't expect mcrypt to actually be available,
since fallbacks in RandomGenerator are available.
2012-04-18 18:44:33 +12:00
Andrew O'Neil
14c0796617
MINOR: Remove checks for PHP < 5.3.2, as it's no longer supported
2012-04-18 10:38:09 +12:00
Ingo Schommer
65fc81fd68
MINOR Removed Group->CMSTreeClasses(), no longer shown as a tree
2012-04-17 22:34:24 +02:00
Andrew O'Neil
a89228e934
MINOR: Fix deprecation notice when saving user settings
2012-04-16 14:13:21 +12:00
Ingo Schommer
d44f6b3e1f
MINOR Removed deprecated usage of $priority argument in _t() calls
2012-04-15 17:17:17 +02:00