tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
9,740 Commits 31 Branches 527 Tags 162 MiB
e72114dad7
Commit Graph

122 Commits

Author SHA1 Message Date
Ingo Schommer
4b9ccabcf6 Merge pull request #603 from willrossi/trac7296 
FIX: ensure permissions_for_member() accounts for denied permissions
 2012-07-05 09:26:04 -07:00
Will Rossiter
f9ea5430bb API: add SecurityToken::reset() as a shortcut for regenerating a secure token. 
See http://open.silverstripe.org/ticket/6303
 2012-07-01 20:53:58 +12:00
Will Rossiter
9babb01a4b FIX: ensure that permissions_for_member() accounts for denied permissions. 
Taken from http://open.silverstripe.org/ticket/7296. PermissionTest extended to validate that permissions_for_member() includes permissions denied pre applying patch. PermissionTest passes post patch.
 2012-07-01 17:55:20 +12:00
Will Rossiter
a4bce3fc44 ENHANCEMENT: remove dependencies between framework tests and cms module. 2012-06-20 16:17:29 +02:00
Sam Minnee
09e821efc3 MINOR: Don't leave cost=31 blowfish setting dormant in code, causing timeouts. 2012-06-15 13:47:38 +12:00
Cam Spiers
9139f737b8 ENHANCEMENT: Added the ability to set a cost (the property was protected before and there were no setters and getters) and enforced the php requirements on the cost string used in the salt of crypt. Specifically, two digit from 04-31. Updated unit tests for blowfish algorithm to actually use the salt generation function and to test the newly implemented cost setting and getting functionality. 2012-06-14 15:13:11 +12:00
Stig Lindqvist
bbe3879eaa BUGFIX: Member::mapInGroups() throws SQL error 
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
 2012-05-10 13:53:54 +12:00
Sean Harvey
b1e17578c7 API CHANGE Removed assertType() and assertEmpty() workarounds. Use assertInstanceOf() 
instead of assertType(), assertEmpty() is available in PHPUnit 3.5+.
PHPUnit 3.4 is no longer supported, so please upgrade your version to
work.

MINOR Removed FullTestSuite which was a workaround for PHPUnit but not
used.
 2012-05-09 23:05:39 +12:00
Andrew O'Neil
0c0a91e3c1 MINOR: Fix coding conventions 2012-05-08 10:33:03 +12:00
Andrew O'Neil
5cf3720bf0 ENHANCEMENT: Use the best blowfish encryption available - this fixes fragility between PHP versions and system installations 2012-05-07 15:04:09 +12:00
Andrew O'Neil
89fc8e5fdd APICHANGE: PasswordEncryptor::check() allows for more powerful password checking, deprecating PasswordEncryptor::compare() 2012-05-07 15:03:53 +12:00
Andrew O'Neil
fa60f9e8b2 ENHANCEMENT: Implement blowfish encryption and use it by default. (#7111) 2012-05-02 13:51:29 +12:00
Sean Harvey
8a6671d72e BUGFIX Member::onChangeGroups() should allow ADMIN permission grant if the logged in user is an ADMIN 2012-04-27 12:27:46 +12:00
Sean Harvey
007ed25c0b MINOR Fixing broken tests 2012-04-20 15:05:18 +12:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814 MINOR Add newline to end of files without one 2012-04-15 10:50:19 +12:00
Ingo Schommer
8ba9c3ca6b API CHANGE Removed $params argument to DataObject->getCMSFields(), please use FormScaffolder directly (fixes #7135) 2012-04-13 15:46:47 +02:00
Stig Lindqvist
0d031a5045 API CHANGE Use Config for registering default password encryptors 
Using the config system for registering password encryptors
Remove the eval on password encryptor construction by using reflection
Throws deprecation messages when using static register / unregister
 2012-04-07 19:14:00 +12:00
Ingo Schommer
d0d23dc591 Merge pull request #271 from halkyon/group_changes 
BUGFIX Nested Group records should be removed, along with the parent.
 2012-03-28 02:52:52 -07:00
Sean Harvey
bd95bcaf61 BUGFIX Nested Group records should be removed, along with the parent. 2012-03-28 22:49:58 +13:00
Sean Harvey
e097f6e1a8 MINOR Fixes to method arguments in core classes for E_STRICT support. 
API CHANGE Remove abstract static function and just use static functions
in Authenticator (PHP 5.3+ doesn't support abstract static functions)
 2012-03-28 22:41:42 +13:00
Sean Harvey
d28da56e19 BUGFIX Fixed regression where Member::PasswordEncryption field wouldn't be set to the default 2012-03-09 17:29:57 +13:00
Ingo Schommer
424da6abe1 API CHANGE Moved NZGovtPasswordValidator to new 'securityextras' module 2012-03-02 00:28:22 +01:00
Fred Condo
d370423825 Clean up trailing ?> per coding standard 
All sapphire but the lang directory
 2012-02-12 12:40:16 -08:00
Sam Minnee
ec73555db4 MINOR: Text fix. 2011-10-29 17:36:38 +13:00
Sam Minnee
22e5617ee2 MINOR: Moved from use of deprecated SQLMap to SS_Map. 2011-10-29 17:36:37 +13:00
Sam Minnee
3e3188f81a MINOR: Update tests for deprecated functions to explicitly disable deprecation errors. 2011-10-29 17:34:32 +13:00
Sam Minnee
a49b56a348 MINOR: Removed usage of deprecated FormField::Name() 2011-10-29 17:34:32 +13:00
Simon Welsh
2c0257e9b9 Cast the header value to string as PHPUnit can't handle it being NULL. 2011-10-29 15:24:06 +13:00
Will Rossiter
1732a17114 Merged new-orm into datagrid 2011-09-26 16:47:54 +13:00
Ingo Schommer
e1931c107f MINOR Updated MemberTest to accept new default date formats caused by Zend/CLDR upgrade (from 'MM/dd/yyyy' to a less ambiguous 'MMM d, y') 2011-05-31 07:55:12 +12:00
ajshort
1f6f7f0862 API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList(). 
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
 2011-05-11 17:51:54 +10:00
ajshort
c025ce7a4a MINOR: Replaced usage of deprecated toDropdownMap() with map(). 2011-05-03 13:05:27 +10:00
ajshort
04e30243d0 MINOR: Updated MemberTest to work with a standard array iterator. 2011-05-03 12:16:40 +10:00
Sam Minnee
0de6dbc848 BUGFIX: Fixed Permission::add_to_hidden_permissions() and Permission::remove_from_hidden_permissions() 2011-05-01 15:26:28 +12:00
Sam Minnee
de1494e3a8 ENHANCEMENT: Implemented DataList as the successor of DataObjectSet. DataList doesn't execute the query until it's actually needed, allowing for a more flexible ORM. 
API CHANGE: augmentSQL is now passed a DataQuery object from which query parameters can be extracted.
API CHANGE: DataObjectDecorators that manipulate the query can now define augmentDataQueryCreation().
API CHANGE: The container class argument for DataObject::get() is deprecated.
API CHANGE: DataObject::buildSQL() and DataObject::extendedSQL() are deprecated; just use DataObject::get() now.
API CHANGE: DataObject::instance_get() and DataObject::instance_get_one() are deprecated, and can no longer be overloaded.
API CHANGE: DataObject::buildDataObjectSet() is deprecated.
API CHANGE: Cant't call manual manipulation methods on DataList such as insertFirst()
 2011-05-01 15:25:45 +12:00
Sam Minnee
3619eae9eb MINOR: Don't couple GroupTest to the Member_GroupSet object. 2011-05-01 15:25:14 +12:00
ajshort
3a1c2df4e7 API CHANGE: Renamed DataObjectDecorator to DataExtension. 
API CHANGE: Renamed LeftAndMainDecorator to LeftAndMainExtension.
MINOR: Replaced all references to decorators with extension.
 2011-04-26 11:01:38 +10:00
Ingo Schommer
d5efacbf56 BUGFIX Less fragile 'newness' check on Group->Code in Group->onBeforeWrite() (fixes #6595) 2011-04-14 21:38:07 +12:00
Ingo Schommer
2870eb9212 MINOR Changed $fixture_path to relative filenames in all sapphire test cases in order to allow easier file moving and less verbosity in tests 2011-03-30 23:04:48 +13:00
Ingo Schommer
95dcc74c10 MINOR Removed reliance of sapphire/admin unit tests on SiteTree and CMSMain 2011-03-29 18:20:10 +13:00
Ingo Schommer
65e7b83421 MINOR Made login form redirection test in SecurityTest explicit, rather than implicit through testLogInAsSomeoneElse() 2011-03-29 18:08:33 +13:00
Paul Meyrick
dc36725869 MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency 
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
 2011-03-29 18:07:55 +13:00
Ingo Schommer
d099c7e5ba BUGFIX Unregistering custom Authenticators in SecurityTest->setUp() 2011-03-21 18:13:01 +13:00
Ingo Schommer
a7e9be3bc4 BUGFIX Fixing SecurityTest to clear any custom settings in Security::$force_database_is_ready before making assertions 2011-03-21 18:12:59 +13:00
Ingo Schommer
2184acf17d Revert "MINOR Replaced assertType() calls with assertInstanceOf(), deprecated in PHPUnit 3.6 (throws warnings as of 3.5.10)" - cased too many problems with mixed build environments that require PHP 3.4 
This reverts commit 65f6104cd6.
 2011-03-11 15:06:09 +13:00
Ingo Schommer
498e5758bf BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups() 2011-03-09 15:49:41 +13:00
Ingo Schommer
662c5259e5 BUGFIX Fixed Group->collateAncestorIDs() handling of orphans (fixes #6413) 2011-02-22 00:19:23 +13:00
Ingo Schommer
65f6104cd6 MINOR Replaced assertType() calls with assertInstanceOf(), deprecated in PHPUnit 3.6 (throws warnings as of 3.5.10) 2011-02-21 18:49:09 +13:00
Ingo Schommer
4b2c64c843 BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@114758 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-12-09 21:18:49 +00:00