tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-07-12 06:23:47 +02:00
Code Issues Projects Releases Wiki Activity
13,513 Commits 29 Branches 518 Tags 147 MiB
eb069e605d
Commit Graph

78 Commits

Author SHA1 Message Date
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman
d8e9af8af8 API New Database abstraction layer. Ticket #7429 
Database abstraction broken up into controller, connector, query builder, and schema manager, each independently configurable via YAML / Injector
Creation of new DBQueryGenerator for database specific generation of SQL
Support for parameterised queries, move of code base to use these over escaped conditions
Refactor of SQLQuery into separate query classes for each of INSERT UPDATE DELETE and SELECT
Support for PDO
Installation process upgraded to use new ORM
SS_DatabaseException created to handle database errors, maintaining details of raw sql and parameter details for user code designed interested in that data.
Renamed DB static methods to conform correctly to naming conventions (e.g. DB::getConn -> DB::get_conn)
3.2 upgrade docs
Performance Optimisation and simplification of code to use more concise API
API Ability for database adapters to register extensions to ConfigureFromEnv.php
 2014-07-09 18:04:05 +12:00
Ingo Schommer
58445245d9 Conditionally reset MemberLoginForm.force_message 
Avoid starting a session just because the login form is rendered,
which adds overhead to requests and makes them harder to cache.
 2014-06-03 23:21:57 +12:00
Damian Mooyman
e9c3ff933f Merge remote-tracking branch 'origin/3.1' 
Conflicts:
	.travis.yml
	composer.json
 2014-05-06 10:22:09 +12:00
Tim Snadden
afad65ee71 Fix 'Uncaught ReferenceError: jQuery is not defined' if jQuery is not included in template. 2014-04-30 09:30:22 +12:00
Damian Mooyman
982ad569b9 Merge remote-tracking branch 'origin/3.1' 2014-04-22 12:09:51 +12:00
Mateusz U
36d925543b Merge pull request #3020 from tractorcow/pulls/3.1-autocomplete-username 
API Security.remember_username to disable login form autocompletion
 2014-04-11 09:17:27 +12:00
Damian Mooyman
997077ae83 API Security.remember_username to disable login form autocompletion 2014-04-11 09:05:25 +12:00
Ingo Schommer
f737922cdf Prevent IE errors on hidden login forms 
In order to focus a field, it needs to be visible,
which can't be guaranteed on a core level by the login form JavaScript.
Optionally check for visibility via jQuery if it exists,
and allow explicit disabling of this behaviour via a unique identifier.
 2014-04-08 11:28:54 +12:00
Simon Welsh
d431e98ecf Merge branch '3.1' 
Conflicts:
	forms/Form.php
	forms/FormField.php
	security/Member.php
	security/MemberLoginForm.php
 2014-03-10 22:58:49 +13:00
Ingo Schommer
9afcf8f01a Allow vetoing forgot password requests 2014-02-25 13:05:32 +13:00
Ingo Schommer
60fc7e5346 Merge remote-tracking branch 'origin/3.1' 2013-10-06 19:07:39 +02:00
Damian Mooyman
5bbea12b45 BUG Issue with login form failing to login in certain situations. Fixes issue #2424 2013-10-03 17:12:30 +13:00
Ingo Schommer
a4c6ae3e90 Merge remote-tracking branch 'origin/3.1' 2013-08-22 13:56:33 +02:00
Mateusz Uzdowski
085d2e62cb BUG MemberLoginForm fields should be tagged as required. 2013-08-12 09:32:03 +12:00
Sam Minnee
d97ca43cd0 Merge branch '3.1' 
Conflicts:
	README.md
	dev/install/install.php5
	forms/ConfirmedPasswordField.php
	tests/forms/FormTest.php
 2013-05-23 19:01:58 +12:00
Ingo Schommer
3e88c98ca5 API Restrict MemberLoginForm to POST requests for increased security 
CVE-2013-2653 - Thanks to Fara Rustein of Deloitte Argentina for reporting.
 2013-05-08 10:25:28 +02:00
Ingo Schommer
97819b3f21 Correct encoding in MemberLoginForm->forgotPassword() URLs (fixes #6126) 2013-04-05 11:15:34 +02:00
Ingo Schommer
3334eafcb1 API Marked statics private, use Config API instead (#8317) 
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
 2013-03-24 17:20:53 +01:00
Ingo Schommer
18c9a95996 API Removed 'BadLoginURL' session var from MemberLoginForm 
It was never set in core, and is generally undocumented,
hence just unnecessarily increases the security surface
of this sensitive class.
 2013-02-05 22:49:06 +01:00
Simon Welsh
b0121b541c Add codesniffer that ensures indentation is with tabs. 2012-12-12 17:33:31 +13:00
Mateusz Uzdowski
a8b0e44d98 API Hash autologin tokens before storing in the database. 
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.

This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
 2012-11-09 11:29:42 +01:00
Sam Minnee
1f7fc1f76a FIX Remove instances of lines longer than 120c 
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit.  This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
 2012-09-30 17:18:13 +13:00
Ingo Schommer
e2f073f38a Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
Sean Harvey
d4154dae9e API CHANGE Deprecate Member::sendInfo(), use Member_ChangePasswordEmail and Member_ForgotPasswordEmail class directly instead. 2012-05-05 10:04:46 +12:00
Ingo Schommer
7b18d9d0da MINOR Switching _t() calls from sprintf() to using injection parameters (#7170) 2012-05-01 22:17:00 +02:00
Simon Welsh
f07258f3cf MINOR Update @package values to match renaming sapphire 2012-04-15 10:50:19 +12:00
Sean Harvey
fd3de5158d BUGFIX Use of Link() in security classes now refers to $this->controller 
instead of calling the instance method Link statically (which isn't
allowed for E_STRICT compliance.)
 2012-04-12 12:09:39 +12:00
Sean Harvey
9f3344b355 API CHANGE Removed built-in behaviour.js client-side form validation. 
This is no longer supported. Please use custom client-side validation instead. (see 3.0.0 changelog
for more information)
 2012-03-09 12:19:57 +13:00
Fred Condo
d370423825 Clean up trailing ?> per coding standard 
All sapphire but the lang directory
 2012-02-12 12:40:16 -08:00
Sam Minnee
ff9b9e17af MINOR: Removed use of deprecated Director::redirect* functions. 2011-10-29 17:36:37 +13:00
Stig Lindqvist
7a4c7a6e23 MINOR Redirect user to homepage if the BackURL have been set to another site. 
This might indicatate a spoofing attack. I also extracted code into it's own method to make it easier to read.
 2011-10-27 22:38:29 +02:00
Hamish Friedlander
0a3e0f15de MINOR: Replace references to FieldSet (now deprecated) with references to FieldList 2011-10-28 15:58:55 +13:00
ajshort
1f6f7f0862 API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList(). 
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
 2011-05-11 17:51:54 +10:00
Sam Minnee
ef8419f11d ENHANCEMENT #4903 MemberLoginForm field for "You are logged in as %s" message customisation (thanks walec51!) (from r111891) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112941 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-10-19 05:05:23 +00:00
Sam Minnee
0b4e4428be MINOR: Merges from branches/2.4 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@112157 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-10-13 04:04:32 +00:00
Ingo Schommer
8203e5b179 BUGFIX: Don't register member IDs that don't exist in the DB as being logged in. (from r98265) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102637 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-04-13 03:18:26 +00:00
Ingo Schommer
b69b03b9e0 API CHANGE: Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email' (from r97270) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@102440 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2010-04-12 05:00:05 +00:00
Andrew O'Neil
813760108c BUGFIX: Security::$default_login_dest isn't used (#4179, simon_w) 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@90023 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-10-23 00:18:10 +00:00
Ingo Schommer
d386db0bc3 ENHANCEMENT Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database. 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@86021 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-09-10 03:01:46 +00:00
Sean Harvey
a5e82ddff1 Merged from branches/2.3 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75590 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-04-29 01:20:24 +00:00
Sean Harvey
13b358a8dd Merged from branches/2.3 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@75582 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-04-29 00:07:39 +00:00
Ingo Schommer
a96ca0eacc BUGFIX Checking for Director::is_site_url() before redirecting in Controller->redirectBack() and MemberLoginForm 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@73252 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-03-17 22:24:50 +00:00
Sam Minnee
08a5a7c387 Merged from branches/2.3 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@72803 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-03-10 22:08:52 +00:00
Ingo Schommer
6d708765fe BUGFIX Fixed redirection to external URLs through Security/login with BackURL parameter 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71708 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-02-11 21:08:28 +00:00
Andrew O'Neil
60f75c5ca4 Merged changes from 2.3 branch 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@71172 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-02-01 23:49:53 +00:00
Ingo Schommer
b7d394008e MINOR Merged from branches/2.3 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@69957 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2009-01-10 11:35:50 +00:00
Sam Minnee
96c5be8252 Updating queries to be more DB agnostic 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66507 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-24 09:31:14 +00:00
Sam Minnee
2984355f43 Merged branches/2.3 into trunk 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66395 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-22 03:33:00 +00:00
Sam Minnee
3d9532db83 Merged branches/2.3 
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@66108 467b73ca-7a2a-4603-9d3b-597d59a354a9
 2008-11-18 01:48:37 +00:00