Ingo Schommer
b416e50bff
Fixed deprecations
2013-03-19 10:38:14 +01:00
Ingo Schommer
bea1b9002d
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
control/HTTP.php
2013-02-26 13:28:35 +01:00
Ingo Schommer
0c6ac1960e
Fixed whitespace usage
2013-02-18 15:43:52 +01:00
Ingo Schommer
92458d9f43
Fixed line lengths
2013-02-18 14:41:49 +01:00
Hamish Friedlander
7efae6b95f
Merge remote-tracking branch 'origin/3.0' into 3.1
2013-02-18 14:31:57 +13:00
Ingo Schommer
30096ee730
BUGFIX Keep Member.PasswordEncryption setting on empty passwords
...
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
14a56c18e9
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
control/Director.php
2013-02-07 21:45:16 +01:00
Ingo Schommer
79eacb2439
FIX Group->canEdit() correct non-admin checks ( fixes #8250 )
...
Due to changed return value of DataObject::get(),
the (negated) check always returned false.
This wasn't noticed in 3.0 because Group->canEdit() is rarely
enforced, but does become noticeable in 3.1 where GridField
checks those object-level permissions.
Thanks to @purplespider for reporting!
2013-02-07 09:19:57 +01:00
Ingo Schommer
18c9a95996
API Removed 'BadLoginURL' session var from MemberLoginForm
...
It was never set in core, and is generally undocumented,
hence just unnecessarily increases the security surface
of this sensitive class.
2013-02-05 22:49:06 +01:00
Ingo Schommer
634c91c6ff
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
email/Mailer.php
2013-01-30 12:46:24 +01:00
Simon Welsh
c9f728fefb
FIX Only check the remember token if a user exists
2013-01-30 09:17:47 +13:00
jean
c048a019f6
BUGFIX Avoid infinite redirection when logging out and when showing a custom login page after displaying the draft version of a page.
2013-01-29 19:24:37 +01:00
Sam Minnee
5f9348b016
FIX: Ensure that Security views respect redirections triggered by Page_Controller::init()
...
Sometimes Page_Controller::init() will trigger a redirection. For example, it may redirect to a
canonical URL. In this case, the Security views, which co-opt Page_Controller, need to respect
this.
2013-01-29 18:19:15 +01:00
Sam Minnee
f54697930e
API CHANGE: Add a PermissionFailureException that can be thrown to trigger a log-in.
2013-01-29 18:10:42 +01:00
Sam Minnee
d8bfc0bb48
API CHANGE: Added Security::set_login_url() so that you can define an alternative log-in page if you have made one yourself.
2013-01-29 18:03:47 +01:00
Ingo Schommer
c11b3918fc
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
admin/css/screen.css
admin/scss/_style.scss
core/PaginatedList.php
email/Mailer.php
2013-01-21 11:14:57 +01:00
Ingo Schommer
e74ec57756
BUG Permission checkbox display on members ( fixes #8193 )
2013-01-17 19:36:53 +01:00
Ingo Schommer
f07ad307e4
API Removed non-functional $join argument from DataObject::get() and other APIs
...
See 68bb74820
2013-01-09 18:28:55 +01:00
Ingo Schommer
22eeaa4ac1
BUG Members should not be allowed to delete themselves ( fixes #8121 )
2012-12-16 23:53:45 +01:00
Ingo Schommer
d13c53fda6
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
tests/model/DataQueryTest.php
2012-12-14 10:57:28 +01:00
Justin Martin
a355e1d03d
BUG: Set visibility on login form methods to public.
2012-12-14 13:42:11 +13:00
Hamish Friedlander
27113f82c3
API Make DataList and ArrayList immutable
...
In 3.0 there was some confusion about whether DataLists and ArrayLists
were mutable or not. If DataLists were immutable, they'd return the result, and your code
would look like
$list = $list->filter(....);
If DataLists were mutable, they'd operate on themselves, returning nothing, and your code
would look like
$list->filter(....);
This makes all DataLists and ArrayList immutable for all _searching_ operations.
Operations on DataList that modify the underlying SQL data store remain mutating.
- These functions no longer mutate the existing object, and if you do not capture the value
returned by them will have no effect:
ArrayList#reverse
ArrayList#sort
ArrayList#filter
ArrayList#exclude
DataList#dataQuery (use DataList#alterDataQuery to modify dataQuery in a safe manner)
DataList#where
DataList#limit
DataList#sort
DataList#addFilter
DataList#applyFilterContext
DataList#innerJoin
DataList#leftJoin
DataList#find
DataList#byIDs
DataList#reverse
- DataList#setDataQueryParam has been added as syntactic sugar around the most common
cause of accessing the dataQuery directly - setting query parameters
- RelationList#setForeignID has been removed. Always use RelationList#forForeignID
when querying, and overload RelationList#foreignIDList when subclassing.
- Relatedly,the protected variable RelationList->foreignID has been removed, as the ID is
now stored on a query parameter. Use RelationList#getForeignID to read it.
2012-12-14 13:30:35 +13:00
Ingo Schommer
644cc79ebb
API Removed methods previously deprecated in 3.0
2012-12-14 01:16:47 +01:00
Ingo Schommer
c6b1d4aa6b
API Storing alternative DB name in cookie rather than session
...
Session is not initialized by the time we need to use
the setting in DB::connect(). Cookie values get initialized
automatically for each request.
Tightened name format validation to ensure it can only
be used for temporary databases, rather than switching
the browser session to a different production database.
Encrypting token for secure cookie usage.
Added dev/generatesecuretoken to generate this token.
Not storing in YML config directly because of web access issues.
2012-12-13 23:21:48 +01:00
Ingo Schommer
2369cc4f42
Moved group member listing utility buttons after field
...
Stay consistent with main member listing in admin/security,
and de-emphasize their importantce. Having the "link existing"
closer to the actual table is a much stronger UI coupling.
2012-12-13 10:15:03 +01:00
Ingo Schommer
5fed5b91c9
API Moved email bounce handling to new 'emailbouncehandler' module
2012-12-12 23:36:42 +01:00
Simon Welsh
b0121b541c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 17:33:31 +13:00
Simon Welsh
fc5dd2994c
Add codesniffer that ensures indentation is with tabs.
2012-12-12 00:12:11 +13:00
Ingo Schommer
c55c7c33f8
Merge branch '3.0'
...
Conflicts:
admin/code/CMSProfileController.php
composer.json
tests/model/DataObjectTest.php
2012-11-22 23:51:28 +01:00
Sean Harvey
587d669861
Removing deprecated PasswordEncryptor::compare() method
...
Use PasswordEncryptor::check() instead
2012-11-15 14:43:16 +13:00
Sean Harvey
f122b103a1
Remove deprecated Group::addToGroupByName()
...
Use $member->addToGroupByCode($groupcode) instead
2012-11-15 14:43:15 +13:00
Mateusz Uzdowski
a8b0e44d98
API Hash autologin tokens before storing in the database.
...
Refactor the code to make it clear the distinction is made between a
plaintext token and a hashed version. Rename fields so it is more
obvious what is being written and what sent out to the user.
This reuses the salt and algorithm from the Member, which are kept
constant throughout the Member lifetime in a normal scenario. If they do
change, users will need to re-request so the hashes can be regenerated.
2012-11-09 11:29:42 +01:00
Sean Harvey
169366a011
Merge branch '3.0'
2012-11-06 13:04:21 +13:00
Sean Harvey
3451da001a
BUG Fixing session keep alive for non-ADMIN users
...
SecurityAdmin isn't always available for CMS users, as they might
not have permission to view that section. This fixes the problem
with session keep alive by moving the ping to Security/ping, which
is available for all users.
2012-11-05 15:41:10 +13:00
Will Rossiter
69ea73b4ed
Merge pull request #777 from halkyon/field_edit3
...
Member_ProfileForm respect canEdit() permissions on Member
2012-10-27 20:11:46 -07:00
Sean Harvey
f6a90467e4
Merge branch '3.0'
2012-10-15 10:10:01 +13:00
Damian Mooyman
c99991ba7a
BUG Dummy Page_Controller initiated during login now is correctly initialised via dependency injection
2012-10-11 13:45:54 +13:00
Ingo Schommer
d1ee7612f5
Merge remote-tracking branch 'origin/3.0'
2012-10-08 16:48:52 +02:00
Saophalkun Ponlu
e3a27ea7da
CMS member profile now is no longer in a popup ( #7880 )
2012-10-08 12:57:55 +02:00
Sean Harvey
0cce58040a
BUG Fix deprecated use of dataFieldByName() in Member_Validator
2012-10-08 09:26:28 +13:00
Ingo Schommer
56f7ce1dcf
Merge remote-tracking branch 'origin/3.0'
...
Conflicts:
control/Cookie.php
control/Director.php
control/HTTPResponse.php
model/Database.php
model/MySQLDatabase.php
model/SQLQuery.php
view/Requirements.php
view/SSViewer.php
2012-10-03 16:16:19 +02:00
Sam Minnee
1f7fc1f76a
FIX Remove instances of lines longer than 120c
...
The entire framework repo (with the exception of system-generated files) has been amended to respect the 120c line-length limit. This is in preparation for the enforcement of this rule with PHP_CodeSniffer.
2012-09-30 17:18:13 +13:00
Ingo Schommer
b75c4b84ec
Localization for PermissionCheckboxSetField
2012-09-28 16:41:25 +02:00
Jeremy Bridson
07bc75c281
ENHANCEMENT: open/7881 - removed disabled checkboxes and replaced them with green ticks. Added help text above the list of permissions. Removed action buttons by fade out when user goes to users permissions tab.
2012-09-28 16:37:35 +02:00
Ingo Schommer
91e4fde96f
ENHANCEMENT "Readonly" behaviour for CMS tabs
2012-09-28 16:37:35 +02:00
Simon Welsh
1e629f4585
Merge branch '3.0'
...
Conflicts:
control/Cookie.php
control/Director.php
dev/Profiler.php
view/Requirements.php
2012-09-21 14:56:56 +12:00
Ingo Schommer
e2f073f38a
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
Sean Harvey
9c2be0f025
Merge branch '3.0'
2012-09-17 15:16:52 +12:00
Josh
399b2a23da
FIXED: collateFamilyIDs() nested groups throws error
...
http://open.silverstripe.org/ticket/7835
2012-09-14 12:12:37 -03:00
Ingo Schommer
6544c8fc13
Merge remote-tracking branch 'origin/3.0'
2012-09-11 14:05:45 +02:00
Ingo Schommer
5eca675146
Fixed PermissionRole field localization
2012-09-11 13:53:09 +02:00
Sean Harvey
5cbd2dbeb4
BUG CMSProfileController::Member_ProfileForm() respecting canEdit() permissions on Member
...
CMSProfileController currently checks canView() which ensures that a logged in CMS
Member can access the profile controller, but when saving the record on Member_ProfileForm
there is no check for canEdit(), so extended permissions don't get respected.
This adds a check for canEdit() in Member_ProfileForm, and adds some functional tests
to check permissions.
2012-09-07 11:24:47 +12:00
Sean Harvey
dcf5d217ad
BUG Fixing deprecated usage of dataFieldByName() in Member_Validator
2012-09-07 11:24:41 +12:00
Ingo Schommer
55892fedd8
Merge remote-tracking branch 'origin/3.0'
2012-08-15 20:32:16 +02:00
Roland Lehmann
701da8b822
Updated translations; i18n for fieldLabels
2012-08-15 20:30:30 +02:00
Ingo Schommer
3bce3550d3
Merge remote-tracking branch 'origin/3.0'
2012-08-12 22:21:06 +02:00
Naomi Guyer
ae52be54f0
FIX: Missing last login time (fixes 7666)
...
Add in missing user login time
2012-08-10 18:08:53 +12:00
Hamish Friedlander
95d0be636c
Merge remote-tracking branch 'origin/3.0'
2012-07-25 11:44:53 +12:00
Hamish Friedlander
b7691077cf
API Prep forForeignID for immutability in 3.1 per 7673
2012-07-23 10:31:47 +12:00
Ingo Schommer
4b9ccabcf6
Merge pull request #603 from willrossi/trac7296
...
FIX: ensure permissions_for_member() accounts for denied permissions
2012-07-05 09:26:04 -07:00
Sean Harvey
bea58b1193
Merge pull request #607 from willrossi/trac6416
...
FIX: check GetRandom() exists for RandomGenerator.
2012-07-01 18:38:53 -07:00
Sean Harvey
a4ff1d3613
FIX: check GetRandom() exists for RandomGenerator
...
See http://open.silverstripe.org/ticket/6416
2012-07-01 21:05:10 +12:00
Will Rossiter
f9ea5430bb
API: add SecurityToken::reset() as a shortcut for regenerating a secure token.
...
See http://open.silverstripe.org/ticket/6303
2012-07-01 20:53:58 +12:00
Will Rossiter
9babb01a4b
FIX: ensure that permissions_for_member() accounts for denied permissions.
...
Taken from http://open.silverstripe.org/ticket/7296 . PermissionTest extended to validate that permissions_for_member() includes permissions denied pre applying patch. PermissionTest passes post patch.
2012-07-01 17:55:20 +12:00
Will Rossiter
a4bce3fc44
ENHANCEMENT: remove dependencies between framework tests and cms module.
2012-06-20 16:17:29 +02:00
Sam Minnee
3f0136749b
API CHANGE: Add Security::ignore_disallowed_actions() to allow site features to be disabled when permissions have failed, rather than redirecting to the log-in form. (Trac #7097 )
2012-06-15 15:17:48 +12:00
Sean Harvey
8b2cb9a7d9
BUGFIX Declare PasswordEncryptor_Blowfish::get_cost() as static
2012-06-15 12:13:33 +12:00
Cam Spiers
9139f737b8
ENHANCEMENT: Added the ability to set a cost (the property was protected before and there were no setters and getters) and enforced the php requirements on the cost string used in the salt of crypt. Specifically, two digit from 04-31. Updated unit tests for blowfish algorithm to actually use the salt generation function and to test the newly implemented cost setting and getting functionality.
2012-06-14 15:13:11 +12:00
Ingo Schommer
2a52ce2ff8
MINOR Fixed duplicate help text on Group->getCMSFields()
2012-06-13 15:04:40 +02:00
Marcus Nyeholt
82a1e7d282
MINOR Use injector for creating Member_GroupSet object
...
MINOR Use injector for creating many many list objects
MINOR Use injector for creating objects from within the DataList
MINOR Use Injector::inst() for creating objects; cannot rely on this->injector being present due to many classes being created with 'new', so use inst() directly
MINOR Remove injector autoset property for now; automatically setting it breaks a few test cases that don't know about it for now, and it's not needed just yet
2012-06-05 01:33:44 +10:00
Sean Harvey
c3eabffcb9
MINOR Use shorthand {class}::get() syntax instead of DataList::create()
...
in core code.
2012-05-28 21:13:42 +12:00
Sean Harvey
45465dca91
Merge pull request #483 from halkyon/cms_ping_keepalive
...
Re-instate CMS ping to ensure sessions are kept alive
2012-05-23 15:55:22 -07:00
Sean Harvey
1ed5e3c9be
Merge pull request #485 from halkyon/deprecate_director_statics_for_controller
...
Deprecate director controller static functions
2012-05-23 15:54:57 -07:00
Sean Harvey
60c72c40d9
API CHANGE Use of the DropdownField $emptyString argument is now
...
properly deprecated (has been marked as deprecated since 2.3). Please
use setEmptyString() on the DropdownField instance instead.
2012-05-23 22:59:40 +12:00
Sean Harvey
77c2365b87
MINOR Replacing deprecated static function calls to Director with
...
current Controller instance replacements.
2012-05-23 21:50:02 +12:00
Sean Harvey
ecf847b61c
ENHANCEMENT Re-instate pinging every 5 minutes in the CMS as a measure
...
to keep sessions alive. Moved Security/ping to admin/security/ping
2012-05-23 17:15:17 +12:00
Ingo Schommer
69fbdad722
MINOR Removed non-functional "close popup" link from profile editing in CMS ( fixes #7343 )
2012-05-20 14:03:50 +02:00
Sean Harvey
e5e8f489a2
Merge branch (pull request #247 ) 'template-global-fixes' of https://github.com/sminnee/sapphire into sminnee-template-global-fixes
2012-05-19 15:39:59 +12:00
Andrew O'Neil
becdd85421
BUGFIX: Fix checking for flawed blowfish encryption
2012-05-16 16:40:12 +12:00
Stig Lindqvist
bbe3879eaa
BUGFIX: Member::mapInGroups() throws SQL error
...
Renamed the Member::mapInGroups() to Member::map_in_groups() since it's a static method and throws deprecation message if using the old variant.
Rewrote the mapInGroups to use a more ORMy way of fetching Members for a set of groups and included a test for.
2012-05-10 13:53:54 +12:00
Ingo Schommer
15e8e10f5e
Merge pull request #411 from ajoneil/blowfish
...
MINOR: Fix coding conventions
2012-05-07 15:56:03 -07:00
Andrew O'Neil
0c0a91e3c1
MINOR: Fix coding conventions
2012-05-08 10:33:03 +12:00
Stig Lindqvist
a16b75d459
Merge pull request #405 from halkyon/member_changes2
...
API CHANGE Removed Member_SignupEmail and deprecate sendInfo() on Member
2012-05-06 21:47:05 -07:00
Andrew O'Neil
f6c98b1992
BUGFIX: Increase size of varchar fields on MemberPassword to match those defined in Member. This fixes issues when the password hash is longer than 50 characters, and was being truncated when saved in MemberPassword.
2012-05-07 15:04:25 +12:00
Andrew O'Neil
5cf3720bf0
ENHANCEMENT: Use the best blowfish encryption available - this fixes fragility between PHP versions and system installations
2012-05-07 15:04:09 +12:00
Andrew O'Neil
89fc8e5fdd
APICHANGE: PasswordEncryptor::check() allows for more powerful password checking, deprecating PasswordEncryptor::compare()
2012-05-07 15:03:53 +12:00
Sean Harvey
d4154dae9e
API CHANGE Deprecate Member::sendInfo(), use Member_ChangePasswordEmail and Member_ForgotPasswordEmail class directly instead.
2012-05-05 10:04:46 +12:00
Sean Harvey
fd0ec1c47f
API CHANGE Removed Member_SignupEmail, use your own custom sign up Email class instead.
2012-05-05 10:04:23 +12:00
Sam Minnee
de4a865fb8
BUGFIX: Fixed blowfish encryption for PHP < 5.3.7 ( #7276 )
2012-05-04 11:50:26 +12:00
Ingo Schommer
68051fdb96
Merge pull request #371 from halkyon/sapphire
...
---
Dont start the session until its actually necessary, which is to say there is a cookie available with the current PHP session name (or a request variable with the session_name() - typically PHPSESSID.) The latter allows for passing session ID through as an alternative to cookies.
2012-05-03 14:58:09 +02:00
Sean Harvey
151abde17d
Merge pull request #388 from chillu/trac/7170-i18n-sprintf-injections
...
#7170 i18n sprintf injections
2012-05-02 16:18:30 -07:00
Sean Harvey
6483cdd204
Merge pull request #382 from chillu/trac/7217-group-default-on-member
...
Group default on member (#7217 )
2012-05-01 21:43:05 -07:00
Andrew O'Neil
a2e9c001d7
MINOR: Fix style according to style guidelines, and add a comment about use of "$2y" instead of "$2a"
2012-05-02 14:59:39 +12:00
Andrew O'Neil
fa60f9e8b2
ENHANCEMENT: Implement blowfish encryption and use it by default. ( #7111 )
2012-05-02 13:51:29 +12:00
Ingo Schommer
7b18d9d0da
MINOR Switching _t() calls from sprintf() to using injection parameters ( #7170 )
2012-05-01 22:17:00 +02:00
Sean Harvey
0882741f54
API CHANGE Renamed setModel for DataModel instances to setDataModel for
...
semantics, and also to allow a field name called "Model"
2012-05-01 14:45:44 +12:00
Ingo Schommer
f873707e9d
ENHANCEMENT Prepopulating group on new members ( fixes #7217 )
2012-04-30 14:35:25 +02:00
Ingo Schommer
ffe698ca1e
MINOR Placeholder text for adding a group in Member->getCMSFields() ( fixes #7217 )
2012-04-30 10:29:09 +02:00
Sean Harvey
f63d137d49
ENHANCEMENT Session::start() now only called when there is changed
...
session data to be saved, and started on Director::direct() when there
is a cookie (or request var) containing the current PHP session name.
2012-04-27 16:28:46 +12:00
Sean Harvey
8a6671d72e
BUGFIX Member::onChangeGroups() should allow ADMIN permission grant if the logged in user is an ADMIN
2012-04-27 12:27:46 +12:00
Ingo Schommer
7f62ad0f3e
Merge branch 'master' into 7094-combine-tree-edit-view
2012-04-18 14:19:55 +02:00
Sean Harvey
926daa29e2
BUGFIX Revert remove of function_exists() check for mcrypt in
...
7d84aff01e
, as we don't expect mcrypt to actually be available,
since fallbacks in RandomGenerator are available.
2012-04-18 18:44:33 +12:00
Andrew O'Neil
14c0796617
MINOR: Remove checks for PHP < 5.3.2, as it's no longer supported
2012-04-18 10:38:09 +12:00
Ingo Schommer
65fc81fd68
MINOR Removed Group->CMSTreeClasses(), no longer shown as a tree
2012-04-17 22:34:24 +02:00
Andrew O'Neil
a89228e934
MINOR: Fix deprecation notice when saving user settings
2012-04-16 14:13:21 +12:00
Ingo Schommer
d44f6b3e1f
MINOR Removed deprecated usage of $priority argument in _t() calls
2012-04-15 17:17:17 +02:00
Simon Welsh
f07258f3cf
MINOR Update @package values to match renaming sapphire
2012-04-15 10:50:19 +12:00
Simon Welsh
3a6341a251
API-CHANGE sapphire folder can now be renamed.
2012-04-15 10:50:19 +12:00
Simon Welsh
f8082e4814
MINOR Add newline to end of files without one
2012-04-15 10:50:19 +12:00
Ingo Schommer
8ba9c3ca6b
API CHANGE Removed $params argument to DataObject->getCMSFields(), please use FormScaffolder directly ( fixes #7135 )
2012-04-13 15:46:47 +02:00
Sean Harvey
fd3de5158d
BUGFIX Use of Link() in security classes now refers to $this->controller
...
instead of calling the instance method Link statically (which isn't
allowed for E_STRICT compliance.)
2012-04-12 12:09:39 +12:00
Ingo Schommer
a3d99b082d
MINOR Resetting Security::$database_is_ready state during tests (regression from a9509a610d
)
2012-04-11 17:22:55 +02:00
Ingo Schommer
ac45e5b9c0
Merge branch 'integration'
...
Conflicts:
admin/css/ie8.css
admin/css/screen.css
admin/scss/_style.scss
dev/install/config-form.html
dev/install/install.css
dev/install/php5-required.html
2012-04-11 16:31:12 +02:00
Ingo Schommer
aed5e93da2
Merge pull request #301 from stojg/database-is-ready-checks
...
MINOR Security::database_is_ready() check are doing duplicate DB queries...
2012-04-11 06:38:22 -07:00
Ingo Schommer
6cd91ff449
Merge pull request #299 from ajoneil/sapphire
...
---
Conflicts:
forms/NumericField.php
2012-04-11 15:36:35 +02:00
Stig Lindqvist
a9509a610d
MINOR Security::database_is_ready() check are doing duplicate DB queries for Members.
...
The will make sure that if the database has been ready once, it is ready for the rest of the request
2012-04-12 00:29:35 +12:00
Andrew O'Neil
4be59a8d45
MINOR: Ensure all form fields Field() method has the same signature as FormField::Field(). Fixes E_STRICT warnings.
2012-04-11 17:33:36 +12:00
Andrew O'Neil
daab8f4cbc
MINOR: Consistently use DataObjectInterface for saveInto() on FormField subclasses. Fixes E_STRICT notice
2012-04-11 17:00:57 +12:00
Ingo Schommer
8c5e56fe31
Merge branch 'master' into integration
...
Conflicts:
admin/css/screen.css
dev/install/php5-required.html
2012-04-09 21:10:08 +02:00
Stig Lindqvist
0d031a5045
API CHANGE Use Config for registering default password encryptors
...
Using the config system for registering password encryptors
Remove the eval on password encryptor construction by using reflection
Throws deprecation messages when using static register / unregister
2012-04-07 19:14:00 +12:00
Ingo Schommer
40d73127ae
MINOR Using late static binding instead of Object::create() calls
2012-04-04 17:10:31 +02:00
Felipe Skroski
7740bb326a
ENHANCEMENT SSF-168 moved print and csv export buttons to the top of the grid
2012-04-04 14:09:52 +12:00
Normann Lou
2f3949ac6e
MINOR add 'print button' to Member list and data list of ModelAdmin
2012-04-04 10:35:41 +12:00
Ingo Schommer
d0d23dc591
Merge pull request #271 from halkyon/group_changes
...
BUGFIX Nested Group records should be removed, along with the parent.
2012-03-28 02:52:52 -07:00
Sean Harvey
bd95bcaf61
BUGFIX Nested Group records should be removed, along with the parent.
2012-03-28 22:49:58 +13:00
Sean Harvey
e097f6e1a8
MINOR Fixes to method arguments in core classes for E_STRICT support.
...
API CHANGE Remove abstract static function and just use static functions
in Authenticator (PHP 5.3+ doesn't support abstract static functions)
2012-03-28 22:41:42 +13:00
Ingo Schommer
cbb0259dd7
Merge branch 'integration-merge27march'
2012-03-27 18:07:21 +02:00
Ingo Schommer
efc30fd39e
MINOR Removed setRightTitle() special case (and too specific styling) from Group->getCMSFields(), implemented title attribute for chosen.js drop downs instead (to be styled with more friendly title popovers)
2012-03-27 17:07:50 +02:00
Sean Harvey
b92e4e01a9
MINOR Removed PHP 5.1 check for PasswordEncryptor, use hash() always as PHP 5.1 is no longer supported.
2012-03-27 20:09:36 +13:00
Andrew O'Neil
86ef281d8f
BUGFIX: #7019 Fix SQL error when building database after adding a Member DataExtension in non-dev mode
2012-03-21 11:53:38 +13:00
Sam Minnee
6c35588eda
API CHANGE: Rename 'PastMember' to 'IsRepeatMember' in templates.
...
API CHANGE: Move Controller::PastMember() to Member::is_repeat_member() in code.
API CHANGE: Removed Controller::CurrentMember(), it was only ever intended as a template global provider.
2012-03-16 15:05:28 +13:00
Normann Lou
aed91931a7
MINOR SSF-53 : code convention, use "-" instead of "_" for html class property value
2012-03-12 09:35:25 +01:00
Ingo Schommer
01b24daace
API CHANGE Removed Member::isAdmin(), use Permission::check('ADMIN') instead
...
API CHANGE Removed Member->setByCheckboxes()/setByCheckboxSetField(), Use setByIdList() and/or a CheckboxSetField instead
API CHANGE Removed Member->addManyByGroupID(), Use DataList->addMany() instead.
API CHANGE Removed Member->removeManyByGroupID(). Use DataList->removeMany() instead.
API CHANGE Removed Member->getGroupsFromIDs(). Use DataObject::get("Group")->byIds() instead.
API CHANGE Removed Member->addManyByCodename()/removeManyByCodename(). Don\'t rely on codename
2012-03-09 21:33:52 +01:00
Ingo Schommer
4216a09177
API CHANGE Removed BasicAuth::enable()/disable(), use protect_entire_site()
2012-03-09 21:20:20 +01:00
Sean Harvey
d28da56e19
BUGFIX Fixed regression where Member::PasswordEncryption field wouldn't be set to the default
2012-03-09 17:29:57 +13:00
Sean Harvey
2644cbb6e9
BUGFIX Remove use of encryptPasswords; use PasswordEncryptor_None
...
instead
2012-03-09 15:31:33 +13:00
Sean Harvey
d0a0df0b8e
API CHANGE Removed Security::$useSalt static, please use a custom PasswordEncryptor instead
2012-03-09 15:06:12 +13:00
Sean Harvey
0d8151fd3d
Merge remote-tracking branch 'upstream/master' into deprecation_fixes
2012-03-09 15:03:43 +13:00
Sean Harvey
aca2b2f3b5
API CHANGE Removed deprecated Security::get_encryption_algorithms() - please use PasswordEncryptor::get_encryptors() instead
2012-03-09 14:51:34 +13:00
Sean Harvey
6e58026c27
API CHANGE Removed deprecated Security::encrypt_passwords() - please use PasswordEncryptor_None instead.
2012-03-09 14:50:14 +13:00
Sam Minnee
a071456837
Merge branch 'master' of github.com:silverstripe/sapphire
...
Conflicts:
tests/forms/gridfield/GridFieldDetailFormTest.php
tests/forms/gridfield/GridFieldPopupFormsTest.yml
2012-03-09 14:37:32 +13:00
Stig Lindqvist
8b82dae06c
API CHANGE: Renaming of gridfield components #6921
2012-03-09 12:54:02 +13:00
Sean Harvey
9f3344b355
API CHANGE Removed built-in behaviour.js client-side form validation.
...
This is no longer supported. Please use custom client-side validation instead. (see 3.0.0 changelog
for more information)
2012-03-09 12:19:57 +13:00
Ingo Schommer
e4a6dd5850
Merge branch 'integration'
...
Conflicts:
forms/gridfield/GridField.php
2012-03-08 20:25:21 +01:00
Ingo Schommer
c117ef58cf
API CHANGE Removed LeftAndMain->RootForm(), concept no longer applies in 3.0 UI. Use EmptyForm() or EditForm()
2012-03-08 18:22:30 +01:00
Normann Lou
1de30d5bf2
ENHANCEMENT SSF-53 : remove literal field for explanation text of Parent dropdown, use a right title for it, instead
2012-03-08 10:47:06 +13:00
Ingo Schommer
79d420f941
ENHANCEMENT Member->DirectGroups() (to complement Group->DirectMembers(), and aid with relationship saving through Member->getCMSFields())
2012-03-07 01:23:40 +01:00
Ingo Schommer
723a8488ac
BUGFIX Fixed Group->Members() overloaded relation getter to avoid filtering on zero-value foreign keys, producing empty rather than inherited results (important for the GridField used in Group->getCMSFields())
2012-03-06 15:50:07 +01:00
Ingo Schommer
18932b5be5
MINOR Enforcing SecurityAdmin::$hidden_permissions, refactoring error
2012-03-06 01:23:35 +01:00
Ingo Schommer
1201f6c8bb
BUGFIX Saving records in ListboxField->saveInto() and PermissionCheckboxSetField->saveInto() so we have a database ID to relate to (was previously customised in MemberTableField->saveComplexTableField(), which is now deprecated)
2012-03-06 01:23:34 +01:00
Ingo Schommer
bb6d4c506e
BUGFIX Fixed HasManyList and ManyManyList queries for relationships on new records (was returning all available records due to the SQL filtering ignoring ID=0)
2012-03-06 01:23:34 +01:00
Hamish Friedlander
374ed19406
API CHANGE: Change variable expose method in TemplateGlobalProvider and TemplateIteratorProvider to (a) not clash with each other and, (b) be less generic
2012-03-06 09:31:57 +13:00
Hamish Friedlander
fb246bdd08
APICHANGE: Rename getExposedVariables to match coding conventions
2012-03-06 09:31:56 +13:00
Hamish Friedlander
927dbbe717
API-CHANGE: Global template variables can now be called directly using SSViewer_DataPresenter instead of needing to inherit off ViewableData
2012-03-06 09:11:46 +13:00
Ingo Schommer
6f71186e2c
ENHANCEMENT Replaced SecurityAdmin tree view for groups with three top-level tabs: "Users", "Groups" and "Roles"
2012-03-05 18:31:52 +01:00
Ingo Schommer
f9f659672a
MINOR Re-instating Member_Validator in SecurityAdmin->RootForm() and Groups->getCMSFields() with new GridField implementation
2012-03-05 17:41:50 +01:00
Ingo Schommer
2abb021efb
BUGFIX Restored old permission code model, broken due to new controller structure. Introduced LeftAndMain::$required_permission_codes as a way to control permissions independently of subclasses, and "cluster" multiple classes under a single code.
2012-03-05 17:41:49 +01:00
Ingo Schommer
ad5cf1ebf1
ENHANCEMENT Using ListboxField/chosen.js to assign roles in Group->getCMSFields(). Improved explanation of groups in the user interface.
2012-03-05 17:41:47 +01:00
Ingo Schommer
0762be9927
ENHANCEMENT Renamed GridFieldConfig_ManyManyEditor to GridFieldConfig_RelationEditor, to be more in line with underlying component naming, and more accurate (as it allows editing has_many relations as well). Removed $fieldToSearch argument from its constructor to keep config API consistent, should use getComponentByType() for configuration. Added GridFieldConfig_RecordEditor
2012-03-05 12:26:02 +01:00
Ingo Schommer
e8ad2c2173
MINOR Using ListboxField instead of CheckboxSetField in Member->getCMSFields() for group assignment
2012-03-05 10:55:32 +01:00
Sam Minnee
adfdd068e2
Merge branch 'ereg-to-preg' of https://github.com/AngryPHPNerd/sapphire
...
Conflicts:
model/fieldtypes/Date.php
2012-03-05 13:54:20 +13:00
Ingo Schommer
46628721fe
ENHANCEMENT Using chosen.js for group selection in Member->getCMSFields()
2012-03-02 20:46:22 +01:00
Normann Lou
45927b98c4
ENHANCEMENT SSF-53: add customised class to Member's GridField in SecurityAdmin
2012-03-02 16:28:47 +13:00
Normann Lou
5548c66a49
ENHANCEMENT SSF-53 reordering the components that added to group GridField in CMS so that it appears same as the landing view of SecurityAdmin
2012-03-02 16:03:23 +13:00
Ingo Schommer
c4e04899b6
MINOR Added GridFieldTitle to Group->getCMSFields() to allow addition of new records (currently that button is hardcoded in the title component)
2012-03-02 00:29:09 +01:00
Ingo Schommer
424da6abe1
API CHANGE Moved NZGovtPasswordValidator to new 'securityextras' module
2012-03-02 00:28:22 +01:00
Ingo Schommer
0ab43cdcb8
API CHANGE Moved "IP Address restrictions for groups" feature to a new "ipaddress-restriction" module (SSF-53)
2012-03-01 21:36:01 +01:00
Ingo Schommer
4bd5333b56
MINOR Editing and relation adding on SecurityAdmin groups (both root and group instances) (SSF-53)
2012-03-01 21:35:48 +01:00
Ingo Schommer
bcc73de85e
Merge branch '106-add-edit-records-rc'
...
Conflicts:
admin/code/LeftAndMain.php
admin/css/screen.css
admin/scss/_style.scss
admin/templates/Includes/LeftAndMain_EditForm.ss
css/GridField.css
filesystem/Folder.php
forms/gridfield/GridField.php
forms/gridfield/GridFieldDefaultColumns.php
forms/gridfield/GridFieldPopupForms.php
2012-02-27 23:58:10 +01:00
Ingo Schommer
8ff8d32764
MINOR Adding GridFieldPopupForms to default GridFieldConfig_ManyManyEditor settings
2012-02-27 23:52:49 +01:00
Ingo Schommer
ba0d1c60cb
MINOR Don't require controller on instanciation of GridFieldPopupForms, as it can't be reliably determined e.g. during a getCMSFields() call. Should use existing FormField/Form API to retrieve controller when its required.
...
MINOR Renamed GridFieldPopupForms->popupFormName to $name to make it clearer that its the component name (which is optional now).
2012-02-27 23:52:48 +01:00
AngryPHPNerd
0e2cbb0b88
Replace ereg with preg_*
2012-02-27 22:14:02 +01:00
Ingo Schommer
abfa16fa70
ENHANCEMENT Using native jQuery UI buttons and icon styling for a less coupled implementation (e.g. assuming that a "constructive" button always has a specific icon, or one at all). All CMS UI buttons switched to use <button> markup, which allows for inline icons and correctly aligned multi-line button labels.
2012-02-17 15:58:32 +01:00
Ingo Schommer
5911abc0f6
API CHANGE Removed prototype.js style $() alias usage for document.getElementById() to avoid confusion with the more common jQuery() alias.
...
API CHANGE Removed several unsed JavaScript globals: sprintf(), Number.prototype.CURRENCIES, Number.prototype.toCurrency(), String.prototype.ucfirst(), jQuery.fn.clearFields(), jQuery.fn.clearInputs()
MINOR Removed prototype_improvements.js and jquery_improvements.js files, now contained in individual component code (or removed altogether)
2012-02-16 12:27:47 +01:00
Fred Condo
d370423825
Clean up trailing ?> per coding standard
...
All sapphire but the lang directory
2012-02-12 12:40:16 -08:00
Stig Lindqvist
6f2e8893a5
MINOR Groups in SecurityAdmin was not using Autosuggestion field for adding members to group.
2012-01-24 19:16:23 +01:00
Sam Minnee
2d898cab63
API CHANGE: Added GridFieldExporter, a GridField component that adds export functionality, and added it to the security admin.
2012-01-30 19:49:10 +13:00
Russell Michell
0090009703
BUGFIX: Added default args to GridFieldPopupForms for AssetAdmin which was casing errors
...
BUGFIX: Added GridFieldFilter() to new GridFieldConfig whuch adds filters and fixes the display
MINOR: Added gridfield specific margins to form div to push GridField display down-page (due to GF's sort-fields which will be refactored from new designs)
2012-01-30 09:26:39 +13:00
Stig Lindqvist
c396c2d2ae
API CHANGE Security admin supports adding, removing and searching for members by relations via gridfield
...
This contains some experimental API's when using GridFieldPopupForms on GridFieldPopupForms.
- GridFieldRelationAdd
- GridFieldRelationDelete
2012-01-24 02:46:07 +01:00
Sam Minnee
06605ffadc
ENHANCEMENT: Provide a default Controller::Link() method, meaning that Controller objects can be constructed to help with testing forms.
2012-01-10 16:39:12 +13:00
Sam Minnee
ce6d24c379
BUGFIX: Remvoed unused method Security::authenticate()
2012-01-10 11:10:38 +13:00
Ingo Schommer
ef514b924e
MINOR Fixed SecurityAdmin styling
2012-01-09 10:09:40 +01:00
Ingo Schommer
b4b6e5a2db
MINOR Cleaned up CMS dialog styling (now works with/without tabs, in iframe and inline markup), removed superfluous SCSS variable declarations
2012-01-03 18:11:21 +01:00
Wolf Vollprecht
2a429c9850
MINOR: Added Member Profile Popup Styling
...
MINOR: Better button styles
MINOR: Now compass for button sprites
2011-12-29 09:48:22 +01:00
Ingo Schommer
7d245c3803
MINOR Reduced unnecessary autoloading
2011-12-23 10:31:35 +01:00
Ingo Schommer
96d18efa58
MINOR Replaced calls to deprecated FormField->Name() with getName()
2011-10-29 13:27:11 +02:00
Sam Minnee
beb10ef4be
BUGFIX: Fix Member::mapInGroups() and Member::mapInCMSGroups() to not use deprecated.
2011-10-29 18:07:54 +13:00
Sam Minnee
38c3410d81
MINOR: Remove use of deprecated join() from Security::findAnAdministrator.
2011-10-29 17:47:19 +13:00
Sam Minnee
a5a94b520f
MINOR: Remove uses of deprecated extendedSQL()
2011-10-29 17:36:39 +13:00
Sam Minnee
0d683dd8ef
MINOR: Removed use of deprecated join() in favour of innerJoin() and leftJoin().
2011-10-29 17:36:38 +13:00
Sam Minnee
22e5617ee2
MINOR: Moved from use of deprecated SQLMap to SS_Map.
2011-10-29 17:36:37 +13:00
Sam Minnee
ff9b9e17af
MINOR: Removed use of deprecated Director::redirect* functions.
2011-10-29 17:36:37 +13:00
Sam Minnee
e5afa25522
MINOR: Use Deprecation class to indicate deprecated methods in core.
2011-10-29 17:34:31 +13:00
Stig Lindqvist
7a4c7a6e23
MINOR Redirect user to homepage if the BackURL have been set to another site.
...
This might indicatate a spoofing attack. I also extracted code into it's own method to make it easier to read.
2011-10-27 22:38:29 +02:00
Stig Lindqvist
6db830605c
MINOR Do a isset check before using the value.
...
This happens if someone accidentially access /Security/LoginForm directly.
2011-10-27 22:38:11 +02:00
Stig Lindqvist
e38dd08ea5
MINOR: Fix docblocks to reference SS_List instead of (now deprecated) DataObjectSet where appropriate
2011-10-28 15:58:55 +13:00
Hamish Friedlander
0a3e0f15de
MINOR: Replace references to FieldSet (now deprecated) with references to FieldList
2011-10-28 15:58:55 +13:00
Ingo Schommer
5257c35dff
MINOR Documentation
2011-10-07 14:12:49 +02:00
Ingo Schommer
0a8a17833f
MINOR Quoting relation tables in new ManyManyList API
2011-10-07 14:11:07 +02:00
Will Rossiter
1732a17114
Merged new-orm into datagrid
2011-09-26 16:47:54 +13:00
Ingo Schommer
ce8e72cf0e
MINOR Removing executable flag from all files (thanks miiihi)
2011-09-18 22:04:02 +02:00
Ingo Schommer
7d01b4042f
BUGFIX Increasing length of Member.Email database column to comply with recommended RFC lengths for email addresses
2011-08-22 08:56:42 +02:00
Will Rossiter
ef6432d647
BUGFIX: Member::autoLogin() not setting alc_enc properly. PATCH via simon_w. FIXES : #6646 .
2011-05-30 10:04:55 +12:00
Sam Minnee
878b348a0f
Merge branch 'master' into new-orm
...
Conflicts:
docs/en/reference/built-in-page-controls.md
model/SQLQuery.php
2011-05-26 17:08:10 +12:00
ajshort
1f6f7f0862
API CHANGE: Deprecated CompositeField->FieldSet() in favour of CompositeField->FieldList().
...
MINOR: Replaced usage of FieldSet with FieldList.
MINOR: Renamed FieldSetTest to FieldListTest.
2011-05-11 17:51:54 +10:00
ajshort
3f132a105b
API CHANGE: Replaced DataObjectSet instances with ArrayList.
2011-05-05 20:40:24 +10:00
ajshort
04e5dae22e
MINOR: Updated places that expect a DataObjectSet to accept an SS_List instance.
2011-05-02 17:14:05 +10:00
Ingo Schommer
afbb4cc045
MINOR Fixed Member_ProfileForm styling, inlining into _style.css. Misc style fixes
2011-05-01 20:23:07 +12:00
Ingo Schommer
87163d5bb6
MINOR Removed unnecessary headers from Member->getCMSFields()
2011-05-01 20:23:07 +12:00
Ingo Schommer
f8b38e9adb
MINOR Moving _layout.scss include from screen.css into its own file, in order to selectively block layout options like body {overflow: none;} while retaining all other cms styles (useful in a dialog context)
2011-05-01 20:23:07 +12:00
Sam Minnee
7fbb919ce8
API CHANGE: Introduce DataModel object, as a representation of the project's entire data model, and tie it to $this->model an all DataObjects, Controllers, and RequestHandlers for easy non-static access.
...
API CHANGE: Add DataList::newObject(), which creates a new object on that DataList.
API CHANGE: RequestHandler::handleRequest() now needs to handle a $model argument, if you override it.
2011-05-01 17:33:02 +12:00
ajshort
81c0caaddb
API CHANGE: Renamed DataList::filter() and DataQuery::filter() to ::where().
2011-05-01 15:26:30 +12:00
Sam Minnee
397d19f23b
BUGFIX: Fixed bug in relation to new ORM(DataObject::get() doesn't return a null anymore)
2011-05-01 15:26:28 +12:00
Sam Minnee
0de6dbc848
BUGFIX: Fixed Permission::add_to_hidden_permissions() and Permission::remove_from_hidden_permissions()
2011-05-01 15:26:28 +12:00
Sam Minnee
4a061fd071
ENHANCEMENT: Refactored MemberTableList field to make better use of DataList and ManyManyList. Refactored ComplexTableField and TableListField to, stripping out as much model logic as possible.
2011-05-01 15:26:28 +12:00
Sam Minnee
33fa7825f9
BUGFIX: Updated Member <-> Group relations to work with new ManyManyList. API CHANGE: Deprecated the special methods in Member_GroupSet.
2011-05-01 15:25:45 +12:00
Sam Minnee
de1494e3a8
ENHANCEMENT: Implemented DataList as the successor of DataObjectSet. DataList doesn't execute the query until it's actually needed, allowing for a more flexible ORM.
...
API CHANGE: augmentSQL is now passed a DataQuery object from which query parameters can be extracted.
API CHANGE: DataObjectDecorators that manipulate the query can now define augmentDataQueryCreation().
API CHANGE: The container class argument for DataObject::get() is deprecated.
API CHANGE: DataObject::buildSQL() and DataObject::extendedSQL() are deprecated; just use DataObject::get() now.
API CHANGE: DataObject::instance_get() and DataObject::instance_get_one() are deprecated, and can no longer be overloaded.
API CHANGE: DataObject::buildDataObjectSet() is deprecated.
API CHANGE: Cant't call manual manipulation methods on DataList such as insertFirst()
2011-05-01 15:25:45 +12:00
Ingo Schommer
79e0634537
Merge branch 'cms-ui-preparation'
2011-04-28 22:48:02 +12:00
ajshort
3a1c2df4e7
API CHANGE: Renamed DataObjectDecorator to DataExtension.
...
API CHANGE: Renamed LeftAndMainDecorator to LeftAndMainExtension.
MINOR: Replaced all references to decorators with extension.
2011-04-26 11:01:38 +10:00
Ingo Schommer
43491c2641
MINOR Reducing number of asset downloads by combining files in LeftAndMain->init() and including full jquery.ui.css instead of multiple @import statements
2011-04-25 21:36:51 +12:00
Ingo Schommer
d5efacbf56
BUGFIX Less fragile 'newness' check on Group->Code in Group->onBeforeWrite() ( fixes #6595 )
2011-04-14 21:38:07 +12:00
Julian Seidenberg
e3f15dba9e
BUGFIX: %40 instead of @ when using forgot password fix ( fixes #6314 , thanks Fragarach 87)
2011-03-30 18:16:16 +13:00
Ingo Schommer
e1b249d0d8
BUGFIX Allowing Security controller methods to work without Page or Page_Controller classes (now moved to 'cms' module)
2011-03-29 18:07:57 +13:00
Paul Meyrick
dc36725869
MINOR Using BlankPage template in SecurityTest, BasicAuthTest to remove ContentController dependency
...
MINOR Checking for SiteTree class existence in Security, Translatable
MINOR Checking for ContentController existence in FulltextSearchable
MINOR Removed unnecessary ContentController tests from ObjectTest
MINOR Replaced CMS specific examples in PermissionCheckboxSetFieldTest, DataObjectTest
MINOR Changed SecurityTest to make assertions against Security/login rather than relying on redirection from admin/cms
2011-03-29 18:07:55 +13:00
Ingo Schommer
da909a0214
BUGFIX Fixed usage of htmlentities() and html_entity_decode() to be UTF8 compatible by default
2011-03-21 18:13:01 +13:00
Sam Minnee
5755c27c30
ENHANCEMENT Improved performance of DataObject::get_by_id() by setting order to "1" in the contained get_one() call
2011-03-21 18:09:12 +13:00
Ingo Schommer
2b7c633e6e
MINOR Rewrite of PermissionCheckboxSetField.js from Behaviour.js to jQuery.entwine
2011-03-16 14:18:30 +13:00
Ingo Schommer
c6f3a08b7b
BUGFIX Set title automatically for empty groups in Group->populateDefaults()
2011-03-16 13:31:50 +13:00
Ingo Schommer
498e5758bf
BUGFIX Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member->getCMSFields()) by checking for admin groups in Member->onChangeGroups()
2011-03-09 15:49:41 +13:00
Julian Seidenberg
52070a0c3a
ENHANCEMENT: including all of jquery-ui instead of specifying individual pieces of it. This is a larger download size, but should be quicker overall as it is just a single download instead of lots of small files.
2011-02-24 17:07:24 +13:00
Julian Seidenberg
a836456cd9
BUGFIX: updated links to new jquery ui file paths
2011-02-24 12:07:34 +13:00
Sam Minnee
d045970d83
Merge remote branch 'origin/master'
2011-02-22 10:57:59 +13:00
Sam Minnee
27246ce982
MINOR: Fixed 2.4 mergeback
2011-02-22 10:53:58 +13:00
Ingo Schommer
662c5259e5
BUGFIX Fixed Group->collateAncestorIDs() handling of orphans ( fixes #6413 )
2011-02-22 00:19:23 +13:00
Sam Minnee
1e0c4ae8d1
Merge branch '2.4'
...
Conflicts:
cache/Cache.php
cli/CliController.php
core/Convert.php
core/Core.php
core/ManifestBuilder.php
core/Object.php
core/SSViewer.php
core/control/ContentController.php
core/control/ContentNegotiator.php
core/control/FormResponse.php
core/control/RequestHandler.php
core/control/SilverStripeNavigatorItem.php
core/i18n.php
core/i18nTextCollector.php
core/model/DataObjectSet.php
core/model/Hierarchy.php
core/model/Image.php
core/model/MySQLDatabase.php
core/model/SiteConfig.php
core/model/SiteTree.php
core/model/Translatable.php
core/model/VirtualPage.php
dev/Debug.php
dev/SapphireTest.php
dev/TestRunner.php
dev/YamlFixture.php
dev/install/MySQLDatabaseConfigurationHelper.php
docs/en/installation/from-source.md
docs/en/topics/themes.md
docs/en/tutorials/4-site-search.md
email/Mailer.php
filesystem/File.php
filesystem/Folder.php
forms/ComplexTableField.php
forms/CurrencyField.php
forms/DateField.php
forms/FieldSet.php
forms/FileField.php
forms/FileIFrameField.php
forms/HtmlEditorConfig.php
forms/HtmlEditorField.php
forms/SelectionGroup.php
forms/SimpleImageField.php
forms/TabSet.php
forms/TableField.php
forms/TableListField.php
forms/TreeDropdownField.php
forms/TreeMultiselectField.php
integration/Geoip.php
javascript/SelectionGroup.js
javascript/TreeSelectorField.js
javascript/UpdateURL.js
javascript/core/jquery.ondemand.js
javascript/tiny_mce_improvements.js
javascript/tree/tree.js
lang/en_US.php
search/ContentControllerSearchExtension.php
security/Group.php
security/Member.php
security/PermissionCheckboxSetField.php
security/PermissionRole.php
security/Security.php
static-main.php
templates/RelationComplexTableField.ss
templates/TableListField.ss
tests/ConvertTest.php
tests/DataObjectSetTest.php
tests/DataObjectTest.php
tests/DataObjectTest.yml
tests/RequestHandlingTest.php
tests/SSViewerTest.php
tests/SiteTreePermissionsTest.php
tests/SiteTreeTest.php
tests/TransactionTest.php
tests/api/RestfulServiceTest.php
tests/control/DirectorTest.php
tests/control/ModelAsControllerTest.php
tests/fieldtypes/WidgetAreaEditorTest.php
tests/forms/CurrencyFieldTest.php
tests/forms/FormTest.php
tests/model/DatabaseTest.php
tests/model/ImageTest.php
tests/search/ContentControllerSearchExtensionTest.php
tests/security/MemberAuthenticatorTest.php
thirdparty/.gitignore
thirdparty/behaviour/behaviour.js
thirdparty/firebug-lite/firebug.js
thirdparty/firebug-lite/firebugx.js
thirdparty/jquery-form/jquery.form.js
thirdparty/jquery-livequery/jquery.livequery.js
thirdparty/jquery-livequery/test/jquery.js
thirdparty/jquery-livequery/test/test.html
thirdparty/jquery-livequery/test/test2.html
thirdparty/jquery-metadata/META.json
thirdparty/jquery-metadata/README
thirdparty/jquery-metadata/jquery.metadata.js
thirdparty/jquery-metadata/test/index.html
thirdparty/jquery-metadata/test/jquery.js
thirdparty/jquery-metadata/test/test.js
thirdparty/jquery-metadata/test/testrunner.js
thirdparty/jquery-metadata/test/testsuite.css
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_0_aaaaaa_40x100.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_flat_75_ffffff_40x100.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_55_fbf9ee_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_65_ffffff_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_dadada_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_75_e6e6e6_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_glass_95_fef1ec_1x400.png
thirdparty/jquery-ui-themes/smoothness/images/ui-bg_highlight-soft_75_cccccc_1x100.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_222222_256x240.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_2e83ff_256x240.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_454545_256x240.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_888888_256x240.png
thirdparty/jquery-ui-themes/smoothness/images/ui-icons_cd0a0a_256x240.png
thirdparty/jquery-ui/i18n/jquery-ui-i18n.js
thirdparty/jquery-ui/i18n/ui.datepicker-ar.js
thirdparty/jquery-ui/i18n/ui.datepicker-bg.js
thirdparty/jquery-ui/i18n/ui.datepicker-ca.js
thirdparty/jquery-ui/i18n/ui.datepicker-cs.js
thirdparty/jquery-ui/i18n/ui.datepicker-da.js
thirdparty/jquery-ui/i18n/ui.datepicker-de.js
thirdparty/jquery-ui/i18n/ui.datepicker-el.js
thirdparty/jquery-ui/i18n/ui.datepicker-eo.js
thirdparty/jquery-ui/i18n/ui.datepicker-es.js
thirdparty/jquery-ui/i18n/ui.datepicker-fa.js
thirdparty/jquery-ui/i18n/ui.datepicker-fi.js
thirdparty/jquery-ui/i18n/ui.datepicker-fr.js
thirdparty/jquery-ui/i18n/ui.datepicker-he.js
thirdparty/jquery-ui/i18n/ui.datepicker-hr.js
thirdparty/jquery-ui/i18n/ui.datepicker-hu.js
thirdparty/jquery-ui/i18n/ui.datepicker-hy.js
thirdparty/jquery-ui/i18n/ui.datepicker-id.js
thirdparty/jquery-ui/i18n/ui.datepicker-is.js
thirdparty/jquery-ui/i18n/ui.datepicker-it.js
thirdparty/jquery-ui/i18n/ui.datepicker-ja.js
thirdparty/jquery-ui/i18n/ui.datepicker-ko.js
thirdparty/jquery-ui/i18n/ui.datepicker-lt.js
thirdparty/jquery-ui/i18n/ui.datepicker-lv.js
thirdparty/jquery-ui/i18n/ui.datepicker-ms.js
thirdparty/jquery-ui/i18n/ui.datepicker-nl.js
thirdparty/jquery-ui/i18n/ui.datepicker-no.js
thirdparty/jquery-ui/i18n/ui.datepicker-pl.js
thirdparty/jquery-ui/i18n/ui.datepicker-pt-BR.js
thirdparty/jquery-ui/i18n/ui.datepicker-ro.js
thirdparty/jquery-ui/i18n/ui.datepicker-ru.js
thirdparty/jquery-ui/i18n/ui.datepicker-sk.js
thirdparty/jquery-ui/i18n/ui.datepicker-sl.js
thirdparty/jquery-ui/i18n/ui.datepicker-sq.js
thirdparty/jquery-ui/i18n/ui.datepicker-sr-SR.js
thirdparty/jquery-ui/i18n/ui.datepicker-sr.js
thirdparty/jquery-ui/i18n/ui.datepicker-sv.js
thirdparty/jquery-ui/i18n/ui.datepicker-th.js
thirdparty/jquery-ui/i18n/ui.datepicker-tr.js
thirdparty/jquery-ui/i18n/ui.datepicker-uk.js
thirdparty/jquery-ui/i18n/ui.datepicker-zh-CN.js
thirdparty/jquery-ui/i18n/ui.datepicker-zh-TW.js
thirdparty/jquery/jquery.js
thirdparty/jsmin/.piston.yml
thirdparty/jsmin/jsmin.php
thirdparty/prototype/prototype.js
thirdparty/scriptaculous/dragdrop.js
thirdparty/simplepie/.piston.yml
thirdparty/spyc/.piston.yml
thirdparty/spyc/README
thirdparty/spyc/php4/spyc.php4
thirdparty/spyc/php4/test.php4
thirdparty/spyc/spyc.php
thirdparty/spyc/spyc.yaml
thirdparty/tinymce-advcode/dialog.html
thirdparty/tinymce-advcode/editor_plugin_src.js
thirdparty/tinymce-advcode/js/dialog.js
thirdparty/tinymce/langs/en.js
thirdparty/tinymce/plugins/advhr/langs/en_dlg.js
thirdparty/tinymce/plugins/advhr/rule.htm
thirdparty/tinymce/plugins/advimage/image.htm
thirdparty/tinymce/plugins/advimage/langs/en_dlg.js
thirdparty/tinymce/plugins/advlink/langs/en_dlg.js
thirdparty/tinymce/plugins/advlink/link.htm
thirdparty/tinymce/plugins/emotions/emotions.htm
thirdparty/tinymce/plugins/emotions/langs/en_dlg.js
thirdparty/tinymce/plugins/example/dialog.htm
thirdparty/tinymce/plugins/fullpage/fullpage.htm
thirdparty/tinymce/plugins/fullpage/langs/en_dlg.js
thirdparty/tinymce/plugins/fullscreen/fullscreen.htm
thirdparty/tinymce/plugins/inlinepopups/template.htm
thirdparty/tinymce/plugins/media/langs/en_dlg.js
thirdparty/tinymce/plugins/media/media.htm
thirdparty/tinymce/plugins/paste/js/pasteword.js
thirdparty/tinymce/plugins/paste/langs/en_dlg.js
thirdparty/tinymce/plugins/paste/pastetext.htm
thirdparty/tinymce/plugins/paste/pasteword.htm
thirdparty/tinymce/plugins/searchreplace/langs/en_dlg.js
thirdparty/tinymce/plugins/searchreplace/searchreplace.htm
thirdparty/tinymce/plugins/spellchecker/editor_plugin.js
thirdparty/tinymce/plugins/spellchecker/editor_plugin_src.js
thirdparty/tinymce/plugins/style/langs/en_dlg.js
thirdparty/tinymce/plugins/style/props.htm
thirdparty/tinymce/plugins/table/cell.htm
thirdparty/tinymce/plugins/table/langs/en_dlg.js
thirdparty/tinymce/plugins/table/merge_cells.htm
thirdparty/tinymce/plugins/table/row.htm
thirdparty/tinymce/plugins/table/table.htm
thirdparty/tinymce/plugins/template/langs/en_dlg.js
thirdparty/tinymce/plugins/template/template.htm
thirdparty/tinymce/plugins/xhtmlxtras/abbr.htm
thirdparty/tinymce/plugins/xhtmlxtras/acronym.htm
thirdparty/tinymce/plugins/xhtmlxtras/attributes.htm
thirdparty/tinymce/plugins/xhtmlxtras/cite.htm
thirdparty/tinymce/plugins/xhtmlxtras/del.htm
thirdparty/tinymce/plugins/xhtmlxtras/ins.htm
thirdparty/tinymce/plugins/xhtmlxtras/langs/en_dlg.js
thirdparty/tinymce/themes/advanced/about.htm
thirdparty/tinymce/themes/advanced/anchor.htm
thirdparty/tinymce/themes/advanced/charmap.htm
thirdparty/tinymce/themes/advanced/color_picker.htm
thirdparty/tinymce/themes/advanced/image.htm
thirdparty/tinymce/themes/advanced/langs/en.js
thirdparty/tinymce/themes/advanced/langs/en_dlg.js
thirdparty/tinymce/themes/advanced/link.htm
thirdparty/tinymce/themes/advanced/source_editor.htm
thirdparty/tinymce/themes/simple/langs/en.js
thirdparty/tinymce/tiny_mce.js
thirdparty/tinymce/tiny_mce_src.js
widgets/Widget.php
2011-02-14 18:47:53 +13:00
Sam Minnee
8d05811734
Merge remote branch 'cbarberis/master'
2011-02-14 16:34:02 +13:00
Carlos Barberis
184e8bd852
ENHANCEMENT: Added allowed actions to core classes
2011-02-14 11:14:51 +13:00
Ingo Schommer
60ca784aae
API CHANGE Removed Director::history(), history was no longer recorded. Removed Director::__construct(), as Director is a static utility class without instance state ( fixes #6385 )
2011-02-12 16:39:35 +13:00
Sean Harvey
c3f915c4d5
BUGFIX #6287 open_basedir restriction breaks RandomGenerator when trying to read dev/urandom
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@115314 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:06 +13:00
Ingo Schommer
397bbe7bb5
BUGFIX Avoid potential referer leaking in Security->changepassword() form by storing Member->AutoLoginHash in session instead of 'h' GET parameter (from r114758)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114760 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
25da2d1c25
MINOR Reverting Member "AutoLoginHash", "RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length (from r114748)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114749 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
7280a64d6b
MINOR Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by RandomGenerator. 1024 bytes caused problems with index lengths on MySQL (from r114743)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114744 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:05 +13:00
Ingo Schommer
6255cdf20a
BUGFIX Limiting usage of mcrypt_create_iv() in RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114512 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
310f8f6a03
BUGFIX Using RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of 'RememberLoginToken' and 'AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114507 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
ae1d8e2e18
BUGFIX Using RandomGenerator class in PasswordEncryptor->salt() (from r114503)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114506 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:04 +13:00
Ingo Schommer
696de5d437
BUGFIX Using RandomGenerator class in SecurityToken->generate() for more random tokens
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114500 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
f8c970ec0c
ENHANCEMENT Added RandomGenerator for more secure CRSF tokens etc. (from r114497)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114499 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Ingo Schommer
30e3f08efb
MINOR Checking for class_exists() before SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists (from r114332)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114334 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:03 +13:00
Sean Harvey
28f1c20c5d
MINOR Reverted r108515
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@114079 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:20:02 +13:00
Ingo Schommer
d6c9e18333
BUGFIX Using current controller for MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group)
...
git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/branches/2.4@113273 467b73ca-7a2a-4603-9d3b-597d59a354a9
2011-02-02 14:19:58 +13:00