Commit Graph

191 Commits

Author SHA1 Message Date
Loz Calver
efdb9cc718 FIX: run member CMS validator when editing via groups (fixes #9184) 2019-09-23 16:59:58 +01:00
Robbie Averill
0b991cc039
Merge pull request #9198 from elabuwa/pulls/4.3/bug-fix-html-entities-breadcrumbs-in-group
Bug : Add html_entity_decode to group parents
2019-08-30 09:51:52 +12:00
Dileep Ratnayake
fe4eb5dd2a
Update src/Security/Group.php
Co-Authored-By: Maxime Rainville <maxime@rainville.me>
2019-08-29 15:44:41 +12:00
Maxime Rainville
73f43c6f42 BUG Remove placeholder text on new group form 2019-08-28 17:14:19 +12:00
Dileep Ratnayake
9b7075ed5d
Update Group.php 2019-08-27 16:22:00 +12:00
Dileep Ratnayake
a976a1688b
Update Group.php
move to private method
2019-08-27 16:21:08 +12:00
Dileep Ratnayake
40e5c4ec59
Update Group.php
use of convert::raw2xml, rename $grp to $group
2019-08-27 16:19:40 +12:00
Dileep Ratnayake
4f8240bd48
Update src/Security/Group.php
Co-Authored-By: Andre Kiste <bergice@users.noreply.github.com>
2019-08-27 12:19:03 +12:00
Dileep Ratnayake
f7a602137a
add html_entity_decode to breadcrumbs 2019-08-27 11:49:17 +12:00
Robbie Averill
5c794dfcdd FIX Prevent setting session value when no session exists yet 2019-07-29 17:16:01 +02:00
Guy Marriott
53cb804929
Merge branch '4.2' into 4.3 2019-05-13 15:56:23 +12:00
matt-in-a-hat
db0e6f7104 Fix password validation min length message
When relying on static config instead of an explicitly set minLength then this message would show without the value, like "it must be  or more characters long".
2019-05-13 13:43:29 +12:00
Robbie Averill
ee24413c30 Merge branch '4.2' into 4 2018-10-03 15:28:05 +02:00
Robbie Averill
231d6d9a9f FIX New members now receive the configured default locale, not the current locale 2018-09-28 16:25:10 +02:00
Robbie Averill
4d14e9b6b1
Merge pull request #8421 from creative-commoners/pulls/4.3/psr-5-deprecations
Update deprecation PHPDocs to be PSR-5 compliant
2018-09-28 14:18:54 +02:00
Robbie Averill
f842ee2eec Update deprecation PHPDocs to be PSR-5 compliant
See: https://github.com/php-fig/fig-standards/blob/master/proposed/phpdoc-tags.md#55-deprecated
2018-09-28 10:49:14 +02:00
Robbie Averill
adb4d1f92d MINOR Reduce some code complexity, update array syntax and injected SQLSelect etc 2018-09-27 16:40:23 +02:00
Simon Gow
c269a987d5 Performance issues with BasicAuth and LoginAttempts
Two functions interact with the LoginAttempt object which when used in conjunction with BasicAuth result in significant performance degradation over time, as the LoginAttempts Table fills.

This fix adds an index to the lookup column EmailHashed and removes the Email filter part of getByEmail() so it can use the index resulting in a much faster query.

For more information see https://github.com/silverstripe/silverstripe-framework/issues/8389
2018-09-20 13:34:03 +12:00
Robbie Averill
373a8afeb5 Merge branch '4.2' into 4 2018-09-06 13:26:46 +02:00
Ingo Schommer
f7d85fe794 Make sure that CMS requests disable caching
Original author: @dhensby

Forward port from 3.7 fix at https://github.com/silverstripe/silverstripe-framework/pull/8318
2018-09-05 11:38:41 +12:00
Robbie Averill
83e461abbf Merge branch '4.2' into 4 2018-08-27 16:15:57 +12:00
Robbie Averill
373326e49c
Merge pull request #8324 from creative-commoners/pulls/4.2/request-before-init
FIX Pass request to dummy controller before calling init
2018-08-21 12:08:14 +12:00
Robbie Averill
18fff5c16c Remove past tense for "log in" in expired token message 2018-08-20 22:31:23 +12:00
Robbie Averill
dbab696690 FIX Message when changing password with invalid token now contains correct links to login
The Security controller should be used to return these links rather than the
ChangePasswordHandler
2018-08-20 22:30:12 +12:00
Robbie Averill
873873dc30 FIX Pass request to dummy controller before calling init 2018-08-15 10:14:25 +12:00
Anh Le
68f75a9e25
Password changing notification issue on new member
With `notify_password_change = true`, new member is receiving notification email regarding password changing when they should not.
2018-08-13 14:13:05 +07:00
Ingo Schommer
2d6964c243
Merge pull request #8261 from open-sausages/pulls/4/secure-remember-me-cookie
NEW Option for secure "remember me" cookie
2018-07-31 09:19:15 +12:00
Ingo Schommer
114b0a5ea7
NEW Option for secure "remember me" cookie
Fixes #8234
2018-07-30 16:41:49 +01:00
Ingo Schommer
93b0884e19 BUG Lazy session state (fixes #8267)
Fixes regression from 3.x, where sessions where lazy started as required:
Either because an existing session identifier was sent through with the request,
or because new session data needed to be persisted as part of the request execution.

Without this lazy starting, *every* request will get a session,
which makes all those responses uncacheable by HTTP layers.

Note that 4.x also changed the $data vs. $changedData payloads:
In 3.x, they both contained key/value pairs.
In 4.x, $data contains key/value, while $changedData contains key/boolean to declare isChanged.
While this reduces duplication in the class, it also surfaced a bug which was latent in 3.x:
When an existing session is lazily resumed via start(), $data is set back to an empty array.
In 3.x, any changed data before this point was *also* retained in $changedData,
ensuring it gets merged into existing $_SESSION data.
In 4.x, this clears out data - hence the need for a more complex merge logic.

Since isset($this->data) is no longer an accurate indicator of a started session,
we introduce a separate $this->started flag.

Note that I've chosen not to make lazy an opt-in (e.g. via start($request, $lazy=false)).
We already have a distinction between lazy starting via init(), and force starting via start().
2018-07-19 13:32:04 +12:00
Daniel Hensby
560fe9820a FIX remove personal information from password reset confirmation screen 2018-07-05 14:19:15 +12:00
Robbie Averill
e0993043f8 Merge branch '4.1' into 4 2018-05-30 15:08:39 +12:00
Robbie Averill
c8b0bc0ad7 Merge branch '4.0' into 4.1
# Conflicts:
  #	src/ORM/DataObject.php
  #	tests/php/ORM/DataObjectDuplicationTest.php
  #	tests/php/ORM/DataObjectDuplicationTest/Class1.php
2018-05-30 14:52:07 +12:00
Robbie Averill
ea16e28aa7 Merge branch '4.1' into 4 2018-05-28 18:33:56 +12:00
Robbie Averill
6d98a912c9 Merge branch 'heads/4.1.1' into 4.1 2018-05-28 18:26:20 +12:00
Robbie Averill
3a537bc745 Merge branch 'heads/4.0.4' into 4.0 2018-05-28 17:50:07 +12:00
Robbie Averill
722202fef4 Merge remote-tracking branch 'origin/4.0.4' into 4.1.1
# Conflicts:
  #	src/Control/Director.php
2018-05-24 15:41:11 +12:00
Robbie Averill
5887201dd5
Merge pull request #64 from silverstripe-security/pulls/4.0/ss-2018-010
[SS-2018-010] Fix regression of SS-2017-002
2018-05-14 17:12:45 +12:00
Robbie Averill
beec0c0d47 [SS-2018-010] Fix regression of SS-2017-002 2018-05-14 17:12:07 +12:00
Damian Mooyman
e409d6f673 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-14 17:10:22 +12:00
Daniel Hensby
d5e2d3fa67
Merge branch '3.6' into 4.0 2018-05-01 21:47:17 +01:00
azt3k
6b39b25e20
Fixes a count() php warning without an api change
Warning: count(): Parameter must be an array or an object that implements Countable in /path/to/vendor/silverstripe/framework/src/Security/Member.php on line 1355
2018-04-27 09:31:07 +01:00
Damian Mooyman
9a12fac218
BUG Prevent password validator min score producing false negatives
Replaces #7995
2018-04-18 10:35:31 +12:00
Daniel Hensby
70effc7046
Revert "ENHANCEMENT Add config var to skip confirm logout (#7977)"
This reverts commit 47bcac930d.
2018-04-04 13:51:18 +01:00
Andrew Aitken-Fincham
47bcac930d ENHANCEMENT Add config var to skip confirm logout (#7977) 2018-04-04 09:43:49 +12:00
Damian Mooyman
386ef27f65
Update requesthandlers with missing extension points 2018-03-23 15:28:00 +13:00
Damian Mooyman
625f7b4eee
Merge remote-tracking branch 'origin/4.0' into 4.1 2018-03-13 14:26:18 +13:00
Joe Harvey
bf2cee3989 Bugfix - Correct duplicate nesting of 'Content' to be returned to template
In scenarios where:

- No member is logged in
- An 'AutoLoginHash' is provided via the 't' (token) query param
- The token isn't valid (determined by Member::validateAutoLoginToken())

The message which is intended to be returned to the end-user via $Content
in the template, is mistakenly double nested in ['Content' => ['Content' => 'Message']]
this leads to "The method forTemplate() doesn't exist on ArrayData" errors.

See - https://github.com/silverstripe/silverstripe-framework/issues/7866
2018-03-07 14:14:05 +00:00
JorisDebonnet
3e0984db49
Delete orphaned Group_Members records after deleting a Member 2018-02-27 19:47:26 +01:00
Daniel Hensby
c04ff8c55a
Merge branch '4.0' into 4.1 2018-02-21 13:40:30 +00:00
Damian Mooyman
0e26c06644
BUG Fix behaviour towards versioned but unstagable records 2018-02-20 12:20:18 +13:00