tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
15,650 Commits 31 Branches 527 Tags 162 MiB
f17e21c4a3
Commit Graph

1100 Commits

Author SHA1 Message Date
Daniel Hensby
f17e21c4a3
Merge branch '3.2' into 3.3 2016-11-22 11:26:41 +00:00
Daniel Hensby
d2633be56d
Merge branch '3.1' into 3.2 2016-11-22 11:21:08 +00:00
Daniel Hensby
17097a4d11
[SS-2016-016] FIX Properly escape backURL for template injection 2016-11-10 17:00:03 +00:00
Daniel Hensby
088d88e978
Merge branch '3.2' into 3.3 2016-08-22 16:22:02 +01:00
Daniel Hensby
229a2b9217
Merge pull request #4133 from nimeso/patch-1 2016-08-22 11:52:47 +01:00
Daniel Hensby
fa7f5af861 [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 15:02:53 +12:00
Daniel Hensby
83e3302c04 [SS-2016-013] FIX Uncasted member name 2016-08-15 15:02:47 +12:00
Daniel Hensby
6d41db77fa [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
 2016-08-15 15:02:41 +12:00
Daniel Hensby
f85dea2e6d [SS-2016-008] Reset Member::Salt on password change 2016-08-15 15:02:36 +12:00
Daniel Hensby
b1f449762b [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 14:07:57 +12:00
Daniel Hensby
281b0de571 [SS-2016-013] FIX Uncasted member name 2016-08-15 14:07:51 +12:00
Daniel Hensby
2b30ade44d [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
 2016-08-15 14:07:40 +12:00
Daniel Hensby
dc47f7ec9a [SS-2016-008] Reset Member::Salt on password change 2016-08-15 14:07:24 +12:00
Daniel Hensby
1c7d5de51b [SS-2016-014] FIX Autologin cookies are ignored if autologin is disabled 2016-08-15 13:24:06 +12:00
Daniel Hensby
6817c57f64 [SS-2016-013] FIX Uncasted member name 2016-08-15 13:21:14 +12:00
Daniel Hensby
6606d98663 [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
 2016-08-15 13:20:02 +12:00
Daniel Hensby
298f61521c [SS-2016-008] Reset Member::Salt on password change 2016-08-15 13:19:02 +12:00
Damian Mooyman
0d5ae23f2b Merge 3.2 into 3.3 2016-08-05 14:36:35 +12:00
Andrew Aitken-Fincham
66f2e6811b modify getAuthenticator to fall back to get_default_authenticator 2016-08-03 10:36:43 +12:00
Damian Mooyman
f1a0aef0d7
BUG fix CMS_ACCESS permission being ignored if in incorrect order in array 2016-06-28 17:45:15 +12:00
Daniel Hensby
d1751e3310
Merge remote-tracking branch '3.2.4' into 3.3.2 2016-05-05 12:33:21 +01:00
Daniel Hensby
cf29b2c146
Merge remote-tracking branch '3.1.19' into 3.2.4 2016-05-05 11:17:45 +01:00
Daniel Hensby
92599727b9
Merge remote-tracking branch 'security/patch/3.1/ss-2016-006' into 3.1.19 2016-05-05 01:01:49 +01:00
Daniel Hensby
7af7f8dd65
Merge remote-tracking branch 'security/patch/3.1/ss-2016-005' into 3.1.19 2016-05-05 01:01:44 +01:00
Damian Mooyman
2a5ba397e6 BUG Fix SS_HTTPResponse being cast as string (#5413) 
Fixes #5335
 2016-05-02 08:54:19 +12:00
Daniel Hensby
1ccd3926e3
[SS-2016-001] FIX Properly check backurl on CMSSecurity@success 2016-04-20 23:58:50 +01:00
Daniel Hensby
a6bd22ab2f
[SS-2016-006] FIX dont disable XSS for login forms 2016-04-20 23:57:59 +01:00
Daniel Hensby
f32c893546
[SS-2016-005] FIX Apply brute force protection to default admin 2016-04-19 23:20:29 +01:00
Damian Mooyman
5d240feaec Merge remote-tracking branch 'origin/3.2' into 3.3 2016-01-19 15:08:24 +13:00
Damian Mooyman
46cbe809ac Merge remote-tracking branch 'origin/3.1' into 3.2 
# Conflicts:
#	docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md
#	docs/en/02_Developer_Guides/14_Files/01_Image.md
#	docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/How_Tos/Customise_CMS_Menu.md
#	docs/en/03_Upgrading/index.md
#	docs/en/05_Contributing/01_Code.md
#	forms/TreeMultiselectField.php
#	security/Permission.php
 2016-01-19 14:00:19 +13:00
Denise Rivera
7e32268ede display filtered roles when not an admin 2016-01-11 13:05:10 +13:00
Damian Mooyman
21e1e938eb Merge pull request #4893 from dhensby/pulls/member-regenerate-session-id 
FIX session_regenerate_id uses config system
 2016-01-06 15:16:31 +13:00
Daniel Hensby
00544ff100 FIX session_regenerate_id uses config system 2016-01-05 22:31:58 +00:00
Daniel Hensby
4335d8ed22 FIX Members with no ID inherit logged in user permission 2016-01-05 08:16:18 +00:00
Damian Mooyman
19b10044ec Merge remote-tracking branch 'origin/3.2' into 3 2015-12-22 17:05:07 +13:00
Damian Mooyman
6ac83f02c9 Merge pull request #4819 from SilverStripers/3 
parse the string to be converted to group codes.
 2015-12-22 16:53:31 +13:00
Damian Mooyman
48a30909f3 Merge remote-tracking branch 'origin/3.2' into 3 
# Conflicts:
#	admin/javascript/LeftAndMain.BatchActions.js
#	css/UploadField.css
#	forms/HtmlEditorField.php
 2015-12-22 14:07:52 +13:00
Mateusz Uzdowski
5a21b2fb15 BUG Guard against users being added to all groups on unsaved Group. 
If ->Members()->add() is called on an unsaved group (with ID 0), the
collateFamilyIDs() will errorneously return all root Groups thinking
it's looking for Groups with ParentID=0. As a result, the Member will be
added to all root groups, instead of just the selected group and all its
children.
 2015-12-11 14:51:51 +13:00
Damian Mooyman
38e154af0a API Disable get parameter access to site stage mode 
BUG Fix missing and undocumented response from Security::permissionFailure()
 2015-12-07 17:39:18 +13:00
Nivanka Fonseka
411f168f00 parse the string to be converted to group codes. 
Two fixes.
1. parse the group code by using Convert::raw2url() as it creates duplicate records if the group code is given in upper case letters, spaces etc. 
2. assigning to the $_cache_groupByCode has to be really done in the if condition rather than out of it.
 2015-12-02 10:01:25 +05:30
Novusvetus
6266f909e0 API Increased Permission.Code db field to 255 characters 2015-11-27 13:54:37 +13:00
Damian Mooyman
94742fa3e2 BUG Revert method visibility regression 2015-11-27 13:10:52 +13:00
Manuel Teuber
666ce26929 FIX: Permission::checkMember() use of undefined variable $codes 2015-10-07 16:02:36 +13:00
Manuel Teuber
5224fc460c FIX: Permission::checkMember() use of undefined variable $codes 2015-09-29 23:49:29 +02:00
Damian Mooyman
71b8aec306 Merge remote-tracking branch 'origin/3.2' into 3 2015-09-15 13:35:51 +12:00
Damian Mooyman
c4710b2272 Merge remote-tracking branch 'origin/3.1' into 3.2 
Conflicts:
	admin/code/GroupImportForm.php
	admin/code/MemberImportForm.php
	tests/model/DataListTest.php
 2015-09-15 13:18:47 +12:00
Damian Mooyman
7e76f769b1 Merge pull request #4600 from patricknelson/issue-4597-gridfieldconfig-injector 
FIX for #4597: Ensuring GridFieldConfig_RelationEditor is instantiated via Injector, not via "new" keyword.
 2015-09-14 10:14:05 +12:00
Patrick Nelson
5cc0878dc1 FIX for #4597: Ensuring GridFieldConfig_RelationEditor is instantiated via Injector, not via "new" keyword. 2015-09-11 17:57:13 -04:00
Damian Mooyman
7367cf54c4 [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
Damian Mooyman
f10785350e Merge remote-tracking branch 'origin/3.2' into 3 
Conflicts:
	docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md
 2015-09-09 14:50:47 +12:00