Commit Graph

1175 Commits

Author SHA1 Message Date
Robbie Averill
4a9e991edb Merge branch '3.6' into 3 2018-05-28 17:44:48 +12:00
Robbie Averill
dae8fefb1e Merge remote-tracking branch 'origin/3.5' into 3.6 2018-05-28 17:43:55 +12:00
Damian Mooyman
5771388821 [ss-2018-001] Restrict non-admins from being assigned to admin groups 2018-05-09 15:12:40 +12:00
Damian Mooyman
47a9cdfd49 ENHANCEMENT Backport of querystring work to 3.x (#8026)
* WIP Backport of querystring work to 3.x

* Remove dataextension requirement

* Fix up bootstrapping

* more backporting

* Bug fix some tests

* Fix up some tests

* Fix support for custom stages
Don't set empty stage

* Better cache typehint

* Make sure useDraftSite(false) re-enables secure site

* Remove unnecessary guard around controller property
2018-05-08 10:04:44 +12:00
Daniel Hensby
c31251911c
Merge branch '3.6' into 3 2018-04-18 13:14:46 +01:00
Robbie Averill
51d4d2c11e Update some phpdocs that had typos, missing parts or incorrect formats 2018-04-11 20:12:38 +12:00
Damian Mooyman
f4b13fb2c4
Merge remote-tracking branch 'origin/3.6' into 3
# Conflicts:
#	model/DataQuery.php
2018-02-05 16:53:15 +13:00
Damian Mooyman
4da99efd5d
Merge remote-tracking branch 'origin/3.5' into 3.6 2018-01-31 16:03:42 +13:00
Daniel Hensby
9103816333
NEW Add php 7.2 support 2018-01-30 16:50:32 +00:00
Damian Mooyman
cf69d04866
BUG Fix ping including requirements
Fixes #7802
2018-01-26 10:26:18 +13:00
Damian Mooyman
72e2326731
Merge pull request #7798 from kinglozzer/member-groupset-delete
FIX: Fix Member_GroupSet::removeAll() (fixes #3948)
2018-01-25 09:20:30 +13:00
Loz Calver
c2cd6b3832 FIX: Fix Member_GroupSet::removeAll() (fixes #3948) 2018-01-24 17:17:20 +00:00
Steve Boyd
f214cd52e0
Ensure currentUserID() returns an int
Cast $id returned from Session as an int to ensure it's never returned as a string
2018-01-23 13:37:06 +13:00
Damian Mooyman
3346b37ef0
Merge branch '3.6' into 3 2017-12-08 11:53:49 +13:00
Damian Mooyman
052f11a427
Remove merge artifact 2017-12-08 11:52:48 +13:00
Damian Mooyman
50aa1f22a6
Merge branch '3.6' into 3 2017-12-07 13:20:58 +13:00
Damian Mooyman
d6a93f5215
Merge remote-tracking branch 'silverstripe-security/3.5' into 3.6
# Conflicts:
#	security/Member.php
2017-12-06 17:26:45 +13:00
Damian Mooyman
91cf85087b
Merge remote-tracking branch 'origin/3.5' into 3.6 2017-12-06 17:21:09 +13:00
Damian Mooyman
6ba00e829a
[ss-2017-009] Prevent disclosure of sensitive information via LoginAttempt 2017-11-30 15:53:50 +13:00
Daniel Hensby
2ad3cc07d5
FIX Update meber passwordencryption to default on password change 2017-11-23 21:17:31 +00:00
Daniel Hensby
b49d1d7fbd
Merge branch '3.6' into 3 2017-09-28 17:17:19 +01:00
Daniel Hensby
bd7abc73de
Merge branch '3.5.5' into 3.6.2 2017-09-20 16:26:30 +01:00
Daniel Hensby
72702dbd50 Merge pull request #43 from silverstripe-security/pulls/3.5/member-enumeration-timing-attack
[SS-2017-005] User enumeration via timing attack mitigated
2017-09-20 11:39:39 +01:00
Daniel Hensby
f0262a8fd9
[SS-2017-005] User enumeration via timing attack mitigated 2017-09-20 11:33:22 +01:00
Daniel Hensby
091d99f599
FIX Authenticators are more resilient to incomplete configuration 2017-09-12 15:57:03 +01:00
Daniel Hensby
23a726f385
Merge branch '3.6' into 3 2017-08-14 13:43:28 +01:00
Daniel Hensby
a3b72c500d
Merge branch '3.5' into 3.6 2017-08-14 12:55:09 +01:00
Loz Calver
82c0632f46
Fix: Use Config API for MemberAuthenticator::$migrate_legacy_hashes (fixes #7208) 2017-07-26 09:54:29 +01:00
Daniel Hensby
1e5592a3d9
Merge branch '3.5' into 3.6 2017-06-27 13:14:39 +01:00
Daniel Hensby
6f2b08b962
Merge branch '3.6' into 3 2017-06-14 12:02:27 +01:00
Daniel Hensby
ecc88b2cbe
Merge branch '3.5' into 3.6 2017-06-14 12:02:06 +01:00
Daniel Hensby
a5c84b12ab
FIX Order of conditionals for getting default admin 2017-06-12 11:54:05 +01:00
Daniel Hensby
21d2e5cad1
Merge branch '3.6' into 3 2017-05-31 00:12:14 +01:00
Daniel Hensby
cda7e8dc39
Merge remote-tracking branch 'security/3.5.4' into 3.6.0 2017-05-29 01:29:05 +01:00
Daniel Hensby
24166700e8
Merge remote-tracking branch 'security/3.4.6' into 3.5.4 2017-05-29 01:02:35 +01:00
Daniel Hensby
447ce0f84f
[SS-2017-002] FIX Lock out users who dont exist in the DB 2017-05-25 16:14:52 +01:00
Damian Mooyman
f16d7e1838 API Deprecate unused / undesirable create_new_password implementation 2017-05-08 17:41:37 +12:00
Loz Calver
05a737c5fc Allow RandomGenerator to use random_bytes() in PHP 7 2017-04-05 11:05:28 +10:00
Joe Harvey
0d0d18612d Adding extension hooks to Member isLockedOut() and registerSuccessfulLogin() 2017-03-30 11:07:51 +01:00
Robbie Averill
2f6f5b5eff Do not send the header if it is not defined 2017-01-11 08:26:04 +13:00
Robbie Averill
cb2dcc75f1 Add X-Robots-Tag noindex,nofollow header from Security controller to prevent indexing 2017-01-09 16:13:39 +13:00
Daniel Hensby
69974d940a
Merge branch '3.3' into 3.4 2016-11-18 11:33:39 +00:00
Daniel Hensby
0ae4b57754
Merge branch '3.2' into 3.3 2016-11-18 11:32:36 +00:00
Daniel Hensby
5df077f24d
Merge branch '3.1' into 3.2 2016-11-18 11:29:19 +00:00
Daniel Hensby
8e5f786b8d
Merge branch '3.4' into 3.5.0 2016-11-15 11:43:16 +00:00
Daniel Hensby
3f4445641d
Merge branch '3.3' into 3.4 2016-11-15 11:35:38 +00:00
Daniel Hensby
c7778a1e9a
Merge branch '3.2' into 3.3 2016-11-15 11:19:27 +00:00
Daniel Hensby
06d0210233
Merge branch '3.1' into 3.2 2016-11-15 11:18:46 +00:00
Daniel Hensby
17097a4d11
[SS-2016-016] FIX Properly escape backURL for template injection 2016-11-10 17:00:03 +00:00
Daniel Hensby
5a7cde0e10
Merge branch '3.4' into 3.5.0 2016-11-09 16:14:40 +00:00