Simon Welsh
fbce9fd7cd
Merge branch '3.1'
...
Conflicts:
.travis.yml
docs/en/misc/contributing/code.md
javascript/HtmlEditorField.js
2013-07-05 10:22:58 +12:00
Simon Welsh
1d5ac5876b
Only redirect on logout if we're not already redirecting
2013-06-27 09:49:10 +12:00
Ingo Schommer
94b4237372
Merge remote-tracking branch 'origin/3.1'
2013-06-19 11:17:33 +02:00
Will Morgan
db3eed1f9a
Using Injector pattern for ValidationResult in Member
2013-06-18 15:49:58 +01:00
Stig Lindqvist
2eafd63297
Merge pull request #2077 from halkyon/changepassword_validation_redirection_issue
...
BUG If BackURL set, validation errors send the user to wrong place.
2013-06-07 22:44:13 -07:00
Sean Harvey
83bff54ec2
BUG If BackURL set, validation errors send the user to wrong place.
...
If there's validation errors in the ChangePasswordForm, the user
is taken to the BackURL because redirectBack() will go there if
it's set.
Instead of this, just redirect back to the "changepassword" action
on the Security controller.
2013-06-08 11:34:58 +12:00
Sean Harvey
7862ececbd
Allow PasswordValidator to be translated
2013-06-08 10:48:27 +12:00
Will Morgan
1c0ae76f8e
Adding passwordless message instead of throwing an exception
2013-06-07 16:52:44 +02:00
Ingo Schommer
88536998b9
Merge remote-tracking branch 'origin/3.1'
...
Conflicts:
.travis.yml
2013-05-31 18:08:59 +02:00
Sam Minnée
5d76048275
Merge pull request #1780 from hdrlab/patch-4
...
Disable ID based partial caching for all security actions
2013-05-24 23:53:04 -07:00
Sam Minnée
628391e3f1
Merge pull request #1979 from nedmas/patch-1
...
BUGFIX: singleton('Group')->Members() fails
2013-05-24 19:45:54 -07:00
Ingo Schommer
016368afdc
Merge pull request #1994 from mateusz/logout-cleanup
...
BUG Clean up the logOut and session destructon routines.
2013-05-24 16:01:42 -07:00
Tom Densham
d36fbfb1b2
BUGFIX: singleton('Group')->Members() fails
...
Running Members() on a Group that has no Db record causes UnsavedRelationList to be returned by DirectMembers() which in turn causes alterDataQuery() to fall over when called on an UnsavedRelationList. This just adds a simple check to prevent it.
2013-05-23 17:31:19 +02:00
Sam Minnee
d97ca43cd0
Merge branch '3.1'
...
Conflicts:
README.md
dev/install/install.php5
forms/ConfirmedPasswordField.php
tests/forms/FormTest.php
2013-05-23 19:01:58 +12:00
Sean Harvey
ac2216dabc
Merge pull request #1969 from robert-h-curry/patch-1
...
Only show direct members of a group in the members field
2013-05-22 20:28:17 -07:00
Mateusz Uzdowski
2f7fd967b2
BUG Clean up the logOut and session destructon routines.
2013-05-23 13:27:41 +12:00
Ingo Schommer
ee784c3663
Fix priority of Member->getHtmlEditorConfigForCMS() ( silverstripe/silverstripe-cms#728 )
2013-05-22 21:31:42 +02:00
Robert Curry
aeb5a2e42a
Only show direct members of a group in the members field
...
The call to Members() includes members of child groups, which was causing any members added through the grid field to be added to the child groups as well.
2013-05-22 18:48:36 +12:00
Sean Harvey
abad856534
Use create() to instantiate Member_GroupSet on Member::Groups()
...
Keeps it consistent with how HasManyList and ManyManyList are
instantiated in DataObject.
2013-05-22 13:56:36 +12:00
Sean Harvey
15f7c884f8
Merge pull request #1756 from halkyon/permission_denied_hook
...
BUG Security::permissionFailure() fixing permissionDenied hook inconsistency
2013-05-13 02:15:58 -07:00
Will Morgan
17e31fc609
Merge pull request #1 from silverstripe/master
...
Syncing back because I suck at Git
2013-05-08 03:45:51 -07:00
Ingo Schommer
3e88c98ca5
API Restrict MemberLoginForm to POST requests for increased security
...
CVE-2013-2653 - Thanks to Fara Rustein of Deloitte Argentina for reporting.
2013-05-08 10:25:28 +02:00
Josua2012
59be4a3be0
Allow custom ChangePasswordForm form
...
With this modification we can use Object::useCustomClass() to create a
custom ChangePasswordForm form:
Object::useCustomClass('ChangePasswordForm',
'CustomChangePasswordForm');
2013-05-08 09:39:39 +02:00
Ingo Schommer
6c2e791a48
Merge remote-tracking branch 'origin/3.1'
2013-04-29 08:59:06 +02:00
Will Morgan
8f6451612b
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-28 09:58:42 +12:00
Will Morgan
0de8a8a304
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-27 13:29:13 +02:00
Will Morgan
c61f050757
Use correct config variable name in encrypt_password
...
Use correct config variable name in encrypt_password
Fixes https://github.com/silverstripe/sapphire/issues/1709
2013-04-27 13:22:00 +02:00
Will Morgan
72a7f0e672
AJAX friendly responses for Security class
...
Final work around issue #1802 - creating templates for complex layout
operations and removing HTML from this controller.
2013-04-26 12:29:35 +01:00
hdrlab
22f5c06fd3
Disable ID based partial caching for all security actions
...
Disables ID based partial caching for all security actions so that actions such as Security/lostpassword and Security/passwordsent work properly even if partial caching is used.
2013-04-19 16:45:05 +12:00
Marvin Dickhaus
ea558828c9
Group description in CMSFields
2013-04-14 22:11:19 +02:00
Sean Harvey
1eadff5a4f
BUG Security::permissionFailure() fixing permissionDenied hook inconsistency
...
permissionDenied only works if Security::permissionFailure() is called when
there's currently no logged in Member. This fixes it so failed attempts
with logged in Member also includes the permissionDenied hook.
In addition, fix an undefined $member variable
2013-04-12 10:59:00 +12:00
Ingo Schommer
0343a77d30
Merge remote-tracking branch 'origin/3.1'
2013-04-11 11:42:04 +02:00
Ingo Schommer
7d6edccb0a
Marked Security.token as private
2013-04-09 01:48:20 +02:00
Ingo Schommer
97819b3f21
Correct encoding in MemberLoginForm->forgotPassword() URLs ( fixes #6126 )
2013-04-05 11:15:34 +02:00
Ingo Schommer
cfafa19cc3
FIX Disallow group removal when member is edited in groups view
...
It would invalidate this view. Only allow group editing
for new members added to this group (with a group default),
and for members edited through the "root" view.
2013-04-05 00:51:24 +02:00
Will Rossiter
70144ad549
FIX: Groups should be able to have titles longer than 50 characters (Fixes: open/5611)
2013-03-26 22:05:37 +13:00
Ingo Schommer
3334eafcb1
API Marked statics private, use Config API instead ( #8317 )
...
See "Static configuration properties are now immutable, you must use Config API." in the 3.1 change log for details.
2013-03-24 17:20:53 +01:00
Ingo Schommer
4cd6d00159
Fixed forceExpiry() usage
2013-03-19 10:49:52 +01:00
Ingo Schommer
b416e50bff
Fixed deprecations
2013-03-19 10:38:14 +01:00
Ingo Schommer
bea1b9002d
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
control/HTTP.php
2013-02-26 13:28:35 +01:00
Ingo Schommer
0c6ac1960e
Fixed whitespace usage
2013-02-18 15:43:52 +01:00
Ingo Schommer
92458d9f43
Fixed line lengths
2013-02-18 14:41:49 +01:00
Hamish Friedlander
7efae6b95f
Merge remote-tracking branch 'origin/3.0' into 3.1
2013-02-18 14:31:57 +13:00
Ingo Schommer
30096ee730
BUGFIX Keep Member.PasswordEncryption setting on empty passwords
...
This will prevent empty passwords to set the encryption to 'none',
which in turn will store any subsequent password changes in cleartext.
Reproduceable e.g. with ConfirmedPasswordField and setCanBeEmpty(true).
2013-02-17 23:30:41 +01:00
Ingo Schommer
14a56c18e9
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
control/Director.php
2013-02-07 21:45:16 +01:00
Ingo Schommer
79eacb2439
FIX Group->canEdit() correct non-admin checks ( fixes #8250 )
...
Due to changed return value of DataObject::get(),
the (negated) check always returned false.
This wasn't noticed in 3.0 because Group->canEdit() is rarely
enforced, but does become noticeable in 3.1 where GridField
checks those object-level permissions.
Thanks to @purplespider for reporting!
2013-02-07 09:19:57 +01:00
Ingo Schommer
18c9a95996
API Removed 'BadLoginURL' session var from MemberLoginForm
...
It was never set in core, and is generally undocumented,
hence just unnecessarily increases the security surface
of this sensitive class.
2013-02-05 22:49:06 +01:00
Ingo Schommer
634c91c6ff
Merge remote-tracking branch 'origin/3.0' into 3.1
...
Conflicts:
email/Mailer.php
2013-01-30 12:46:24 +01:00
Simon Welsh
c9f728fefb
FIX Only check the remember token if a user exists
2013-01-30 09:17:47 +13:00
jean
c048a019f6
BUGFIX Avoid infinite redirection when logging out and when showing a custom login page after displaying the draft version of a page.
2013-01-29 19:24:37 +01:00