tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-30 16:39:38 +02:00
Code Issues Projects Releases Wiki Activity
6606d98663
silverstripe-framework/security
History
Daniel Hensby 6606d98663 [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
2016-08-15 13:20:02 +12:00
..
Authenticator.php API Enable re-authentication within the CMS if a user session is lost 2014-10-14 15:19:48 +13:00
BasicAuth.php Check both $_SERVER['HTTP_AUTHORIZATION'] and $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] for HTTP Basic authentication headers 2015-03-17 14:15:54 +13:00
ChangePasswordForm.php [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 2016-08-15 13:20:02 +12:00
CMSMemberLoginForm.php API Enable re-authentication within the CMS if a user session is lost 2014-10-14 15:19:48 +13:00
CMSSecurity.php [SS-2016-001] FIX Properly check backurl on CMSSecurity@success 2016-04-20 23:58:50 +01:00
Group.php Documented magic properties of DataObject 2014-01-26 00:11:32 -05:00
GroupCsvBulkLoader.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
LoginAttempt.php Documented magic properties of DataObject 2014-01-26 00:11:32 -05:00
LoginForm.php [SS-2016-006] FIX dont disable XSS for login forms 2016-04-20 23:57:59 +01:00
Member.php [SS-2016-008] Reset Member::Salt on password change 2016-08-15 13:19:02 +12:00
MemberAuthenticator.php [SS-2016-005] FIX Apply brute force protection to default admin 2016-04-19 23:20:29 +01:00
MemberCsvBulkLoader.php Method visibility according to coding conventions 2012-09-20 10:46:59 +02:00
MemberLoginForm.php BUG Fix malformed urls redirecting to external sites 2015-05-28 10:12:18 +12:00
MemberPassword.php Documented magic properties of DataObject 2014-01-26 00:11:32 -05:00
PasswordEncryptor.php API Marked statics private, use Config API instead (#8317) 2013-03-24 17:20:53 +01:00
PasswordValidator.php FIX PasswordValidator->characterStrength() Documentation 2013-10-15 12:44:50 +02:00
Permission.php FIX Members with no ID inherit logged in user permission 2016-01-05 08:16:18 +00:00
PermissionCheckboxSetField.php Making TreeMultiSelectField consistent with parent class 2015-02-13 11:12:30 +13:00
PermissionFailureException.php Updating @package and @subpackage doc tags 2013-11-29 17:49:30 +13:00
PermissionProvider.php FIX Remove instances of lines longer than 120c 2012-09-30 17:18:13 +13:00
PermissionRole.php Documented magic properties of DataObject 2014-01-26 00:11:32 -05:00
PermissionRoleCode.php Documented magic properties of DataObject 2014-01-26 00:11:32 -05:00
RandomGenerator.php API Hash autologin tokens before storing in the database. 2012-11-09 11:29:42 +01:00
Security.php [ss-2015-020]: Prevent possible Privilege escalation 2015-09-10 13:01:24 +12:00
SecurityToken.php API Hash autologin tokens before storing in the database. 2012-11-09 11:29:42 +01:00