tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity
silverstripe-framework/security
History
Daniel Hensby 6606d98663 [SS-2016-011] ChangePasswordForm does not check $member->canLogin before login 
This could be used as a way to circumvent login restrictions by using the change password feature to log users in that are unable to login for reasons other than too many password attempts
2016-08-15 13:20:02 +12:00
..
Authenticator.php
API Enable re-authentication within the CMS if a user session is lost
2014-10-14 15:19:48 +13:00
BasicAuth.php
Check both $_SERVER['HTTP_AUTHORIZATION'] and $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] for HTTP Basic authentication headers
2015-03-17 14:15:54 +13:00
ChangePasswordForm.php
[SS-2016-011] ChangePasswordForm does not check $member->canLogin before login
2016-08-15 13:20:02 +12:00
CMSMemberLoginForm.php
API Enable re-authentication within the CMS if a user session is lost
2014-10-14 15:19:48 +13:00
CMSSecurity.php
[SS-2016-001] FIX Properly check backurl on CMSSecurity@success
2016-04-20 23:58:50 +01:00
Group.php
Documented magic properties of DataObject
2014-01-26 00:11:32 -05:00
GroupCsvBulkLoader.php
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
LoginAttempt.php
Documented magic properties of DataObject
2014-01-26 00:11:32 -05:00
LoginForm.php
[SS-2016-006] FIX dont disable XSS for login forms
2016-04-20 23:57:59 +01:00
Member.php
[SS-2016-008] Reset Member::Salt on password change
2016-08-15 13:19:02 +12:00
MemberAuthenticator.php
[SS-2016-005] FIX Apply brute force protection to default admin
2016-04-19 23:20:29 +01:00
MemberCsvBulkLoader.php
Method visibility according to coding conventions
2012-09-20 10:46:59 +02:00
MemberLoginForm.php
BUG Fix malformed urls redirecting to external sites
2015-05-28 10:12:18 +12:00
MemberPassword.php
Documented magic properties of DataObject
2014-01-26 00:11:32 -05:00
PasswordEncryptor.php
API Marked statics private, use Config API instead (#8317)
2013-03-24 17:20:53 +01:00
PasswordValidator.php
FIX PasswordValidator->characterStrength() Documentation
2013-10-15 12:44:50 +02:00
Permission.php
FIX Members with no ID inherit logged in user permission
2016-01-05 08:16:18 +00:00
PermissionCheckboxSetField.php
Making TreeMultiSelectField consistent with parent class
2015-02-13 11:12:30 +13:00
PermissionFailureException.php
Updating @package and @subpackage doc tags
2013-11-29 17:49:30 +13:00
PermissionProvider.php
FIX Remove instances of lines longer than 120c
2012-09-30 17:18:13 +13:00
PermissionRole.php
Documented magic properties of DataObject
2014-01-26 00:11:32 -05:00
PermissionRoleCode.php
Documented magic properties of DataObject
2014-01-26 00:11:32 -05:00
RandomGenerator.php
API Hash autologin tokens before storing in the database.
2012-11-09 11:29:42 +01:00
Security.php
[ss-2015-020]: Prevent possible Privilege escalation
2015-09-10 13:01:24 +12:00
SecurityToken.php
API Hash autologin tokens before storing in the database.
2012-11-09 11:29:42 +01:00