silverstripe-framework/docs/en/04_Changelogs/3.1.16.md

41 lines
2.2 KiB
Markdown
Raw Normal View History

# 3.1.16
## Upgrading
FormField validation messages generated by the `Validator` class will now be automatically XML
encoded before being rendered alongside an invalid field.
If a validation message in a custom `Validator` instance should be rendered as literal HTML,
then the $message parameter for `Validator::validationError` should be passed as an instance
of `HTMLText`
For example:
:::php
class MyCustomValidator extends Validator {
public function php($data) {
$this->validationError(
'EmailAddress',
DBField::create_field('HTMLText', "Invalid email. Please sign up at <a href='signup'>this page</a>")
);
}
}
2015-11-16 03:16:49 +01:00
<!--- Changes below this line will be automatically regenerated -->
## Change Log
### Security
* 2015-11-11 [245e0aa](https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462) Fix FormField error messages not being encoded safely (Damian Mooyman) - See [ss-2015-026](http://www.silverstripe.org/download/security-releases/ss-2015-026)
* 2015-11-09 [53b3bc7](https://github.com/silverstripe/silverstripe-framework/commit/53b3bc707bcccb8f5e5060f85ab1398a0975bba2) Dont expose class on error (Hamish Friedlander) - See [ss-2015-025](http://www.silverstripe.org/download/security-releases/ss-2015-025)
* 2015-11-01 [ac4342d](https://github.com/silverstripe/silverstripe-framework/commit/ac4342d81d19201bd8d3814f168240db1ac565fe) XML escape RSSFeed $link parameter (Ingo Schommer) - See [ss-2015-022](http://www.silverstripe.org/download/security-releases/ss-2015-022)
* 2015-10-28 [97f21fd](https://github.com/silverstripe/silverstripe-framework/commit/97f21fddb3c565052f19ee3b35366f48e1e9a36f) Fix rewrite hash links XSS (Damian Mooyman) - See [ss-2015-021](http://www.silverstripe.org/download/security-releases/ss-2015-021)
### Bugfixes
* 2015-10-20 [b857bdf](https://github.com/silverstripe/silverstripe-framework/commit/b857bdf209d79fc623724e68f6a660354cbd5f93) Fix duplicate files being included in case of flush (Damian Mooyman)
* 2015-10-08 [ff6c0a3](https://github.com/silverstripe/silverstripe-cms/commit/ff6c0a3160c5eb3ca624efea6585efb44399dc1c) (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)