silverstripe-framework/docs/en/04_Changelogs/rc/3.2.0.md

# 3.2.0 (unreleased)

## Overview

### CMS

 * Moved SS_Report and ReportAdmin out to a separate module. If you're using
composer or downloading a release, this module should be included for you.
Otherwise, you'll need to include the module yourself 
(https://github.com/silverstripe-labs/silverstripe-reports)

### Framework

 * API: Removed URL routing by controller name
 * Security: The multiple authenticator login page should now be styled manually - i.e. without the default jQuery
   UI layout. A new template, Security_MultiAuthenticatorLogin.ss is available.
 * Security: This controller's templates can be customised by overriding the `getTemplatesFor` function.
 * API: Form and FormField ID attributes rewritten.

## Details

### API: Removed URL routing by controller name

The auto-routing of controller class names to URL endpoints
has been removed (rule: `'$Controller//$Action/$ID/$OtherID': '*'`).
This increases clarity in routing since it makes URL entpoints explicit,
and thereby simplifies system and security reviews.

Please access any custom controllers exclusively through self-defined
[routes](/reference/director). For controllers extending `Page_Controller`,
simply use the provided page URLs.

	:::php
	class MyController extends Controller {
		static $allowed_actions = array('myaction');
		public function myaction($request) {
			// ...
		}
	}

Create a new file `mysite/_config/routes.yml` 
(read more about the [config format](/topics/configuration)).
Your controller is now available on `http://yourdomain.com/my-controller-endpoint`,
after refreshing the configuration cache through `?flush=all`.

	:::yaml
	---
	Name: my-routes
	After: framework/routes#coreroutes
	---
	Director:
  		rules:
    		'my-controller-endpoint//$Action' : 'MyController'


The auto-routing is still in place for unit tests,
since its a frequently used feature there. Although we advise against it,
you can reinstate the old behaviour through a director rule:

	:::yaml
	---
	Name: my-routes
	After: framework/routes#coreroutes
	---
	Director:
  		rules:
    		'$Controller//$Action/$ID/$OtherID':  '*'

### API: Default Form and FormField ID attributes rewritten.

Previously the automatic generation of ID attributes throughout the Form API
could generate invalid ID values such as Password[ConfirmedPassword] as well
as duplicate ID values between forms on the same page. For example, if you
created a field called `Email` on more than one form on the page, the resulting
HTML would have multiple instances of `#Email`. ID should be a unique
identifier for a single element within the document.

This rewrite has several angles, each of which is described below. If you rely
on ID values in your CSS files, Javascript code or application unit tests *you
will need to update your code*.

#### Conversion of invalid form ID values

ID attributes on Form and Form Fields will now follow the
[HTML specification](http://www.w3.org/TR/REC-html40/types.html#type-cdata).
Generating ID attributes is now handled by the new `FormTemplateHelper` class.

Please test each of your existing site forms to ensure that they work
correctly in particular, javascript and css styles which rely on specific ID
values.

#### Invalid ID attributes stripped

ID attributes will now be run through `Convert::raw2htmlid`. Invalid characters
are replaced with a single underscore character. Duplicate, leading and trailing
underscores are removed. Custom ID attributes (set through `setHTMLID`) will not
be altered.

	Before:
	<form id="MyForm[Form]"
		<div id="MyForm[Form][ID]">

	Now:
	<form id="MyForm_Form">
		<div id="MyForm_Form_ID">

#### Namespaced FormField ID's

Form Field ID values will now be namespaced with the parent form ID.

	Before:
	<div id="Email">

	Now:
	<div id="MyForm_Email">

#### FormField wrapper containers suffixed with `_Holder`

Previously both the container div and FormField tag shared the same ID in
certain cases. Now, the wrapper div in the default `FormField` template will be
suffixed with `_Holder`.

	Before:
	<div id="Email">
		<input id="Email" />

	After:
	<div id="MyForm_Email_Holder"
		<input id="MyForm_Email" />

#### Reverting to the old specification

If upgrading existing forms is not feasible, developers can opt out of the new
specifications by using the `FormTemplateHelper_Pre32` class rules instead of
the default ones.

	:::yaml
	# mysite/config/_config.yml

	Injector:
		FormTemplateHelper:
			class: FormTemplateHelper_Pre32

### Further Changes

 * Removed `Member.LastVisited` and `Member.NumVisits` properties, see [Howto: Track Member Logins](doc.silverstripe.org/framework/en/trunk/howto/track-member-logins) to restore functionality as custom code