silverstripe-framework/docs/en/04_Changelogs/3.1.19.md

# 3.1.19

## Upgrading

`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form.

Define a login form:

```php
class CustomLoginForm extends MemberLoginForm {

	public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
	{
		parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);

		$this->disableSecurityToken();
	}

}
```

Add this to mysite/_config/config.yml

```yaml
Injector:
  MemberLoginForm:
    class: CustomLoginForm
```

<!--- Changes below this line will be automatically regenerated -->

## Change Log

### Security

### Bugfixes
[SS-2016-006] FIX dont disable XSS for login forms 2016-04-18 18:50:31 +02:00			`# 3.1.19`

			`## Upgrading`

			`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
			login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form.

			`Define a login form:`

			```php
			`class CustomLoginForm extends MemberLoginForm {`

			`public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)`
			`{`
			`parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);`

			`$this->disableSecurityToken();`
			`}`

			`}`
			```

			`Add this to mysite/_config/config.yml`

			```yaml
			`Injector:`
			`MemberLoginForm:`
			`class: CustomLoginForm`
			```

			`<!--- Changes below this line will be automatically regenerated -->`

			`## Change Log`

			`### Security`

			`### Bugfixes`