silverstripe-framework/docs/en/changelogs/3.0.4.md

# 3.0.4

## Overview

 * Changed `dev/tests/setdb` and `dev/tests/startsession` from session to cookie storage.
 * Require ADMIN permissions for `?showtemplate=1`

## Details

### Require ADMIN permissions for `?showtemplate=1`

Avoids information leakage of compiled template data,
which might expose some of the internal template logic.

## Upgrading

 * If you are using `dev/tests/setdb` and `dev/tests/startsession`,
   you'll need to configure a secure token in order to encrypt the cookie value:
   Simply run `sake dev/generatesecuretoken` and add the resulting code to your `mysite/_config.php`.
   Note that this functionality now requires the PHP `mcrypt` extension.
API Storing alternative DB name in cookie rather than session Session is not initialized by the time we need to use the setting in DB::connect(). Cookie values get initialized automatically for each request. Tightened name format validation to ensure it can only be used for temporary databases, rather than switching the browser session to a different production database. Encrypting token for secure cookie usage. Added dev/generatesecuretoken to generate this token. Not storing in YML config directly because of web access issues. 2012-12-06 16:25:45 +01:00			`# 3.0.4`

			`## Overview`

			* Changed `dev/tests/setdb` and `dev/tests/startsession` from session to cookie storage.
API Require ADMIN for ?showtemplate=1 2013-02-12 23:23:18 +01:00			* Require ADMIN permissions for `?showtemplate=1`

			`## Details`

			### Require ADMIN permissions for `?showtemplate=1`

			`Avoids information leakage of compiled template data,`
			`which might expose some of the internal template logic.`
API Storing alternative DB name in cookie rather than session Session is not initialized by the time we need to use the setting in DB::connect(). Cookie values get initialized automatically for each request. Tightened name format validation to ensure it can only be used for temporary databases, rather than switching the browser session to a different production database. Encrypting token for secure cookie usage. Added dev/generatesecuretoken to generate this token. Not storing in YML config directly because of web access issues. 2012-12-06 16:25:45 +01:00
			`## Upgrading`

			* If you are using `dev/tests/setdb` and `dev/tests/startsession`,
			`you'll need to configure a secure token in order to encrypt the cookie value:`
			Simply run `sake dev/generatesecuretoken` and add the resulting code to your `mysite/_config.php`.
			Note that this functionality now requires the PHP `mcrypt` extension.