From 09b31c642f08567682a8b646e956de25b587153d Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Tue, 25 Jun 2013 16:33:00 +0200
Subject: [PATCH] Allow Form->forTemplate() URL access (fixes #788)

Need to specifically whitelist URL-accessible actions now.
Used in "Insert Link" form in HtmlEditorField.
Regression from 1edf45fbedd1431f7b0105403b628deda2b61bdc
---
 forms/Form.php | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/forms/Form.php b/forms/Form.php
index 6f692da8e..4dd0f84f2 100644
--- a/forms/Form.php
+++ b/forms/Form.php
@@ -149,7 +149,11 @@ class Form extends RequestHandler {
 	 */
 	protected $attributes = array();
 
-	private static $allowed_actions = array('handleField', 'httpSubmission');
+	private static $allowed_actions = array(
+		'handleField', 
+		'httpSubmission',
+		'forTemplate',
+	);
 
 	/**
 	 * Create a new form, with the given fields an action buttons.
@@ -210,7 +214,7 @@ class Form extends RequestHandler {
 		'GET ' => 'httpSubmission',
 		'HEAD ' => 'httpSubmission',
 	);
-	
+
 	/**
 	 * Set up current form errors in session to
 	 * the current form if appropriate.