tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

Added 3.0.12 changelog

Browse Source
This commit is contained in:
Damian Mooyman 2015-03-19 17:35:09 +13:00
parent 663f9c9cbe
commit 11521fb92d
1 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
docs/en/changelogs/3.0.12.md Normal file
View File

@ -0,0 +1,60 @@
# 3.0.12
# Overview
This release resolves a high level security issue in the SiteTree class, as well as
the CMS controller classes which act on these objects during creation.
## Upgrading
### SiteTree::canCreate Permissions
Any user code which overrides the `SiteTree::canCreate` method should be investigated to
ensure it continues to work correctly. In particular, a second parameter may now be passed
to this method in order to determine if page creation is allowed in any given context, whether
it be at the root level, or as a child of a parent page.
The creation of pages at the root level is now corrected to follow the rules specified
by the SiteConfig, which in turn has been updated to ensure only valid CMS users are
granted this permission (when applicable).
The creation of pages beneath parent pages will now inherit from the ability to edit
this parent page.
User code which is not updated, but relies on the old implementation of SiteTree::canCreate will
now assume creation at the top level.
For example see the below code as an example
E.g.
:::php
<?php
class SingletonPage extends Page {
public function canCreate($member) {
if(static::get()->count()) return false;
$context = func_num_args() > 1 ? func_get_arg(1) : array();
return parent::canCreate($member, $context);
}
}
For more information on the reason for this change please see the security announcement below.
## Security
* 2015-03-16 [64955e5](https://github.com/silverstripe/silverstripe-cms/commit/64955e5) Fix SiteTree / SiteConfig permissions (Damian Mooyman) - See announcement [ss-2015-008](http://www.silverstripe.org/software/download/security-releases/ss-2015-008-sitetree-creation-permission-vulnerability)
### Bugfixes
* 2014-11-25 [b3407ab](https://github.com/silverstripe/sapphire/commit/b3407ab) Fix HTTPS proxy header detection (Same as #3152) (Stephen Shkardoon)
* 2015-01-08 [ac922a0](https://github.com/silverstripe/sapphire/commit/ac922a0) Fix tutorial index page for the new doc site (Cam Findlay)
* 2014-06-13 [0f74d8c](https://github.com/silverstripe/silverstripe-cms/commit/0f74d8c) Broken links in the 'Dependent pages' tab (Stig Lindqvist)
* 2014-01-31 [1661213](https://github.com/silverstripe/sapphire/commit/1661213) Opt-out pf form message escaping (fixes #2796) (Ingo Schommer)
## Changelog
* [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.12)
* [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.12)
* [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.12)