From 18fcd68acf1d1bbcb1342df20335ca062b8b3cdf Mon Sep 17 00:00:00 2001 From: Damian Mooyman Date: Wed, 11 May 2016 13:41:02 +1200 Subject: [PATCH] Merge up changes from 3.1.19 changelog --- docs/en/04_Changelogs/3.2.4.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/docs/en/04_Changelogs/3.2.4.md b/docs/en/04_Changelogs/3.2.4.md index 2c965fd46..b21404543 100644 --- a/docs/en/04_Changelogs/3.2.4.md +++ b/docs/en/04_Changelogs/3.2.4.md @@ -1,5 +1,33 @@ # 3.2.4 +## Upgrading + +`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with +login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form. + +Define a login form: + +```php +class CustomLoginForm extends MemberLoginForm { + + public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true) + { + parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser); + + $this->disableSecurityToken(); + } + +} +``` + +Add this to mysite/_config/config.yml + +```yaml +Injector: + MemberLoginForm: + class: CustomLoginForm +``` + ## Change Log