DOCS: Add FileShortcodeProvider change to changelog

This commit is contained in:
Aaron Carlino 2019-08-19 10:43:17 +12:00
parent 8b7063a8e2
commit 28057e3a71

View File

@ -1,8 +1,23 @@
# 4.4.3
<!--- Changes below this line will be automatically regenerated -->
Embedding files with shortcodes (`FileShortcodeProvider`) no longer provides a session grant
by default. This is because it has the potential to escalate file access
to users who otherwise should not have viewing permissions for the file.
There is a minor performance trade-off for disabling these grants. If you have a page with a lot of
images that are in a draft state or have custom viewing permissions, it adds an extra database
query for each embedded image. With session grants enabled, the first permission check persists
the grant into the session, meaning there is no need to query the database on every single file.
Unless you have a lot of shortcode images embedded with protected or draft status on a single page,
this setting is best left to its default value of `false`.
To revert to the old behaviour:
```
SilverStripe\Assets\Shortcodes\FileShortcodeProvider:
allow_session_grant: true
```
## Change Log
@ -30,5 +45,4 @@
* 2019-08-15 [11a7d6ccb](https://github.com/silverstripe/silverstripe-framework/commit/11a7d6ccb4c2bb416dd58261d46b6e70fa8ad0d9) Rename test to be clearer about its intent (Robbie Averill)
* 2019-07-29 [c1ffc4edf](https://github.com/silverstripe/silverstripe-framework/commit/c1ffc4edfb4c2c06da5a6a04ba5b9ea3fcc60f1a) Added unit tests for multiple relationship sorting (UndefinedOffset)
<!--- Changes above this line will be automatically regenerated -->