mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
DOCS: Add FileShortcodeProvider change to changelog
This commit is contained in:
parent
8b7063a8e2
commit
28057e3a71
@ -1,8 +1,23 @@
|
||||
# 4.4.3
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
Embedding files with shortcodes (`FileShortcodeProvider`) no longer provides a session grant
|
||||
by default. This is because it has the potential to escalate file access
|
||||
to users who otherwise should not have viewing permissions for the file.
|
||||
|
||||
There is a minor performance trade-off for disabling these grants. If you have a page with a lot of
|
||||
images that are in a draft state or have custom viewing permissions, it adds an extra database
|
||||
query for each embedded image. With session grants enabled, the first permission check persists
|
||||
the grant into the session, meaning there is no need to query the database on every single file.
|
||||
|
||||
Unless you have a lot of shortcode images embedded with protected or draft status on a single page,
|
||||
this setting is best left to its default value of `false`.
|
||||
|
||||
To revert to the old behaviour:
|
||||
|
||||
```
|
||||
SilverStripe\Assets\Shortcodes\FileShortcodeProvider:
|
||||
allow_session_grant: true
|
||||
```
|
||||
|
||||
## Change Log
|
||||
|
||||
@ -30,5 +45,4 @@
|
||||
* 2019-08-15 [11a7d6ccb](https://github.com/silverstripe/silverstripe-framework/commit/11a7d6ccb4c2bb416dd58261d46b6e70fa8ad0d9) Rename test to be clearer about its intent (Robbie Averill)
|
||||
* 2019-07-29 [c1ffc4edf](https://github.com/silverstripe/silverstripe-framework/commit/c1ffc4edfb4c2c06da5a6a04ba5b9ea3fcc60f1a) Added unit tests for multiple relationship sorting (UndefinedOffset)
|
||||
|
||||
|
||||
<!--- Changes above this line will be automatically regenerated -->
|
Loading…
Reference in New Issue
Block a user