Merge remote-tracking branch 'origin/3.0' into 3.1

Conflicts:
	docs/en/changelogs/index.md
This commit is contained in:
Ingo Schommer 2013-08-16 17:12:12 +02:00
commit 3690ae1658
4 changed files with 122 additions and 27 deletions

View File

@ -11,6 +11,7 @@ For information on how to upgrade to newer versions consult the [upgrading](/ins
* [3.1.0](3.1.0) - Unreleased
* [3.0.5](3.0.5) - 2013-02-20
* [3.0.4](3.0.4) - 19 February 2013
* [3.0.3](3.0.3) - 26 November 2012
* [3.0.2](3.0.2) - 17 September 2012
@ -74,8 +75,7 @@ For information on how to upgrade to newer versions consult the [upgrading](/ins
## Alpha/beta/release candidate ##
* [3.1.0-beta1](beta/3.1.0-beta1) - 17 December 2012
* [3.0.6-rc1](rc/3.0.6-rc1) - 2013-08-08
* [3.0.3-rc1](rc/3.0.3-rc1) - 6 November 2012
* [3.0.2-rc2](rc/3.0.2-rc2) - 12 September 2012
* [3.0.2-rc1](rc/3.0.2-rc1) - 5 September 2012
@ -90,7 +90,6 @@ For information on how to upgrade to newer versions consult the [upgrading](/ins
* [3.0.0-pr1](pr/3.0.0-pr1) - 2 May 2011
* [2.4.5-rc1](rc/2.4.5-rc1) - 31 January 2011
* [2.4.4-rc2](rc/2.4.4-rc2) - 20 December 2010
* [2.4.4-rc1](rc/2.4.4-rc1) - 10 December 2010

View File

@ -0,0 +1,96 @@
# 3.0.6-rc1 (2013-08-08)
## Overview
* Security: Require ADMIN for `?flush=1` (stop denial of service attacks)
([#1692](https://github.com/silverstripe/silverstripe-framework/issues/1692))
## Details
### Security: Require ADMIN for ?flush=1
Flushing the various manifests (class, template, config) is performed through a GET
parameter (`flush=1`). Since this action requires more server resources than normal requests,
it can facilitate [denial-of-service attacks](https://en.wikipedia.org/wiki/Denial-of-service_attack).
To prevent this, main.php now checks and only allows the flush parameter in the following cases:
* The [environment](/topics/environment-management) is in "dev mode"
* A user is logged in with ADMIN permissions
* An error occurs during startup
This applies to both `flush=1` and `flush=all` (technically we only check for the existence of any parameter value)
but only through web requests made through main.php - CLI requests, or any other request that goes through
a custom start up script will still process all flush requests as normal.
Thanks to Christopher Tombleson for reporting.
## Upgrading
* If you have created your own composite database fields, then you should amend the setValue() to allow the passing of
an object (usually DataObject) as well as an array.
* If you have provided your own startup scripts (ones that include core/Core.php) that can be accessed via a web
request, you should ensure that you limit use of the flush parameter
* Translation entity namespaces can no longer contain dots, since it conflicts with the YAML format.
* Translation entities defined in templates now use their fully qualified entity name without dots.
Before: `BackLink_Button.ss.Back`, after `BackLink_Button_ss.Back`. Please fix any custom language
files or uses of those entities in custom code.
* If using "Māori/Te Reo" (mi_NZ) as your CMS locale, please re-select it in `admin/myprofile`
to ensure correct operation (it has changed its locale identifier)
## Changelog
### API Changes
* 2013-03-08 [b81f39a](https://github.com/silverstripe/sapphire/commit/b81f39a) Handle uncaught ValidationException on CMS controller execution (Ingo Schommer)
* 2013-02-27 [e6fffb9](https://github.com/silverstripe/sapphire/commit/e6fffb9) Remove content-length setting in HTTPResponse (Ingo Schommer)
* 2013-02-27 [600d9cf](https://github.com/silverstripe/sapphire/commit/600d9cf) Make Object::config use late static binding (Hamish Friedlander)
* 2013-02-12 [10199f9](https://github.com/silverstripe/sapphire/commit/10199f9) Data corruption on Versioned due to lazy loading (Julian Seidenberg)
* 2013-01-24 [11f4b2c](https://github.com/silverstripe/sapphire/commit/11f4b2c) HTTP::urlRewriter with (string)$code deprecated in 3.1. Fixed regressions and CSS urls. (Damian Mooyman)
### Features and Enhancements
* 2013-04-21 [eb583c5](https://github.com/silverstripe/sapphire/commit/eb583c5) Added DataObject::getQueriedDatabaseFields() as faster alternative to toMap() API: CompositeDBField::setValue() may be passed an object as its second argument, in addition to array. (Sam Minnee)
* 2013-03-18 [b401d39](https://github.com/silverstripe/sapphire/commit/b401d39) Move temp data into a user-specific subfolder, to stop temp-permission bugs from occurring. (Sam Minnee)
* 2013-02-22 [de641dd](https://github.com/silverstripe/sapphire/commit/de641dd) updated the reference index on doc.silverstripe.com 3.0 - There were lots of broken and missing links (Jeremy Bridson)
### Bugfixes
* 2013-08-05 [5f9387c](https://github.com/silverstripe/sapphire/commit/5f9387c) Constants magic_quotes handling needs function from Core (Hamish Friedlander)
* 2013-08-05 [041466f](https://github.com/silverstripe/sapphire/commit/041466f) Token redirect where in IIS a / needs adding between host & url (Hamish Friedlander)
* 2013-08-02 [a685a8d](https://github.com/silverstripe/sapphire/commit/a685a8d) Include flushtoken when install redirects to successfullyinstalled (Hamish Friedlander)
* 2013-08-01 [3420587](https://github.com/silverstripe/sapphire/commit/3420587) Flush on memory exhaustion and headers sent (Hamish Friedlander)
* 2013-07-23 [a1ea905](https://github.com/silverstripe/sapphire/commit/a1ea905) Nice errors and allows flush on module removal (Hamish Friedlander)
* 2013-07-22 [84011aa](https://github.com/silverstripe/sapphire/commit/84011aa) Only suppress fatal errors (Hamish Friedlander)
* 2013-07-19 [a312cd0](https://github.com/silverstripe/sapphire/commit/a312cd0) Ignore invalid tokens instead of throwing 403 (Hamish Friedlander)
* 2013-07-19 [036c36a](https://github.com/silverstripe/sapphire/commit/036c36a) Have ParameterConfirmationToken work regardless of include path (Hamish Friedlander)
* 2013-07-18 [1298d4a](https://github.com/silverstripe/sapphire/commit/1298d4a) Prevent DOS by checking for env and admin on ?flush=1 (#1692) (Hamish Friedlander)
* 2013-07-15 [999fd39](https://github.com/silverstripe/sapphire/commit/999fd39) preg_replace_callback in emailer was broken (Stephen Shkardoon)
* 2013-06-13 [3b40711](https://github.com/silverstripe/sapphire/commit/3b40711) Resize infinite loops in IE8 (fixes #575) (Ingo Schommer)
* 2013-05-27 [c7f1412](https://github.com/silverstripe/silverstripe-cms/commit/c7f1412) #651 Broken redirection after creating new folder in assets (Mike Parkhill)
* 2013-05-23 [c85c495](https://github.com/silverstripe/sapphire/commit/c85c495) GridFieldFilterHeader works without non-filterable cols (Ingo Schommer)
* 2013-05-08 [00b8ffd](https://github.com/silverstripe/sapphire/commit/00b8ffd) File class typo (Tony Air)
* 2013-04-26 [b211f22](https://github.com/silverstripe/sapphire/commit/b211f22) JSONDataFormatter wrong relation identifiers (fixes #1795) (Ingo Schommer)
* 2013-04-20 [41c0f80](https://github.com/silverstripe/sapphire/commit/41c0f80) Only block root vendor folder (colymba)
* 2013-04-01 [df4d742](https://github.com/silverstripe/sapphire/commit/df4d742) Saving of custom meta tags (fixes #8288) (Joseph Madden)
* 2013-03-29 [3aced11](https://github.com/silverstripe/sapphire/commit/3aced11) GridFieldFilterHeader only filters on last filter (Stig Lindqvist)
* 2013-03-27 [19a8545](https://github.com/silverstripe/sapphire/commit/19a8545) update deprecated 'live' jquery to 'on' (Naomi Guyer)
* 2013-03-25 [0ebd525](https://github.com/silverstripe/silverstripe-cms/commit/0ebd525) Unset "underneath page" title when switching to "top" in "add page" (Ingo Schommer)
* 2013-03-25 [3f2b6a5](https://github.com/silverstripe/sapphire/commit/3f2b6a5) Don't silently unset ParentID in "add page" dialog (Ingo Schommer)
* 2013-03-25 [0a283ea](https://github.com/silverstripe/sapphire/commit/0a283ea) Unset internal metadata on TreeDropdownField setValue() (Ingo Schommer)
* 2013-03-20 [2787d36](https://github.com/silverstripe/sapphire/commit/2787d36) "Insert Link" and other TinyMCE loading bugs (fixes #8327) (Ingo Schommer)
* 2013-03-20 [143317c](https://github.com/silverstripe/sapphire/commit/143317c) SQL Injection in CsvBulkLoader (fixes #6227) (Stephen Shkardoon)
* 2013-03-19 [9ac104b](https://github.com/silverstripe/sapphire/commit/9ac104b) $_COOKIES is not un-magic_quotes'd (Stephen Shkardoon)
* 2013-03-18 [5c933b4](https://github.com/silverstripe/silverstripe-cms/commit/5c933b4) SilverStripeNavigator shows wrong message. (uniun)
* 2013-03-12 [dd6f33a](https://github.com/silverstripe/sapphire/commit/dd6f33a) Respect tree node limits, fix search result node display (Ingo Schommer)
* 2013-02-26 [a8a10f8](https://github.com/silverstripe/sapphire/commit/a8a10f8) Transaction stub methods for better cross 2.x and 3.x compat (Ingo Schommer)
* 2013-02-17 [c7b0666](https://github.com/silverstripe/silverstripe-cms/commit/c7b0666) Escape page titles in CommentAdmin table listing (Ingo Schommer)
* 2013-02-15 [428cbe4](https://github.com/silverstripe/sapphire/commit/428cbe4) issue with Injector::create not passing args (Marcus Nyeholt)
* 2013-01-30 [b24a0a5](https://github.com/silverstripe/sapphire/commit/b24a0a5) Remove extraneous </div> breaking IE8 image embedding (os#8218) (Mateusz Uzdowski)
* 2013-01-15 [50995fb](https://github.com/silverstripe/sapphire/commit/50995fb) Undefined `$allowed_actions` overrides parent definitions, stricter handling of $allowed_actions on Extension (Ingo Schommer)
* 2013-01-06 [eecd348](https://github.com/silverstripe/sapphire/commit/eecd348) Keep Member.PasswordEncryption setting on empty passwords (Ingo Schommer)
* 2012-10-26 [d8b106e](https://github.com/silverstripe/sapphire/commit/d8b106e) TestRunner was not cleaning up DB on failure (Craig Weber)
* 2012-10-10 [e2bf964](https://github.com/silverstripe/sapphire/commit/e2bf964) 7934 When lazy loading fields respect version of the record (jean)
* 2012-10-05 [1ffbb8f](https://github.com/silverstripe/sapphire/commit/1ffbb8f) Exclude framework/dev from text collection (fixes #4754) (Ingo Schommer)
* 2012-09-10 [17bd873](https://github.com/silverstripe/sapphire/commit/17bd873) 7853 Flush the content of drop down fields when closing html editor linker (links and images) (jean)

View File

@ -32,10 +32,10 @@ Let's have a look at the folder structure.
| Directory | | Description |
| --------- | | ----------- |
| assets/ | | Contains images and other files uploaded via the SilverStripe CMS. You can also place your own content inside it, and link to it from within the content area of the CMS. |
| cms/ | | Contains all the files that form the CMS area of your site. Its structure is similiar to the mysite/ directory, so if you find something interesting, it should be easy enough to look inside and see how it was built. |
| framework/ | | The framework that builds both your own site and as the CMS that powers it. Youll be utilizing files in this directory often, both directly and indirectly. |
| mysite/ | | Contains all your sites code (mainly PHP) |
| themes/ | | Combines all images, stylesheets, javascript and templates powering your website into a reusable "theme" |
| cms/ | | Contains all the files that form the CMS area of your site. Its structure is similiar to the mysite/ directory, so if you find something interesting, it should be easy enough to look inside and see how it was built. |
| framework/ | | The framework that builds both your own site and the CMS that powers it. Youll be utilizing files in this directory often, both directly and indirectly. |
| mysite/ | | Contains all your site's code (mainly PHP). |
| themes/ | | Combines all images, stylesheets, javascript and templates powering your website into a reusable "theme". |
When designing your site you should only need to modify the *mysite*, *themes* and *assets* folders. The rest of the folders contain files and data that are not specific to any site.
@ -55,17 +55,17 @@ should see the CMS interface with a list of the pages currently on your website
2. The breadcrumbs on the left will show you a direct path to the page you are currently looking at. You can use this path to navigate up through a page's heirarchy. On the left there are tabs you may use to flick between different aspects of a page. By default, you should be shown three tabs: "Content", "Settings", and "History".
* Content - Allows you to set the title, wysiwyg content, URL and Meta data for your page.
* Settings - Here you set the type of page behavior, parent page, show in search, show in menu, and who can view or edit the page.
* History - This allows you to view previous version of your page, compare change and revert to previous version if need be.
3. Within the "Pages" section (provided you are in the "Content", or "Settings" tab) you can quickly move between pages in the CMS using the site tree. To collapse and expand this sidebar, click the arrow at the bottom. If you are in the history tab, you will notice the site tree has been replaced by a list of the alterations to the current page.
* History - This allows you to view previous version of your page, compare, change, and revert to previous version if need be.
3. Within the "Pages" section (provided you are in the "Content" or "Settings" tab) you can quickly move between pages in the CMS using the site tree. To collapse and expand this sidebar, click the arrow at the bottom. If you are in the history tab, you will notice the site tree has been replaced by a list of the alterations to the current page.
![](_images/tutorial1_cms-numbered-3.jpg)
4. This section allows you to edit the content for the currently selected page, as well as changing other properties of the page such as the page name and URL. The content editor has full [WYSIWYG](http://en.wikipedia.org/wiki/WYSIWYG) abilities, allow you to change formatting and insert links, images and tables.
5. These buttons allow you to save your changes to the draft copy, publish your draft copy, unpublish from the live website or remove a page from the draft website. The SilverStripe CMS workflow stores two copies of a page, a draft and a published one. By having separate draft & published copies, we can preview draft changes in the site before publishing them to the live website. You can quickly preview your draft pages without leaving the CMS by clicking the "Preview" button.
4. This section allows you to edit the content for the currently selected page, as well as changing other properties of the page such as the page name and URL. The content editor has full [WYSIWYG](http://en.wikipedia.org/wiki/WYSIWYG) capabilities, allowing you to change formatting and insert links, images, and tables.
5. These buttons allow you to save your changes to the draft copy, publish your draft copy, unpublish from the live website, or remove a page from the draft website. The SilverStripe CMS workflow stores two copies of a page, a draft and a published copy. By having separate draft and published copies, we can preview draft changes on the site before publishing them to the live website. You can quickly preview your draft pages without leaving the CMS by clicking the "Preview" button.
![](_images/tutorial1_cms-numbered-5.jpg)
### Try it
There are three pages already created for you - "Home", "About Us" and "Contact Us", as well as a 404 page. Experiment
There are three pages already created for you - "Home", "About Us" and "Contact Us", as well as a 404 error page. Experiment
with the editor - try different formatting, tables and images. When you are done, click "Save Draft" or "Save
& Publish" to post the content to the live site.
@ -88,16 +88,16 @@ Note that if you have sub-pages, changing the Top level URL field for a page wil
When you create a new page, SilverStripe automatically creates an appropriate URL for it. For example, *About Us* will
become *about-us*. You are able to change it yourself so that you can make long titles more usable or descriptive. For
example, *Employment Opportunities* could be shortened to *jobs*. The ability to generate easy to type, descriptive URLs
example, *Employment Opportunities* could be shortened to *jobs*. The ability to generate easy-to-type, descriptive URLs
for SilverStripe pages improves accessibility for humans and search engines.
You should ensure the URL for the home page is *home*, as that's the page SilverStripe loads by default.
You should ensure the URL for the home page is *home*, as that is the page SilverStripe loads by default.
## Templates
All pages on a SilverStripe site are rendered using a template. A template is an file
with a special `*.ss` file extension, containing HTML augmented with some control codes. Through the use of templates, you can have as much control over your sites HTML code as you like. In SilverStripe, these files and others for controlling your sites appearance the CSS, images, and some javascript are collectively described as a theme. Themes live in the 'themes' folder of your site.
All pages on a SilverStripe site are rendered using a template. A template is a file
with a special `*.ss` file extension, containing HTML augmented with some control codes. Through the use of templates, you can have as much control over your sites HTML code as you like. In SilverStripe, the template files and others for controlling your sites appearance, such as the CSS, images, and some javascript, are collectively described as a theme. Themes live in the 'themes' folder of your site.
Every page in your site has a **page type**. We will briefly talk about page types later, and go into much more detail
in tutorial two; right now all our pages will be of the page type *Page*. When rendering a page, SilverStripe will look
@ -116,7 +116,7 @@ ensures the browser knows where to locate your site's images and css files.
$Title
$SiteConfig.Title
These three variables are found within the html `<title>` tag, and are replaced by the text set in the "Meta Title", "Page Name", or "Settings -> Site Title" in the CMS.
These three variables are found within the html `<title>` tag, and are replaced by the text set in the "Meta Title", "Page Name", or "Settings -> Site Title" fields in the CMS.
:::ss
$MetaTags
@ -207,7 +207,7 @@ you will then be able to target a section in css (*simple/css/layout.css*), e.g.
## A second level of navigation
The top navigation system is currently quite restrictive. There is no way to
nest pages, we have a completely flat site. Adding a second level in SilverStripe is easy. First (if you haven't already done so), let's add some pages.
nest pages, so we have a completely flat site. Adding a second level in SilverStripe is easy. First (if you haven't already done so), let's add some pages.
The "About Us" section could use some expansion.
@ -240,7 +240,7 @@ As we can see here, the *Menu* control takes a single
argument - the level of the menu we want to get. Our css file will style this linked list into the second level menu,
using our usual *$LinkingMode* technique to highlight the current page.
To make sure the menu is not displayed on every page, even those that *don't* have any nested pages. We use an **if block**.
To make sure the menu is not displayed on every page, for example, those that *don't* have any nested pages. We use an **if block**.
Look again in the *Sidebar.ss* file and you will see that the menu is surrounded with an **if block**
like this:
@ -289,9 +289,9 @@ Both the top menu, and the sidebar menu should be updating and highlighting as y
![](_images/tutorial1_menu-two-level.jpg)
Feel free to experiment with the if and loop statements, for example you could create a drop down style menu from the top navigation using a combination of if statements, loops and some CSS to style it.
Feel free to experiment with the if and loop statements. For example, you could create a drop down style menu from the top navigation using a combination of if statements, loops, and some CSS to style it.
The following example runs an if statement, and a loop on *Children*, checking to see if any sub-pages exist within each top level navigation item, you will need to come up with your own CSS to correctly style this approach.
The following example runs an if statement and a loop on *Children*, checking to see if any sub-pages exist within each top level navigation item. You will need to come up with your own CSS to correctly style this approach.
:::ss
<ul>
@ -345,7 +345,7 @@ Create a new file *HomePage.php* in *mysite/code*. Copy the following code into
Every page type also has a database table corresponding to it. Every time we modify the database, we need to rebuild it.
We can do this by going to [http://localhost/your_site_name/dev/build](http://localhost/your_site_name/dev/build) (replace *localhost/your_site_name* with your own domain name if applicable).
It may take a moment, so be patient. This add tables and fields needed by your site, and modifies any structures that have changed. It
It may take a moment, so be patient. This adds tables and fields needed by your site, and modifies any structures that have changed. It
does this non-destructively - it will never delete your data.
As we have just created a new page type, SilverStripe will add this to the list of page types in the database.
@ -359,7 +359,7 @@ In the CMS, navigate to the "Home" page and switch to the "Settings" tab. Change
![](_images/tutorial1_homepage-type.jpg)
Our homepage is now of the page type *HomePage*. Regardless, it is still
rendered with the *Page* template. SilverStripe does this the type inherits from *Page*,
rendered with the *Page* template. SilverStripe does this as our homepage inherits its type from *Page*,
which acts as a fallback if no *HomePage* template can be found.
It always tries to use the most specific template in an inheritance chain.

View File

@ -1,13 +1,13 @@
# Written Tutorials
* [Tutorial 1: Building a basic site](1-building-a-basic-site): An introduction to building a site with
SilverStripe
SilverStripe.
* [Tutorial 2: Extending a basic site](2-extending-a-basic-site): A tutorial that builds on "Building a basic
site"
site".
* [Tutorial 3: Forms](3-forms): An introduction to forms in SilverStripe.
* [Tutorial 4: Site Search](4-site-search): Learn how to add search to your site.
* [Tutorial 5: Dataobject Relationship Management](5-dataobject-relationship-management): Learn how to create
a simple data relationships
simple data relationships.
# Video tutorials
@ -20,4 +20,4 @@ a simple data relationships
* [Common Problems](/installation/common-problems): Review some existing solutions to common problems.
* [SilverStripe Forums](http://www.silverstripe.com/silverstripe-forum/): Head over to the forums and ask the community
for help
for help.