From 0fa8335bc0d27296cd18a66debdb7a420f3b0c94 Mon Sep 17 00:00:00 2001
From: Cam Findlay <cam@silverstripe.com>
Date: Thu, 22 Oct 2015 09:13:57 +1300
Subject: [PATCH 01/49] DOCS Upgrading information about 3.2.0 and the
 additional modules required (reports & siteconfig)

Based on a community question about upgrading their site manually, they followed the instructions but were not aware of the additional modules now required.
---
 docs/en/03_Upgrading/index.md | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/docs/en/03_Upgrading/index.md b/docs/en/03_Upgrading/index.md
index 825876142..65e799156 100644
--- a/docs/en/03_Upgrading/index.md
+++ b/docs/en/03_Upgrading/index.md
@@ -1,22 +1,25 @@
 title: Upgrading
 introduction: Keep your SilverStripe installations up to date with the latest fixes, security patches and new features.
 
-# Upgrading
+# Upgrading to SilverStripe 3.2
 
-SilverStripe Applications should be kept up to date with the latest security releases. Usually an update or upgrade to 
-your SilverStripe installation means overwriting files, flushing the cache and updating your database-schema. 
+SilverStripe applications should be kept up to date with the latest security releases. Usually an update or upgrade to your SilverStripe installation means overwriting files, flushing the cache and updating your database-schema. 
 
 <div class="info" markdown="1">
-See our [upgrade notes and changelogs](/changelogs) for release-specific information.
+See our [upgrade notes and changelogs](/changelogs/3.2.0) for 3.2.0 specific information, bugfixes and API changes.
 </div>
 
 ## Composer 
 
-For projects managed through Composer, check the version defined in your `composer.json` file. Update the version 
-constraints if required and update composer.
+For projects managed through Composer, update the version number of `framework` and `cms` to `^3.2` in your `composer.json` file and run `composer update`. 
 
-	:::bash
-	composer update
+```json
+	"require": {
+		"silverstripe/framework": "^3.2",
+		"silverstripe/cms": "^3.2"
+	}
+```
+This will also add extra dependencies, the `reports` and `siteconfig` modules. SilverStripe CMS is becoming more modular, and [composer is becoming the preferred way to manage your code](/getting_started/composer).
 
 ## Manual
 
@@ -27,7 +30,8 @@ constraints if required and update composer.
 *  Leave custom folders like *mysite* or *themes* in place.
 *  Identify system folders in your webroot (`cms`, `framework` and any additional modules). 
 *  Delete existing system folders (or move them outside of your webroot)
-*  Extract and replace system folders from your download (Deleting instead of "copying over" existing folders ensures that files removed from the new SilverStripe release are not persisting in your installation)
+*  Extract and replace system folders from your download (Deleting instead of "copying over" existing folders ensures that files removed from the new SilverStripe release are not persisting in your installation).
+*  As of SilverStripe CMS 3.2.0 you will also need to include the `reports` and `siteconfig` modules to ensure feature parity with previous versions of the CMS.
 *  Visit http://yoursite.com/dev/build/?flush=1 to rebuild the website database.
 *  Check if you need to adapt your code to changed PHP APIs
 *  Check if you have overwritten any core templates or styles which might need an update.

From 791c52c6bdfc64e46ff4960556f44875784ca64b Mon Sep 17 00:00:00 2001
From: Peter Thaleikis <spekulatius@users.noreply.github.com>
Date: Sun, 25 Oct 2015 22:41:13 +1300
Subject: [PATCH 02/49] fixing syntax error

---
 .../02_Developer_Guides/03_Forms/Field_types/05_UploadField.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md b/docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
index c0fde52df..99eec5435 100644
--- a/docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
+++ b/docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
@@ -73,7 +73,7 @@ Enable multiple fileuploads by using a many_many (or has_many) relation. Again,
 
 ```php
 	class GalleryImageExtension extends DataExtension {
-		private static $belongs_many_many = array('Galleries' => 'GalleryPage);
+		private static $belongs_many_many = array('Galleries' => 'GalleryPage');
 	}
 ```
 

From 8dc9282adf092fbb0234f6cc1ecdcf96ea39fe37 Mon Sep 17 00:00:00 2001
From: Colin Richardson <colinrichardson@bigfork.co.uk>
Date: Mon, 2 Nov 2015 10:38:54 +0000
Subject: [PATCH 03/49] check for id attributes for anchor targets and prevent
 partial matches e.g. data-name='foo'

---
 forms/HtmlEditorField.php     | 2 +-
 javascript/HtmlEditorField.js | 5 +++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/forms/HtmlEditorField.php b/forms/HtmlEditorField.php
index fad081a74..03c1a1c65 100644
--- a/forms/HtmlEditorField.php
+++ b/forms/HtmlEditorField.php
@@ -519,7 +519,7 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 			}
 
 			// Similar to the regex found in HtmlEditorField.js / getAnchors method.
-			if (preg_match_all("/name=\"([^\"]+?)\"|name='([^']+?)'/im", $page->Content, $matches)) {
+			if (preg_match_all("/\s(name|id)=\"([^\"]+?)\"|\s(name|id)='([^']+?)'/im", $page->Content, $matches)) {
 				$anchors = $matches[1];
 			}
 
diff --git a/javascript/HtmlEditorField.js b/javascript/HtmlEditorField.js
index 3bcdb374e..944618d4d 100644
--- a/javascript/HtmlEditorField.js
+++ b/javascript/HtmlEditorField.js
@@ -716,10 +716,11 @@ ss.editorWrappers['default'] = ss.editorWrappers.tinyMCE;
 						// http://www.w3.org/TR/1999/REC-html401-19991224/struct/links.html#h-12.2
 
 						if(ed) {
-							var raw = ed.getContent().match(/name="([^"]+?)"|name='([^']+?)'/gim);
+							var raw = ed.getContent().match(/\s(name|id)="([^"]+?)"|\s(name|id)='([^']+?)'/gim);
 							if (raw && raw.length) {
 								for(var i = 0; i < raw.length; i++) {
-									collectedAnchors.push(raw[i].substr(6).replace(/"$/, ''));
+									var indexStart = (raw[i].indexOf('id=') == -1) ? 7 : 5;
+									collectedAnchors.push(raw[i].substr(indexStart).replace(/"$/, ''));
 								}
 							}
 						}

From 6a1a3bf182cf70b679e43e3721c45b8391684293 Mon Sep 17 00:00:00 2001
From: Garion Herman <garion@silverstripe.com>
Date: Tue, 3 Nov 2015 23:56:30 +1300
Subject: [PATCH 04/49] Corrected TotalItems() method to use Count(). Added
 test coverage. (fixes #4646)

---
 model/ListDecorator.php         |  2 +-
 tests/model/GroupedListTest.php | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/model/ListDecorator.php b/model/ListDecorator.php
index 83bf7ad35..6ba6edb90 100644
--- a/model/ListDecorator.php
+++ b/model/ListDecorator.php
@@ -81,7 +81,7 @@ abstract class SS_ListDecorator extends ViewableData implements SS_List, SS_Sort
 	}
 
 	public function TotalItems() {
-		return $this->list->TotalItems();
+		return $this->list->Count();
 	}
 
 	public function Count() {
diff --git a/tests/model/GroupedListTest.php b/tests/model/GroupedListTest.php
index e5c426692..4d5c5cd41 100644
--- a/tests/model/GroupedListTest.php
+++ b/tests/model/GroupedListTest.php
@@ -123,4 +123,31 @@ class GroupedListTest extends SapphireTest {
 		}
 	}
 
+	public function testTotalItems() {
+		$list = GroupedList::create(
+			ArrayList::create(
+				array(
+					ArrayData::create(array(
+						'Name' => 'AAA',
+						'Number' => '111',
+					)),
+					ArrayData::create(array(
+						'Name' => 'BBB',
+						'Number' => '111',
+					)),
+					ArrayData::create(array(
+						'Name'   => 'AAA',
+						'Number' => '222',
+					)),
+					ArrayData::create(array(
+						'Name'   => 'BBB',
+						'Number' => '111',
+					))
+				)
+			)
+		);
+
+		$this->assertEquals(4, $list->TotalItems());
+	}
+
 }

From acdcf8ca02fc839cd21b9349d99a512224986d73 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Wed, 4 Nov 2015 08:35:25 +1300
Subject: [PATCH 05/49] Batch actions break with Translatable installed

Due to ?locale GET parameter being appended to the action URL,
and naive string concatenation of additional GET parameters.
---
 admin/javascript/LeftAndMain.BatchActions.js | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/admin/javascript/LeftAndMain.BatchActions.js b/admin/javascript/LeftAndMain.BatchActions.js
index de975e9c1..0016c4c09 100644
--- a/admin/javascript/LeftAndMain.BatchActions.js
+++ b/admin/javascript/LeftAndMain.BatchActions.js
@@ -240,8 +240,8 @@
 					ids = this.getIDs(),
 					allIds = [],
 					viewMode = $('.cms-content-batchactions :input[name=view-mode-batchactions]'),
-					selectedAction = this.find(':input[name=Action]').val();
-			
+					actionUrl = this.find(':input[name=Action]').val();
+
 				// Default to refreshing the entire tree
 				if(rootNode == null) rootNode = st;
 
@@ -250,7 +250,7 @@
 				}
 
 				// If no action is selected, enable all nodes
-				if(!selectedAction || selectedAction == -1 || !viewMode.is(":checked")) {
+				if(!actionUrl || actionUrl == -1 || !viewMode.is(":checked")) {
 					$(rootNode).find('li').each(function() {
 						$(this).setEnabled(true);
 					});
@@ -264,8 +264,12 @@
 				});
 				
 				// Post to the server to ask which pages can have this batch action applied
-				var applicablePagesURL = selectedAction + '/applicablepages/?csvIDs=' + allIds.join(',');
-				jQuery.getJSON(applicablePagesURL, function(applicableIDs) {
+				// Retain existing query parameters in URL before appending path
+				var actionUrlParts = $.path.parseUrl(actionUrl);
+				var applicablePagesUrl = actionUrlParts.hrefNoSearch + '/applicablepages/';
+				applicablePagesUrl = $.path.addSearchParams(applicablePagesUrl, actionUrlParts.search);
+				applicablePagesUrl = $.path.addSearchParams(applicablePagesUrl, {csvIDs: allIds.join(',')});
+				jQuery.getJSON(applicablePagesUrl, function(applicableIDs) {
 					// Set a CSS class on each tree node indicating which can be batch-actioned and which can't
 					jQuery(rootNode).find('li').each(function() {
 						$(this).removeClass('treeloading');

From 4f8b061b592d746e89d24e540d4eae3dd313a57d Mon Sep 17 00:00:00 2001
From: scott1702 <scott@silverstripe.com>
Date: Thu, 5 Nov 2015 13:09:21 +1300
Subject: [PATCH 06/49] Remove drag handle from non-draggable js-trees

---
 admin/css/screen.css  | 8 ++++----
 admin/scss/_tree.scss | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/admin/css/screen.css b/admin/css/screen.css
index afd223c55..94a3beab2 100644
--- a/admin/css/screen.css
+++ b/admin/css/screen.css
@@ -840,7 +840,7 @@ form.import-form label.left { width: 250px; }
 .tree-holder.jstree li.readonly, .cms-tree.jstree li.readonly { color: #aaa; padding-left: 18px; }
 .tree-holder.jstree li.readonly a, .tree-holder.jstree li.readonly a:link, .cms-tree.jstree li.readonly a, .cms-tree.jstree li.readonly a:link { margin: 0; padding: 0; }
 .tree-holder.jstree li.readonly .jstree-icon, .cms-tree.jstree li.readonly .jstree-icon { display: none; }
-.tree-holder.jstree a, .tree-holder.jstree a:link, .cms-tree.jstree a, .cms-tree.jstree a:link { color: #0073C1; padding: 3px 6px 3px 3px; border: none; display: inline-block; margin-right: 5px; }
+.tree-holder.jstree a, .tree-holder.jstree a:link, .cms-tree.jstree a, .cms-tree.jstree a:link { color: #0073C1; padding: 3px 6px 3px 6px; border: none; display: inline-block; margin-right: 5px; }
 .tree-holder.jstree ins, .cms-tree.jstree ins { background-color: transparent; background-image: url(../images/sitetree_ss_default_icons.png); }
 .tree-holder.jstree span.badge, .cms-tree.jstree span.badge { clear: both; text-transform: uppercase; text-shadow: none; display: inline-block; position: relative; padding: 3px 3px 1px; font-size: 0.75em; line-height: 1em; margin-left: 3px; margin-top: -1px; -moz-border-radius: 2px / 2px; -webkit-border-radius: 2px 2px; border-radius: 2px / 2px; }
 .tree-holder.jstree span.comment-count, .cms-tree.jstree span.comment-count { clear: both; position: relative; text-transform: uppercase; display: inline-block; overflow: visible; padding: 0px 3px; font-size: 0.75em; line-height: 1em; margin-left: 3px; margin-right: 6px; -moz-border-radius: 2px / 2px; -webkit-border-radius: 2px 2px; border-radius: 2px / 2px; color: #7E7470; border: 1px solid #C9B800; background-color: #FFF0BC; }
@@ -851,9 +851,9 @@ form.import-form label.left { width: 250px; }
 .tree-holder.jstree .jstree-open > ins, .cms-tree.jstree .jstree-open > ins { background-position: -18px -1px; }
 .tree-holder.filtered-list li:not(.filtered-item) > a, .cms-tree.filtered-list li:not(.filtered-item) > a { color: #aaa; }
 
-.cms-tree.jstree .jstree-no-checkboxes li a { padding-left: 12px; }
-.cms-tree.jstree .jstree-no-checkboxes li .jstree-hovered, .cms-tree.jstree .jstree-no-checkboxes li .jstree-clicked, .cms-tree.jstree .jstree-no-checkboxes li a:focus { padding-left: 0; }
-.cms-tree.jstree .jstree-no-checkboxes li .jstree-hovered .jstree-icon, .cms-tree.jstree .jstree-no-checkboxes li .jstree-clicked .jstree-icon, .cms-tree.jstree .jstree-no-checkboxes li a:focus .jstree-icon { display: block; }
+.cms-tree.jstree.draggable .jstree-no-checkboxes li a { padding-left: 12px; }
+.cms-tree.jstree.draggable .jstree-no-checkboxes li .jstree-hovered, .cms-tree.jstree.draggable .jstree-no-checkboxes li .jstree-clicked, .cms-tree.jstree.draggable .jstree-no-checkboxes li a:focus { padding-left: 0; }
+.cms-tree.jstree.draggable .jstree-no-checkboxes li .jstree-hovered .jstree-icon, .cms-tree.jstree.draggable .jstree-no-checkboxes li .jstree-clicked .jstree-icon, .cms-tree.jstree.draggable .jstree-no-checkboxes li a:focus .jstree-icon { display: block; }
 
 .jstree-default a .jstree-icon, .jstree-default-rtl a .jstree-icon, .jstree-classic a .jstree-icon, .jstree-apple a .jstree-icon { background-position: -60px -19px; }
 
diff --git a/admin/scss/_tree.scss b/admin/scss/_tree.scss
index c0fb4aff7..badb11fbd 100644
--- a/admin/scss/_tree.scss
+++ b/admin/scss/_tree.scss
@@ -483,7 +483,7 @@
 		}	
 		a, a:link {
 			color:  $color-text-blue-link;
-			padding: 3px 6px 3px 3px;
+			padding: 3px 6px 3px 6px;
 			border: none;
 			display:  inline-block;
 			margin-right: 5px;
@@ -571,7 +571,7 @@
 
 // For drag and drop icons to not appear whilst in multi-selection
 .cms-tree {
-	&.jstree {
+	&.jstree.draggable {
 		.jstree-no-checkboxes {
 			li {
 				a {

From f577ecb81149d0d09dc846204f17b2153a244b5a Mon Sep 17 00:00:00 2001
From: Igor Nadj <igor@silverstripe.com>
Date: Thu, 5 Nov 2015 16:09:16 +1300
Subject: [PATCH 07/49] FIX: prevent use cache on browser back button

---
 control/HTTP.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/control/HTTP.php b/control/HTTP.php
index 895c126e9..8a65c1be0 100644
--- a/control/HTTP.php
+++ b/control/HTTP.php
@@ -384,7 +384,7 @@ class HTTP {
 				// prefer the caching information indicated through the "Cache-Control" header.
 				$responseHeaders["Pragma"] = "";
 			} else {
-				$responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
+				$responseHeaders["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate, no-transform";
 			}
 		}
 

From dad37846210102e6b1d2e3cb8599151cde66865c Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dhensby@silverstripe.com>
Date: Fri, 6 Nov 2015 14:38:59 +0000
Subject: [PATCH 08/49] Fixing issue where words ending ay/ey/iy/oy/uy are not
 pluralised correctly

---
 model/DataObject.php           |  5 ++++-
 tests/model/DataObjectTest.php | 12 +++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/model/DataObject.php b/model/DataObject.php
index 85ba65b4f..665827029 100644
--- a/model/DataObject.php
+++ b/model/DataObject.php
@@ -781,7 +781,10 @@ class DataObject extends ViewableData implements DataObjectInterface, i18nEntity
 			return $name;
 		} else {
 			$name = $this->singular_name();
-			if(substr($name,-1) == 'y') $name = substr($name,0,-1) . 'ie';
+			//if the penultimate character is not a vowel, replace "y" with "ies"
+			if (preg_match('/[^aeiou]y$/i', $name)) {
+				$name = substr($name,0,-1) . 'ie';
+			}
 			return ucfirst($name . 's');
 		}
 	}
diff --git a/tests/model/DataObjectTest.php b/tests/model/DataObjectTest.php
index a1ce5201a..886352eee 100644
--- a/tests/model/DataObjectTest.php
+++ b/tests/model/DataObjectTest.php
@@ -26,6 +26,9 @@ class DataObjectTest extends SapphireTest {
 		'DataObjectTest_Staff',
 		'DataObjectTest_CEO',
 		'DataObjectTest_Fan',
+		'DataObjectTest_Play',
+		'DataObjectTest_Ploy',
+		'DataObjectTest_Bogey',
 	);
 
 	public function testDb() {
@@ -1341,7 +1344,10 @@ class DataObjectTest extends SapphireTest {
 		$assertions = array(
 			'DataObjectTest_Player'       => 'Data Object Test Players',
 			'DataObjectTest_Team'         => 'Data Object Test Teams',
-			'DataObjectTest_Fixture'      => 'Data Object Test Fixtures'
+			'DataObjectTest_Fixture'      => 'Data Object Test Fixtures',
+			'DataObjectTest_Play'         => 'Data Object Test Plays',
+			'DataObjectTest_Bogey'        => 'Data Object Test Bogeys',
+			'DataObjectTest_Ploy'         => 'Data Object Test Ploys',
 		);
 
 		foreach($assertions as $class => $expectedPluralName) {
@@ -1937,5 +1943,9 @@ class DataObjectTest_ExtendedTeamComment extends DataObjectTest_TeamComment {
 	);
 }
 
+class DataObjectTest_Play extends DataObject implements TestOnly {}
+class DataObjectTest_Ploy extends DataObject implements TestOnly {}
+class DataObjectTest_Bogey extends DataObject implements TestOnly {}
+
 DataObjectTest_Team::add_extension('DataObjectTest_Team_Extension');
 

From 414ea3de9e87812c5ac96cc15062307c608e0963 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Mon, 9 Nov 2015 16:39:33 +1300
Subject: [PATCH 09/49] BUG prevent UploadField edit form generation for
 Folders

---
 forms/UploadField.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/forms/UploadField.php b/forms/UploadField.php
index 41485b489..57926dc77 100644
--- a/forms/UploadField.php
+++ b/forms/UploadField.php
@@ -1432,6 +1432,10 @@ class UploadField_ItemHandler extends RequestHandler {
 	 */
 	public function EditForm() {
 		$file = $this->getItem();
+		if(!$file) return $this->httpError(404);
+		if($file instanceof Folder) return $this->httpError(403);
+		if(!$file->canEdit()) return $this->httpError(403);
+		
 		// Get form components
 		$fields = $this->parent->getFileEditFields($file);
 		$actions = $this->parent->getFileEditActions($file);

From c7b2f88d4eff8d0d28379b6aeb1ac0364858cb6a Mon Sep 17 00:00:00 2001
From: Cam Findlay <cam@silverstripe.com>
Date: Tue, 10 Nov 2015 11:50:53 +1300
Subject: [PATCH 10/49] DOCS Suggest a tool to help people generate their
 change logs for modules.

---
 docs/en/02_Developer_Guides/05_Extending/00_Modules.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/02_Developer_Guides/05_Extending/00_Modules.md b/docs/en/02_Developer_Guides/05_Extending/00_Modules.md
index 75f955dbd..9538c26fb 100644
--- a/docs/en/02_Developer_Guides/05_Extending/00_Modules.md
+++ b/docs/en/02_Developer_Guides/05_Extending/00_Modules.md
@@ -134,7 +134,7 @@ Documentation will use the following format:
    * How to report security vulnerabilities. Note that PSR-9 / PSR-10 may be recommended once released.
    * Security, license, links to more detailed docs.
  * CONTRIBUTING.md explaining terms of contribution.
- * A changelog CHANGELOG.md (may link to other more detailed docs or GitHub releases if you want).
+ * A changelog CHANGELOG.md (may link to other more detailed docs or GitHub releases if you want). You could [use a changelog generator](https://github.com/skywinder/Github-Changelog-Generator) to help create this.
  * Has a licence (LICENSE.md file) - for SilverStripe supported this needs to be BSD.
  * Detailed documentation in /docs/en as a nested set of GitHub-compatible Markdown files.
  * Links and image references are relative, and are able to be followed in viewers such as GitHub.

From 218049f5c01fba83b5fa04400d103f6aaa6acbb6 Mon Sep 17 00:00:00 2001
From: Cam Findlay <cam@silverstripe.com>
Date: Tue, 10 Nov 2015 11:59:38 +1300
Subject: [PATCH 11/49] DOCS Suggesting a convention for CMS user documentation
 so CMS users don't get lost in dev docs.

---
 docs/en/02_Developer_Guides/05_Extending/00_Modules.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/en/02_Developer_Guides/05_Extending/00_Modules.md b/docs/en/02_Developer_Guides/05_Extending/00_Modules.md
index 75f955dbd..9c93b827e 100644
--- a/docs/en/02_Developer_Guides/05_Extending/00_Modules.md
+++ b/docs/en/02_Developer_Guides/05_Extending/00_Modules.md
@@ -137,6 +137,7 @@ Documentation will use the following format:
  * A changelog CHANGELOG.md (may link to other more detailed docs or GitHub releases if you want).
  * Has a licence (LICENSE.md file) - for SilverStripe supported this needs to be BSD.
  * Detailed documentation in /docs/en as a nested set of GitHub-compatible Markdown files.
+ * It is suggested to use a documentation page named `userguide.md` in `docs/en/` that includes documentation of module features that have CMS user functionality (if applicable). For modules with large userguides, this should be in a directory named `userguide` with an `index.md` linking to any other userguide pages.
  * Links and image references are relative, and are able to be followed in viewers such as GitHub.
  * Markdown may include non-visible comments or meta-data.
 

From 856722a5616ce4c65dec00699f1019c641ee7b82 Mon Sep 17 00:00:00 2001
From: Ed Linklater <ed@silverstripe.com>
Date: Tue, 10 Nov 2015 13:17:27 +1300
Subject: [PATCH 12/49] Handle incorrectly deprecated validEmailAddr methods

---
 email/Mailer.php | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/email/Mailer.php b/email/Mailer.php
index cdc15bcec..67b624431 100644
--- a/email/Mailer.php
+++ b/email/Mailer.php
@@ -451,6 +451,14 @@ class Mailer extends Object {
 		return $headers . $file['contents'];
 	}
 
+	/**
+	 * @deprecated since version 4.0
+	 */
+	public function validEmailAddr($emailAddress) {
+		Deprecation::notice('4.0', 'This method will be removed in 4.0. Use protected method Mailer->validEmailAddress().');
+		return $this->validEmailAddress($emailAddress);
+	}
+
 	/**
 	 * Cleans up emails which may be in 'Name <email@silverstripe.com>' format
 	 *
@@ -596,8 +604,8 @@ function QuotedPrintable_encode($quotprint) {
  * @deprecated 3.1
  */
 function validEmailAddr($emailAddress) {
-	Deprecation::notice('4.0', 'Use Email->validEmailAddr() instead');
+	Deprecation::notice('4.0', 'This method will be removed in 4.0. Use protected method Mailer->validEmailAddress().');
 
 	$mailer = Injector::inst()->create('Mailer');
-	return $mailer->validEmailAddr($emailAddress);	
+	return $mailer->validEmailAddr($emailAddress);
 }

From 732e705bbf548024b123d5160863395f2f74e7d9 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Tue, 10 Nov 2015 14:24:45 +1300
Subject: [PATCH 13/49] BUG Correct behaviour for empty filter array (as per
 3.1)

---
 search/filters/ExactMatchFilter.php |  8 ++++++++
 tests/model/DataListTest.php        | 20 ++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/search/filters/ExactMatchFilter.php b/search/filters/ExactMatchFilter.php
index 515fa254e..dbcd2ed63 100644
--- a/search/filters/ExactMatchFilter.php
+++ b/search/filters/ExactMatchFilter.php
@@ -56,6 +56,10 @@ class ExactMatchFilter extends SearchFilter {
 			// For queries using the default collation (no explicit case) we can use the WHERE .. IN .. syntax,
 			// providing simpler SQL than many WHERE .. OR .. fragments.
 			$column = $this->getDbName();
+			// If values is an empty array, fall back to 3.1 behaviour and use empty string comparison
+			if(empty($values)) {
+				$values = array('');
+			}
 			$placeholders = DB::placeholders($values);
 			return $query->where(array(
 				"$column IN ($placeholders)" => $values
@@ -109,6 +113,10 @@ class ExactMatchFilter extends SearchFilter {
 			// For queries using the default collation (no explicit case) we can use the WHERE .. NOT IN .. syntax,
 			// providing simpler SQL than many WHERE .. AND .. fragments.
 			$column = $this->getDbName();
+			// If values is an empty array, fall back to 3.1 behaviour and use empty string comparison
+			if(empty($values)) {
+				$values = array('');
+			}
 			$placeholders = DB::placeholders($values);
 			return $query->where(array(
 				"$column NOT IN ($placeholders)" => $values
diff --git a/tests/model/DataListTest.php b/tests/model/DataListTest.php
index 7d7b453bc..5c6ca0ac0 100755
--- a/tests/model/DataListTest.php
+++ b/tests/model/DataListTest.php
@@ -897,6 +897,26 @@ class DataListTest extends SapphireTest {
 		$this->assertEquals(array('Bob'), $parameters);
 	}
 
+	/**
+	 * Test exact match filter with empty array items
+	 */
+	public function testEmptyFilter() {
+		$list = DataObjectTest_TeamComment::get();
+		$list = $list->exclude('Name', array());
+
+		$sql = $list->sql($parameters);
+		$this->assertSQLContains('WHERE (("DataObjectTest_TeamComment"."Name" NOT IN (?)))', $sql);
+		$this->assertEquals(array(''), $parameters);
+
+
+		$list = DataObjectTest_TeamComment::get();
+		$list = $list->filter('Name', array());
+
+		$sql = $list->sql($parameters);
+		$this->assertSQLContains('WHERE ("DataObjectTest_TeamComment"."Name" IN (?))', $sql);
+		$this->assertEquals(array(''), $parameters);
+	}
+
 	/**
 	 * $list->exclude(array('Name'=>'bob, 'Age'=>array(21, 43))); // exclude bob with Age 21 or 43
 	 */

From 0272e443f44ebca55b05c14f2a112260ff0df284 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Mon, 2 Nov 2015 13:59:45 +1300
Subject: [PATCH 14/49] BUG Prevent dev/build continually regenerating Number
 field type

---
 model/connect/MySQLSchemaManager.php           | 8 +++++---
 tests/model/DataObjectSchemaGenerationTest.php | 5 +++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/model/connect/MySQLSchemaManager.php b/model/connect/MySQLSchemaManager.php
index 85157de58..3fc9d59db 100644
--- a/model/connect/MySQLSchemaManager.php
+++ b/model/connect/MySQLSchemaManager.php
@@ -407,15 +407,17 @@ class MySQLSchemaManager extends DBSchemaManager {
 			$precision = $values['precision'];
 		}
 
-		$defaultValue = '';
+		// Fix format of default value to match precision
 		if (isset($values['default']) && is_numeric($values['default'])) {
 			$decs = strpos($precision, ',') !== false
 					? (int) substr($precision, strpos($precision, ',') + 1)
 					: 0;
-			$defaultValue = ' default ' . number_format($values['default'], $decs, '.', '');
+			$values['default'] = number_format($values['default'], $decs, '.', '');
+		} else {
+			unset($values['default']);
 		}
 
-		return "decimal($precision) not null $defaultValue";
+		return "decimal($precision) not null" . $this->defaultClause($values);
 	}
 
 	/**
diff --git a/tests/model/DataObjectSchemaGenerationTest.php b/tests/model/DataObjectSchemaGenerationTest.php
index 7c4b80dfe..e772b4184 100644
--- a/tests/model/DataObjectSchemaGenerationTest.php
+++ b/tests/model/DataObjectSchemaGenerationTest.php
@@ -178,6 +178,11 @@ class DataObjectSchemaGenerationTest_DO extends DataObject implements TestOnly {
 	private static $db = array(
 		'Enum1' => 'Enum("A, B, C, D","")',
 		'Enum2' => 'Enum("A, B, C, D","A")',
+		'NumberField' => 'Decimal',
+		'FloatingField' => 'Decimal(10,3,1.1)',
+		'TextValue' => 'Varchar',
+		'Date' => 'SS_Datetime',
+		'MyNumber' => 'Int'
 	);
 }
 

From b338efe5a755503527c38baedb73f2ffee503d7d Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Wed, 11 Nov 2015 16:07:20 +1300
Subject: [PATCH 15/49] Update translations

---
 admin/javascript/lang/de.js     |  2 +-
 admin/javascript/lang/ro.js     |  4 ++--
 admin/javascript/lang/src/de.js |  2 +-
 admin/javascript/lang/src/ro.js |  4 ++--
 lang/cs.yml                     |  4 ----
 lang/de.yml                     |  8 ++++++++
 lang/es.yml                     | 10 ++++++++++
 lang/fr.yml                     |  4 ++--
 lang/it.yml                     |  3 +++
 lang/lt.yml                     |  2 +-
 lang/sk.yml                     |  4 ----
 11 files changed, 30 insertions(+), 17 deletions(-)

diff --git a/admin/javascript/lang/de.js b/admin/javascript/lang/de.js
index d43b2335a..65eb96fb2 100644
--- a/admin/javascript/lang/de.js
+++ b/admin/javascript/lang/de.js
@@ -9,7 +9,7 @@ if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
     "CMSMAIN.BATCH_PUBLISH_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich veröffentlichen?",
     "CMSMAIN.BATCH_DELETE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich löschen?",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich archivieren?\n\nDiese Seiten und alle Unterseiten davon werden von der veröffentlichen Seite gelöscht und in das Archiv verschoben.",
-    "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
+    "CMSMAIN.BATCH_RESTORE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\\n\\nWollen Sie diese wirklich wiederherstellen?\\n\\nUnterseiten von archivierten Seiten werden auf der Root-Ebene wiederhergestellt, es sei denn, diese Seiten werden ebenfalls wiederhergestellt.",
     "CMSMAIN.BATCH_DELETELIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich von der veröfffentlichten Seite löschen?",
     "LeftAndMain.CONFIRMUNSAVED": "Sind Sie sicher, dass Sie die Seite verlassen möchten?\n\nWARNUNG: Ihre Änderungen werden nicht gespeichert.\n\nDrücken Sie \"OK\" um fortzufahren, oder \"Abbrechen\" um auf dieser Seite zu bleiben.",
     "LeftAndMain.CONFIRMUNSAVEDSHORT": "WARNUNG: Ihre Änderungen wurden nicht gespeichert.",
diff --git a/admin/javascript/lang/ro.js b/admin/javascript/lang/ro.js
index c5895f4ab..733561e71 100644
--- a/admin/javascript/lang/ro.js
+++ b/admin/javascript/lang/ro.js
@@ -4,8 +4,8 @@ if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
 	if(typeof(console) != 'undefined') console.error('Class ss.i18n not defined');
 } else {
 	ss.i18n.addDictionary('ro', {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
+    "CMSMAIN.SELECTONEPAGE": "Vă rugăm să selectaţi cel puțin o pagină.",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "Aveti {num} pagina(i) selectate.\n\nDoriti sa le nenublicati",
     "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
     "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
diff --git a/admin/javascript/lang/src/de.js b/admin/javascript/lang/src/de.js
index 9f10852dd..5599a84af 100644
--- a/admin/javascript/lang/src/de.js
+++ b/admin/javascript/lang/src/de.js
@@ -4,7 +4,7 @@
     "CMSMAIN.BATCH_PUBLISH_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich veröffentlichen?",
     "CMSMAIN.BATCH_DELETE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich löschen?",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich archivieren?\n\nDiese Seiten und alle Unterseiten davon werden von der veröffentlichen Seite gelöscht und in das Archiv verschoben.",
-    "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
+    "CMSMAIN.BATCH_RESTORE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\\n\\nWollen Sie diese wirklich wiederherstellen?\\n\\nUnterseiten von archivierten Seiten werden auf der Root-Ebene wiederhergestellt, es sei denn, diese Seiten werden ebenfalls wiederhergestellt.",
     "CMSMAIN.BATCH_DELETELIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich von der veröfffentlichten Seite löschen?",
     "LeftAndMain.CONFIRMUNSAVED": "Sind Sie sicher, dass Sie die Seite verlassen möchten?\n\nWARNUNG: Ihre Änderungen werden nicht gespeichert.\n\nDrücken Sie \"OK\" um fortzufahren, oder \"Abbrechen\" um auf dieser Seite zu bleiben.",
     "LeftAndMain.CONFIRMUNSAVEDSHORT": "WARNUNG: Ihre Änderungen wurden nicht gespeichert.",
diff --git a/admin/javascript/lang/src/ro.js b/admin/javascript/lang/src/ro.js
index 43d6cba2c..2488400ea 100644
--- a/admin/javascript/lang/src/ro.js
+++ b/admin/javascript/lang/src/ro.js
@@ -1,6 +1,6 @@
 {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
+    "CMSMAIN.SELECTONEPAGE": "Vă rugăm să selectaţi cel puțin o pagină.",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "Aveti {num} pagina(i) selectate.\n\nDoriti sa le nenublicati",
     "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
     "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
diff --git a/lang/cs.yml b/lang/cs.yml
index 710dff459..a96f65879 100644
--- a/lang/cs.yml
+++ b/lang/cs.yml
@@ -292,8 +292,6 @@ cs:
     FROMWEB: 'Z webu'
     FindInFolder: 'Hledat ve složce'
     IMAGEALT: 'Alternativní text (alt)'
-    IMAGEALTTEXT: 'Alternativní text (alt) - ukáže se, když obrázek nemúže být zobrazen'
-    IMAGEALTTEXTDESC: 'Zobrazeno na obrazovce, anebo když obrázek nemůže být zobrazen'
     IMAGEDIMENSIONS: Rozměry
     IMAGEHEIGHTPX: Výška
     IMAGETITLE: 'Titul text (tooltip) - další informace o obrázku'
@@ -328,11 +326,9 @@ cs:
     DELETED: Smazáno.
     DropdownBatchActionsDefault: Akcie
     HELP: Nápověda
-    PAGETYPE: 'Typ stránky:'
     PERMAGAIN: 'Byli jste odhlášeni z CMS. Pokud se chcete znovu přihlásit, zadejte níže své uživatelské jméno a heslo.'
     PERMALREADY: 'Omlouvám se, ale nemůžete vstoupit do této části CMS. Pokud se chcete přihlásit jako někdo jiný, udělejte tak níže.'
     PERMDEFAULT: 'Musíte být přihlášen/a k přístup do oblasti administrace, zadejte vaše přihlošovací údaje dole, prosím.'
-    PLEASESAVE: 'Uložte stránku, prosím. Tato stránka nemůže být aktualizována, protože ještě nebyla uložena.'
     PreviewButton: Náhled
     REORGANISATIONSUCCESSFUL: 'Strom webu reorganizován úspěšně.'
     SAVEDUP: Uloženo.
diff --git a/lang/de.yml b/lang/de.yml
index 15f637333..037954c17 100644
--- a/lang/de.yml
+++ b/lang/de.yml
@@ -260,6 +260,7 @@ de:
     many_many_Members: Mitglieder
   GroupImportForm:
     Help1: '<p>Eine oder mehrere Gruppen im <em>CSV</em>-Format (kommaseparierte Werte) importieren. <small><a href="#" class="toggle-advanced">Erweiterte Nutzung</a></small></p>'
+    Help2: '<div class="advanced"><h4>Erweiterte Benutzung</h4><ul><li>Gültige Spalten: <em>%s</em></li><li>Bereits existierende Gruppen werden anhand ihres eindeutigen <em>Code</em> identifiziert und um neue Einträge aus der Importdatei erweitert.</li><li>Gruppenhierarchien können mittels der Spalte <em>ParentCode</em> erstellt werden.</li><li>Berechtigungen können in der Spalte <em>PermissionCode</em> hinzugefügt werden. Schon zugewiesene Berechtigungen werden nicht entfernt.</li></ul></div>'
     ResultCreated: '{count} Gruppe(n) wurden erstellt'
     ResultDeleted: '%d Gruppe(n) gelöscht'
     ResultUpdated: '%d Gruppe(n) aktualisiert'
@@ -291,6 +292,8 @@ de:
     FROMWEB: 'Aus dem Web'
     FindInFolder: 'In Ordner suchen'
     IMAGEALT: 'Alternativtext (alt)'
+    IMAGEALTTEXT: 'Alternativtext (alt) - erscheint, falls das Bild nicht angezeigt werden kann.'
+    IMAGEALTTEXTDESC: 'Wird von Screenreadern vorgelesen oder angezeigt, falls das Bild nicht angezeigt werden kann.'
     IMAGEDIMENSIONS: Dimensionen
     IMAGEHEIGHTPX: Höhe (px)
     IMAGETITLE: 'Titeltext (Tooltip) - für zusätzliche Informationen über das Bild'
@@ -325,7 +328,11 @@ de:
     DELETED: Gelöscht.
     DropdownBatchActionsDefault: Aktionen
     HELP: Hilfe
+    PAGETYPE: 'Seitentyp'
     PERMAGAIN: 'Sie wurden aus dem System ausgeloggt. Falls Sie sich wieder einloggen möchten, geben Sie bitte Benutzernamen und Passwort im untenstehenden Formular an.'
+    PERMALREADY: 'Leider dürfen Sie diesen Teil des CMS nicht aufrufen. Wenn Sie sich als jemand anderes einloggen wollen, benutzen Sie bitte das nachstehende Formular.'
+    PERMDEFAULT: 'Sie müssen angemeldet sein, um auf diesen Bereich zugreifen zu können. Bitte geben Sie Ihre Zugangsdaten ein.'
+    PLEASESAVE: 'Diese Seite konnte nicht aktualisiert werden weil sie noch nicht gespeichert wurde - bitte speichern.'
     PreviewButton: Vorschau
     REORGANISATIONSUCCESSFUL: 'Der Seitenbaum wurde erfolgreich sortiert.'
     SAVEDUP: Gespeichert.
@@ -413,6 +420,7 @@ de:
     Toggle: 'Hilfe zur Formatierung anzeigen'
   MemberImportForm:
     Help1: '<p>Mitglieder im <em>CSV</em>-Format (kommaseparierte Werte) importieren. <small><a href="#" class="toggle-advanced">Erweiterte Nutzung</a></small></p>'
+    Help2: '<div class="advanced"><h4>Erweiterte Benutzung</h4><ul><li>Gültige Spalten: <em>%s</em></li><li>Bereits existierende Benutzer werden anhand ihres eindeutigen <em>Code</em> identifiziert und um neue Einträge aus der Importdatei erweitert.</li><li>Gruppen können in der Spalte <em>Gruppen</em> hinzugefügt werden. Gruppen werden anhand ihres <em>Code</em> erkannt. Mehrere Gruppen werden Komma-separiert eingetragen. Schon zugewiesene Gruppen werden nicht entfernt.</li></ul></div>'
     ResultCreated: '{count} Mitglied(er) wurde(n) erstellt'
     ResultDeleted: '%d Mitglied(er) gelöscht'
     ResultNone: 'Keine Änderungen'
diff --git a/lang/es.yml b/lang/es.yml
index 427098d8f..b56ec237f 100644
--- a/lang/es.yml
+++ b/lang/es.yml
@@ -82,6 +82,7 @@ es:
   CMSSecurity:
     INVALIDUSER: '<p>Usuario inválido. <a target="_top" href="{link}">Por favor, vuelva a autenticar aquí</a> para continuar.</p>'
     LoginMessage: '<p>Si Ud tiene cualquier trabajo sin guardar puede volver donde lo dejó, iniciando sesión más abajo.</p>'
+    SUCCESS: Exito
     SUCCESSCONTENT: '<p>Inicio de sesión exitoso. Si Ud no es automáticamente redireccionado, <a target="_top" href="{link}">haga clic aquí</a></p>'
     TimedOutTitleAnonymous: 'Expiró su sesión.'
     TimedOutTitleMember: 'Eh {name}!<br />Tu sesión expiró.'
@@ -259,6 +260,7 @@ es:
     many_many_Members: Miembros
   GroupImportForm:
     Help1: '<p>Importar uno o más grupos en formato <em>CSV</em> (valores separados por coma). <small><a href="#" class="toggle-advanced">Mostrar uso avanzado</a></small></p>'
+    Help2: '<div class="advanced"><h4>Uso avanzado</h4><ul><li>Columnas permitidas: <em>%s</em></li><li>Grupos existentes son relacionados con su  <em>Código único</em> y actualizados con cualquier nuevo valor desde el archivo importado</li><li>Jerarquías de grupo pueden ser creadas utilizando la columna <em>ParentCode</em>.</li><li>Códigos de permiso pueden ser asignados por la columna <em>PermissionCode</em>. Códigos de permisos existentes no son eliminados.</li></ul></div>'
     ResultCreated: 'Creados {count} grupos'
     ResultDeleted: 'Se eliminaron %d grupos'
     ResultUpdated: 'Actualizados grupos %d'
@@ -290,6 +292,8 @@ es:
     FROMWEB: 'Desde la web'
     FindInFolder: 'Buscar en carpeta'
     IMAGEALT: 'Texto alternativo (alt)'
+    IMAGEALTTEXT: 'Texto alternativo (alt) - es mostrado si la imagen no puede ser visualizada'
+    IMAGEALTTEXTDESC: 'Mostrado a los lectores de pantalla o si la imagen no se puede visualizar'
     IMAGEDIMENSIONS: Dimensiones
     IMAGEHEIGHTPX: Alto
     IMAGETITLE: 'Texto del título (tooltip) - para obtener más información acerca de la imagen'
@@ -324,7 +328,11 @@ es:
     DELETED: Borrado
     DropdownBatchActionsDefault: Acciones
     HELP: Ayuda
+    PAGETYPE: 'Tipo de página'
     PERMAGAIN: 'Ha sido desconectado del CMS. Si quiere volver a entrar, introduzca su nombre de usuario y contraseña a continuación.'
+    PERMALREADY: 'Lamentablemente no puede acceder a esta parte del CMS. Si quiere entrar como alguien distinto, hágalo a continuación'
+    PERMDEFAULT: 'Debes estar conectado para acceder al área de administración; por favor ingresa tus datos a continuación'
+    PLEASESAVE: 'Por favor Guarde la Página: Esta página no se ha podido actualizar porque aún no ha sido salvada'
     PreviewButton: Vista previa
     REORGANISATIONSUCCESSFUL: 'Reorganizado el árbol del sitio con éxito.'
     SAVEDUP: Guardado
@@ -412,6 +420,7 @@ es:
     Toggle: 'Cambiar'
   MemberImportForm:
     Help1: '<p>Importar usuarios en <em>formato CSV</em> (valores separados por coma). <small><a href="#" class="toggle-advanced">Mostrar uso avanzado</a></small></p>'
+    Help2: '<div class="advanced"><h4>Uso avanzado</h4><ul><li>Columnas permitidas: <em>%s</em></li><li>Usuarios existentes son relacionados con su  <em>Código único</em>, y actualizados con cualquier nuevo valor desde el archivo importado.</li><li>Grupos pueden ser asignados por la columna <em>Groups</em>. Grupos son identificados por su propiedad <em>Code</em>, multiples grupos pueden ser separados por una coma.  La pertenencia a grupos existentes no se borra.</li></ul></div>'
     ResultCreated: 'Creados {count} miembros'
     ResultDeleted: 'Se eliminaron %d miembros'
     ResultNone: 'No hay cambios'
@@ -475,6 +484,7 @@ es:
     SINGULARNAME: Regla
     Title: Título
   PermissionRoleCode:
+    PLURALNAME: 'Códigos de permiso'
     PermsError: 'No se puede asignar permisos privilegiados al código "% s"  (requiere acceso de administrador)'
     SINGULARNAME: 'Códigos de las regla de permisos'
   Permissions:
diff --git a/lang/fr.yml b/lang/fr.yml
index 745b53d73..952d44c99 100644
--- a/lang/fr.yml
+++ b/lang/fr.yml
@@ -251,9 +251,9 @@ fr:
     CAPTIONTEXT: 'Légende'
     CSSCLASS: 'Alignement / Style'
     CSSCLASSCENTER: 'Centré'
-    CSSCLASSLEFT: 'A gauche, avec texte à la ligne.'
+    CSSCLASSLEFT: 'À gauche, avec texte autour.'
     CSSCLASSLEFTALONE: 'Sur la gauche seulement'
-    CSSCLASSRIGHT: 'a droite, avec texte à la ligne.'
+    CSSCLASSRIGHT: 'À droite, avec texte autour.'
     DETAILS: Détails
     EMAIL: 'Adresse email'
     FILE: Fichier
diff --git a/lang/it.yml b/lang/it.yml
index 17627d5cb..f79e319b9 100644
--- a/lang/it.yml
+++ b/lang/it.yml
@@ -325,7 +325,10 @@ it:
     DELETED: Eliminato.
     DropdownBatchActionsDefault: Azioni
     HELP: Aiuto
+    PAGETYPE: 'Tipo di pagina'
     PERMAGAIN: 'Sei stato disconnesso dal CMS. Se desideri autenticarti nuovamente, inserisci qui sotto nome utente e password.'
+    PERMALREADY: 'Siamo spiacenti, ma non puoi accedere a questa sezione del CMS. Se desideri autenticarti come qualcun altro, fallo qui sotto.'
+    PERMDEFAULT: 'Devi essere autenticato per accedere all''area amministrativa; Per favore inserisci le tue credenziali qui sotto'
     PreviewButton: Anteprima
     REORGANISATIONSUCCESSFUL: 'Albero del sito riorganizzato con successo.'
     SAVEDUP: Salvato.
diff --git a/lang/lt.yml b/lang/lt.yml
index 1725617f3..9da6bb6c9 100644
--- a/lang/lt.yml
+++ b/lang/lt.yml
@@ -328,7 +328,7 @@ lt:
     DELETED: Ištrinta.
     DropdownBatchActionsDefault: Veiksmai
     HELP: Pagalba
-    PAGETYPE: 'Puslapio tipas:'
+    PAGETYPE: 'Puslapio tipas'
     PERMAGAIN: 'Jūs atsijungėte. Norėdami vėl prisijungti, įveskite savo duomenis į žemiau esančius laukelius.'
     PERMALREADY: 'Deja, bet Jūs negalite patekti į šią TVS dalį. Jeigu norite prisijungti kitu vartotoju, tai atlikite žemiau.'
     PERMDEFAULT: 'Jūs turite būti prisijungę, norėdami pasiekti administravimo zoną; prašome suvesti prisijungimo duomenis į žemiau esančius laukelius.'
diff --git a/lang/sk.yml b/lang/sk.yml
index f46181354..91f68461c 100644
--- a/lang/sk.yml
+++ b/lang/sk.yml
@@ -292,8 +292,6 @@ sk:
     FROMWEB: 'Z webu'
     FindInFolder: 'Vyhľadať v priečinku'
     IMAGEALT: 'Atlernatívny text (alt)'
-    IMAGEALTTEXT: 'Atlernatívny text (alt) - zobrazí sa ak obrázok nemože byť zobrazený '
-    IMAGEALTTEXTDESC: 'Zobrazí sa na obrazovke, ak obrázok nemôže byť zobrazený'
     IMAGEDIMENSIONS: Rozmery
     IMAGEHEIGHTPX: Výška
     IMAGETITLE: 'Text titulky (tooltip) - pre doplňujúce informácie o obrázku'
@@ -328,11 +326,9 @@ sk:
     DELETED: Zmazané.
     DropdownBatchActionsDefault: Akcie
     HELP: Pomoc
-    PAGETYPE: 'Typ stránky:'
     PERMAGAIN: 'Boli ste odhlásený'
     PERMALREADY: 'Je mi ľúto, ale nemáte prístup k tejto časti CMS. Ak sa chcete prihlásiť ako niekto iný, urobte tak nižšie'
     PERMDEFAULT: 'Musíte byť prihlásený/á k prístupu do oblasti administrácie, zadajte vaše prihlasovacie údaje dole, prosím.'
-    PLEASESAVE: 'Uložte stránku, prosím. Táto stránka nemôže byť aktualizovaná, pretože eště nebola uložená.'
     PreviewButton: Náhľad
     REORGANISATIONSUCCESSFUL: 'Strom webu bol reorganizovaný úspešne.'
     SAVEDUP: Uložené.

From 132e9b3e2fad361ebb4b502b6a37d34d013bfba3 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Thu, 29 Oct 2015 11:53:44 +1300
Subject: [PATCH 16/49] [ss-2015-021] Fix rewrite hash links XSS

---
 tests/view/SSViewerTest.php   | 29 +++++++++++++++++++++++------
 view/SSTemplateParser.php     | 10 +++++++---
 view/SSTemplateParser.php.inc | 10 +++++++---
 view/SSViewer.php             |  6 +++---
 4 files changed, 40 insertions(+), 15 deletions(-)

diff --git a/tests/view/SSViewerTest.php b/tests/view/SSViewerTest.php
index 39a3dd412..a816f6802 100644
--- a/tests/view/SSViewerTest.php
+++ b/tests/view/SSViewerTest.php
@@ -2,6 +2,13 @@
 
 class SSViewerTest extends SapphireTest {
 
+	/**
+	 * Backup of $_SERVER global
+	 *
+	 * @var array
+	 */
+	protected $oldServer = array();
+
 	protected $extraDataObjects = array(
 		'SSViewerTest_Object',
 	);
@@ -10,6 +17,12 @@ class SSViewerTest extends SapphireTest {
 		parent::setUp();
 		Config::inst()->update('SSViewer', 'source_file_comments', false);
 		Config::inst()->update('SSViewer_FromString', 'cache_template', false);
+		$this->oldServer = $_SERVER;
+	}
+
+	public function tearDown() {
+		$_SERVER = $this->oldServer;
+		parent::tearDown();
 	}
 
 	/**
@@ -1156,10 +1169,13 @@ after')
 		$orig = Config::inst()->get('SSViewer', 'rewrite_hash_links'); 
 		Config::inst()->update('SSViewer', 'rewrite_hash_links', true);
 
-		$_SERVER['REQUEST_URI'] = 'http://path/to/file?foo"onclick="alert(\'xss\')""';
+		$_SERVER['HTTP_HOST'] = 'www.mysite.com';
+		$_SERVER['REQUEST_URI'] = '//file.com?foo"onclick="alert(\'xss\')""';
 
 		// Emulate SSViewer::process()
-		$base = Convert::raw2att($_SERVER['REQUEST_URI']);
+		// Note that leading double slashes have been rewritten to prevent these being mis-interepreted
+		// as protocol-less absolute urls
+		$base = Convert::raw2att('/file.com?foo"onclick="alert(\'xss\')""');
 
 		$tmplFile = TEMP_FOLDER . '/SSViewerTest_testRewriteHashlinks_' . sha1(rand()) . '.ss';
 
@@ -1227,10 +1243,11 @@ after')
 		$obj = new ViewableData();
 		$obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
 		$result = $tmpl->process($obj);
-		$this->assertContains(
-			'<a class="inserted" href="<?php echo Convert::raw2att(',
-			$result
-		);
+
+		$code = <<<'EOC'
+<a class="inserted" href="<?php echo Convert::raw2att(preg_replace("/^(\/)+/", "/", $_SERVER['REQUEST_URI'])); ?>#anchor">InsertedLink</a>
+EOC;
+		$this->assertContains($code, $result);
 		// TODO Fix inline links in PHP mode
 		// $this->assertContains(
 		// 	'<a class="inline" href="<?php echo str_replace(',
diff --git a/view/SSTemplateParser.php b/view/SSTemplateParser.php
index 62f38277c..f9eb592b7 100644
--- a/view/SSTemplateParser.php
+++ b/view/SSTemplateParser.php
@@ -4681,11 +4681,15 @@ class SSTemplateParser extends Parser implements TemplateParser {
 
 		// TODO: This is pretty ugly & gets applied on all files not just html. I wonder if we can make this
 		// non-dynamically calculated
+		$code = <<<'EOC'
+(\Config::inst()->get('SSViewer', 'rewrite_hash_links')
+	? \Convert::raw2att( preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI'] ) )
+	: "")
+EOC;
+		// Because preg_replace replacement requires escaped slashes, addcslashes here
 		$text = preg_replace(
 			'/(<a[^>]+href *= *)"#/i',
-			'\\1"\' . (Config::inst()->get(\'SSViewer\', \'rewrite_hash_links\') ?' .
-			' Convert::raw2att( $_SERVER[\'REQUEST_URI\'] ) : "") .
-				\'#',
+			'\\1"\' . ' . addcslashes($code, '\\')  . ' . \'#',
 			$text
 		);
 
diff --git a/view/SSTemplateParser.php.inc b/view/SSTemplateParser.php.inc
index bc7640669..d4a654082 100644
--- a/view/SSTemplateParser.php.inc
+++ b/view/SSTemplateParser.php.inc
@@ -1135,11 +1135,15 @@ class SSTemplateParser extends Parser implements TemplateParser {
 
 		// TODO: This is pretty ugly & gets applied on all files not just html. I wonder if we can make this
 		// non-dynamically calculated
+		$code = <<<'EOC'
+(\Config::inst()->get('SSViewer', 'rewrite_hash_links')
+	? \Convert::raw2att( preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI'] ) )
+	: "")
+EOC;
+		// Because preg_replace replacement requires escaped slashes, addcslashes here
 		$text = preg_replace(
 			'/(<a[^>]+href *= *)"#/i',
-			'\\1"\' . (Config::inst()->get(\'SSViewer\', \'rewrite_hash_links\') ?' .
-			' Convert::raw2att( $_SERVER[\'REQUEST_URI\'] ) : "") .
-				\'#',
+			'\\1"\' . ' . addcslashes($code, '\\')  . ' . \'#',
 			$text
 		);
 
diff --git a/view/SSViewer.php b/view/SSViewer.php
index f84343d84..9556906a7 100644
--- a/view/SSViewer.php
+++ b/view/SSViewer.php
@@ -1129,10 +1129,10 @@ class SSViewer implements Flushable {
 		$rewrite = Config::inst()->get('SSViewer', 'rewrite_hash_links');
 		if($this->rewriteHashlinks && $rewrite) {
 			if(strpos($output, '<base') !== false) {
-				if($rewrite === 'php') { 
-					$thisURLRelativeToBase = "<?php echo Convert::raw2att(\$_SERVER['REQUEST_URI']); ?>";
+				if($rewrite === 'php') {
+					$thisURLRelativeToBase = "<?php echo Convert::raw2att(preg_replace(\"/^(\\\\/)+/\", \"/\", \$_SERVER['REQUEST_URI'])); ?>";
 				} else { 
-					$thisURLRelativeToBase = Convert::raw2att($_SERVER['REQUEST_URI']);
+					$thisURLRelativeToBase = Convert::raw2att(preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI']));
 				}
 
 				$output = preg_replace('/(<a[^>]+href *= *)"#/i', '\\1"' . $thisURLRelativeToBase . '#', $output);

From 4f55b6a115ce0de8c5c258fb44eca52b8b112caf Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Mon, 2 Nov 2015 11:33:04 +1300
Subject: [PATCH 17/49] [ss-2015-022]: XML escape RSSFeed $link parameter

---
 api/RSSFeed.php           | 1 +
 tests/api/RSSFeedTest.php | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/api/RSSFeed.php b/api/RSSFeed.php
index 12174d9c9..22d6d704e 100644
--- a/api/RSSFeed.php
+++ b/api/RSSFeed.php
@@ -16,6 +16,7 @@ class RSSFeed extends ViewableData {
 	private static $casting = array(
 		"Title" => "Varchar",
 		"Description" => "Varchar",
+		"Link" => "Varchar",
 	);
 
 	/**
diff --git a/tests/api/RSSFeedTest.php b/tests/api/RSSFeedTest.php
index 0402bd30a..9bbf25927 100644
--- a/tests/api/RSSFeedTest.php
+++ b/tests/api/RSSFeedTest.php
@@ -43,6 +43,13 @@ class RSSFeedTest extends SapphireTest {
 		$this->assertContains('<description>ItemC AltContent</description>', $content);
 	}
 
+	public function testLinkEncoding() {
+		$list = new ArrayList();
+		$rssFeed = new RSSFeed($list, "http://www.example.com/?param1=true&param2=true", "Test RSS Feed");
+		$content = $rssFeed->outputToBrowser();
+		$this->assertContains('<link>http://www.example.com/?param1=true&amp;param2=true', $content);
+	}
+
 	public function testRSSFeedWithShortcode() {
 		$list = new ArrayList();
 		$list->push(new RSSFeedTest_ItemD());

From f290d869e01e0087286b4f2bc92e95d15c229c45 Mon Sep 17 00:00:00 2001
From: Hamish Friedlander <hamish@silverstripe.com>
Date: Tue, 10 Nov 2015 11:27:49 +1300
Subject: [PATCH 18/49] [ss-2015-025]: FIX Dont expose class on error

---
 control/RequestHandler.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/control/RequestHandler.php b/control/RequestHandler.php
index 41f5eba60..17ffe4ab8 100644
--- a/control/RequestHandler.php
+++ b/control/RequestHandler.php
@@ -188,14 +188,14 @@ class RequestHandler extends ViewableData {
 			user_error("Non-string method name: " . var_export($action, true), E_USER_ERROR);
 		}
 
-		$className = get_class($this);
+		$classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);
 
 		try {
 			if(!$this->hasAction($action)) {
-				return $this->httpError(404, "Action '$action' isn't available on class $className.");
+				return $this->httpError(404, "Action '$action' isn't available $classMessage.");
 			}
 			if(!$this->checkAccessAction($action) || in_array(strtolower($action), array('run', 'init'))) {
-				return $this->httpError(403, "Action '$action' isn't allowed on class $className.");
+				return $this->httpError(403, "Action '$action' isn't allowed $classMessage.");
 			}
 			$result = $this->handleAction($request, $action);
 		}
@@ -232,7 +232,7 @@ class RequestHandler extends ViewableData {
 
 		// But if we have more content on the URL and we don't know what to do with it, return an error.
 		} else {
-			return $this->httpError(404, "I can't handle sub-URLs of a $this->class object.");
+			return $this->httpError(404, "I can't handle sub-URLs $classMessage.");
 		}
 
 		return $this;
@@ -276,10 +276,10 @@ class RequestHandler extends ViewableData {
 	 * @return SS_HTTPResponse
 	 */
 	protected function handleAction($request, $action) {
-		$className = get_class($this);
+		$classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);
 
 		if(!$this->hasMethod($action)) {
-			return new SS_HTTPResponse("Action '$action' isn't available on class $className.", 404);
+			return new SS_HTTPResponse("Action '$action' isn't available $classMessage.", 404);
 		}
 
 		$res = $this->extend('beforeCallActionHandler', $request, $action);

From bc1b2893accba6401c03f9ea3b0cbc4621c7a02c Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Wed, 11 Nov 2015 15:18:26 +1300
Subject: [PATCH 19/49] [ss-2015-026]: BUG Fix FormField error messages not
 being encoded safely

---
 docs/en/04_Changelogs/3.2.1.md | 25 +++++++++++++++++++++++++
 forms/Form.php                 | 12 ++++++++++++
 tests/forms/FormTest.php       | 15 ++++++++++++++-
 3 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 docs/en/04_Changelogs/3.2.1.md

diff --git a/docs/en/04_Changelogs/3.2.1.md b/docs/en/04_Changelogs/3.2.1.md
new file mode 100644
index 000000000..aa68c7e72
--- /dev/null
+++ b/docs/en/04_Changelogs/3.2.1.md
@@ -0,0 +1,25 @@
+# 3.2.1
+
+## Upgrading
+
+FormField validation messages generated by the `Validator` class will now be automatically XML
+encoded before being rendered alongside an invalid field.
+
+If a validation message in a custom `Validator` instance should be rendered as literal HTML,
+then the $message parameter for `Validator::validationError` should be passed as an instance
+of `HTMLText`
+
+For example:
+
+
+	:::php
+	class MyCustomValidator extends Validator {
+		public function php($data) { 
+			$this->validationError(
+				'EmailAddress',
+				DBField::create_field('HTMLText', "Invalid email. Please sign up at <a href='signup'>this page</a>")
+			);
+		}
+	}
+
+
diff --git a/forms/Form.php b/forms/Form.php
index 5b24754ac..0714aceef 100644
--- a/forms/Form.php
+++ b/forms/Form.php
@@ -1303,6 +1303,18 @@ class Form extends RequestHandler {
 				// Load errors into session and post back
 				$data = $this->getData();
 
+				// Encode validation messages as XML before saving into session state
+				// As per Form::addErrorMessage()
+				$errors = array_map(function($error) {
+					// Encode message as XML by default
+					if($error['message'] instanceof DBField) {
+						$error['message'] = $error['message']->forTemplate();;
+					} else {
+						$error['message'] = Convert::raw2xml($error['message']);
+					}
+					return $error;
+				}, $errors);
+
 				Session::set("FormInfo.{$this->FormName()}.errors", $errors);
 				Session::set("FormInfo.{$this->FormName()}.data", $data);
 
diff --git a/tests/forms/FormTest.php b/tests/forms/FormTest.php
index 409bac60a..f9349665b 100644
--- a/tests/forms/FormTest.php
+++ b/tests/forms/FormTest.php
@@ -235,6 +235,7 @@ class FormTest extends FunctionalTest {
 			'FormTest_Controller/Form',
 			array(
 				'Email' => 'invalid',
+				'Number' => '<a href="http://mysite.com">link</a>' // XSS attempt
 				// leaving out "Required" field
 			)
 		);
@@ -253,6 +254,17 @@ class FormTest extends FunctionalTest {
 			),
 			'Required fields show a notification on field when left blank'
 		);
+
+		$this->assertContains(
+			'&#039;&lt;a href=&quot;http://mysite.com&quot;&gt;link&lt;/a&gt;&#039; is not a number, only numbers can be accepted for this field',
+			$response->getBody(),
+			"Validation messages are safely XML encoded"
+		);
+		$this->assertNotContains(
+			'<a href="http://mysite.com">link</a>',
+			$response->getBody(),
+			"Unsafe content is not emitted directly inside the response body"
+		);
 	}
 
 	public function testSessionSuccessMessage() {
@@ -685,7 +697,8 @@ class FormTest_Controller extends Controller implements TestOnly {
 			new FieldList(
 				new EmailField('Email'),
 				new TextField('SomeRequiredField'),
-				new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two'))
+				new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two')),
+				new NumericField('Number')
 			),
 			new FieldList(
 				new FormAction('doSubmit')

From a40812ac3320d27f243ef0ed54aa003fc53720b6 Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Wed, 11 Nov 2015 16:57:49 +1300
Subject: [PATCH 20/49] =?UTF-8?q?FIX:=20Don=E2=80=99t=20reuse=20DBConnecto?=
 =?UTF-8?q?r=20(fixes=20#4735)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Without this fix, multiple Database objects will use the same
DBConnector object, meaning that SilverStripe can’t connect to multiple
databases.

This fix ensures that the service cache generates new DBConnector
subclasses each time it is called.
---
 _config/database.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/_config/database.yml b/_config/database.yml
index 916dd2c57..86cc2e927 100644
--- a/_config/database.yml
+++ b/_config/database.yml
@@ -14,3 +14,9 @@ Injector:
       connector: %$MySQLiConnector
       schemaManager: %$MySQLSchemaManager
       queryBuilder: %$MySQLQueryBuilder
+  MySQLiConnector:
+    class: 'MySQLiConnector'
+    type: prototype
+  PDOConnector:
+    class: 'PDOConnector'
+    type: prototype

From e68eb7e45de7803a5f1a67cfc30324921be847aa Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Wed, 11 Nov 2015 17:06:45 +1300
Subject: [PATCH 21/49] Update translations

---
 admin/javascript/lang/de.js     |   2 +-
 admin/javascript/lang/eo.js     |  14 ++--
 admin/javascript/lang/ro.js     |   4 +-
 admin/javascript/lang/src/de.js |   2 +-
 admin/javascript/lang/src/eo.js |  14 ++--
 admin/javascript/lang/src/ro.js |   4 +-
 admin/javascript/lang/src/zh.js |   8 +--
 admin/javascript/lang/zh.js     |   8 +--
 lang/cs.yml                     |   4 --
 lang/de.yml                     |   8 +++
 lang/eo.yml                     |   9 +++
 lang/es.yml                     |  10 +++
 lang/fa_IR.yml                  | 117 +++++++++++++++++++++++++++++++-
 lang/fr.yml                     |   4 +-
 lang/it.yml                     |   3 +
 lang/lt.yml                     |   2 +-
 lang/sk.yml                     |   4 --
 lang/tr.yml                     |   6 ++
 lang/zh.yml                     |  34 ++++++++++
 19 files changed, 217 insertions(+), 40 deletions(-)

diff --git a/admin/javascript/lang/de.js b/admin/javascript/lang/de.js
index d43b2335a..65eb96fb2 100644
--- a/admin/javascript/lang/de.js
+++ b/admin/javascript/lang/de.js
@@ -9,7 +9,7 @@ if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
     "CMSMAIN.BATCH_PUBLISH_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich veröffentlichen?",
     "CMSMAIN.BATCH_DELETE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich löschen?",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich archivieren?\n\nDiese Seiten und alle Unterseiten davon werden von der veröffentlichen Seite gelöscht und in das Archiv verschoben.",
-    "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
+    "CMSMAIN.BATCH_RESTORE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\\n\\nWollen Sie diese wirklich wiederherstellen?\\n\\nUnterseiten von archivierten Seiten werden auf der Root-Ebene wiederhergestellt, es sei denn, diese Seiten werden ebenfalls wiederhergestellt.",
     "CMSMAIN.BATCH_DELETELIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich von der veröfffentlichten Seite löschen?",
     "LeftAndMain.CONFIRMUNSAVED": "Sind Sie sicher, dass Sie die Seite verlassen möchten?\n\nWARNUNG: Ihre Änderungen werden nicht gespeichert.\n\nDrücken Sie \"OK\" um fortzufahren, oder \"Abbrechen\" um auf dieser Seite zu bleiben.",
     "LeftAndMain.CONFIRMUNSAVEDSHORT": "WARNUNG: Ihre Änderungen wurden nicht gespeichert.",
diff --git a/admin/javascript/lang/eo.js b/admin/javascript/lang/eo.js
index 81eb6d2ea..f46611198 100644
--- a/admin/javascript/lang/eo.js
+++ b/admin/javascript/lang/eo.js
@@ -4,13 +4,13 @@ if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
 	if(typeof(console) != 'undefined') console.error('Class ss.i18n not defined');
 } else {
 	ss.i18n.addDictionary('eo', {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
-    "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
-    "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
-    "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
-    "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
-    "CMSMAIN.BATCH_DELETELIVE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete these pages from live?",
+    "CMSMAIN.SELECTONEPAGE": "Bonvole elektu almenaŭ 1 paĝon.",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈi vi vere volas malpublikigi?",
+    "CMSMAIN.BATCH_PUBLISH_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈi vi vere volas publikigi?",
+    "CMSMAIN.BATCH_DELETE_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈi vi vere volas forigi?",
+    "CMSMAIN.BATCH_ARCHIVE_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈu vi vere volas enarĥivigi tiujn paĝojn?\n\nTiuj paĝoj kaj ĉiuj idaj paĝoj estos malpublikigitaj kaj senditaj al la arĥivo.",
+    "CMSMAIN.BATCH_RESTORE_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈu vi vere volas restaŭri al stadio?\n\nIdoj de enarĥivigitaj paĝoj estos restaŭritaj al la radika nivelo, escepte se tiuj paĝoj ankaŭ estos restaŭritaj.",
+    "CMSMAIN.BATCH_DELETELIVE_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈi vi vere volas forigi tiujn paĝojn el la publika stadio?",
     "LeftAndMain.CONFIRMUNSAVED": "Ĉu vi vere volas navigi for de ĉi tiu paĝo?\n\nAVERTO: Viaj ŝanĝoj ne estas konservitaj.\n\nPremu je Akcepti por daŭrigi, aŭ Nuligi por resti ĉe la aktuala paĝo.",
     "LeftAndMain.CONFIRMUNSAVEDSHORT": "AVERTO: Viaj ŝanĝoj ne estas konservitaj.",
     "SecurityAdmin.BATCHACTIONSDELETECONFIRM": "Ĉu vi vere volas forigi %s grupojn?",
diff --git a/admin/javascript/lang/ro.js b/admin/javascript/lang/ro.js
index c5895f4ab..733561e71 100644
--- a/admin/javascript/lang/ro.js
+++ b/admin/javascript/lang/ro.js
@@ -4,8 +4,8 @@ if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
 	if(typeof(console) != 'undefined') console.error('Class ss.i18n not defined');
 } else {
 	ss.i18n.addDictionary('ro', {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
+    "CMSMAIN.SELECTONEPAGE": "Vă rugăm să selectaţi cel puțin o pagină.",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "Aveti {num} pagina(i) selectate.\n\nDoriti sa le nenublicati",
     "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
     "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
diff --git a/admin/javascript/lang/src/de.js b/admin/javascript/lang/src/de.js
index 9f10852dd..5599a84af 100644
--- a/admin/javascript/lang/src/de.js
+++ b/admin/javascript/lang/src/de.js
@@ -4,7 +4,7 @@
     "CMSMAIN.BATCH_PUBLISH_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich veröffentlichen?",
     "CMSMAIN.BATCH_DELETE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich löschen?",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich archivieren?\n\nDiese Seiten und alle Unterseiten davon werden von der veröffentlichen Seite gelöscht und in das Archiv verschoben.",
-    "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
+    "CMSMAIN.BATCH_RESTORE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\\n\\nWollen Sie diese wirklich wiederherstellen?\\n\\nUnterseiten von archivierten Seiten werden auf der Root-Ebene wiederhergestellt, es sei denn, diese Seiten werden ebenfalls wiederhergestellt.",
     "CMSMAIN.BATCH_DELETELIVE_PROMPT": "Sie haben {num} Seite(n) ausgewählt.\n\nWollen Sie diese wirklich von der veröfffentlichten Seite löschen?",
     "LeftAndMain.CONFIRMUNSAVED": "Sind Sie sicher, dass Sie die Seite verlassen möchten?\n\nWARNUNG: Ihre Änderungen werden nicht gespeichert.\n\nDrücken Sie \"OK\" um fortzufahren, oder \"Abbrechen\" um auf dieser Seite zu bleiben.",
     "LeftAndMain.CONFIRMUNSAVEDSHORT": "WARNUNG: Ihre Änderungen wurden nicht gespeichert.",
diff --git a/admin/javascript/lang/src/eo.js b/admin/javascript/lang/src/eo.js
index bcea526f6..1a69993f4 100644
--- a/admin/javascript/lang/src/eo.js
+++ b/admin/javascript/lang/src/eo.js
@@ -1,11 +1,11 @@
 {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
-    "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
-    "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
-    "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
-    "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
-    "CMSMAIN.BATCH_DELETELIVE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete these pages from live?",
+    "CMSMAIN.SELECTONEPAGE": "Bonvole elektu almenaŭ 1 paĝon.",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈi vi vere volas malpublikigi?",
+    "CMSMAIN.BATCH_PUBLISH_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈi vi vere volas publikigi?",
+    "CMSMAIN.BATCH_DELETE_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈi vi vere volas forigi?",
+    "CMSMAIN.BATCH_ARCHIVE_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈu vi vere volas enarĥivigi tiujn paĝojn?\n\nTiuj paĝoj kaj ĉiuj idaj paĝoj estos malpublikigitaj kaj senditaj al la arĥivo.",
+    "CMSMAIN.BATCH_RESTORE_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈu vi vere volas restaŭri al stadio?\n\nIdoj de enarĥivigitaj paĝoj estos restaŭritaj al la radika nivelo, escepte se tiuj paĝoj ankaŭ estos restaŭritaj.",
+    "CMSMAIN.BATCH_DELETELIVE_PROMPT": "Vi elektis {num} paĝo(j)n.\n\nĈi vi vere volas forigi tiujn paĝojn el la publika stadio?",
     "LeftAndMain.CONFIRMUNSAVED": "Ĉu vi vere volas navigi for de ĉi tiu paĝo?\n\nAVERTO: Viaj ŝanĝoj ne estas konservitaj.\n\nPremu je Akcepti por daŭrigi, aŭ Nuligi por resti ĉe la aktuala paĝo.",
     "LeftAndMain.CONFIRMUNSAVEDSHORT": "AVERTO: Viaj ŝanĝoj ne estas konservitaj.",
     "SecurityAdmin.BATCHACTIONSDELETECONFIRM": "Ĉu vi vere volas forigi %s grupojn?",
diff --git a/admin/javascript/lang/src/ro.js b/admin/javascript/lang/src/ro.js
index 43d6cba2c..2488400ea 100644
--- a/admin/javascript/lang/src/ro.js
+++ b/admin/javascript/lang/src/ro.js
@@ -1,6 +1,6 @@
 {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
+    "CMSMAIN.SELECTONEPAGE": "Vă rugăm să selectaţi cel puțin o pagină.",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "Aveti {num} pagina(i) selectate.\n\nDoriti sa le nenublicati",
     "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
     "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
diff --git a/admin/javascript/lang/src/zh.js b/admin/javascript/lang/src/zh.js
index 686b667d3..c61a5628e 100644
--- a/admin/javascript/lang/src/zh.js
+++ b/admin/javascript/lang/src/zh.js
@@ -1,8 +1,8 @@
 {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
-    "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
-    "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
+    "CMSMAIN.SELECTONEPAGE": "请至少选择一个页面",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "您已选了{num}个页面。\n\n是否确定要取消发布",
+    "CMSMAIN.BATCH_PUBLISH_PROMPT": "您已选了{num}个页面。\n\n是否确定要发布？",
+    "CMSMAIN.BATCH_DELETE_PROMPT": "您已选了{num}个页面。\n\n是否确定要删除？",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
     "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
     "CMSMAIN.BATCH_DELETELIVE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete these pages from live?",
diff --git a/admin/javascript/lang/zh.js b/admin/javascript/lang/zh.js
index f55fd2a3e..bea2e3a73 100644
--- a/admin/javascript/lang/zh.js
+++ b/admin/javascript/lang/zh.js
@@ -4,10 +4,10 @@ if(typeof(ss) == 'undefined' || typeof(ss.i18n) == 'undefined') {
 	if(typeof(console) != 'undefined') console.error('Class ss.i18n not defined');
 } else {
 	ss.i18n.addDictionary('zh', {
-    "CMSMAIN.SELECTONEPAGE": "Please select at least one page",
-    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to unpublish",
-    "CMSMAIN.BATCH_PUBLISH_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to publish?",
-    "CMSMAIN.BATCH_DELETE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete?",
+    "CMSMAIN.SELECTONEPAGE": "请至少选择一个页面",
+    "CMSMAIN.BATCH_UNPUBLISH_PROMPT": "您已选了{num}个页面。\n\n是否确定要取消发布",
+    "CMSMAIN.BATCH_PUBLISH_PROMPT": "您已选了{num}个页面。\n\n是否确定要发布？",
+    "CMSMAIN.BATCH_DELETE_PROMPT": "您已选了{num}个页面。\n\n是否确定要删除？",
     "CMSMAIN.BATCH_ARCHIVE_PROMPT": "You have {num} page(s) selected.\n\nAre you sure you want to archive these pages?\n\nThese pages and all of their children pages will be unpublished and sent to the archive.",
     "CMSMAIN.BATCH_RESTORE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to restore to stage?\n\nChildren of archived pages will be restored to the root level, unless those pages are also being restored.",
     "CMSMAIN.BATCH_DELETELIVE_PROMPT": "You have {num} page(s) selected.\n\nDo you really want to delete these pages from live?",
diff --git a/lang/cs.yml b/lang/cs.yml
index 710dff459..a96f65879 100644
--- a/lang/cs.yml
+++ b/lang/cs.yml
@@ -292,8 +292,6 @@ cs:
     FROMWEB: 'Z webu'
     FindInFolder: 'Hledat ve složce'
     IMAGEALT: 'Alternativní text (alt)'
-    IMAGEALTTEXT: 'Alternativní text (alt) - ukáže se, když obrázek nemúže být zobrazen'
-    IMAGEALTTEXTDESC: 'Zobrazeno na obrazovce, anebo když obrázek nemůže být zobrazen'
     IMAGEDIMENSIONS: Rozměry
     IMAGEHEIGHTPX: Výška
     IMAGETITLE: 'Titul text (tooltip) - další informace o obrázku'
@@ -328,11 +326,9 @@ cs:
     DELETED: Smazáno.
     DropdownBatchActionsDefault: Akcie
     HELP: Nápověda
-    PAGETYPE: 'Typ stránky:'
     PERMAGAIN: 'Byli jste odhlášeni z CMS. Pokud se chcete znovu přihlásit, zadejte níže své uživatelské jméno a heslo.'
     PERMALREADY: 'Omlouvám se, ale nemůžete vstoupit do této části CMS. Pokud se chcete přihlásit jako někdo jiný, udělejte tak níže.'
     PERMDEFAULT: 'Musíte být přihlášen/a k přístup do oblasti administrace, zadejte vaše přihlošovací údaje dole, prosím.'
-    PLEASESAVE: 'Uložte stránku, prosím. Tato stránka nemůže být aktualizována, protože ještě nebyla uložena.'
     PreviewButton: Náhled
     REORGANISATIONSUCCESSFUL: 'Strom webu reorganizován úspěšně.'
     SAVEDUP: Uloženo.
diff --git a/lang/de.yml b/lang/de.yml
index 15f637333..037954c17 100644
--- a/lang/de.yml
+++ b/lang/de.yml
@@ -260,6 +260,7 @@ de:
     many_many_Members: Mitglieder
   GroupImportForm:
     Help1: '<p>Eine oder mehrere Gruppen im <em>CSV</em>-Format (kommaseparierte Werte) importieren. <small><a href="#" class="toggle-advanced">Erweiterte Nutzung</a></small></p>'
+    Help2: '<div class="advanced"><h4>Erweiterte Benutzung</h4><ul><li>Gültige Spalten: <em>%s</em></li><li>Bereits existierende Gruppen werden anhand ihres eindeutigen <em>Code</em> identifiziert und um neue Einträge aus der Importdatei erweitert.</li><li>Gruppenhierarchien können mittels der Spalte <em>ParentCode</em> erstellt werden.</li><li>Berechtigungen können in der Spalte <em>PermissionCode</em> hinzugefügt werden. Schon zugewiesene Berechtigungen werden nicht entfernt.</li></ul></div>'
     ResultCreated: '{count} Gruppe(n) wurden erstellt'
     ResultDeleted: '%d Gruppe(n) gelöscht'
     ResultUpdated: '%d Gruppe(n) aktualisiert'
@@ -291,6 +292,8 @@ de:
     FROMWEB: 'Aus dem Web'
     FindInFolder: 'In Ordner suchen'
     IMAGEALT: 'Alternativtext (alt)'
+    IMAGEALTTEXT: 'Alternativtext (alt) - erscheint, falls das Bild nicht angezeigt werden kann.'
+    IMAGEALTTEXTDESC: 'Wird von Screenreadern vorgelesen oder angezeigt, falls das Bild nicht angezeigt werden kann.'
     IMAGEDIMENSIONS: Dimensionen
     IMAGEHEIGHTPX: Höhe (px)
     IMAGETITLE: 'Titeltext (Tooltip) - für zusätzliche Informationen über das Bild'
@@ -325,7 +328,11 @@ de:
     DELETED: Gelöscht.
     DropdownBatchActionsDefault: Aktionen
     HELP: Hilfe
+    PAGETYPE: 'Seitentyp'
     PERMAGAIN: 'Sie wurden aus dem System ausgeloggt. Falls Sie sich wieder einloggen möchten, geben Sie bitte Benutzernamen und Passwort im untenstehenden Formular an.'
+    PERMALREADY: 'Leider dürfen Sie diesen Teil des CMS nicht aufrufen. Wenn Sie sich als jemand anderes einloggen wollen, benutzen Sie bitte das nachstehende Formular.'
+    PERMDEFAULT: 'Sie müssen angemeldet sein, um auf diesen Bereich zugreifen zu können. Bitte geben Sie Ihre Zugangsdaten ein.'
+    PLEASESAVE: 'Diese Seite konnte nicht aktualisiert werden weil sie noch nicht gespeichert wurde - bitte speichern.'
     PreviewButton: Vorschau
     REORGANISATIONSUCCESSFUL: 'Der Seitenbaum wurde erfolgreich sortiert.'
     SAVEDUP: Gespeichert.
@@ -413,6 +420,7 @@ de:
     Toggle: 'Hilfe zur Formatierung anzeigen'
   MemberImportForm:
     Help1: '<p>Mitglieder im <em>CSV</em>-Format (kommaseparierte Werte) importieren. <small><a href="#" class="toggle-advanced">Erweiterte Nutzung</a></small></p>'
+    Help2: '<div class="advanced"><h4>Erweiterte Benutzung</h4><ul><li>Gültige Spalten: <em>%s</em></li><li>Bereits existierende Benutzer werden anhand ihres eindeutigen <em>Code</em> identifiziert und um neue Einträge aus der Importdatei erweitert.</li><li>Gruppen können in der Spalte <em>Gruppen</em> hinzugefügt werden. Gruppen werden anhand ihres <em>Code</em> erkannt. Mehrere Gruppen werden Komma-separiert eingetragen. Schon zugewiesene Gruppen werden nicht entfernt.</li></ul></div>'
     ResultCreated: '{count} Mitglied(er) wurde(n) erstellt'
     ResultDeleted: '%d Mitglied(er) gelöscht'
     ResultNone: 'Keine Änderungen'
diff --git a/lang/eo.yml b/lang/eo.yml
index 14ca046e4..fbe1f4ba2 100644
--- a/lang/eo.yml
+++ b/lang/eo.yml
@@ -260,6 +260,7 @@ eo:
     many_many_Members: Membroj
   GroupImportForm:
     Help1: '<p>Importi unu aŭ pliaj grupojn en formato <em>CSV</em> (perkome disigitaj valoroj values). <small><a href="#" class="toggle-advanced">Vidigi spertulan uzadon</a></small></p>'
+    Help2: '<div class="advanced"><h4>Speciala uzado </h4><ul><li>Eblaj kolumnoj: <em>%s</em></li><li>Ekzistantaj grupoj kongruiĝas laŭ la valoro de ilia unika <em>Kodo</em>, kaj ĝisdatiĝas per eventualaj valoroj el la importita dosiero</li><li>Eblas krei grupajn hierarĥiojn per la kolumno <em>ParentCode</em>.</li><li>Eblas agordi permeskodojn per la kolumno <em>PermissionCode</em>. Ekzistantaj permeskodoj ne vakiĝas.</li></ul></div>'
     ResultCreated: 'Kreiĝis {count} grupoj'
     ResultDeleted: 'Forigis %d grupojn'
     ResultUpdated: 'Aktualigis %d grupojn'
@@ -326,15 +327,20 @@ eo:
     DropdownBatchActionsDefault: Agoj
     HELP: Helpo
     PERMAGAIN: 'Vin adiaŭis la CMS. Se vi volas denove saluti, enigu salutnomon kaj pasvorton malsupre.'
+    PERMALREADY: 'Bedaŭrinde vi ne povas aliri tiun parton de la CMS. Se vi volas ensaluti kiel aliulo, faru tion sube.'
+    PERMDEFAULT: 'Necesas ensaluti por aliri la administran zonon; bonvolu enigi viajn akreditaĵoj sube.'
     PreviewButton: Antaŭvido
     REORGANISATIONSUCCESSFUL: 'Sukcese reorganizis la retejan arbon.'
     SAVEDUP: Konservita.
     ShowAsList: 'vidigi kiel liston'
     TooManyPages: 'Tro da paĝoj'
     ValidationError: 'Validiga eraro'
+    VersionUnknown: nekonata
   LeftAndMain_Menu_ss:
     Hello: Saluton
     LOGOUT: 'Elsaluti'
+  ListboxField:
+    SOURCE_VALIDATION: 'Bonvolu elekti valoron el la listo donita. %s ne estas valida agordo'
   LoginAttempt:
     Email: 'Retadreso'
     IP: 'IP-Adreso'
@@ -410,6 +416,7 @@ eo:
     Toggle: 'Vidigi aranĝa helpo'
   MemberImportForm:
     Help1: '<p>Importi membrojn en <em>CSV-formato</em> (diskomaj valoroj ). <small><a href="#" class="toggle-advanced">Vidigi spertulan uzadon</a></small></p>'
+    Help2: '<div class="advanced"><h4>Speciala uzado </h4><ul><li>Eblaj kolumnoj: <em>%s</em></li><li>Ekzistantaj uzantoj kongruiĝas laŭ la valoro de sia unika atributo <em>Code</em>, kaj ĝisdatiĝas per eventualaj novaj valoroj el la importita dosiero. </li><li>Eblas agordi grupojn per la kolumno <em>Groups</em>. Grupoj estas identigeblaj per sia atributo <em>Code</em>, plurobla grupo estu apartigitaj per komo. Ekzistantaj grupaj membrecoj ne vakiĝas.</li></ul></div>'
     ResultCreated: 'Krei {count} membrojn'
     ResultDeleted: 'Forigis %d membrojn'
     ResultNone: 'Neniu ŝanĝo'
@@ -539,6 +546,8 @@ eo:
     Print: Presi
   TableListField_PageControls_ss:
     OF: de
+  TextField:
+    VALIDATEMAXLENGTH: 'La longo de la valoro por {name} devas ne superi {maxLength} signojn'
   TimeField:
     VALIDATEFORMAT: 'Bonvole enigu validan horan formaton ({format})'
   ToggleField:
diff --git a/lang/es.yml b/lang/es.yml
index 427098d8f..b56ec237f 100644
--- a/lang/es.yml
+++ b/lang/es.yml
@@ -82,6 +82,7 @@ es:
   CMSSecurity:
     INVALIDUSER: '<p>Usuario inválido. <a target="_top" href="{link}">Por favor, vuelva a autenticar aquí</a> para continuar.</p>'
     LoginMessage: '<p>Si Ud tiene cualquier trabajo sin guardar puede volver donde lo dejó, iniciando sesión más abajo.</p>'
+    SUCCESS: Exito
     SUCCESSCONTENT: '<p>Inicio de sesión exitoso. Si Ud no es automáticamente redireccionado, <a target="_top" href="{link}">haga clic aquí</a></p>'
     TimedOutTitleAnonymous: 'Expiró su sesión.'
     TimedOutTitleMember: 'Eh {name}!<br />Tu sesión expiró.'
@@ -259,6 +260,7 @@ es:
     many_many_Members: Miembros
   GroupImportForm:
     Help1: '<p>Importar uno o más grupos en formato <em>CSV</em> (valores separados por coma). <small><a href="#" class="toggle-advanced">Mostrar uso avanzado</a></small></p>'
+    Help2: '<div class="advanced"><h4>Uso avanzado</h4><ul><li>Columnas permitidas: <em>%s</em></li><li>Grupos existentes son relacionados con su  <em>Código único</em> y actualizados con cualquier nuevo valor desde el archivo importado</li><li>Jerarquías de grupo pueden ser creadas utilizando la columna <em>ParentCode</em>.</li><li>Códigos de permiso pueden ser asignados por la columna <em>PermissionCode</em>. Códigos de permisos existentes no son eliminados.</li></ul></div>'
     ResultCreated: 'Creados {count} grupos'
     ResultDeleted: 'Se eliminaron %d grupos'
     ResultUpdated: 'Actualizados grupos %d'
@@ -290,6 +292,8 @@ es:
     FROMWEB: 'Desde la web'
     FindInFolder: 'Buscar en carpeta'
     IMAGEALT: 'Texto alternativo (alt)'
+    IMAGEALTTEXT: 'Texto alternativo (alt) - es mostrado si la imagen no puede ser visualizada'
+    IMAGEALTTEXTDESC: 'Mostrado a los lectores de pantalla o si la imagen no se puede visualizar'
     IMAGEDIMENSIONS: Dimensiones
     IMAGEHEIGHTPX: Alto
     IMAGETITLE: 'Texto del título (tooltip) - para obtener más información acerca de la imagen'
@@ -324,7 +328,11 @@ es:
     DELETED: Borrado
     DropdownBatchActionsDefault: Acciones
     HELP: Ayuda
+    PAGETYPE: 'Tipo de página'
     PERMAGAIN: 'Ha sido desconectado del CMS. Si quiere volver a entrar, introduzca su nombre de usuario y contraseña a continuación.'
+    PERMALREADY: 'Lamentablemente no puede acceder a esta parte del CMS. Si quiere entrar como alguien distinto, hágalo a continuación'
+    PERMDEFAULT: 'Debes estar conectado para acceder al área de administración; por favor ingresa tus datos a continuación'
+    PLEASESAVE: 'Por favor Guarde la Página: Esta página no se ha podido actualizar porque aún no ha sido salvada'
     PreviewButton: Vista previa
     REORGANISATIONSUCCESSFUL: 'Reorganizado el árbol del sitio con éxito.'
     SAVEDUP: Guardado
@@ -412,6 +420,7 @@ es:
     Toggle: 'Cambiar'
   MemberImportForm:
     Help1: '<p>Importar usuarios en <em>formato CSV</em> (valores separados por coma). <small><a href="#" class="toggle-advanced">Mostrar uso avanzado</a></small></p>'
+    Help2: '<div class="advanced"><h4>Uso avanzado</h4><ul><li>Columnas permitidas: <em>%s</em></li><li>Usuarios existentes son relacionados con su  <em>Código único</em>, y actualizados con cualquier nuevo valor desde el archivo importado.</li><li>Grupos pueden ser asignados por la columna <em>Groups</em>. Grupos son identificados por su propiedad <em>Code</em>, multiples grupos pueden ser separados por una coma.  La pertenencia a grupos existentes no se borra.</li></ul></div>'
     ResultCreated: 'Creados {count} miembros'
     ResultDeleted: 'Se eliminaron %d miembros'
     ResultNone: 'No hay cambios'
@@ -475,6 +484,7 @@ es:
     SINGULARNAME: Regla
     Title: Título
   PermissionRoleCode:
+    PLURALNAME: 'Códigos de permiso'
     PermsError: 'No se puede asignar permisos privilegiados al código "% s"  (requiere acceso de administrador)'
     SINGULARNAME: 'Códigos de las regla de permisos'
   Permissions:
diff --git a/lang/fa_IR.yml b/lang/fa_IR.yml
index 41a900443..08e128d9c 100644
--- a/lang/fa_IR.yml
+++ b/lang/fa_IR.yml
@@ -4,12 +4,18 @@ fa_IR:
   AssetTableField:
     DIM: ابعاد
     FILENAME: نام فايل
+    FOLDER: پوشه
     LASTEDIT: 'آخرین تغییرات'
     OWNER: دارنده
     SIZE: 'حجم'
     TITLE: عنوان
     TYPE: 'نوع'
     URL: نشانی
+  AssetUploadField:
+    EDITALL: 'ویرایش همه'
+    EDITINFO: 'ویرایش فایل‌ها'
+    FILES: فایل‌ها
+    TOTAL: مجموع
   BBCodeParser:
     ALIGNEMENT: جاگذاری
     ALIGNEMENTEXAMPLE: 'به راست'
@@ -26,13 +32,29 @@ fa_IR:
     UNDERLINEEXAMPLE: زیرخط
   Boolean:
     ANY: هر
+    NOANSWER: 'خیر'
+    YESANSWER: 'بله'
+  CMSLoadingScreen_ss:
+    LOADING: بارگذاری...
   CMSMain:
     SAVE: نگاهداری
+  CMSMemberLoginForm:
+    BUTTONFORGOTPASSWORD: 'رمز عبور را فراموش کرده‌اید؟'
+    BUTTONLOGOUT: 'خروج'
+  CMSPageHistoryController_versions_ss:
+    PREVIEW: 'پیش‌نمایش وب‌سایت'
+  CMSProfileController:
+    MENUTITLE: 'پروفایل من'
+  CMSSecurity:
+    SUCCESS: موفقیت
   ChangePasswordEmail_ss:
     CHANGEPASSWORDTEXT1: 'شما گذرواژه تان را دگرگون کردید برای'
     EMAIL: ايميل
     HELLO: درود
     PASSWORD: كلمه عبور
+  CheckboxField:
+    NOANSWER: 'خیر'
+    YESANSWER: 'بله'
   ConfirmedPasswordField:
     SHOWONCLICKTITLE: 'تغيير كلمه عبور'
   CreditCardField:
@@ -40,36 +62,76 @@ fa_IR:
     FOURTH: چهارم
     SECOND: دوم
     THIRD: سوم
+  CurrencyField:
+    CURRENCYSYMBOL: ﷼
   DataObject:
     PLURALNAME: 'داده های اشیاء'
     SINGULARNAME: 'داده اشیاء'
+  Date:
+    DAY: روز
+    DAYS: روز
+    HOUR: ساعت
+    HOURS: ساعت
+    LessThanMinuteAgo: 'کمتر از یک دقیقه'
+    MIN: دقیقه
+    MINS: دقیقه
+    MONTH: ماه
+    MONTHS: ماه
+    SEC: ثانیه
+    SECS: ثانیه
+    TIMEDIFFAGO: '{difference} پیش'
+    TIMEDIFFIN: 'در {difference}'
+    YEAR: سال
+    YEARS: سال
   DateField:
     TODAY: امروز
   DropdownField:
     CHOOSE: (گزینش)
+  Enum:
+    ANY: هر
   File:
+    AviType: 'فایل ویدیو AVI'
     Content: محتوا
+    CssType: 'فایل CSS'
     Filename: نام پرونده
+    HtlType: 'فایل HTML'
+    HtmlType: 'فایل HTML'
     Name: نام
     PLURALNAME: فايل ها
     SINGULARNAME: فايل
     Title: عنوان
+  Folder:
+    PLURALNAME: پوشه‌ها
+    SINGULARNAME: پوشه
   ForgotPasswordEmail_ss:
     HELLO: درود
     TEXT3: برای
   Form:
+    SubmitBtnLabel: برو
     VALIDATIONPASSWORDSDONTMATCH: 'گذرواژه‌ها همانند هم نیستند'
     VALIDATIONPASSWORDSNOTEMPTY: 'گذرواژه نباید تهی باشد'
   FormField:
     NONE: هیچ کدام
+  GridAction:
+    DELETE_DESCRIPTION: حذف
+    Delete: حذف
+  GridField:
+    Find: بگرد
+    ResetFilter: از نو
+  GridFieldEditButton_ss:
+    EDIT: ویرایش
+  GridFieldItemEditView:
+    Go_back: 'بازگشت'
   Group:
     Code: 'كد گروه'
     DefaultGroupTitleAdministrators: مدیران کل
     DefaultGroupTitleContentAuthors: 'نویسندگان مطالب'
     Description: توضحیات
     Locked: 'بسته شده است؟'
+    PLURALNAME: گروه‌ها
     Parent: 'گروه مادر'
     RolesAddEditLink: 'اضافه/ویرایش وظیفه'
+    SINGULARNAME: گروه
     Sort: 'تربیت چیدن'
     has_many_Permissions: مجوز‌ها
     many_many_Members: اعضاء
@@ -77,8 +139,11 @@ fa_IR:
     ResultDeleted: 'گروه %d حذف شد'
     ResultUpdated: 'گروه %d بروز شد'
   HtmlEditorField:
+    ADDURL: 'افزودن URL'
+    BUTTONINSERT: وارد کردن
     BUTTONINSERTLINK: 'گذاشتن پیوند'
     BUTTONREMOVELINK: 'برداشتن پیوند'
+    BUTTONUpdate: به روزرسانی
     CSSCLASS: 'جاگیری / الگو'
     EMAIL: 'پست الکترونیک'
     FILE: پرونده
@@ -94,11 +159,25 @@ fa_IR:
     LINKTO: 'پیوند به'
     PAGE: برگ
     URL: نشانی
+  Image:
+    PLURALNAME: فایل‌ها
+    SINGULARNAME: فايل
+  Image_Cached:
+    PLURALNAME: فایل‌ها
+    SINGULARNAME: فايل
   LeftAndMain:
+    DELETED: حذف شده
     HELP: کمک
     PERMAGAIN: 'شما از سیستم مدیریت محتوا خارج شده اید.اگر میخواهید دوباره وارد شوید نام کاربری و رمز عبور خود را در قسمت زیر وارد کنید'
+    PreviewButton: پیش‌نمایش
+    SAVEDUP: ذخیره شده
+  LeftAndMain_Menu_ss:
+    Hello: درود
+    LOGOUT: 'خروج'
   LoginAttempt:
-    Email: 'آدرس های ایمیل'
+    Email: 'نشانی ای‌میل'
+    IP: 'نشانی IP'
+    Status: وضعیت
   Member:
     BUTTONCHANGEPASSWORD: 'تغییر رمز عبور'
     BUTTONLOGIN: 'ورود'
@@ -116,20 +195,41 @@ fa_IR:
     SUBJECTPASSWORDCHANGED: 'گذرواژه شما دگرگون شد'
     SUBJECTPASSWORDRESET: 'پیوند ازنوسازی گذرواژه شما'
     SURNAME: نام خانوادگی
+    TIMEFORMAT: 'قالب زمان'
     YOUROLDPASSWORD: 'رمز عبور قدیمی'
     belongs_many_many_Groups: گروه‌ها
     db_LockedOutUntil: 'بسته شده تا '
+    db_Password: رمز عبور
     db_PasswordExpiry: 'تاریخ از میان رفتن گذرواژه'
+  MemberDatetimeOptionsetField:
+    Preview: پیش‌نمایش
   MemberImportForm:
     ResultDeleted: 'کاربر %d حذف شد'
     ResultNone: 'تغییری ایجاد نشد'
   ModelAdmin:
     DELETE: حذف
+  ModelAdmin_Tools_ss:
+    FILTER: پالایش
+    IMPORT: وارد کردن
+  ModelSidebar_ss:
+    IMPORT_TAB_HEADER: وارد کردن
+    SEARCHLISTINGS: جستجو
+  MoneyField:
+    FIELDLABELAMOUNT: مقدار
+    FIELDLABELCURRENCY: واحد پول
   NullableField:
     IsNullLabel: 'خالی است'
+  Pagination:
+    Page: صفحه
+    View: نمایش
   Permission:
     AdminGroup: مدیر کل
+    CMS_ACCESS_CATEGORY: 'دسترسی CMS'
     FULLADMINRIGHTS: 'توانایی‌های کامل مدیریتی:'
+  PermissionRole:
+    PLURALNAME: وظایف
+    SINGULARNAME: وظیفه
+    Title: عنوان
   Permissions:
     PERMISSIONS_CATEGORY: 'مجوز دسترسی ها و وظایف'
   PhoneNumberField:
@@ -142,14 +242,29 @@ fa_IR:
   SecurityAdmin:
     APPLY_ROLES: 'اعمال وظایف به گروه'
     MEMBERS: کاربران
+    MENUTITLE: امنیت
     NEWGROUP: 'گروه تازه'
     ROLES: وظایف
     TABROLES: وظایف
+    Users: کاربران
   SecurityAdmin_MemberImportForm:
     BtnImport: 'وارد کردن'
+  SilverStripeNavigator:
+    Edit: ویرایش
+    Mobile: موبایل
+    Tablet: تبلت
+    Width: پهنا
   SiteTree:
     TABMAIN: اصلی
+  TableListField:
+    Print: چاپ
   ToggleField:
     MORE: بیشتر
+  UploadField:
+    DOEDIT: ذخیره
+    Dimensions: ابعاد
+    EDIT: ویرایش
+    REMOVE: حذف
+    Saved: ذخیره شده
   Versioned:
     has_many_Versions: نسخه ها
diff --git a/lang/fr.yml b/lang/fr.yml
index 745b53d73..952d44c99 100644
--- a/lang/fr.yml
+++ b/lang/fr.yml
@@ -251,9 +251,9 @@ fr:
     CAPTIONTEXT: 'Légende'
     CSSCLASS: 'Alignement / Style'
     CSSCLASSCENTER: 'Centré'
-    CSSCLASSLEFT: 'A gauche, avec texte à la ligne.'
+    CSSCLASSLEFT: 'À gauche, avec texte autour.'
     CSSCLASSLEFTALONE: 'Sur la gauche seulement'
-    CSSCLASSRIGHT: 'a droite, avec texte à la ligne.'
+    CSSCLASSRIGHT: 'À droite, avec texte autour.'
     DETAILS: Détails
     EMAIL: 'Adresse email'
     FILE: Fichier
diff --git a/lang/it.yml b/lang/it.yml
index 17627d5cb..f79e319b9 100644
--- a/lang/it.yml
+++ b/lang/it.yml
@@ -325,7 +325,10 @@ it:
     DELETED: Eliminato.
     DropdownBatchActionsDefault: Azioni
     HELP: Aiuto
+    PAGETYPE: 'Tipo di pagina'
     PERMAGAIN: 'Sei stato disconnesso dal CMS. Se desideri autenticarti nuovamente, inserisci qui sotto nome utente e password.'
+    PERMALREADY: 'Siamo spiacenti, ma non puoi accedere a questa sezione del CMS. Se desideri autenticarti come qualcun altro, fallo qui sotto.'
+    PERMDEFAULT: 'Devi essere autenticato per accedere all''area amministrativa; Per favore inserisci le tue credenziali qui sotto'
     PreviewButton: Anteprima
     REORGANISATIONSUCCESSFUL: 'Albero del sito riorganizzato con successo.'
     SAVEDUP: Salvato.
diff --git a/lang/lt.yml b/lang/lt.yml
index 1725617f3..9da6bb6c9 100644
--- a/lang/lt.yml
+++ b/lang/lt.yml
@@ -328,7 +328,7 @@ lt:
     DELETED: Ištrinta.
     DropdownBatchActionsDefault: Veiksmai
     HELP: Pagalba
-    PAGETYPE: 'Puslapio tipas:'
+    PAGETYPE: 'Puslapio tipas'
     PERMAGAIN: 'Jūs atsijungėte. Norėdami vėl prisijungti, įveskite savo duomenis į žemiau esančius laukelius.'
     PERMALREADY: 'Deja, bet Jūs negalite patekti į šią TVS dalį. Jeigu norite prisijungti kitu vartotoju, tai atlikite žemiau.'
     PERMDEFAULT: 'Jūs turite būti prisijungę, norėdami pasiekti administravimo zoną; prašome suvesti prisijungimo duomenis į žemiau esančius laukelius.'
diff --git a/lang/sk.yml b/lang/sk.yml
index f46181354..91f68461c 100644
--- a/lang/sk.yml
+++ b/lang/sk.yml
@@ -292,8 +292,6 @@ sk:
     FROMWEB: 'Z webu'
     FindInFolder: 'Vyhľadať v priečinku'
     IMAGEALT: 'Atlernatívny text (alt)'
-    IMAGEALTTEXT: 'Atlernatívny text (alt) - zobrazí sa ak obrázok nemože byť zobrazený '
-    IMAGEALTTEXTDESC: 'Zobrazí sa na obrazovke, ak obrázok nemôže byť zobrazený'
     IMAGEDIMENSIONS: Rozmery
     IMAGEHEIGHTPX: Výška
     IMAGETITLE: 'Text titulky (tooltip) - pre doplňujúce informácie o obrázku'
@@ -328,11 +326,9 @@ sk:
     DELETED: Zmazané.
     DropdownBatchActionsDefault: Akcie
     HELP: Pomoc
-    PAGETYPE: 'Typ stránky:'
     PERMAGAIN: 'Boli ste odhlásený'
     PERMALREADY: 'Je mi ľúto, ale nemáte prístup k tejto časti CMS. Ak sa chcete prihlásiť ako niekto iný, urobte tak nižšie'
     PERMDEFAULT: 'Musíte byť prihlásený/á k prístupu do oblasti administrácie, zadajte vaše prihlasovacie údaje dole, prosím.'
-    PLEASESAVE: 'Uložte stránku, prosím. Táto stránka nemôže byť aktualizovaná, pretože eště nebola uložená.'
     PreviewButton: Náhľad
     REORGANISATIONSUCCESSFUL: 'Strom webu bol reorganizovaný úspešne.'
     SAVEDUP: Uložené.
diff --git a/lang/tr.yml b/lang/tr.yml
index 39acb814b..7a564d58a 100644
--- a/lang/tr.yml
+++ b/lang/tr.yml
@@ -47,6 +47,8 @@ tr:
     ERRORNOTREC: 'Kullanıcı adı / şifre hatalı'
   Boolean:
     ANY: Herhangi
+    NOANSWER: 'Hayır'
+    YESANSWER: 'Evet'
   CMSMain:
     ACCESSALLINTERFACES: 'Tüm İYS arayüzlerine erişim'
     SAVE: Kaydet
@@ -56,6 +58,9 @@ tr:
     EMAIL: E-Posta
     HELLO: Merhaba
     PASSWORD: Parola
+  CheckboxField:
+    NOANSWER: 'Hayır'
+    YESANSWER: 'Evet'
   ConfirmedPasswordField:
     SHOWONCLICKTITLE: 'Parola Değiştir'
   CreditCardField:
@@ -87,6 +92,7 @@ tr:
     TEXT2: 'şifre sıfırlama linki'
     TEXT3: için
   Form:
+    SubmitBtnLabel: Başla
     VALIDATIONNOTUNIQUE: 'Girilen değer benzersiz olmalıdır'
     VALIDATIONPASSWORDSDONTMATCH: 'Şifre tekrarı hatalı'
     VALIDATIONPASSWORDSNOTEMPTY: 'Şifreler boş geçilemez'
diff --git a/lang/zh.yml b/lang/zh.yml
index 37ac3a870..7ef8121f2 100644
--- a/lang/zh.yml
+++ b/lang/zh.yml
@@ -60,6 +60,8 @@ zh:
     ERRORNOTREC: '那个用户名 / 密码无法被辨认'
   Boolean:
     ANY: 任何
+    NOANSWER: '不是'
+    YESANSWER: '是'
   CMSLoadingScreen_ss:
     LOADING: 正在载入……
     REQUIREJS: 'CMS 要求您启用 JavaScript。'
@@ -68,16 +70,35 @@ zh:
     ACCESSALLINTERFACES: '对所有 CMS 部分的访问'
     ACCESSALLINTERFACESHELP: '支配更多的特殊访问设置'
     SAVE: 保存
+  CMSMemberLoginForm:
+    BUTTONFORGOTPASSWORD: '忘记密码？'
+    BUTTONLOGIN: '重新登录'
+    BUTTONLOGOUT: '登出'
+    PASSWORDEXPIRED: '<p>您的密码已过期。 <a target="_top" href="{link}">请选择一个新的。</a></ P>'
   CMSPageHistoryController_versions_ss:
     PREVIEW: '网站预览'
   CMSProfileController:
     MENUTITLE: '我的个人资料'
+  CMSSecurity:
+    INVALIDUSER: '<p>用户已无效。 <a target="_top" href="{link}">请在此继续重新进行身份验证</a>。</ p>'
+    LoginMessage: '<p>如果您有任何未保存的工作，你可以重新登录以回到你未保存的地方。</p>'
+    SUCCESS: 成功
+    SUCCESSCONTENT: '<p>登录成功。如果您没有自动重定向<a target="_top" href="{link}">点击此处</a></p>'
+    TimedOutTitleAnonymous: '你的登陆超时已过期。'
+    TimedOutTitleMember: '你好{name}!<br />你的登陆超时已过期。'
   ChangePasswordEmail_ss:
     CHANGEPASSWORDTEXT1: '您的密码已更改为：'
     CHANGEPASSWORDTEXT2: '现在，您可以使用下列证书来登录了：'
     EMAIL: 电子邮件
     HELLO: 您好
     PASSWORD: 密码
+  CheckboxField:
+    NOANSWER: '不是'
+    YESANSWER: '是'
+  CheckboxFieldSetField:
+    SOURCE_VALIDATION: '请选择列表内提供的选项。{value}不是一个有效的选项'
+  CheckboxSetField:
+    SOURCE_VALIDATION: '请选择列表内提供的选项。''{value}''不是一个有效的选项'
   ConfirmedPasswordField:
     ATLEAST: '密码长度必须至少 {min} 个字符。'
     BETWEEN: '密码长度必须含 {min} 到 {max} 个字符。'
@@ -124,6 +145,7 @@ zh:
   DropdownField:
     CHOOSE: （选择）
     CHOOSESEARCH: '（选择或搜索）'
+    SOURCE_VALIDATION: '请选择列表内提供的选项。{value}不是一个有效的选项'
   EmailField:
     VALIDATION: '请输入一个电子邮件地址'
   Enum:
@@ -171,6 +193,7 @@ zh:
     TEXT2: '密码重设链接'
     TEXT3: 为
   Form:
+    CSRF_FAILED_MESSAGE: '似乎是一个技术问题。请点击返回按钮，刷新浏览器，然后再试一次。'
     FIELDISREQUIRED: '{name} 为必填'
     SubmitBtnLabel: 前往
     VALIDATIONCREDITNUMBER: '请确保您输入了正确的 {number} 信用卡号码'
@@ -244,6 +267,8 @@ zh:
   HtmlEditorField:
     ADDURL: '添加网址'
     ADJUSTDETAILSDIMENSIONS: '详情 &amp;amp; 体积'
+    ANCHORSCANNOTACCESSPAGE: '您不允许访问该页面的内容。'
+    ANCHORSPAGENOTFOUND: '无法找到该页面。'
     ANCHORVALUE: 固定
     BUTTONADDURL: '添加网址'
     BUTTONINSERT: 插入
@@ -282,6 +307,7 @@ zh:
     LINKOPENNEWWIN: '在新窗口中打开链接？'
     LINKTO: '链接到'
     PAGE: 页面
+    SUBJECT: '电子邮件标题'
     URL: 网址
     URLNOTANOEMBEDRESOURCE: '''{url}'' 该网址无法转换成媒体来源。'
     UpdateMEDIA: '更新媒体'
@@ -299,15 +325,19 @@ zh:
     DropdownBatchActionsDefault: 动作
     HELP: 帮助
     PERMAGAIN: '您已经退出 CMS。如果您想再次登录，请在下面输入用户名和密码。'
+    PERMALREADY: '抱歉，您不能访问这一部分的后台管理。如果您想以不同的身份登录，请在下面进行操作。'
     PreviewButton: 预览
     REORGANISATIONSUCCESSFUL: '重新组织网站地图已成功'
     SAVEDUP: 已保存。
     ShowAsList: '以列表方式展示'
     TooManyPages: '页面数目过多'
     ValidationError: '验证错误'
+    VersionUnknown: 未知
   LeftAndMain_Menu_ss:
     Hello: 您好
     LOGOUT: '退出'
+  ListboxField:
+    SOURCE_VALIDATION: '请选择列表内提供的选项。%s不是一个有效的选项'
   LoginAttempt:
     Email: '电子邮件地址'
     IP: 'IP 地址'
@@ -340,6 +370,7 @@ zh:
     NEWPASSWORD: '新密码'
     NoPassword: '该成员无密码'
     PASSWORD: 密码
+    PASSWORDEXPIRED: '您的密码已过期。 请选择一个新的。'
     PLURALNAME: 成员
     REMEMBERME: '下次记住我？'
     SINGULARNAME: 成员
@@ -445,6 +476,7 @@ zh:
     SINGULARNAME: 角色
     Title: 标题
   PermissionRoleCode:
+    PLURALNAME: '权限角色代码'
     PermsError: '无法为代码 "%s"分配特权权限（要求具备 ADMIN 访问）'
     SINGULARNAME: '权限角色代码'
   Permissions:
@@ -510,6 +542,8 @@ zh:
     Print: 打印
   TableListField_PageControls_ss:
     OF: 的
+  TextField:
+    VALIDATEMAXLENGTH: '{name} 的长度必须至多{maxLength} 个字符。'
   TimeField:
     VALIDATEFORMAT: '请输入有效的时间格式 ({format})'
   ToggleField:

From 1c1c0a23bdf21df0d57ff5d3185cbbca5aef20da Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Wed, 11 Nov 2015 17:02:05 +1300
Subject: [PATCH 22/49] Added 3.2.1-rc1 changelog

---
 docs/en/04_Changelogs/rc/3.2.1-rc1.md | 34 +++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 docs/en/04_Changelogs/rc/3.2.1-rc1.md

diff --git a/docs/en/04_Changelogs/rc/3.2.1-rc1.md b/docs/en/04_Changelogs/rc/3.2.1-rc1.md
new file mode 100644
index 000000000..05f1b2a18
--- /dev/null
+++ b/docs/en/04_Changelogs/rc/3.2.1-rc1.md
@@ -0,0 +1,34 @@
+# 3.2.1-rc1
+
+See [3.2.1](/changelogs/3.2.1) changelog for more information on what is new in 3.2.1
+
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2015-11-11 [bc1b289](https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c) Fix FormField error messages not being encoded safely (Damian Mooyman) - See [ss-2015-026](http://www.silverstripe.org/download/security-releases/ss-2015-026)
+ * 2015-11-09 [f290d86](https://github.com/silverstripe/silverstripe-framework/commit/f290d869e01e0087286b4f2bc92e95d15c229c45) Dont expose class on error (Hamish Friedlander) - See [ss-2015-025](http://www.silverstripe.org/download/security-releases/ss-2015-025)
+ * 2015-11-01 [4f55b6a](https://github.com/silverstripe/silverstripe-framework/commit/4f55b6a115ce0de8c5c258fb44eca52b8b112caf) XML escape RSSFeed $link parameter (Ingo Schommer) - See [ss-2015-022](http://www.silverstripe.org/download/security-releases/ss-2015-022)
+ * 2015-10-28 [132e9b3](https://github.com/silverstripe/silverstripe-framework/commit/132e9b3e2fad361ebb4b502b6a37d34d013bfba3) Fix rewrite hash links XSS (Damian Mooyman) - See [ss-2015-021](http://www.silverstripe.org/download/security-releases/ss-2015-021)
+
+### Bugfixes
+
+ * 2015-11-10 [732e705](https://github.com/silverstripe/silverstripe-framework/commit/732e705bbf548024b123d5160863395f2f74e7d9) Correct behaviour for empty filter array (as per 3.1) (Damian Mooyman)
+ * 2015-11-09 [414ea3d](https://github.com/silverstripe/silverstripe-framework/commit/414ea3de9e87812c5ac96cc15062307c608e0963) prevent UploadField edit form generation for Folders (Damian Mooyman)
+ * 2015-11-05 [c6c650f](https://github.com/silverstripe/silverstripe-cms/commit/c6c650f1366348327d973ca6cc5a5ed33a467786) Ensure CMSMainTest uses correct siteconfig (Damian Mooyman)
+ * 2015-11-02 [0272e44](https://github.com/silverstripe/silverstripe-framework/commit/0272e443f44ebca55b05c14f2a112260ff0df284) Prevent dev/build continually regenerating Number field type (Damian Mooyman)
+ * 2015-10-30 [2813f94](https://github.com/silverstripe/silverstripe-framework/commit/2813f94124c2ba14f1e4a51001e3898b0e0c32aa) Ensure that filters on any fixed field are scoped to the base data table (Damian Mooyman)
+ * 2015-10-30 [38ca963](https://github.com/silverstripe/silverstripe-framework/commit/38ca9632c4e9df0a74eae70cec98fdce242da529) Add missing CMSSecurity route (Damian Mooyman)
+ * 2015-10-29 [daa86d3](https://github.com/silverstripe/silverstripe-framework/commit/daa86d3a4ce75bf8637134726864ae14fbbdf586) Fix regression from #4396 in test fixtures (Damian Mooyman)
+ * 2015-10-28 [db16248](https://github.com/silverstripe/silverstripe-framework/commit/db16248b9ab7677cc4b4e25857a6b6d36f8c35f0) Fix broken InlineFormAction (Damian Mooyman)
+ * 2015-10-27 [293d847](https://github.com/silverstripe/silverstripe-framework/commit/293d84721efafedf3dd3fe69dd1d013a8c07d3ff) for #4712: Dropping in some PHP documentation on return types for dynamically generated image methods. (Patrick Nelson)
+ * 2015-10-20 [b857bdf](https://github.com/silverstripe/silverstripe-framework/commit/b857bdf209d79fc623724e68f6a660354cbd5f93) Fix duplicate files being included in case of flush (Damian Mooyman)
+ * 2015-10-19 [c364158](https://github.com/silverstripe/silverstripe-framework/commit/c3641587a5d5977af4fa053e5813846ce990d86c) only use sethasemptydefault if exists. (Cam Findlay)
+ * 2015-10-08 [ff6c0a3](https://github.com/silverstripe/silverstripe-cms/commit/ff6c0a3160c5eb3ca624efea6585efb44399dc1c) (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
+ * 2015-10-08 [785f850](https://github.com/silverstripe/silverstripe-cms/commit/785f85047f64b76011c34542362c7f09dbf59021) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
+ * 2015-10-01 [75dc391](https://github.com/silverstripe/silverstripe-cms/commit/75dc391df9b396756a6f02c5fca08eafcb53ba31) for #586 and possible fix for #736 and relates to #2449: Don't perform validation upon deletion, since it isn't necessary. Cleaned up type hint. (Patrick Nelson)
+ * 2015-09-17 [e64d73c](https://github.com/silverstripe/silverstripe-framework/commit/e64d73c1f741399412b6015f6602ed707b2e9778) Fix ClassInfo::table_for_object_field (Damian Mooyman)
+ * 2015-08-05 [2901664](https://github.com/silverstripe/silverstripe-framework/commit/29016645e5e759b1ecf49876fa79c357a68c5794) . FulltextFilter requires table identifiers in match query (Elvinas L.)
+ * 2015-07-12 [f192a6e](https://github.com/silverstripe/silverstripe-framework/commit/f192a6ecaf70446ec60f6c7ef2a555395f83ea16) #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. (Patrick Nelson)

From 97f21fddb3c565052f19ee3b35366f48e1e9a36f Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Thu, 29 Oct 2015 11:53:44 +1300
Subject: [PATCH 23/49] [ss-2015-021] Fix rewrite hash links XSS

---
 tests/view/SSViewerTest.php   | 37 ++++++++++++++++++++++++++++-------
 view/SSTemplateParser.php     | 10 +++++++---
 view/SSTemplateParser.php.inc | 10 +++++++---
 view/SSViewer.php             |  6 +++---
 4 files changed, 47 insertions(+), 16 deletions(-)

diff --git a/tests/view/SSViewerTest.php b/tests/view/SSViewerTest.php
index 56882db0f..4c539cad2 100644
--- a/tests/view/SSViewerTest.php
+++ b/tests/view/SSViewerTest.php
@@ -1,11 +1,30 @@
 <?php
 
 class SSViewerTest extends SapphireTest {
+
+	/**
+	 * Backup of $_SERVER global
+	 *
+	 * @var array
+	 */
+	protected $oldServer = array();
+
+	protected $extraDataObjects = array(
+		'SSViewerTest_Object',
+	);
+
 	public function setUp() {
 		parent::setUp();
 		Config::inst()->update('SSViewer', 'source_file_comments', false);
+		Config::inst()->update('SSViewer_FromString', 'cache_template', false);
+		$this->oldServer = $_SERVER;
 	}
-	
+
+	public function tearDown() {
+		$_SERVER = $this->oldServer;
+		parent::tearDown();
+	}
+
 	/**
 	 * Tests for {@link Config::inst()->get('SSViewer', 'theme')} for different behaviour
 	 * of user defined themes via {@link SiteConfig} and default theme
@@ -1160,10 +1179,13 @@ after')
 		$orig = Config::inst()->get('SSViewer', 'rewrite_hash_links'); 
 		Config::inst()->update('SSViewer', 'rewrite_hash_links', true);
 
-		$_SERVER['REQUEST_URI'] = 'http://path/to/file?foo"onclick="alert(\'xss\')""';
+		$_SERVER['HTTP_HOST'] = 'www.mysite.com';
+		$_SERVER['REQUEST_URI'] = '//file.com?foo"onclick="alert(\'xss\')""';
 
 		// Emulate SSViewer::process()
-		$base = Convert::raw2att($_SERVER['REQUEST_URI']);
+		// Note that leading double slashes have been rewritten to prevent these being mis-interepreted
+		// as protocol-less absolute urls
+		$base = Convert::raw2att('/file.com?foo"onclick="alert(\'xss\')""');
 		
 		$tmplFile = TEMP_FOLDER . '/SSViewerTest_testRewriteHashlinks_' . sha1(rand()) . '.ss';
 		
@@ -1231,10 +1253,11 @@ after')
 		$obj = new ViewableData();
 		$obj->InsertedLink = '<a class="inserted" href="#anchor">InsertedLink</a>';
 		$result = $tmpl->process($obj);
-		$this->assertContains(
-			'<a class="inserted" href="<?php echo Convert::raw2att(',
-			$result
-		);
+
+		$code = <<<'EOC'
+<a class="inserted" href="<?php echo Convert::raw2att(preg_replace("/^(\/)+/", "/", $_SERVER['REQUEST_URI'])); ?>#anchor">InsertedLink</a>
+EOC;
+		$this->assertContains($code, $result);
 		// TODO Fix inline links in PHP mode
 		// $this->assertContains(
 		// 	'<a class="inline" href="<?php echo str_replace(',
diff --git a/view/SSTemplateParser.php b/view/SSTemplateParser.php
index bd87a31af..5ef05f8d0 100644
--- a/view/SSTemplateParser.php
+++ b/view/SSTemplateParser.php
@@ -4681,11 +4681,15 @@ class SSTemplateParser extends Parser implements TemplateParser {
 
 		// TODO: This is pretty ugly & gets applied on all files not just html. I wonder if we can make this
 		// non-dynamically calculated
+		$code = <<<'EOC'
+(\Config::inst()->get('SSViewer', 'rewrite_hash_links')
+	? \Convert::raw2att( preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI'] ) )
+	: "")
+EOC;
+		// Because preg_replace replacement requires escaped slashes, addcslashes here
 		$text = preg_replace(
 			'/(<a[^>]+href *= *)"#/i',
-			'\\1"\' . (Config::inst()->get(\'SSViewer\', \'rewrite_hash_links\') ?' .
-			' Convert::raw2att( $_SERVER[\'REQUEST_URI\'] ) : "") .
-				\'#',
+			'\\1"\' . ' . addcslashes($code, '\\')  . ' . \'#',
 			$text
 		);
 
diff --git a/view/SSTemplateParser.php.inc b/view/SSTemplateParser.php.inc
index 6bb7c550d..77333e3d1 100644
--- a/view/SSTemplateParser.php.inc
+++ b/view/SSTemplateParser.php.inc
@@ -1135,11 +1135,15 @@ class SSTemplateParser extends Parser implements TemplateParser {
 
 		// TODO: This is pretty ugly & gets applied on all files not just html. I wonder if we can make this
 		// non-dynamically calculated
+		$code = <<<'EOC'
+(\Config::inst()->get('SSViewer', 'rewrite_hash_links')
+	? \Convert::raw2att( preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI'] ) )
+	: "")
+EOC;
+		// Because preg_replace replacement requires escaped slashes, addcslashes here
 		$text = preg_replace(
 			'/(<a[^>]+href *= *)"#/i',
-			'\\1"\' . (Config::inst()->get(\'SSViewer\', \'rewrite_hash_links\') ?' .
-			' Convert::raw2att( $_SERVER[\'REQUEST_URI\'] ) : "") .
-				\'#',
+			'\\1"\' . ' . addcslashes($code, '\\')  . ' . \'#',
 			$text
 		);
 
diff --git a/view/SSViewer.php b/view/SSViewer.php
index 712a2e302..c9a18885d 100644
--- a/view/SSViewer.php
+++ b/view/SSViewer.php
@@ -1110,10 +1110,10 @@ class SSViewer implements Flushable {
 		$rewrite = Config::inst()->get('SSViewer', 'rewrite_hash_links');
 		if($this->rewriteHashlinks && $rewrite) {
 			if(strpos($output, '<base') !== false) {
-				if($rewrite === 'php') { 
-					$thisURLRelativeToBase = "<?php echo Convert::raw2att(\$_SERVER['REQUEST_URI']); ?>";
+				if($rewrite === 'php') {
+					$thisURLRelativeToBase = "<?php echo Convert::raw2att(preg_replace(\"/^(\\\\/)+/\", \"/\", \$_SERVER['REQUEST_URI'])); ?>";
 				} else { 
-					$thisURLRelativeToBase = Convert::raw2att($_SERVER['REQUEST_URI']);
+					$thisURLRelativeToBase = Convert::raw2att(preg_replace("/^(\\/)+/", "/", $_SERVER['REQUEST_URI']));
 				}
 
 				$output = preg_replace('/(<a[^>]+href *= *)"#/i', '\\1"' . $thisURLRelativeToBase . '#', $output);

From ac4342d81d19201bd8d3814f168240db1ac565fe Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Mon, 2 Nov 2015 11:33:04 +1300
Subject: [PATCH 24/49] [ss-2015-022]: XML escape RSSFeed $link parameter

---
 api/RSSFeed.php           | 1 +
 tests/api/RSSFeedTest.php | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/api/RSSFeed.php b/api/RSSFeed.php
index acc81fb02..6c6c569ce 100644
--- a/api/RSSFeed.php
+++ b/api/RSSFeed.php
@@ -16,6 +16,7 @@ class RSSFeed extends ViewableData {
 	private static $casting = array(
 		"Title" => "Varchar",
 		"Description" => "Varchar",
+		"Link" => "Varchar",
 	);
 
 	/**
diff --git a/tests/api/RSSFeedTest.php b/tests/api/RSSFeedTest.php
index 0402bd30a..9bbf25927 100644
--- a/tests/api/RSSFeedTest.php
+++ b/tests/api/RSSFeedTest.php
@@ -43,6 +43,13 @@ class RSSFeedTest extends SapphireTest {
 		$this->assertContains('<description>ItemC AltContent</description>', $content);
 	}
 
+	public function testLinkEncoding() {
+		$list = new ArrayList();
+		$rssFeed = new RSSFeed($list, "http://www.example.com/?param1=true&param2=true", "Test RSS Feed");
+		$content = $rssFeed->outputToBrowser();
+		$this->assertContains('<link>http://www.example.com/?param1=true&amp;param2=true', $content);
+	}
+
 	public function testRSSFeedWithShortcode() {
 		$list = new ArrayList();
 		$list->push(new RSSFeedTest_ItemD());

From 53b3bc707bcccb8f5e5060f85ab1398a0975bba2 Mon Sep 17 00:00:00 2001
From: Hamish Friedlander <hamish@silverstripe.com>
Date: Tue, 10 Nov 2015 11:27:49 +1300
Subject: [PATCH 25/49] [ss-2015-025]: FIX Dont expose class on error

---
 control/RequestHandler.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/control/RequestHandler.php b/control/RequestHandler.php
index 06604c914..e8fe96164 100644
--- a/control/RequestHandler.php
+++ b/control/RequestHandler.php
@@ -188,14 +188,14 @@ class RequestHandler extends ViewableData {
 			user_error("Non-string method name: " . var_export($action, true), E_USER_ERROR);
 		}
 
-		$className = get_class($this);
+		$classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);
 
 		try {
 			if(!$this->hasAction($action)) {
-				return $this->httpError(404, "Action '$action' isn't available on class $className.");
+				return $this->httpError(404, "Action '$action' isn't available $classMessage.");
 			}
 			if(!$this->checkAccessAction($action) || in_array(strtolower($action), array('run', 'init'))) {
-				return $this->httpError(403, "Action '$action' isn't allowed on class $className.");
+				return $this->httpError(403, "Action '$action' isn't allowed $classMessage.");
 			}
 			$result = $this->handleAction($request, $action);
 		}
@@ -232,7 +232,7 @@ class RequestHandler extends ViewableData {
 
 		// But if we have more content on the URL and we don't know what to do with it, return an error.
 		} else {
-			return $this->httpError(404, "I can't handle sub-URLs of a $this->class object.");
+			return $this->httpError(404, "I can't handle sub-URLs $classMessage.");
 		}
 
 		return $this;
@@ -276,10 +276,10 @@ class RequestHandler extends ViewableData {
 	 * @return SS_HTTPResponse
 	 */
 	protected function handleAction($request, $action) {
-		$className = get_class($this);
+		$classMessage = Director::isLive() ? 'on this handler' : 'on class '.get_class($this);
 
 		if(!$this->hasMethod($action)) {
-			return new SS_HTTPResponse("Action '$action' isn't available on class $className.", 404);
+			return new SS_HTTPResponse("Action '$action' isn't available $classMessage.", 404);
 		}
 
 		$res = $this->extend('beforeCallActionHandler', $request, $action);

From 245e0aae2f5f3eb0acba1d198ad8e196bb224462 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Wed, 11 Nov 2015 15:18:26 +1300
Subject: [PATCH 26/49] [ss-2015-026]: BUG Fix FormField error messages not
 being encoded safely

---
 docs/en/04_Changelogs/3.1.16.md | 25 +++++++++++++++++++++++++
 forms/Form.php                  | 12 ++++++++++++
 tests/forms/FormTest.php        | 16 ++++++++++++++--
 3 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 docs/en/04_Changelogs/3.1.16.md

diff --git a/docs/en/04_Changelogs/3.1.16.md b/docs/en/04_Changelogs/3.1.16.md
new file mode 100644
index 000000000..14ce134c9
--- /dev/null
+++ b/docs/en/04_Changelogs/3.1.16.md
@@ -0,0 +1,25 @@
+# 3.1.16
+
+## Upgrading
+
+FormField validation messages generated by the `Validator` class will now be automatically XML
+encoded before being rendered alongside an invalid field.
+
+If a validation message in a custom `Validator` instance should be rendered as literal HTML,
+then the $message parameter for `Validator::validationError` should be passed as an instance
+of `HTMLText`
+
+For example:
+
+
+	:::php
+	class MyCustomValidator extends Validator {
+		public function php($data) { 
+			$this->validationError(
+				'EmailAddress',
+				DBField::create_field('HTMLText', "Invalid email. Please sign up at <a href='signup'>this page</a>")
+			);
+		}
+	}
+
+
diff --git a/forms/Form.php b/forms/Form.php
index 3b0f3957b..769e6ece6 100644
--- a/forms/Form.php
+++ b/forms/Form.php
@@ -1211,6 +1211,18 @@ class Form extends RequestHandler {
 			if($errors){
 				// Load errors into session and post back
 				$data = $this->getData();
+				// Encode validation messages as XML before saving into session state
+				// As per Form::addErrorMessage()
+				$errors = array_map(function($error) {
+					// Encode message as XML by default
+					if($error['message'] instanceof DBField) {
+						$error['message'] = $error['message']->forTemplate();;
+					} else {
+						$error['message'] = Convert::raw2xml($error['message']);
+					}
+					return $error;
+				}, $errors);
+
 				Session::set("FormInfo.{$this->FormName()}.errors", $errors);
 				Session::set("FormInfo.{$this->FormName()}.data", $data);
 				return false;
diff --git a/tests/forms/FormTest.php b/tests/forms/FormTest.php
index 7773c6725..c893979cf 100644
--- a/tests/forms/FormTest.php
+++ b/tests/forms/FormTest.php
@@ -226,6 +226,7 @@ class FormTest extends FunctionalTest {
 			'FormTest_Controller/Form',
 			array(
 				'Email' => 'invalid',
+				'Number' => '<a href="http://mysite.com">link</a>' // XSS attempt
 				// leaving out "Required" field
 			)
 		);
@@ -243,7 +244,17 @@ class FormTest extends FunctionalTest {
 			),
 			'Required fields show a notification on field when left blank'
 		);
-		
+
+		$this->assertContains(
+			'&#039;&lt;a href=&quot;http://mysite.com&quot;&gt;link&lt;/a&gt;&#039; is not a number, only numbers can be accepted for this field',
+			$response->getBody(),
+			"Validation messages are safely XML encoded"
+		);
+		$this->assertNotContains(
+			'<a href="http://mysite.com">link</a>',
+			$response->getBody(),
+			"Unsafe content is not emitted directly inside the response body"
+		);
 	}
 	
 	public function testSessionSuccessMessage() {
@@ -630,7 +641,8 @@ class FormTest_Controller extends Controller implements TestOnly {
 			new FieldList(
 				new EmailField('Email'),
 				new TextField('SomeRequiredField'),
-				new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two'))
+				new CheckboxSetField('Boxes', null, array('1'=>'one','2'=>'two')),
+				new NumericField('Number')
 			),
 			new FieldList(
 				new FormAction('doSubmit')

From fea1158d193ed4d037df94101e3b3f2d24a6ce49 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Thu, 12 Nov 2015 14:59:08 +1300
Subject: [PATCH 27/49] BUG Fix print button only displaying first page

---
 forms/gridfield/GridFieldPrintButton.php      |  2 +-
 .../gridfield/GridFieldPrintButtonTest.php    | 46 +++++++++++++++++++
 2 files changed, 47 insertions(+), 1 deletion(-)
 create mode 100644 tests/forms/gridfield/GridFieldPrintButtonTest.php

diff --git a/forms/gridfield/GridFieldPrintButton.php b/forms/gridfield/GridFieldPrintButton.php
index 5b5803b4f..1e25a8d27 100644
--- a/forms/gridfield/GridFieldPrintButton.php
+++ b/forms/gridfield/GridFieldPrintButton.php
@@ -186,7 +186,7 @@ class GridFieldPrintButton implements GridField_HTMLProvider, GridField_ActionPr
 		$items = $gridField->getManipulatedList();
 		$itemRows = new ArrayList();
 
-		foreach($items as $item) {
+		foreach($items->limit(null) as $item) {
 			$itemRow = new ArrayList();
 
 			foreach($printColumns as $field => $label) {
diff --git a/tests/forms/gridfield/GridFieldPrintButtonTest.php b/tests/forms/gridfield/GridFieldPrintButtonTest.php
new file mode 100644
index 000000000..384705908
--- /dev/null
+++ b/tests/forms/gridfield/GridFieldPrintButtonTest.php
@@ -0,0 +1,46 @@
+<?php
+
+
+class GridFieldPrintButtonTest extends SapphireTest {
+
+	protected $extraDataObjects = array(
+		'GridFieldPrintButtonTest_DO'
+	);
+
+	public function setUp() {
+		parent::setUp();
+
+		// 42 items
+		for($i = 1; $i <= 42; $i++) {
+			$obj = new GridFieldPrintButtonTest_DO();
+			$obj->Name = "Object {$i}";
+			$obj->write();
+		}
+	}
+
+	public function testLimit() {
+		$list = GridFieldPrintButtonTest_DO::get();
+
+		$button = new GridFieldPrintButton();
+		$button->setPrintColumns(array('Name' => 'My Name'));
+
+		// Get paginated gridfield config
+		$config = GridFieldConfig::create()
+			->addComponent(new GridFieldPaginator(10))
+			->addComponent($button);
+		$gridField = new GridField('testfield', 'testfield', $list, $config);
+		$controller = new Controller();
+		$form = new Form($controller, 'Form', new FieldList($gridField), new FieldList());
+
+		// Printed data should ignore pagination limit
+		$printData = $button->generatePrintData($gridField);
+		$rows = $printData->ItemRows;
+		$this->assertEquals(42, $rows->count());
+	}
+}
+
+class GridFieldPrintButtonTest_DO extends DataObject {
+	private static $db = array(
+		'Name' => 'Varchar'
+	);
+}

From b61d6dcd57577b0345af7a69e51da409305e1957 Mon Sep 17 00:00:00 2001
From: Hamish Friedlander <hamish@silverstripe.com>
Date: Fri, 13 Nov 2015 10:51:13 +1300
Subject: [PATCH 28/49] [ss-2015-027]: FIX HtmlEditorField_Toolbar#viewfile not
 whitelisting URLs

---
 .../Field_types/03_HTMLEditorField.md         |  12 +++
 forms/HtmlEditorField.php                     | 100 ++++++++++++++----
 tests/forms/HtmlEditorFieldToolbarTest.php    |  71 +++++++++++++
 tests/forms/HtmlEditorFieldToolbarTest.yml    |   9 ++
 4 files changed, 171 insertions(+), 21 deletions(-)
 create mode 100644 tests/forms/HtmlEditorFieldToolbarTest.php
 create mode 100644 tests/forms/HtmlEditorFieldToolbarTest.yml

diff --git a/docs/en/02_Developer_Guides/03_Forms/Field_types/03_HTMLEditorField.md b/docs/en/02_Developer_Guides/03_Forms/Field_types/03_HTMLEditorField.md
index 13b276dde..b18938ca5 100644
--- a/docs/en/02_Developer_Guides/03_Forms/Field_types/03_HTMLEditorField.md
+++ b/docs/en/02_Developer_Guides/03_Forms/Field_types/03_HTMLEditorField.md
@@ -218,6 +218,18 @@ To refresh a oEmbed cache, append `?flush=1` to a URL.
 
 To disable oEmbed usage, set the `Oembed.enabled` configuration property to "false".
 
+## Limiting oembed URLs
+
+HtmlEditorField can have whitelists set on both the scheme (default http & https) and domains allowed when
+inserting files for use with oembed.
+
+This is performed through the config variables `HtmlEditorField_Toolbar::$fileurl_scheme_whitelist` and
+`HtmlEditorField_Toolbar::$fileurl_domain_whitelist`.
+
+Setting these configuration variables to empty arrays will disable the whitelist. Setting them to an array of
+lower case strings will require the scheme or domain respectively to exactly match one of those strings (no
+wildcards are currently supported).
+
 ### Doctypes
 
 Since TinyMCE generates markup, it needs to know which doctype your documents will be rendered in. You can set this 
diff --git a/forms/HtmlEditorField.php b/forms/HtmlEditorField.php
index fad081a74..4bc987e9b 100644
--- a/forms/HtmlEditorField.php
+++ b/forms/HtmlEditorField.php
@@ -449,40 +449,98 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 		return $form;
 	}
 
+	/**
+	 * @config
+	 * @var array - list of allowed schemes (no wildcard, all lower case) or empty to allow all schemes
+	 */
+	private static $fileurl_scheme_whitelist = array('http', 'https');
+
+	/**
+	 * @config
+	 * @var array - list of allowed domains (no wildcard, all lower case) or empty to allow all domains
+	 */
+	private static $fileurl_domain_whitelist = array();
+
+	protected function viewfile_getLocalFileByID($id) {
+		$file = DataObject::get_by_id('File', $id);
+
+		if ($file && $file->canView()) return array($file, $file->RelativeLink());
+		return array(null, null);
+	}
+
+	protected function viewfile_getLocalFileByURL($fileUrl) {
+		$filteredUrl = Director::makeRelative($fileUrl);
+		$filteredUrl = preg_replace('/_resampled\/[^-]+-/', '', $filteredUrl);
+
+		$file = File::get()->filter('Filename', $filteredUrl)->first();
+
+		if ($file && $file->canView()) return array($file, $filteredUrl);
+		return array(null, null);
+	}
+
+	protected function viewfile_getRemoteFileByURL($fileUrl) {
+		$scheme = strtolower(parse_url($fileUrl, PHP_URL_SCHEME));
+		$allowed_schemes = self::config()->fileurl_scheme_whitelist;
+
+		if (!$scheme || ($allowed_schemes && !in_array($scheme, $allowed_schemes))) {
+			$exception = new SS_HTTPResponse_Exception("This file scheme is not included in the whitelist", 400);
+			$exception->getResponse()->addHeader('X-Status', $exception->getMessage());
+			throw $exception;
+		}
+
+		$domain = strtolower(parse_url($fileUrl, PHP_URL_HOST));
+		$allowed_domains = self::config()->fileurl_domain_whitelist;
+
+		if (!$domain || ($allowed_domains && !in_array($domain, $allowed_domains))) {
+			$exception = new SS_HTTPResponse_Exception("This file hostname is not included in the whitelist", 400);
+			$exception->getResponse()->addHeader('X-Status', $exception->getMessage());
+			throw $exception;
+		}
+
+		return array(
+			new File(array(
+				'Title' => basename($fileUrl),
+				'Filename' => $fileUrl
+			)),
+			$fileUrl
+		);
+	}
+
 	/**
 	 * View of a single file, either on the filesystem or on the web.
 	 */
 	public function viewfile($request) {
+		$file = null;
+		$url = null;
 
 		// TODO Would be cleaner to consistently pass URL for both local and remote files,
 		// but GridField doesn't allow for this kind of metadata customization at the moment.
-		if($url = $request->getVar('FileURL')) {
-			if(Director::is_absolute_url($url) && !Director::is_site_url($url)) {
-				$url = $url;
-				$file = new File(array(
-					'Title' => basename($url),
-					'Filename' => $url
-				));
-			} else {
-				$url = Director::makeRelative($request->getVar('FileURL'));
-				$url = preg_replace('/_resampled\/[^-]+-/', '', $url);
-				$file = File::get()->filter('Filename', $url)->first();
-				if(!$file) $file = new File(array(
-					'Title' => basename($url),
-					'Filename' => $url
-				));
+		if($fileUrl = $request->getVar('FileURL')) {
+			// If this isn't an absolute URL, or is, but is to this site, try and get the File object
+			// that is associated with it
+			if(!Director::is_absolute_url($fileUrl) || Director::is_site_url($fileUrl)) {
+				list($file, $url) = $this->viewfile_getLocalFileByURL($fileUrl);
 			}
-		} elseif($id = $request->getVar('ID')) {
-			$file = DataObject::get_by_id('File', $id);
-			$url = $file->RelativeLink();
-		} else {
-			throw new LogicException('Need either "ID" or "FileURL" parameter to identify the file');
+			// If this is an absolute URL, but not to this site, use as an oembed source (after whitelisting URL)
+			else {
+				list($file, $url) = $this->viewfile_getRemoteFileByURL($fileUrl);
+			}
+		}
+		// Or we could have been passed an ID directly
+		elseif($id = $request->getVar('ID')) {
+			list($file, $url) = $this->viewfile_getLocalFileByID($id);
+		}
+		// Or we could have been passed nothing, in which case panic
+		else {
+			throw new SS_HTTPResponse_Exception('Need either "ID" or "FileURL" parameter to identify the file', 400);
 		}
 
 		// Instanciate file wrapper and get fields based on its type
 		// Check if appCategory is an image and exists on the local system, otherwise use oEmbed to refference a
 		// remote image
-		if($file && $file->appCategory() == 'image' && Director::is_site_url($url)) {
+		if (!$file || !$url) {
+			throw new SS_HTTPResponse_Exception('Unable to find file to view', 404);
+		} elseif($file->appCategory() == 'image' && Director::is_site_url($url)) {
 			$fileWrapper = new HtmlEditorField_Image($url, $file);
 		} elseif(!Director::is_site_url($url)) {
 			$fileWrapper = new HtmlEditorField_Embed($url, $file);
diff --git a/tests/forms/HtmlEditorFieldToolbarTest.php b/tests/forms/HtmlEditorFieldToolbarTest.php
new file mode 100644
index 000000000..6b661936d
--- /dev/null
+++ b/tests/forms/HtmlEditorFieldToolbarTest.php
@@ -0,0 +1,71 @@
+<?php
+
+class HtmlEditorFieldToolbarTest_Toolbar extends HtmlEditorField_Toolbar {
+	public function viewfile_getLocalFileByID($id) {
+		return parent::viewfile_getLocalFileByID($id);
+	}
+
+	public function viewfile_getLocalFileByURL($fileUrl) {
+		return parent::viewfile_getLocalFileByURL($fileUrl);
+	}
+
+	public function viewfile_getRemoteFileByURL($fileUrl) {
+		return parent::viewfile_getRemoteFileByURL($fileUrl);
+	}
+}
+
+class HtmlEditorFieldToolbarTest extends SapphireTest {
+
+	protected static $fixture_file = 'HtmlEditorFieldToolbarTest.yml';
+
+	protected function getToolbar() {
+		return new HtmlEditorFieldToolbarTest_Toolbar(null, '/');
+	}
+
+	public function setUp() {
+		parent::setUp();
+
+		Config::nest();
+		Config::inst()->update('HtmlEditorField_Toolbar', 'fileurl_scheme_whitelist', array('http'));
+		Config::inst()->update('HtmlEditorField_Toolbar', 'fileurl_domain_whitelist', array('example.com'));
+	}
+
+	public function tearDown() {
+		Config::unnest();
+
+		parent::tearDown();
+	}
+
+	public function testValidLocalReference() {
+		list($file, $url) = $this->getToolbar()->viewfile_getLocalFileByURL('folder/subfolder/example.pdf');
+		$this->assertEquals($this->objFromFixture('File', 'example_file'), $file);
+	}
+
+	public function testInvalidLocalReference() {
+		list($file, $url) = $this->getToolbar()->viewfile_getLocalFileByURL('folder/subfolder/missing.pdf');
+		$this->assertNull($file);
+	}
+
+	public function testValidScheme() {
+		list($file, $url) = $this->getToolbar()->viewfile_getRemoteFileByURL('http://example.com/test.pdf');
+		$this->assertInstanceOf('File', $file);
+		$this->assertEquals($file->Filename, 'http://example.com/test.pdf');
+	}
+
+	/** @expectedException SS_HTTPResponse_Exception */
+	public function testInvalidScheme() {
+		list($file, $url) = $this->getToolbar()->viewfile_getRemoteFileByURL('nosuchscheme://example.com/test.pdf');
+	}
+
+	public function testValidDomain() {
+		list($file, $url) = $this->getToolbar()->viewfile_getRemoteFileByURL('http://example.com/test.pdf');
+		$this->assertInstanceOf('File', $file);
+		$this->assertEquals($file->Filename, 'http://example.com/test.pdf');
+	}
+
+	/** @expectedException SS_HTTPResponse_Exception */
+	public function testInvalidDomain() {
+		list($file, $url) = $this->getToolbar()->viewfile_getRemoteFileByURL('http://evil.com/test.pdf');
+	}
+
+}
\ No newline at end of file
diff --git a/tests/forms/HtmlEditorFieldToolbarTest.yml b/tests/forms/HtmlEditorFieldToolbarTest.yml
new file mode 100644
index 000000000..164c30844
--- /dev/null
+++ b/tests/forms/HtmlEditorFieldToolbarTest.yml
@@ -0,0 +1,9 @@
+File:
+  example_file:
+    Name: example.pdf
+    Filename: folder/subfolder/example.pdf
+
+Image:
+  example_image:
+    Name: HTMLEditorFieldTest_example.jpg
+    Filename: tests/forms/images/HTMLEditorFieldTest_example.jpg

From 49acc0d468de7cc796bcde1c33108779e65876f4 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Fri, 13 Nov 2015 15:27:08 +1300
Subject: [PATCH 29/49] Added 3.2.1-rc2 changelog

---
 docs/en/04_Changelogs/rc/3.2.1-rc2.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 docs/en/04_Changelogs/rc/3.2.1-rc2.md

diff --git a/docs/en/04_Changelogs/rc/3.2.1-rc2.md b/docs/en/04_Changelogs/rc/3.2.1-rc2.md
new file mode 100644
index 000000000..55acd92c0
--- /dev/null
+++ b/docs/en/04_Changelogs/rc/3.2.1-rc2.md
@@ -0,0 +1,9 @@
+# 3.2.1-rc2
+
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2015-11-12 [b61d6dc](https://github.com/silverstripe/silverstripe-framework/commit/b61d6dcd57577b0345af7a69e51da409305e1957) HtmlEditorField_Toolbar#viewfile not whitelisting URLs (Hamish Friedlander) - See [ss-2015-027](http://www.silverstripe.org/download/security-releases/ss-2015-027)

From c19420f545a32f86b843a6fb7c893482f7812ad3 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Fri, 13 Nov 2015 15:32:09 +1300
Subject: [PATCH 30/49] Add 3.2.1-rc2 changelog

---
 docs/en/04_Changelogs/rc/3.2.1-rc2.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/en/04_Changelogs/rc/3.2.1-rc2.md b/docs/en/04_Changelogs/rc/3.2.1-rc2.md
index 55acd92c0..dd7690a64 100644
--- a/docs/en/04_Changelogs/rc/3.2.1-rc2.md
+++ b/docs/en/04_Changelogs/rc/3.2.1-rc2.md
@@ -1,5 +1,7 @@
 # 3.2.1-rc2
 
+See [3.2.1](/changelogs/3.2.1) changelog for more information on what is new in 3.2.1
+
 <!--- Changes below this line will be automatically regenerated -->
 
 ## Change Log

From e5e4a55fe0fae755c37863bf59bbcb3a555d2af7 Mon Sep 17 00:00:00 2001
From: Cam Findlay <cam@silverstripe.com>
Date: Sat, 14 Nov 2015 09:42:12 +1300
Subject: [PATCH 31/49] DOCS Update conflict resolution help in code of conduct

Original link was 404.
---
 docs/en/05_Contributing/07_Code_of_conduct.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/05_Contributing/07_Code_of_conduct.md b/docs/en/05_Contributing/07_Code_of_conduct.md
index ae8ffb246..64e0bb167 100644
--- a/docs/en/05_Contributing/07_Code_of_conduct.md
+++ b/docs/en/05_Contributing/07_Code_of_conduct.md
@@ -39,7 +39,7 @@ Honour the code of conduct whenever you participate formally and informally in o
  * Repeated and deliberate breachings of the code of conduct following this first reminder will be referred on to the team of core committers and may result in the member being asked to leave the community channels.
  * While we have a policy of not removing postings and comments from our digital channels, there may be times in which items are removed if deemed blatantly discriminatory towards individuals, groups or cultures.
  * If a member behaves inappropriately, politely bring this to their attention and gently remind them of the code of conduct when necessary.
- * Refer to [these helpful guides on conflict resolution](http://www.crnhq.org/pages.php?pID=10) to aid you when dealing with a conflict.
+ * Refer to [this helpful guide on conflict resolution](http://www.crnhq.org/files/66138/files/Handouts%20and%20Posters/ResolveTheConflictGuideposter.pdf) to aid you when dealing with a conflict.
 
 ## A living document
  * This is a living document. As core committers, we know we don't have all the answers so we want to make the community an innovative and valuable space for everyone that wishes to contribute.

From 8eb583cda06f31a8c8c2bc999244a324ee722096 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Mon, 16 Nov 2015 15:08:39 +1300
Subject: [PATCH 32/49] Update translations

---
 lang/de.yml | 3 +--
 lang/es.yml | 4 ----
 lang/it.yml | 1 -
 lang/lt.yml | 2 +-
 4 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/lang/de.yml b/lang/de.yml
index 037954c17..de6f1f233 100644
--- a/lang/de.yml
+++ b/lang/de.yml
@@ -293,7 +293,6 @@ de:
     FindInFolder: 'In Ordner suchen'
     IMAGEALT: 'Alternativtext (alt)'
     IMAGEALTTEXT: 'Alternativtext (alt) - erscheint, falls das Bild nicht angezeigt werden kann.'
-    IMAGEALTTEXTDESC: 'Wird von Screenreadern vorgelesen oder angezeigt, falls das Bild nicht angezeigt werden kann.'
     IMAGEDIMENSIONS: Dimensionen
     IMAGEHEIGHTPX: Höhe (px)
     IMAGETITLE: 'Titeltext (Tooltip) - für zusätzliche Informationen über das Bild'
@@ -328,7 +327,7 @@ de:
     DELETED: Gelöscht.
     DropdownBatchActionsDefault: Aktionen
     HELP: Hilfe
-    PAGETYPE: 'Seitentyp'
+    PAGETYPE: 'Seitentyp:'
     PERMAGAIN: 'Sie wurden aus dem System ausgeloggt. Falls Sie sich wieder einloggen möchten, geben Sie bitte Benutzernamen und Passwort im untenstehenden Formular an.'
     PERMALREADY: 'Leider dürfen Sie diesen Teil des CMS nicht aufrufen. Wenn Sie sich als jemand anderes einloggen wollen, benutzen Sie bitte das nachstehende Formular.'
     PERMDEFAULT: 'Sie müssen angemeldet sein, um auf diesen Bereich zugreifen zu können. Bitte geben Sie Ihre Zugangsdaten ein.'
diff --git a/lang/es.yml b/lang/es.yml
index b56ec237f..e2a3c3768 100644
--- a/lang/es.yml
+++ b/lang/es.yml
@@ -292,8 +292,6 @@ es:
     FROMWEB: 'Desde la web'
     FindInFolder: 'Buscar en carpeta'
     IMAGEALT: 'Texto alternativo (alt)'
-    IMAGEALTTEXT: 'Texto alternativo (alt) - es mostrado si la imagen no puede ser visualizada'
-    IMAGEALTTEXTDESC: 'Mostrado a los lectores de pantalla o si la imagen no se puede visualizar'
     IMAGEDIMENSIONS: Dimensiones
     IMAGEHEIGHTPX: Alto
     IMAGETITLE: 'Texto del título (tooltip) - para obtener más información acerca de la imagen'
@@ -328,11 +326,9 @@ es:
     DELETED: Borrado
     DropdownBatchActionsDefault: Acciones
     HELP: Ayuda
-    PAGETYPE: 'Tipo de página'
     PERMAGAIN: 'Ha sido desconectado del CMS. Si quiere volver a entrar, introduzca su nombre de usuario y contraseña a continuación.'
     PERMALREADY: 'Lamentablemente no puede acceder a esta parte del CMS. Si quiere entrar como alguien distinto, hágalo a continuación'
     PERMDEFAULT: 'Debes estar conectado para acceder al área de administración; por favor ingresa tus datos a continuación'
-    PLEASESAVE: 'Por favor Guarde la Página: Esta página no se ha podido actualizar porque aún no ha sido salvada'
     PreviewButton: Vista previa
     REORGANISATIONSUCCESSFUL: 'Reorganizado el árbol del sitio con éxito.'
     SAVEDUP: Guardado
diff --git a/lang/it.yml b/lang/it.yml
index f79e319b9..acef00d87 100644
--- a/lang/it.yml
+++ b/lang/it.yml
@@ -325,7 +325,6 @@ it:
     DELETED: Eliminato.
     DropdownBatchActionsDefault: Azioni
     HELP: Aiuto
-    PAGETYPE: 'Tipo di pagina'
     PERMAGAIN: 'Sei stato disconnesso dal CMS. Se desideri autenticarti nuovamente, inserisci qui sotto nome utente e password.'
     PERMALREADY: 'Siamo spiacenti, ma non puoi accedere a questa sezione del CMS. Se desideri autenticarti come qualcun altro, fallo qui sotto.'
     PERMDEFAULT: 'Devi essere autenticato per accedere all''area amministrativa; Per favore inserisci le tue credenziali qui sotto'
diff --git a/lang/lt.yml b/lang/lt.yml
index 9da6bb6c9..1725617f3 100644
--- a/lang/lt.yml
+++ b/lang/lt.yml
@@ -328,7 +328,7 @@ lt:
     DELETED: Ištrinta.
     DropdownBatchActionsDefault: Veiksmai
     HELP: Pagalba
-    PAGETYPE: 'Puslapio tipas'
+    PAGETYPE: 'Puslapio tipas:'
     PERMAGAIN: 'Jūs atsijungėte. Norėdami vėl prisijungti, įveskite savo duomenis į žemiau esančius laukelius.'
     PERMALREADY: 'Deja, bet Jūs negalite patekti į šią TVS dalį. Jeigu norite prisijungti kitu vartotoju, tai atlikite žemiau.'
     PERMDEFAULT: 'Jūs turite būti prisijungę, norėdami pasiekti administravimo zoną; prašome suvesti prisijungimo duomenis į žemiau esančius laukelius.'

From 615b2d5563b137e36a32fe005f447a3fa6fb2ff0 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Mon, 16 Nov 2015 15:16:49 +1300
Subject: [PATCH 33/49] Added 3.1.16 changelog

---
 docs/en/04_Changelogs/3.1.16.md | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/docs/en/04_Changelogs/3.1.16.md b/docs/en/04_Changelogs/3.1.16.md
index 14ce134c9..05981d464 100644
--- a/docs/en/04_Changelogs/3.1.16.md
+++ b/docs/en/04_Changelogs/3.1.16.md
@@ -23,3 +23,18 @@ For example:
 	}
 
 
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2015-11-11 [245e0aa](https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462) Fix FormField error messages not being encoded safely (Damian Mooyman) - See [ss-2015-026](http://www.silverstripe.org/download/security-releases/ss-2015-026)
+ * 2015-11-09 [53b3bc7](https://github.com/silverstripe/silverstripe-framework/commit/53b3bc707bcccb8f5e5060f85ab1398a0975bba2) Dont expose class on error (Hamish Friedlander) - See [ss-2015-025](http://www.silverstripe.org/download/security-releases/ss-2015-025)
+ * 2015-11-01 [ac4342d](https://github.com/silverstripe/silverstripe-framework/commit/ac4342d81d19201bd8d3814f168240db1ac565fe) XML escape RSSFeed $link parameter (Ingo Schommer) - See [ss-2015-022](http://www.silverstripe.org/download/security-releases/ss-2015-022)
+ * 2015-10-28 [97f21fd](https://github.com/silverstripe/silverstripe-framework/commit/97f21fddb3c565052f19ee3b35366f48e1e9a36f) Fix rewrite hash links XSS (Damian Mooyman) - See [ss-2015-021](http://www.silverstripe.org/download/security-releases/ss-2015-021)
+
+### Bugfixes
+
+ * 2015-10-20 [b857bdf](https://github.com/silverstripe/silverstripe-framework/commit/b857bdf209d79fc623724e68f6a660354cbd5f93) Fix duplicate files being included in case of flush (Damian Mooyman)
+ * 2015-10-08 [ff6c0a3](https://github.com/silverstripe/silverstripe-cms/commit/ff6c0a3160c5eb3ca624efea6585efb44399dc1c) (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)

From 2e6469956fa76513c6c9c70587c806f095ddb6d7 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Mon, 16 Nov 2015 15:20:30 +1300
Subject: [PATCH 34/49] Add 3.1.16-rc1 changelog

---
 docs/en/04_Changelogs/rc/3.1.16-rc1.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 docs/en/04_Changelogs/rc/3.1.16-rc1.md

diff --git a/docs/en/04_Changelogs/rc/3.1.16-rc1.md b/docs/en/04_Changelogs/rc/3.1.16-rc1.md
new file mode 100644
index 000000000..c9fde7c24
--- /dev/null
+++ b/docs/en/04_Changelogs/rc/3.1.16-rc1.md
@@ -0,0 +1,19 @@
+# 3.1.16-rc1
+
+See [3.1.16](/changelogs/3.1.16) changelog for more information on what is new in 3.1.16
+
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2015-11-11 [245e0aa](https://github.com/silverstripe/silverstripe-framework/commit/245e0aae2f5f3eb0acba1d198ad8e196bb224462) Fix FormField error messages not being encoded safely (Damian Mooyman) - See [ss-2015-026](http://www.silverstripe.org/download/security-releases/ss-2015-026)
+ * 2015-11-09 [53b3bc7](https://github.com/silverstripe/silverstripe-framework/commit/53b3bc707bcccb8f5e5060f85ab1398a0975bba2) Dont expose class on error (Hamish Friedlander) - See [ss-2015-025](http://www.silverstripe.org/download/security-releases/ss-2015-025)
+ * 2015-11-01 [ac4342d](https://github.com/silverstripe/silverstripe-framework/commit/ac4342d81d19201bd8d3814f168240db1ac565fe) XML escape RSSFeed $link parameter (Ingo Schommer) - See [ss-2015-022](http://www.silverstripe.org/download/security-releases/ss-2015-022)
+ * 2015-10-28 [97f21fd](https://github.com/silverstripe/silverstripe-framework/commit/97f21fddb3c565052f19ee3b35366f48e1e9a36f) Fix rewrite hash links XSS (Damian Mooyman) - See [ss-2015-021](http://www.silverstripe.org/download/security-releases/ss-2015-021)
+
+### Bugfixes
+
+ * 2015-10-20 [b857bdf](https://github.com/silverstripe/silverstripe-framework/commit/b857bdf209d79fc623724e68f6a660354cbd5f93) Fix duplicate files being included in case of flush (Damian Mooyman)
+ * 2015-10-08 [ff6c0a3](https://github.com/silverstripe/silverstripe-cms/commit/ff6c0a3160c5eb3ca624efea6585efb44399dc1c) (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)

From 3fe8b7479c0b4b04377fd333341fdb210ac6cf71 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Mon, 16 Nov 2015 16:01:52 +1300
Subject: [PATCH 35/49] Update translations

---
 lang/de.yml | 3 +--
 lang/es.yml | 4 ----
 lang/it.yml | 1 -
 lang/lt.yml | 2 +-
 4 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/lang/de.yml b/lang/de.yml
index 037954c17..de6f1f233 100644
--- a/lang/de.yml
+++ b/lang/de.yml
@@ -293,7 +293,6 @@ de:
     FindInFolder: 'In Ordner suchen'
     IMAGEALT: 'Alternativtext (alt)'
     IMAGEALTTEXT: 'Alternativtext (alt) - erscheint, falls das Bild nicht angezeigt werden kann.'
-    IMAGEALTTEXTDESC: 'Wird von Screenreadern vorgelesen oder angezeigt, falls das Bild nicht angezeigt werden kann.'
     IMAGEDIMENSIONS: Dimensionen
     IMAGEHEIGHTPX: Höhe (px)
     IMAGETITLE: 'Titeltext (Tooltip) - für zusätzliche Informationen über das Bild'
@@ -328,7 +327,7 @@ de:
     DELETED: Gelöscht.
     DropdownBatchActionsDefault: Aktionen
     HELP: Hilfe
-    PAGETYPE: 'Seitentyp'
+    PAGETYPE: 'Seitentyp:'
     PERMAGAIN: 'Sie wurden aus dem System ausgeloggt. Falls Sie sich wieder einloggen möchten, geben Sie bitte Benutzernamen und Passwort im untenstehenden Formular an.'
     PERMALREADY: 'Leider dürfen Sie diesen Teil des CMS nicht aufrufen. Wenn Sie sich als jemand anderes einloggen wollen, benutzen Sie bitte das nachstehende Formular.'
     PERMDEFAULT: 'Sie müssen angemeldet sein, um auf diesen Bereich zugreifen zu können. Bitte geben Sie Ihre Zugangsdaten ein.'
diff --git a/lang/es.yml b/lang/es.yml
index b56ec237f..e2a3c3768 100644
--- a/lang/es.yml
+++ b/lang/es.yml
@@ -292,8 +292,6 @@ es:
     FROMWEB: 'Desde la web'
     FindInFolder: 'Buscar en carpeta'
     IMAGEALT: 'Texto alternativo (alt)'
-    IMAGEALTTEXT: 'Texto alternativo (alt) - es mostrado si la imagen no puede ser visualizada'
-    IMAGEALTTEXTDESC: 'Mostrado a los lectores de pantalla o si la imagen no se puede visualizar'
     IMAGEDIMENSIONS: Dimensiones
     IMAGEHEIGHTPX: Alto
     IMAGETITLE: 'Texto del título (tooltip) - para obtener más información acerca de la imagen'
@@ -328,11 +326,9 @@ es:
     DELETED: Borrado
     DropdownBatchActionsDefault: Acciones
     HELP: Ayuda
-    PAGETYPE: 'Tipo de página'
     PERMAGAIN: 'Ha sido desconectado del CMS. Si quiere volver a entrar, introduzca su nombre de usuario y contraseña a continuación.'
     PERMALREADY: 'Lamentablemente no puede acceder a esta parte del CMS. Si quiere entrar como alguien distinto, hágalo a continuación'
     PERMDEFAULT: 'Debes estar conectado para acceder al área de administración; por favor ingresa tus datos a continuación'
-    PLEASESAVE: 'Por favor Guarde la Página: Esta página no se ha podido actualizar porque aún no ha sido salvada'
     PreviewButton: Vista previa
     REORGANISATIONSUCCESSFUL: 'Reorganizado el árbol del sitio con éxito.'
     SAVEDUP: Guardado
diff --git a/lang/it.yml b/lang/it.yml
index f79e319b9..acef00d87 100644
--- a/lang/it.yml
+++ b/lang/it.yml
@@ -325,7 +325,6 @@ it:
     DELETED: Eliminato.
     DropdownBatchActionsDefault: Azioni
     HELP: Aiuto
-    PAGETYPE: 'Tipo di pagina'
     PERMAGAIN: 'Sei stato disconnesso dal CMS. Se desideri autenticarti nuovamente, inserisci qui sotto nome utente e password.'
     PERMALREADY: 'Siamo spiacenti, ma non puoi accedere a questa sezione del CMS. Se desideri autenticarti come qualcun altro, fallo qui sotto.'
     PERMDEFAULT: 'Devi essere autenticato per accedere all''area amministrativa; Per favore inserisci le tue credenziali qui sotto'
diff --git a/lang/lt.yml b/lang/lt.yml
index 9da6bb6c9..1725617f3 100644
--- a/lang/lt.yml
+++ b/lang/lt.yml
@@ -328,7 +328,7 @@ lt:
     DELETED: Ištrinta.
     DropdownBatchActionsDefault: Veiksmai
     HELP: Pagalba
-    PAGETYPE: 'Puslapio tipas'
+    PAGETYPE: 'Puslapio tipas:'
     PERMAGAIN: 'Jūs atsijungėte. Norėdami vėl prisijungti, įveskite savo duomenis į žemiau esančius laukelius.'
     PERMALREADY: 'Deja, bet Jūs negalite patekti į šią TVS dalį. Jeigu norite prisijungti kitu vartotoju, tai atlikite žemiau.'
     PERMDEFAULT: 'Jūs turite būti prisijungę, norėdami pasiekti administravimo zoną; prašome suvesti prisijungimo duomenis į žemiau esančius laukelius.'

From 0178fa5a1873a0f1d6100268c86dab81a18c23a5 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Mon, 16 Nov 2015 16:17:10 +1300
Subject: [PATCH 36/49] Added 3.2.1 changelog

---
 docs/en/04_Changelogs/3.2.1.md | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)

diff --git a/docs/en/04_Changelogs/3.2.1.md b/docs/en/04_Changelogs/3.2.1.md
index aa68c7e72..542610874 100644
--- a/docs/en/04_Changelogs/3.2.1.md
+++ b/docs/en/04_Changelogs/3.2.1.md
@@ -23,3 +23,34 @@ For example:
 	}
 
 
+<!--- Changes below this line will be automatically regenerated -->
+
+## Change Log
+
+### Security
+
+ * 2015-11-12 [b61d6dc](https://github.com/silverstripe/silverstripe-framework/commit/b61d6dcd57577b0345af7a69e51da409305e1957) HtmlEditorField_Toolbar#viewfile not whitelisting URLs (Hamish Friedlander) - See [ss-2015-027](http://www.silverstripe.org/download/security-releases/ss-2015-027)
+ * 2015-11-11 [bc1b289](https://github.com/silverstripe/silverstripe-framework/commit/bc1b2893accba6401c03f9ea3b0cbc4621c7a02c) Fix FormField error messages not being encoded safely (Damian Mooyman) - See [ss-2015-026](http://www.silverstripe.org/download/security-releases/ss-2015-026)
+ * 2015-11-09 [f290d86](https://github.com/silverstripe/silverstripe-framework/commit/f290d869e01e0087286b4f2bc92e95d15c229c45) Dont expose class on error (Hamish Friedlander) - See [ss-2015-025](http://www.silverstripe.org/download/security-releases/ss-2015-025)
+ * 2015-11-01 [4f55b6a](https://github.com/silverstripe/silverstripe-framework/commit/4f55b6a115ce0de8c5c258fb44eca52b8b112caf) XML escape RSSFeed $link parameter (Ingo Schommer) - See [ss-2015-022](http://www.silverstripe.org/download/security-releases/ss-2015-022)
+ * 2015-10-28 [132e9b3](https://github.com/silverstripe/silverstripe-framework/commit/132e9b3e2fad361ebb4b502b6a37d34d013bfba3) Fix rewrite hash links XSS (Damian Mooyman) - See [ss-2015-021](http://www.silverstripe.org/download/security-releases/ss-2015-021)
+
+### Bugfixes
+
+ * 2015-11-10 [732e705](https://github.com/silverstripe/silverstripe-framework/commit/732e705bbf548024b123d5160863395f2f74e7d9) Correct behaviour for empty filter array (as per 3.1) (Damian Mooyman)
+ * 2015-11-09 [414ea3d](https://github.com/silverstripe/silverstripe-framework/commit/414ea3de9e87812c5ac96cc15062307c608e0963) prevent UploadField edit form generation for Folders (Damian Mooyman)
+ * 2015-11-05 [c6c650f](https://github.com/silverstripe/silverstripe-cms/commit/c6c650f1366348327d973ca6cc5a5ed33a467786) Ensure CMSMainTest uses correct siteconfig (Damian Mooyman)
+ * 2015-11-02 [0272e44](https://github.com/silverstripe/silverstripe-framework/commit/0272e443f44ebca55b05c14f2a112260ff0df284) Prevent dev/build continually regenerating Number field type (Damian Mooyman)
+ * 2015-10-30 [2813f94](https://github.com/silverstripe/silverstripe-framework/commit/2813f94124c2ba14f1e4a51001e3898b0e0c32aa) Ensure that filters on any fixed field are scoped to the base data table (Damian Mooyman)
+ * 2015-10-30 [38ca963](https://github.com/silverstripe/silverstripe-framework/commit/38ca9632c4e9df0a74eae70cec98fdce242da529) Add missing CMSSecurity route (Damian Mooyman)
+ * 2015-10-29 [daa86d3](https://github.com/silverstripe/silverstripe-framework/commit/daa86d3a4ce75bf8637134726864ae14fbbdf586) Fix regression from #4396 in test fixtures (Damian Mooyman)
+ * 2015-10-28 [db16248](https://github.com/silverstripe/silverstripe-framework/commit/db16248b9ab7677cc4b4e25857a6b6d36f8c35f0) Fix broken InlineFormAction (Damian Mooyman)
+ * 2015-10-27 [293d847](https://github.com/silverstripe/silverstripe-framework/commit/293d84721efafedf3dd3fe69dd1d013a8c07d3ff) for #4712: Dropping in some PHP documentation on return types for dynamically generated image methods. (Patrick Nelson)
+ * 2015-10-20 [b857bdf](https://github.com/silverstripe/silverstripe-framework/commit/b857bdf209d79fc623724e68f6a660354cbd5f93) Fix duplicate files being included in case of flush (Damian Mooyman)
+ * 2015-10-19 [c364158](https://github.com/silverstripe/silverstripe-framework/commit/c3641587a5d5977af4fa053e5813846ce990d86c) only use sethasemptydefault if exists. (Cam Findlay)
+ * 2015-10-08 [ff6c0a3](https://github.com/silverstripe/silverstripe-cms/commit/ff6c0a3160c5eb3ca624efea6585efb44399dc1c) (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
+ * 2015-10-08 [785f850](https://github.com/silverstripe/silverstripe-cms/commit/785f85047f64b76011c34542362c7f09dbf59021) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
+ * 2015-10-01 [75dc391](https://github.com/silverstripe/silverstripe-cms/commit/75dc391df9b396756a6f02c5fca08eafcb53ba31) for #586 and possible fix for #736 and relates to #2449: Don't perform validation upon deletion, since it isn't necessary. Cleaned up type hint. (Patrick Nelson)
+ * 2015-09-17 [e64d73c](https://github.com/silverstripe/silverstripe-framework/commit/e64d73c1f741399412b6015f6602ed707b2e9778) Fix ClassInfo::table_for_object_field (Damian Mooyman)
+ * 2015-08-05 [2901664](https://github.com/silverstripe/silverstripe-framework/commit/29016645e5e759b1ecf49876fa79c357a68c5794) . FulltextFilter requires table identifiers in match query (Elvinas L.)
+ * 2015-07-12 [f192a6e](https://github.com/silverstripe/silverstripe-framework/commit/f192a6ecaf70446ec60f6c7ef2a555395f83ea16) #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. (Patrick Nelson)

From 68d99be24b63a933f041cd80a248a7b7fa8d588c Mon Sep 17 00:00:00 2001
From: Loz Calver <lozcalver@bigfork.co.uk>
Date: Tue, 17 Nov 2015 16:34:17 +0000
Subject: [PATCH 37/49] FIX: Hidden errors for composite fields nested inside
 FieldGroups (fixes #4773)

---
 forms/FieldGroup.php           |  6 ++++--
 tests/forms/FieldGroupTest.php | 20 ++++++++++++++++++++
 2 files changed, 24 insertions(+), 2 deletions(-)
 create mode 100644 tests/forms/FieldGroupTest.php

diff --git a/forms/FieldGroup.php b/forms/FieldGroup.php
index 562e2b650..93d58d441 100644
--- a/forms/FieldGroup.php
+++ b/forms/FieldGroup.php
@@ -118,7 +118,8 @@ class FieldGroup extends CompositeField {
 	 * @return string
 	 */
 	public function Message() {
-		$fs = $this->FieldList();
+		$fs = array();
+		$this->collateDataFields($fs);
 
 		foreach($fs as $subfield) {
 			if($m = $subfield->Message()) $message[] = rtrim($m, ".");
@@ -131,7 +132,8 @@ class FieldGroup extends CompositeField {
 	 * @return string
 	 */
 	public function MessageType() {
-		$fs = $this->FieldList();
+		$fs = array();
+		$this->collateDataFields($fs);
 
 		foreach($fs as $subfield) {
 			if($m = $subfield->MessageType()) $MessageType[] = $m;
diff --git a/tests/forms/FieldGroupTest.php b/tests/forms/FieldGroupTest.php
new file mode 100644
index 000000000..f2ad6c1b5
--- /dev/null
+++ b/tests/forms/FieldGroupTest.php
@@ -0,0 +1,20 @@
+<?php
+
+class FieldGroupTest extends SapphireTest {
+
+	public function testMessagesInsideNestedCompositeFields() {
+		$fieldGroup = new FieldGroup(
+			new CompositeField(
+				$textField = new TextField('TestField', 'Test Field'),
+				$emailField = new EmailField('TestEmailField', 'Test Email Field')
+			)
+		);
+
+		$textField->setError('Test error message', 'warning');
+		$emailField->setError('Test error message', 'error');
+
+		$this->assertEquals('Test error message,  Test error message.', $fieldGroup->Message());
+		$this->assertEquals('warning.  error', $fieldGroup->MessageType());
+	}
+
+}

From f8cd876217819eeeb1bd699ff33d287fb4ba4b5c Mon Sep 17 00:00:00 2001
From: Daniel Hensby <dhensby@silverstripe.com>
Date: Wed, 18 Nov 2015 13:19:05 +0000
Subject: [PATCH 38/49] Fixing regression from #4733

---
 forms/HtmlEditorField.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/forms/HtmlEditorField.php b/forms/HtmlEditorField.php
index f9f58e747..f5a72a74c 100644
--- a/forms/HtmlEditorField.php
+++ b/forms/HtmlEditorField.php
@@ -578,7 +578,7 @@ class HtmlEditorField_Toolbar extends RequestHandler {
 
 			// Similar to the regex found in HtmlEditorField.js / getAnchors method.
 			if (preg_match_all("/\s(name|id)=\"([^\"]+?)\"|\s(name|id)='([^']+?)'/im", $page->Content, $matches)) {
-				$anchors = $matches[1];
+				$anchors = array_filter(array_merge($matches[2], $matches[4]));
 			}
 
 		} else {

From 9672cd3994011869ddc194a8cc377891220a8d41 Mon Sep 17 00:00:00 2001
From: Cam Findlay <cam@silverstripe.com>
Date: Wed, 29 Apr 2015 13:54:02 +1200
Subject: [PATCH 39/49] DOCS SilverStripe core RFC process, template and
 archive links to past RFCs.

---
 .../05_Contributing/02_Request_for_comment.md | 50 +++++++++++++++++++
 ...lease_Process.md => 03_Release_Process.md} |  0
 ...3_Documentation.md => 04_Documentation.md} |  0
 ...{04_Translations.md => 05_Translations.md} |  0
 ...n_Process.md => 06_Translation_Process.md} |  0
 ...re_committers.md => 07_Core_committers.md} |  0
 ...de_of_conduct.md => 08_Code_of_conduct.md} |  0
 7 files changed, 50 insertions(+)
 create mode 100644 docs/en/05_Contributing/02_Request_for_comment.md
 rename docs/en/05_Contributing/{02_Release_Process.md => 03_Release_Process.md} (100%)
 rename docs/en/05_Contributing/{03_Documentation.md => 04_Documentation.md} (100%)
 rename docs/en/05_Contributing/{04_Translations.md => 05_Translations.md} (100%)
 rename docs/en/05_Contributing/{05_Translation_Process.md => 06_Translation_Process.md} (100%)
 rename docs/en/05_Contributing/{06_Core_committers.md => 07_Core_committers.md} (100%)
 rename docs/en/05_Contributing/{07_Code_of_conduct.md => 08_Code_of_conduct.md} (100%)

diff --git a/docs/en/05_Contributing/02_Request_for_comment.md b/docs/en/05_Contributing/02_Request_for_comment.md
new file mode 100644
index 000000000..a2d716635
--- /dev/null
+++ b/docs/en/05_Contributing/02_Request_for_comment.md
@@ -0,0 +1,50 @@
+# Request for comment (RFC)
+
+## Why RFCs?
+This is part of the SilverStripe core decision-making process and addresses the gap between the idea phase and the pull request submission (and merge).
+
+The rationale behind this process is to:
+ * Encourage visibility on decision making
+ * Clarity on what the proposal is, its rationale and impact
+ * Reduce unnecessary work when coding large features is done without community and core-committers buy-in
+ * Improved likelihood of an optimal solution being merged
+
+The important thing to understand about the RFCs is that these are NOT a way to request features. Rather, they are a way to bring clarity so people understand what change is being proposed.
+
+## When to write an RFC?
+
+We intend RFCs to be the primary mechanisms for proposing major new features, for collecting community input on an issue, and for documenting the design decisions that have gone into SilverStripe. The RFC author is responsible for building consensus within the community and documenting dissenting opinions.
+
+Before writing the actual summary RFC document, the idea should have already had a wide range of discussion in various community communication channels. Once discussions reach a point where you think most of the difficulties have been worked through then create the RFC using the template provided.
+
+The benefits of writing an RFC for non-trivial feature proposals are:
+ * Obtaining a preliminary approval from core-committers on an architecture before code is completed, to mitigate the risk of a non-merge after a PR is submitted
+ * Community becomes aware of incoming changes prior to the implementation
+ * RFC can be used as a basis for documentation of the feature
+	
+## How to write an RFC?
+### Template
+The following heading can act as a template to starting your RFC.
+ * **Introduction** - include a reference #, title, author
+ * **Metadata** - standardised header containing at least the Author(s), Status and Version fields.
+ * **Purpose and outcome** - the purpose of this document, and the expected outcome.
+ * **Motivation** - why this is a good idea
+ * **Proposal** - how you propose to implement the idea after community discussion
+ * **Alternatives** - what other approaches were considered during the community discussion phase and why they were not chosen
+ * **Impact** - How will this change potentially impact on SilverStripe core? The good and the bad.
+
+### Submitting
+Once complete submit the RFC in the prescribed format above as a GitHub issue as markdown. A core committer will add a tag to your RFC to keep track of the submissions and status (see links to filtered GitHub issues at the bottom of this document). The GitHub Issue will be closed once a pull request containing the feature gets merged. 
+
+## What next?
+The RFC will be raised and discussed by the core committers in the monthly Google Hangout sessions, a vote for accepting the RFC will be taken requiring a majority vote (with at least a quorum of more than half of the core committers present).
+
+Once approved it will be announced on the [developer list](https://groups.google.com/forum/#!forum/silverstripe-dev) and if relevant, [UserVoice](http://silverstripe.uservoice.com) and [Roadmap](https://www.silverstripe.org/software/roadmap) will be updated. This now means that if a pull request meeting the idea set out in the RFC was raised that it would be merged by the Core Committers (pending the usual code peer review).
+
+## RFC Archives
+
+[Proposed RFC drafts](https://github.com/silverstripe/silverstripe-framework/labels/rfc%2Fdraft)
+
+
+[Accepted by Core Committers](https://github.com/silverstripe/silverstripe-framework/labels/rfc%2Faccepted)
+
diff --git a/docs/en/05_Contributing/02_Release_Process.md b/docs/en/05_Contributing/03_Release_Process.md
similarity index 100%
rename from docs/en/05_Contributing/02_Release_Process.md
rename to docs/en/05_Contributing/03_Release_Process.md
diff --git a/docs/en/05_Contributing/03_Documentation.md b/docs/en/05_Contributing/04_Documentation.md
similarity index 100%
rename from docs/en/05_Contributing/03_Documentation.md
rename to docs/en/05_Contributing/04_Documentation.md
diff --git a/docs/en/05_Contributing/04_Translations.md b/docs/en/05_Contributing/05_Translations.md
similarity index 100%
rename from docs/en/05_Contributing/04_Translations.md
rename to docs/en/05_Contributing/05_Translations.md
diff --git a/docs/en/05_Contributing/05_Translation_Process.md b/docs/en/05_Contributing/06_Translation_Process.md
similarity index 100%
rename from docs/en/05_Contributing/05_Translation_Process.md
rename to docs/en/05_Contributing/06_Translation_Process.md
diff --git a/docs/en/05_Contributing/06_Core_committers.md b/docs/en/05_Contributing/07_Core_committers.md
similarity index 100%
rename from docs/en/05_Contributing/06_Core_committers.md
rename to docs/en/05_Contributing/07_Core_committers.md
diff --git a/docs/en/05_Contributing/07_Code_of_conduct.md b/docs/en/05_Contributing/08_Code_of_conduct.md
similarity index 100%
rename from docs/en/05_Contributing/07_Code_of_conduct.md
rename to docs/en/05_Contributing/08_Code_of_conduct.md

From 2e5c56f1d0f9948a8120d3ebd120e10ac85bc247 Mon Sep 17 00:00:00 2001
From: Nic <nhorstmeier@gmail.com>
Date: Mon, 26 Oct 2015 15:37:06 -0500
Subject: [PATCH 40/49] DOCS update framework and cms milestone links

---
 docs/en/05_Contributing/03_Release_Process.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/05_Contributing/03_Release_Process.md b/docs/en/05_Contributing/03_Release_Process.md
index d7ee1faf3..6e642c230 100644
--- a/docs/en/05_Contributing/03_Release_Process.md
+++ b/docs/en/05_Contributing/03_Release_Process.md
@@ -10,7 +10,7 @@ The current maintainer responsible for planning and performing releases is Ingo
 
 ## Release Planning
 
-Our most up-to-date release plans are typically in the ["framework" milestone](https://github.com/silverstripe/silverstripe-framework/issues/milestones) and ["cms" milestone](https://github.com/silverstripe/silverstripe-cms/issues/milestones).
+Our most up-to-date release plans are typically in the ["framework" milestone](https://github.com/silverstripe/silverstripe-framework/milestones) and ["cms" milestone](https://github.com/silverstripe/silverstripe-cms/milestones).
 New features and API changes are discussed on the [core mailinglist](http://groups.google.com/group/silverstripe-dev). They are prioritised by the core team as tickets on 
 github.com. In addition, we collect community feedback on [silverstripe.uservoice.com](https://silverstripe.uservoice.com).
 Any feature ideas we're planning to implement will be flagged there.

From 7a7f592d0f45c7225105f56441ae561d36eb2225 Mon Sep 17 00:00:00 2001
From: Nick Spiel <email@nickspiel.me>
Date: Fri, 20 Nov 2015 14:16:52 +1100
Subject: [PATCH 41/49] Adding a transparent background to upload preview

Adding a background to upload preview

I could not see a preview of a white image with background transparency in the preview area. Adding a backgorund to this area helps make it more visible.

Applying background image to img

Applying background image to img to avoid layout change

Applying background image to img

Applying background image to img to avoid layout change
---
 css/UploadField.css   | 1 +
 scss/UploadField.scss | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/css/UploadField.css b/css/UploadField.css
index 0f496734f..1740fe29f 100644
--- a/css/UploadField.css
+++ b/css/UploadField.css
@@ -16,6 +16,7 @@ Used in side panels and action tabs
 .ss-uploadfield .ss-uploadfield-item { margin: 0; padding: 15px; overflow: auto; }
 .ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-preview { height: 60px; line-height: 60px; width: 80px; text-align: center; font-weight: bold; float: left; overflow: hidden; }
 .ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-preview.ss-uploadfield-dropzone { -moz-box-shadow: #808080 0 0 4px 0 inset; -webkit-box-shadow: #808080 0 0 4px 0 inset; box-shadow: #808080 0 0 4px 0 inset; border: 2px dashed #808080; background: #d0d3d5; display: none; margin-right: 15px; }
+.ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-preview img { background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAAICAYAAADED76LAAAAJElEQVQYV2O8dOnSfwYkoKenx4jMZ6SDAmT7QGx0K1EcRBsFAJfOHd3Le79RAAAAAElFTkSuQmCC') repeat; }
 .ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info { margin-left: 95px; }
 .ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info .ss-uploadfield-item-name { display: block; line-height: 13px; height: 26px; margin: 0; text-align: left; }
 .ss-uploadfield .ss-uploadfield-item .ss-uploadfield-item-info .ss-uploadfield-item-name .name { max-width: 240px; font-weight: bold; overflow: hidden; white-space: nowrap; text-overflow: ellipsis; -o-text-overflow: ellipsis; display: inline; float: left; }
diff --git a/scss/UploadField.scss b/scss/UploadField.scss
index f7708c8c4..1ea58f6b8 100644
--- a/scss/UploadField.scss
+++ b/scss/UploadField.scss
@@ -48,6 +48,9 @@
 				display: none;
 				margin-right: 15px;
 			}
+			img {
+				background: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAAICAYAAADED76LAAAAJElEQVQYV2O8dOnSfwYkoKenx4jMZ6SDAmT7QGx0K1EcRBsFAJfOHd3Le79RAAAAAElFTkSuQmCC) repeat;
+			}
 		}
 		.ss-uploadfield-item-info {
 			margin-left: 95px;

From 94742fa3e2efad8f77f4acd1f9d06bf74916c5e6 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Fri, 27 Nov 2015 13:10:52 +1300
Subject: [PATCH 42/49] BUG Revert method visibility regression

---
 security/Member.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/Member.php b/security/Member.php
index 609e8880e..d732b569c 100644
--- a/security/Member.php
+++ b/security/Member.php
@@ -1560,7 +1560,7 @@ class Member extends DataObject implements TemplateGlobalProvider {
 	/**
 	 * Validate this member object.
 	 */
-	protected function validate() {
+	public function validate() {
 		$valid = parent::validate();
 
 		if(!$this->ID || $this->isChanged('Password')) {

From 7db7140a70cc20edef1825e920abd02a8448d1d3 Mon Sep 17 00:00:00 2001
From: Peter Thaleikis <spekulatius@users.noreply.github.com>
Date: Fri, 4 Dec 2015 11:14:02 +1300
Subject: [PATCH 43/49] fixing example

---
 .../02_Developer_Guides/03_Forms/Field_types/05_UploadField.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md b/docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
index 99eec5435..bb43effe9 100644
--- a/docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
+++ b/docs/en/02_Developer_Guides/03_Forms/Field_types/05_UploadField.md
@@ -110,7 +110,8 @@ This example will save all uploads in the `/assets/customfolder/` folder. If the
 		'Root.Upload',	
 		$uploadField = new UploadField(
 			$name = 'GalleryImages',
-			$title = 'Please upload one or more images'		)	
+			$title = 'Please upload one or more images'
+		)	
 	);
 	$uploadField->setFolderName('customfolder');
 ```

From 903d4838bbe946f179e84206a47e563b46781385 Mon Sep 17 00:00:00 2001
From: Damian Mooyman <damian@silverstripe.com>
Date: Fri, 4 Dec 2015 10:43:46 +1300
Subject: [PATCH 44/49] Documentation on the release process

---
 .../04_Making_A_SilverStripe_Core_Release.md  | 313 ++++++++++++++++++
 ...4_Documentation.md => 05_Documentation.md} |   0
 ...{05_Translations.md => 06_Translations.md} |   0
 ...n_Process.md => 07_Translation_Process.md} |   0
 ...re_committers.md => 08_Core_committers.md} |   1 +
 ...de_of_conduct.md => 09_Code_of_conduct.md} |   0
 6 files changed, 314 insertions(+)
 create mode 100644 docs/en/05_Contributing/04_Making_A_SilverStripe_Core_Release.md
 rename docs/en/05_Contributing/{04_Documentation.md => 05_Documentation.md} (100%)
 rename docs/en/05_Contributing/{05_Translations.md => 06_Translations.md} (100%)
 rename docs/en/05_Contributing/{06_Translation_Process.md => 07_Translation_Process.md} (100%)
 rename docs/en/05_Contributing/{07_Core_committers.md => 08_Core_committers.md} (94%)
 rename docs/en/05_Contributing/{08_Code_of_conduct.md => 09_Code_of_conduct.md} (100%)

diff --git a/docs/en/05_Contributing/04_Making_A_SilverStripe_Core_Release.md b/docs/en/05_Contributing/04_Making_A_SilverStripe_Core_Release.md
new file mode 100644
index 000000000..2399d3a35
--- /dev/null
+++ b/docs/en/05_Contributing/04_Making_A_SilverStripe_Core_Release.md
@@ -0,0 +1,313 @@
+title: Making a SilverStripe core release
+summary: Development guide for core contributors to build and publish a new release 
+
+# Making a SilverStripe core release
+
+## Introduction
+
+This guide is intended to be followed by core contributors, allowing them to take
+the latest development branch of each of the core modules, and building a release.
+The artifacts for this process are typically:
+
+ * A downloadable tar / zip on silverstripe.org
+ * A published announcement
+ * A new composer installable stable tag for silverstripe/installer
+ 
+While this document is not normally applicable to normal silverstripe contributors,
+it is still useful to have it available in a public location so that these users
+are aware of these processes.
+
+## First time setup
+
+As a core contributor it is necessary to have installed the following set of tools:
+
+### First time setup: Standard releases
+
+* PHP 5.5+
+* Python 2.7 / 3.5
+* [cow release tool](https://github.com/silverstripe/cow#install). This should typically
+  be installed in a global location via the below command. Please see the installation
+  docs on the cow repo for more setup details.
+  - `composer global require silverstripe/cow dev-master`
+* [transifex client](http://docs.transifex.com/client/). You will also need to ensure that
+  your transifex account has been granted the necessary write permissions on the cms, framework,
+  installer, simple theme, siteconfig and reports modules:
+  - `pip install transifex-client`
+* [AWS CLI tools](https://aws.amazon.com/cli/):
+  - `pip install awscli`
+* A good _ss_environment.php setup in your localhost webroot.
+
+Example `_ss_environment.php`:
+
+    :::php
+    <?php
+    // Environent
+    define('SS_TRUSTED_PROXY_IPS', '*');
+    define('SS_ENVIRONMENT_TYPE', 'dev');
+    
+    // DB Credentials
+    define('SS_DATABASE_CLASS', 'MySQLDatabase');
+    define('SS_DATABASE_SERVER', '127.0.0.1');
+    define('SS_DATABASE_USERNAME', 'root');
+    define('SS_DATABASE_PASSWORD', '');
+    
+    // Each release will have its own DB
+    define('SS_DATABASE_CHOOSE_NAME', true);
+    
+    // So you can test releases
+    define('SS_DEFAULT_ADMIN_USERNAME', 'admin');
+    define('SS_DEFAULT_ADMIN_PASSWORD', 'password');
+    
+    // Basic CLI hostname
+    global $_FILE_TO_URL_MAPPING;
+    $_FILE_TO_URL_MAPPING[__DIR__] = "http://localhost";
+
+
+You will also need to be assigned the following permissions. Contact one of the SS staff from
+the [core committers](core_committers), who will assist with setting up your credentials.
+
+* Write permissions on the [silverstripe](https://github.com/silverstripe) and
+  [silverstripe-labs](https://github.com/silverstripe-labs) organisations.
+* Moderator permissions on the [community forum](http://www.silverstripe.org/community/forums/releases-and-announcements/).
+* Admin permissions on [transifex](https://www.transifex.com/silverstripe/).
+* AWS write permissions on the `silverstripe-ssorg-releases` s3 bucket.
+* Permission on [silverstripe release announcement](https://groups.google.com/forum/#!forum/silverstripe-announce).
+
+### First time setup: Security releases
+
+For doing security releases the following additional setup tasks are necessary:
+
+* Write permissions on the [silverstripe-security](https://github.com/silverstripe-security)
+  organisation.
+* Permission granted on the [open source security JIRA](https://silverstripe.atlassian.net/secure/RapidBoard.jspa?rapidView=198&view=detail)
+* Permissions to write to the [security releases page](http://www.silverstripe.org/download/security-releases)
+  and the [silverstripe.org cms](http://www.silverstripe.org/admin).
+* Permission on [security pre-announcement mailing list](https://groups.google.com/a/silverstripe.com/forum/#!forum/security-preannounce).
+
+## Security release process
+
+When doing a security release, typically one or more (or sometimes all) of the below
+steps will need to be performed manually. As such, this guide should not be followed
+exactly the same for these.
+
+Standard practice is to produce an RC for any patched modules on the security 
+forks for cms and framework (see [silverstripe-security](https://github.com/silverstripe-security)).
+
+<div class="warning" markdown="1">
+Security issues are never disclosed until a public stable release containing this fix
+is available, or within a reasonable period of time of such a release.
+</div>
+
+Producing a security fix follows this general process:
+
+* When a security issue is disclosed on security@silverstripe.com it should be given
+  a CVE (common vulnerability exposure) code. E.g. ss-2015-020. Make sure you thank
+  anyone who disclosed this issue, and confirm with them as soon as possible whether
+  this issue is a verified security issue.
+* Log this CVE, along with description, release version, and name of reporter in
+  JIRA at [open source security jira](https://silverstripe.atlassian.net/secure/RapidBoard.jspa?rapidView=198&view=detail).
+* Create a similar record of this issue on the [security releases page](http://www.silverstripe.org/download/security-releases)
+  in draft mode.
+* Post a pre-announcement to the [security pre-announcement list](https://groups.google.com/a/silverstripe.com/forum/#!forum/security-preannounce).
+  It's normally ideal to include a [VCSS](https://nvd.nist.gov/CVSS-v2-Calculator)
+  (common vulnerability scoring system) along with this pre-announcement. If the
+  release date of the final stable is not known, then it's ok to give an estimated
+  release schedule.
+* Push the current upstream target branches (e.g. 3.2) to the corresponding security fork
+  to a new branch named for the target release (e.g. 3.2.4). Security fixes should be 
+  applied to this branch only. Once a fix (or fixes) have been applied to this branch, then
+  an RC tag can be applied, and a private release can then be developed in order
+  to test this RC.
+* Once RC testing is completed and the release is ready for stabilisation, then these fixes
+  can then be pushed to the upstream module fork, and the release completed and published
+  as per normal.
+
+## Standard release process
+
+The release process, at a high level, involves creating an RC, publishing it, and 
+reviewing the need for either another RC or a final stable tag within a short period
+(normally within 3-5 business days).
+
+During the RC cycle a temporary RC branch is created, and should only receive
+absolutely critical fixes during the RC cycle. Any changes to this branch should
+result in the requirement for a new RC, thus a higher level of scrutiny is typically
+placed on any pull request to these branches.
+
+When creating a new RC or stable, the following process is broken down into two
+main sets of commands:
+
+### Stage 1: Release preparation:
+
+This is the part of the release that prepares and tests everything locally, but
+doe not make any upstream changes (so it's safe to run without worrying about
+any mistakes migrating their way into the public sphere).
+
+Invoked by running `cow release` in the format as below:
+ 
+    cow release <version> --from=<prior-version> --branch-auto -vvv
+
+This command has the following parameters:
+
+* `<version>` The version that is to be released. E.g. 3.2.4 or 3.2.4-rc1
+* `<prior-version>` The version from which to compare to generate a changelog.
+  E.g. 3.2.3 (if releasing 3.2.4), or 3.2.5 (if releasing 3.3.0 and that's the
+  newest 3.2.x version). You can normally leave this out for patch releases,
+  and the code will normally be able to guess the right version, but you may
+  as well declare it every time.
+* `--branch-auto` Will automatically create a new RC branch (e.g. 3.2.4) if
+  one does not exist.
+
+This can take between 5-15 minutes, and will invoke the following steps,
+each of which can also be run in isolation (in case the process stalls
+and needs to be manually advanced):
+
+* `realease:create` The release version will be created in the `release-<version>`
+  folder directly underneath the folder this command was invoked in. Cow
+  will look at the available versions and branch-aliases of silverstripe/installer
+  to determine the best version to install from. E.g. installing 4.0.0 will
+  know to install dev-master, and installing 3.3.0 will install from 3.x-dev.
+  If installing RC versions for stabilisation, it will use the correct RC
+  branch.
+* `release:branch` If release:create installed from a non-rc branch, it will
+  create the new RC branch (via `--branch-auto`). You can also customise this branch
+  with `--branch=<branchname>`, but it's best to use the standard.
+* `release:translate` All upstream transifex strings will be pulled into the
+  local master strings, and then the [api:i18nTextCollector] task will be invoked
+  and will merge these strings together, before pushing all new master strings
+  back up to transifex to make them available for translation. Changes to these
+  files will also be automatically committed to git.
+* `release:test` Will run all unit tests on this release. Make sure that you
+  setup your `_ss_environment.php` correctly (as above) so that this will work.
+* `release:changelog` Will compare the current branch head with `--from` parameter
+  version in order to generate a changelog file. This wil be placed into the
+  `./framework/docs/en/04_Changelogs/` folder. If an existing file named after
+  this version is already in that location, then the changes will be automatically
+  regenerated beneath the automatically added line:
+  `<!--- Changes below this line will be automatically regenerated -->`.
+  It may be necessary to edit this file to add details of any upgrading notes
+  or special considerations. If this is a security release, make sure that any
+  links to the security registrar (http://www.silverstripe.org/download/security-releases)
+  match the pages saved in draft.
+
+Once the release task has completed, it may be ideal to manually test the site out
+by running it locally (e.g. `http://localhost/release-3.3.4`) to do some smoke-testing
+and make sure that there are no obvious issues missed.
+
+It's also ideal to eyeball the git changes generated by the release tool, making sure
+that no translation strings were unintentionally lost, or that the changelog
+was generated correctly.
+
+Once this has been done, then the release is ready to be published live.
+
+### Stage 2: Release publication
+
+Once a release has been generated, has its translations updated, changelog generated,
+and tested, the next step is to publish the release. This involves tagging,
+building an archive, and uploading to
+[www.silverstripe.org](http://www.silverstripe.org/software/download/) download page.
+
+Invoked by running `cow release:publish` in the format as below:
+
+    cow release:publish <version> -vvv
+
+As with the `cow release` command, this step is broken down into the following
+subtasks which are invoked in sequence:
+
+* `release:tag` Each module will have the appropriate tag applied (except the theme).
+* `release:push` The RC branches and all tags are pushed up to origin on github.
+* `release:archive` This will generate a new tar.gz and zip archive, each for
+  cms and framework-only installations. These will be copied to the root folder
+  of the release directory, although the actual build will be created in temporary
+  directories (so any temp files generated during testing will not end up in the release).
+  If the tags generated in the prior step are not yet available on packagist (which can
+  take a few minutes at times) then this task will cycle through a retry-cycle,
+  which will re-attempt the archive creation periodically until these tags are available.
+* `release:upload` This will invoke the AWS CLI command to upload these archives to the 
+  s3 bucket `silverstripe-ssorg-releases`. If you have setup your AWS profile
+  for silverstripe releases under a non-default name, you can specify this profile
+  on the command line with the `--aws-profile=<profile>` command.
+
+Once all of these commands have completed there are a couple of final tasks left that
+aren't strictly able to be automated:
+
+* If this is a stable release, it will be necessary to perform a post-release merge
+  on open source. This normally will require you to merge the RC branch into the
+  source branch (e.g. merge 3.2.4 into 3.2), or sometimes create new branches if
+  releasing a new minor version, and bumping up the branch-alias in composer.json.
+  E.g. branching 3.3 from 3, and aliasing 3 as 3.4.x-dev. You can then delete
+  the temporary RC branches. This will need to be done before updating the 
+  release documentation in stage 3.
+* Merging up the changes in this release to newer branches, following the 
+  SemVer pattern (e.g. 3.2.4 > 3.2 > 3.3 > 3 > master). The more often this is
+  done the easier it is, but this can sometimes be left for when you have
+  more free time. Branches not receiving regular stable versions anymore (e.g.
+  3.0 or 3.1) should usually be omitted.
+* Set the github milestones to completed, and create placeholders for the next
+  minor versions. It may be necessary to re-assign any issues assigned to the prior
+  milestones to these new ones. See the below links for each module milestone list:
+   * [installer](https://github.com/silverstripe/silverstripe-installer/milestones)
+   * [framework](https://github.com/silverstripe/silverstripe-framework/milestones)
+   * [cms](https://github.com/silverstripe/silverstripe-cms/milestones)
+* Make sure that the [releases page](https://github.com/silverstripe/silverstripe-installer/releases)
+  on github shows the new tag.
+
+### Stage 3: Let the world know
+
+Once a release has been published there are a few places where user documentation
+will need to be regularly updated.
+
+* Make sure that the [download page](http://www.silverstripe.org/download) on
+  silverstripe.org has the release available. If it's a stable, it will appear
+  at the top of the page. If an RC pre-release, it will be available under the 
+  [development builds](http://www.silverstripe.org/download#download-releases)
+  section. If it's not available, you might need to check that the release was
+  properly uploaded to aws s3, or that you aren't viewing a cached version of
+  the download page. You can cache-bust this by adding `?release=<version>` to
+  the url. If things aren't working properly (and you have admin permissions)
+  you can run the [CoreReleaseUpdateTask](http://www.silverstripe.org/dev/tasks/CoreReleaseUpdateTask)
+  to synchronise with packagist.
+* Ensure that [docs.silverstripe.org](http://docs.silverstripe.org) has the
+  updated documentation by running the build task in the root folder. If
+  you do not have ssh access to this server, then contact a SilverStripe staff member
+  to update this for you. Make sure that the download link below links to the
+  correct changelog page. E.g.
+  [https://docs.silverstripe.org/en/3.2/changelogs/3.2.1/](https://docs.silverstripe.org/en/3.2/changelogs/3.2.1/)
+* Post a release announcement on the [silverstripe release announcement](https://groups.google.com/forum/#!forum/silverstripe-announce)
+  google group.
+* Create a release announcement forum sticky on the
+  [releases and announcements](http://www.silverstripe.org/community/forums/releases-and-announcements/)
+  forum category. Make this a global read-only sticky, and un-sticky any older release.
+* Update the IRC topic to include the new release version.
+
+### Stage 4: Web platform installer release
+
+The web platform installer is available [on the web app gallery](http://www.microsoft.com/web/gallery/silverstripecms.aspx).
+
+In order to update this you will need a Microsoft live account, and have it authorised
+by SilverStripe staff in order to publish these releases.
+
+To update this release there is an additional download tool at 
+[https://code.platform.silverstripe.com/silverstripe/webpi](https://code.platform.silverstripe.com/silverstripe/webpi)
+which will guide you through the process of generating a new zip release.
+
+    ./make-package 3.2.4 3.2.4
+    aws s3 cp ./silverstripe-3.2.4-webpi.zip s3://silverstripe-ssorg-releases/sssites-ssorg-prod/assets/downloads/webpi/silverstripe-3.2.4-webpi.zip --acl public-read --profile silverstripe
+
+Once you have a new release, update the necessary details at 
+[http://www.microsoft.com/web/gallery/appsubmit.aspx?id=57](http://www.microsoft.com/web/gallery/appsubmit.aspx?id=57)
+to submit a new version, including:
+ 
+* Set the version number
+* Update the release date
+* Submit the package URL
+* Submit the package SHA
+
+## See also
+
+* [Release Process](release_process)
+* [Translation Process](translation_process)
+* [Core committers](core_committers)
+
+If at any time a release runs into an unsolveable problem contact the
+core committers on the [discussion group](https://groups.google.com/forum/#!forum/silverstripe-committers)
+to ask for support.
diff --git a/docs/en/05_Contributing/04_Documentation.md b/docs/en/05_Contributing/05_Documentation.md
similarity index 100%
rename from docs/en/05_Contributing/04_Documentation.md
rename to docs/en/05_Contributing/05_Documentation.md
diff --git a/docs/en/05_Contributing/05_Translations.md b/docs/en/05_Contributing/06_Translations.md
similarity index 100%
rename from docs/en/05_Contributing/05_Translations.md
rename to docs/en/05_Contributing/06_Translations.md
diff --git a/docs/en/05_Contributing/06_Translation_Process.md b/docs/en/05_Contributing/07_Translation_Process.md
similarity index 100%
rename from docs/en/05_Contributing/06_Translation_Process.md
rename to docs/en/05_Contributing/07_Translation_Process.md
diff --git a/docs/en/05_Contributing/07_Core_committers.md b/docs/en/05_Contributing/08_Core_committers.md
similarity index 94%
rename from docs/en/05_Contributing/07_Core_committers.md
rename to docs/en/05_Contributing/08_Core_committers.md
index 3c1fa808f..ab376661d 100644
--- a/docs/en/05_Contributing/07_Core_committers.md
+++ b/docs/en/05_Contributing/08_Core_committers.md
@@ -31,4 +31,5 @@ With great power comes great responsibility, so we have agreed on certain expect
  * Be inclusive. Ensure a wide range of SilverStripe developers can obtain an understanding of your code and docs, and you're not the only one who can maintain it.
  * Avoid `git push --force`, and be careful with your git remotes (no accidental pushes)
  * Use your own forks to create feature branches
+ * We release using the standard process. See the [Making a SilverStripe Core Release](making_a_silverstripe_core_release)
 
diff --git a/docs/en/05_Contributing/08_Code_of_conduct.md b/docs/en/05_Contributing/09_Code_of_conduct.md
similarity index 100%
rename from docs/en/05_Contributing/08_Code_of_conduct.md
rename to docs/en/05_Contributing/09_Code_of_conduct.md

From d265c9b733ddac27d6df286ce000b09e1c69b986 Mon Sep 17 00:00:00 2001
From: Loz Calver <lozcalver@bigfork.co.uk>
Date: Mon, 14 Dec 2015 16:41:18 +0000
Subject: [PATCH 45/49] FIX: Allow omitting a value for OptionsetField
 submissions (fixes #4824)

---
 forms/OptionsetField.php           | 11 +++++++++++
 tests/forms/OptionsetFieldTest.php | 29 +++++++++++++++++++++++++++++
 2 files changed, 40 insertions(+)

diff --git a/forms/OptionsetField.php b/forms/OptionsetField.php
index d5974314d..ecc4e8223 100644
--- a/forms/OptionsetField.php
+++ b/forms/OptionsetField.php
@@ -117,6 +117,17 @@ class OptionsetField extends DropdownField {
 		return $this->disabledItems;
 	}
 
+	/**
+	 * {@inheritdoc}
+	 */
+	public function validate($validator) {
+		if (!$this->value) {
+			return true;
+		}
+
+		return parent::validate($validator);
+	}
+
 	public function ExtraOptions() {
 		return new ArrayList();
 	}
diff --git a/tests/forms/OptionsetFieldTest.php b/tests/forms/OptionsetFieldTest.php
index 8aa6c858b..d07f698af 100644
--- a/tests/forms/OptionsetFieldTest.php
+++ b/tests/forms/OptionsetFieldTest.php
@@ -25,6 +25,35 @@ class OptionsetFieldTest extends SapphireTest {
 		);
 	}
 
+	public function testValidation() {
+		$field = OptionsetField::create('Test', 'Testing', array(
+			"One" => "One",
+			"Two" => "Two",
+			"Five" => "Five"
+		));
+		$validator = new RequiredFields('Test');
+		$form = new Form($this, 'Form', new FieldList($field), new FieldList(), $validator);
+
+		$field->setValue("One");
+		$this->assertTrue($field->validate($validator));
+
+		//non-existent value should make the field invalid
+		$field->setValue("Three");
+		$this->assertFalse($field->validate($validator));
+
+		//empty string should pass field-level validation...
+		$field->setValue('');
+		$this->assertTrue($field->validate($validator));
+
+		// ... but should not pass "RequiredFields" validation
+		$this->assertFalse($form->validate());
+
+		//disabled items shouldn't validate
+		$field->setDisabledItems(array('Five'));
+		$field->setValue('Five');
+		$this->assertFalse($field->validate($validator));
+	}
+
 	public function testReadonlyField() {
 		$sourceArray = array(0 => 'No', 1 => 'Yes');
 		$field = new OptionsetField('FeelingOk', 'are you feeling ok?', $sourceArray, 1);

From d6d3aa3554598da790c453211269809a692d73d7 Mon Sep 17 00:00:00 2001
From: Loz Calver <lozcalver@bigfork.co.uk>
Date: Mon, 14 Dec 2015 16:45:11 +0000
Subject: [PATCH 46/49] Remove duplicate code

---
 forms/OptionsetField.php | 31 +------------------------------
 1 file changed, 1 insertion(+), 30 deletions(-)

diff --git a/forms/OptionsetField.php b/forms/OptionsetField.php
index ecc4e8223..42c1bab84 100644
--- a/forms/OptionsetField.php
+++ b/forms/OptionsetField.php
@@ -53,10 +53,8 @@
 class OptionsetField extends DropdownField {
 
 	/**
-	 * @var Array
+	 * {@inheritdoc}
 	 */
-	protected $disabledItems = array();
-
 	public function Field($properties = array()) {
 		$source = $this->getSource();
 		$odd = 0;
@@ -90,33 +88,6 @@ class OptionsetField extends DropdownField {
 		);
 	}
 
-	public function performReadonlyTransformation() {
-		// Source and values are DataObject sets.
-		$field = $this->castedCopy('LookupField');
-		$field->setSource($this->getSource());
-		$field->setReadonly(true);
-
-		return $field;
-	}
-
-	/**
-	 * Mark certain elements as disabled,
-	 * regardless of the {@link setDisabled()} settings.
-	 *
-	 * @param array $items Collection of array keys, as defined in the $source array
-	 */
-	public function setDisabledItems($items) {
-		$this->disabledItems = $items;
-		return $this;
-	}
-
-	/**
-	 * @return Array
-	 */
-	public function getDisabledItems() {
-		return $this->disabledItems;
-	}
-
 	/**
 	 * {@inheritdoc}
 	 */

From afbb5cfed4d29aea5868f0f12cd735dc5abe10d3 Mon Sep 17 00:00:00 2001
From: UndefinedOffset <echipman@webbuildersgroup.com>
Date: Tue, 15 Dec 2015 17:53:57 -0400
Subject: [PATCH 47/49] BUGFIX: Vimeo oEmbed endpoint redirecting to no www

---
 _config/Oembed.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/_config/Oembed.yml b/_config/Oembed.yml
index 02be4c601..8f738e292 100644
--- a/_config/Oembed.yml
+++ b/_config/Oembed.yml
@@ -23,11 +23,11 @@ Oembed:
     'http://*.hulu.com/watch/*':
       'http://www.hulu.com/api/oembed.json'
     'http://*.vimeo.com/*':
-      http: 'http://www.vimeo.com/api/oembed.json',
-      https: 'https://www.vimeo.com/api/oembed.json'
+      http: 'http://vimeo.com/api/oembed.json',
+      https: 'https://vimeo.com/api/oembed.json'
     'https://*.vimeo.com/*':
-      http: 'http://www.vimeo.com/api/oembed.json',
-      https: 'https://www.vimeo.com/api/oembed.json'
+      http: 'http://vimeo.com/api/oembed.json',
+      https: 'https://vimeo.com/api/oembed.json'
     'http://twitter.com/*':
       http: 'https://api.twitter.com/1/statuses/oembed.json',
       https: 'https://api.twitter.com/1/statuses/oembed.json'

From f77bac3ab0fca7a6486d36c74571144966e0e729 Mon Sep 17 00:00:00 2001
From: Ivo Bathke <ivo.bathke@gmail.com>
Date: Thu, 17 Dec 2015 11:57:46 +0100
Subject: [PATCH 48/49] Update 02_Composer.md

gdmedia/ss-auto-git-ignore as dev requirement
---
 docs/en/00_Getting_Started/02_Composer.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/en/00_Getting_Started/02_Composer.md b/docs/en/00_Getting_Started/02_Composer.md
index 19899daa1..6eb9f83b1 100644
--- a/docs/en/00_Getting_Started/02_Composer.md
+++ b/docs/en/00_Getting_Started/02_Composer.md
@@ -140,7 +140,7 @@ This package will maintain your [.gitignore](http://git-scm.com/docs/gitignore)
 
 Include the package in your project by running this command
 
-    composer require gdmedia/ss-auto-git-ignore
+    composer require gdmedia/ss-auto-git-ignore --dev
 
 Edit your composer.json and insert 
 
@@ -161,12 +161,12 @@ Full example of composer.json with the SSAutoGitIgnore installed and enabled
 			"php": ">=5.3.2",
 			"silverstripe/cms": "3.0.*",
 			"silverstripe/framework": "3.0.*",
-			"silverstripe-themes/simple": "*",
-			"gdmedia/ss-auto-git-ignore": "*"
+			"silverstripe-themes/simple": "*"
 		},
 		"require-dev": {
 			"silverstripe/compass": "*",
-			"silverstripe/docsviewer": "*"
+			"silverstripe/docsviewer": "*",
+			"gdmedia/ss-auto-git-ignore": "*"
 		},
 		"scripts": {
 			"post-update-cmd": "GDM\\SSAutoGitIgnore\\UpdateScript::Go"

From e114548a48d2bb35427d74c645bee5a1d8bb1355 Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Mon, 21 Dec 2015 11:52:08 +1300
Subject: [PATCH 49/49] Note about changelog additions in contrib guide

---
 docs/en/05_Contributing/01_Code.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/docs/en/05_Contributing/01_Code.md b/docs/en/05_Contributing/01_Code.md
index a46670290..807866ce0 100644
--- a/docs/en/05_Contributing/01_Code.md
+++ b/docs/en/05_Contributing/01_Code.md
@@ -150,6 +150,7 @@ After you have edited the file, GitHub will offer to create a pull request for y
 * Document your code inline through [PHPDoc](http://en.wikipedia.org/wiki/PHPDoc) syntax. See our 
 [API documentation](http://api.silverstripe.org/3.1/) for good examples.
 * Check and update documentation on [docs.silverstripe.org](http://docs.silverstripe.org). Check for any references to functionality deprecated or extended through your patch. Documentation changes should be included in the patch.
+* When introducing something "noteworthy" (new feature, API change), [update the release changelog](/changelogs) for the next release this commit will be included in.
 * If you get stuck, please post to the [forum](http://silverstripe.org/forum) or for deeper core problems, to the [core mailinglist](https://groups.google.com/forum/#!forum/silverstripe-dev)
 * When working with the CMS, please read the ["CMS Architecture Guide"](/developer_guides/customising_the_admin_interface/cms_architecture/) first