From 43fb566388e4eb0c1970e1c2aeee71bb279ebcdc Mon Sep 17 00:00:00 2001
From: Ingo Schommer <ingo@silverstripe.com>
Date: Mon, 18 Feb 2013 15:59:15 +0100
Subject: [PATCH 1/2] Note about RestfulService SSL verification in upgrading
 guide

---
 docs/en/changelogs/3.1.0.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/docs/en/changelogs/3.1.0.md b/docs/en/changelogs/3.1.0.md
index dcc3c3240..c5ff6705e 100644
--- a/docs/en/changelogs/3.1.0.md
+++ b/docs/en/changelogs/3.1.0.md
@@ -22,6 +22,7 @@
  * Deny URL access if `Controller::$allowed_actions` is undefined
  * Removed support for "*" rules in `Controller::$allowed_actions`
  * Removed support for overriding rules on parent classes through `Controller::$allowed_actions`
+ * `RestfulService` verifies SSL peers by default
  * Editing of relation table data (`$many_many_extraFields`) in `GridField`
  * Optional integration with ImageMagick as a new image manipulation backend
  * Support for PHP 5.4's built-in webserver
@@ -174,6 +175,17 @@ in order to reduce the boilerplate code required to get a model editable in the
 Note: GridField is already relying on the permission checks performed
 through the CMS controllers, providing a simple level of security.
 
+### RestfulService verifies SSL peers by default
+
+This makes the implementation "secure by default", by removing
+the call to `curl_setopt(CURLOPT_SSL_VERIFYPEER, false)`.
+Failing to validate SSL peers makes HTTP requests vulnerable to man in the middle attacks.
+The underlying `curl` library relies on the operating system for the resulting CA certificate
+verification. On some systems (mainly Windows), these certificates are not available on
+a standard PHP installation, and need to be added manually through `CURLOPT_CAINFO`.
+Although it is not recommended, you can restore the old insecure behaviour with
+the following configuration: `RestfulService::set_default_curl_option(CURLOPT_SSL_VERIFYPEER, false)`.
+
 ### Other
 
  * `TableListField`, `ComplexTableField`, `TableField`, `HasOneComplexTableField`, `HasManyComplexTableField` and `ManyManyComplexTableField` have been removed from the core and placed into a module called "legacytablefields" located at https://github.com/silverstripe-labs/legacytablefields

From 00d01aa6e38ae4114552c4f45f3b4ac0bcea638c Mon Sep 17 00:00:00 2001
From: Zauberfisch <admin@zauberfisch>
Date: Thu, 7 Mar 2013 16:09:48 +0000
Subject: [PATCH 2/2] BUGFIX: fixed file icon for uppercase file extensions

---
 filesystem/File.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/filesystem/File.php b/filesystem/File.php
index 68da17445..01d89af88 100644
--- a/filesystem/File.php
+++ b/filesystem/File.php
@@ -411,7 +411,7 @@ class File extends DataObject {
 	 * @return String
 	 */
 	public function appCategory() {
-		return self::get_app_category($this->Extension);
+		return self::get_app_category($this->getExtension());
 	}
 
 	public function CMSThumbnail() {
@@ -426,7 +426,7 @@ class File extends DataObject {
 	 * @return String 
 	 */
 	public function Icon() {
-		$ext = $this->Extension;
+		$ext = strtolower($this->getExtension());
 		if(!Director::fileExists(FRAMEWORK_DIR . "/images/app_icons/{$ext}_32.gif")) {
 			$ext = $this->appCategory();
 		}