tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 12:05:37 +00:00
Code Issues Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/3.1.0-beta2' into 3.1

Browse Source
This commit is contained in:
Ingo Schommer 2013-03-12 10:45:44 +01:00
commit 53e988bb09
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/en/changelogs/3.1.0.md
View File

@ -22,6 +22,7 @@
* Deny URL access if `Controller::$allowed_actions` is undefined * Deny URL access if `Controller::$allowed_actions` is undefined
* Removed support for "*" rules in `Controller::$allowed_actions` * Removed support for "*" rules in `Controller::$allowed_actions`
* Removed support for overriding rules on parent classes through `Controller::$allowed_actions` * Removed support for overriding rules on parent classes through `Controller::$allowed_actions`
* `RestfulService` verifies SSL peers by default
* Editing of relation table data (`$many_many_extraFields`) in `GridField` * Editing of relation table data (`$many_many_extraFields`) in `GridField`
* Optional integration with ImageMagick as a new image manipulation backend * Optional integration with ImageMagick as a new image manipulation backend
* Support for PHP 5.4's built-in webserver * Support for PHP 5.4's built-in webserver
@ -174,6 +175,17 @@ in order to reduce the boilerplate code required to get a model editable in the
Note: GridField is already relying on the permission checks performed Note: GridField is already relying on the permission checks performed
through the CMS controllers, providing a simple level of security. through the CMS controllers, providing a simple level of security.
### RestfulService verifies SSL peers by default
This makes the implementation "secure by default", by removing
the call to `curl_setopt(CURLOPT_SSL_VERIFYPEER, false)`.
Failing to validate SSL peers makes HTTP requests vulnerable to man in the middle attacks.
The underlying `curl` library relies on the operating system for the resulting CA certificate
verification. On some systems (mainly Windows), these certificates are not available on
a standard PHP installation, and need to be added manually through `CURLOPT_CAINFO`.
Although it is not recommended, you can restore the old insecure behaviour with
the following configuration: `RestfulService::set_default_curl_option(CURLOPT_SSL_VERIFYPEER, false)`.
### Other ### Other
* `TableListField`, `ComplexTableField`, `TableField`, `HasOneComplexTableField`, `HasManyComplexTableField` and `ManyManyComplexTableField` have been removed from the core and placed into a module called "legacytablefields" located at https://github.com/silverstripe-labs/legacytablefields * `TableListField`, `ComplexTableField`, `TableField`, `HasOneComplexTableField`, `HasManyComplexTableField` and `ManyManyComplexTableField` have been removed from the core and placed into a module called "legacytablefields" located at https://github.com/silverstripe-labs/legacytablefields

4
filesystem/File.php
View File

@ -411,7 +411,7 @@ class File extends DataObject {
* @return String * @return String
*/ */
public function appCategory() { public function appCategory() {
return self::get_app_category($this->Extension); return self::get_app_category($this->getExtension());
} }
public function CMSThumbnail() { public function CMSThumbnail() {
@ -426,7 +426,7 @@ class File extends DataObject {
* @return String * @return String
*/ */
public function Icon() { public function Icon() {
$ext = $this->Extension; $ext = strtolower($this->getExtension());
if(!Director::fileExists(FRAMEWORK_DIR . "/images/app_icons/{$ext}_32.gif")) { if(!Director::fileExists(FRAMEWORK_DIR . "/images/app_icons/{$ext}_32.gif")) {
$ext = $this->appCategory(); $ext = $this->appCategory();
} }