Merge upgrading notes from 3.1.19

2024-10-22 12:05:37 +00:00 · 2016-05-11 13:42:41 +12:00 · 2016-05-11 13:42:41 +12:00 · 7693fc9504
commit 7693fc9504
parent 01eaf9ed64
1 changed files with 28 additions and 0 deletions
--- a/docs/en/04_Changelogs/3.3.2.md
+++ b/docs/en/04_Changelogs/3.3.2.md
@ -1,5 +1,33 @@
 # 3.3.2

+## Upgrading
+
+`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
+login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form.
+
+Define a login form:
+
+```php
+class CustomLoginForm extends MemberLoginForm {
+
+	public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
+	{
+		parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
+
+		$this->disableSecurityToken();
+	}
+
+}
+```
+
+Add this to mysite/_config/config.yml
+
+```yaml
+Injector:
+  MemberLoginForm:
+    class: CustomLoginForm
+```
+
 <!--- Changes below this line will be automatically regenerated -->

 ## Change Log