tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity

DOCS: Add docs for versioned files migration

Browse Source
This commit is contained in:
Aaron Carlino 2019-09-18 17:10:07 +12:00
parent 5af205993d
commit 8ee5e621fd
2 changed files with 40 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/en/03_Upgrading/index.md
View File

@ -1148,6 +1148,26 @@ has been added to assist in migration of legacy files (see [file migration docum
./vendor/bin/sake dev/tasks/MigrateFileTask ./vendor/bin/sake dev/tasks/MigrateFileTask
``` ```
##### If you were using the versionedfiles on your 3.x site
SilverStripe 4 supersedes the `versionedfiles` module with its new support for
properly versioned files. However, your file migration will leave all your old
`_versions` folders as artefacts in the public filesystem, which means all the
unpublished versions of your old files are publicly accessible under a guessable URL.
To work around this, you can use the `VersionedFilesMigrationTask`:
`$ vendor/bin/sake dev/tasks/migrate-versionedfiles strategy=[delete|protect]`
If you choose the `delete` strategy (default), the task will delete all `_versions`
files for you. Be sure to take a snapshot of your `public/assets` folder before
doing so. If you choose the `protect` strategy, the task will drop an `.htaccess` file
in your old `_versions` directories. **This method only works if you are using Apache
to serve your static files**. If you are using another server such as Nginx, these files
will remain publicly exposed. It is recommended you use the `delete` strategy if you are
not using Apache.
### Any other script that needs running. ### Any other script that needs running.
Some third party modules may include their own migration tasks. Take a minute to consult the release notes of your third party dependencies to make sure you haven't missed anything. Some third party modules may include their own migration tasks. Take a minute to consult the release notes of your third party dependencies to make sure you haven't missed anything.

20
docs/en/04_Changelogs/4.3.5.md
View File

@ -19,4 +19,24 @@ SilverStripe\Assets\Shortcodes\FileShortcodeProvider:
allow_session_grant: true allow_session_grant: true
``` ```
## If you were using the versionedfiles on your 3.x site
This release includes a security fix for users who migrated from a 3.x site that used
the [versionedfiles](https://github.com/symbiote/silverstripe-versionedfiles) module.
The file migration would have left the `_versions` folders in your public filesystem
as artefacts, leaving all the unpublished versions of your old files publicly accessible
under a guessable URL.
To work around this, you can use the `VersionedFilesMigrationTask`:
`$ vendor/bin/sake dev/tasks/migrate-versionedfiles strategy=[delete|protect]`
If you choose the `delete` strategy (default), the task will delete all `_versions`
files for you. Be sure to take a snapshot of your `public/assets` folder before
doing so. If you choose the `protect` strategy, the task will drop an `.htaccess` file
in your old `_versions` directories. **This method only works if you are using Apache
to serve your static files**. If you are using another server such as Nginx, these files
will remain publicly exposed. It is recommended you use the `delete` strategy if you are
not using Apache.
<!--- Changes below this line will be automatically regenerated --> <!--- Changes below this line will be automatically regenerated -->