mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
Merge remote-tracking branch 'security/patch/3.1/ss-2016-006' into 3.1.19
This commit is contained in:
commit
92599727b9
37
docs/en/04_Changelogs/3.1.19.md
Normal file
37
docs/en/04_Changelogs/3.1.19.md
Normal file
@ -0,0 +1,37 @@
|
||||
# 3.1.19
|
||||
|
||||
## Upgrading
|
||||
|
||||
`LoginForm` no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
|
||||
login forms or other changes. To re-enable this, you'll need to use the `Injector` to create a custom login form.
|
||||
|
||||
Define a login form:
|
||||
|
||||
```php
|
||||
class CustomLoginForm extends MemberLoginForm {
|
||||
|
||||
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
|
||||
{
|
||||
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
|
||||
|
||||
$this->disableSecurityToken();
|
||||
}
|
||||
|
||||
}
|
||||
```
|
||||
|
||||
Add this to mysite/_config/config.yml
|
||||
|
||||
```yaml
|
||||
Injector:
|
||||
MemberLoginForm:
|
||||
class: CustomLoginForm
|
||||
```
|
||||
|
||||
<!--- Changes below this line will be automatically regenerated -->
|
||||
|
||||
## Change Log
|
||||
|
||||
### Security
|
||||
|
||||
### Bugfixes
|
@ -10,11 +10,6 @@
|
||||
* @subpackage security
|
||||
*/
|
||||
abstract class LoginForm extends Form {
|
||||
public function __construct($controller, $name, $fields, $actions) {
|
||||
parent::__construct($controller, $name, $fields, $actions);
|
||||
|
||||
$this->disableSecurityToken();
|
||||
}
|
||||
|
||||
/**
|
||||
* Authenticator class to use with this login form
|
||||
|
Loading…
Reference in New Issue
Block a user