diff --git a/admin/code/SecurityAdmin.php b/admin/code/SecurityAdmin.php index f30ca36a9..8220ceda6 100755 --- a/admin/code/SecurityAdmin.php +++ b/admin/code/SecurityAdmin.php @@ -281,7 +281,7 @@ class SecurityAdmin extends LeftAndMain implements PermissionProvider { $firstCrumb = $crumbs->shift(); if($params['FieldName'] == 'Groups') { $crumbs->unshift(new ArrayData(array( - 'Title' => singleton('Group')->plural_name(), + 'Title' => singleton('Group')->i18n_plural_name(), 'Link' => $this->Link('groups') ))); } elseif($params['FieldName'] == 'Users') { diff --git a/admin/javascript/lib.js b/admin/javascript/lib.js index a8ad7b6d2..3524c9724 100644 --- a/admin/javascript/lib.js +++ b/admin/javascript/lib.js @@ -194,8 +194,8 @@ // For embedded pages, remove the dialog hash key as in getFilePath(), // otherwise the Data Url won't match the id of the embedded Page. return u.hash.split( dialogHashKey )[0].replace( /^#/, "" ); - } else if ( path.isSameDomain( u, documentBase ) ) { - return u.hrefNoHash.replace( documentBase.domain, "" ); + } else if ( path.isSameDomain( u, document ) ) { + return u.hrefNoHash.replace( document.domain, "" ); } return absUrl; }, @@ -227,7 +227,7 @@ //return a url path with the window's location protocol/hostname/pathname removed clean: function( url ) { - return url.replace( documentBase.domain, "" ); + return url.replace( document.domain, "" ); }, //just return the url without an initial # @@ -244,7 +244,7 @@ //could be mailto, etc isExternal: function( url ) { var u = path.parseUrl( url ); - return u.protocol && u.domain !== documentUrl.domain ? true : false; + return u.protocol && u.domain !== document.domain ? true : false; }, hasProtocol: function( url ) { diff --git a/api/RestfulService.php b/api/RestfulService.php index 59d725ee6..4da3971d5 100644 --- a/api/RestfulService.php +++ b/api/RestfulService.php @@ -182,7 +182,7 @@ class RestfulService extends ViewableData implements Flushable { // Check for unexpired cached feed (unless flush is set) //assume any cache_expire that is 0 or less means that we dont want to // cache - if($this->cache_expire > 0 && self::$flush + if($this->cache_expire > 0 && !self::$flush && @file_exists($cache_path) && @filemtime($cache_path) + $this->cache_expire > time()) { diff --git a/cli-script.php b/cli-script.php index f0f0c6233..0a8808528 100755 --- a/cli-script.php +++ b/cli-script.php @@ -97,7 +97,7 @@ Once you have done that, run 'composer install' or './framework/sake dev/build' an empty database. For more information, please read this page in our docs: -http://doc.silverstripe.org/framework/en/topics/environment-management +http://docs.silverstripe.org/en/getting_started/environment_management/ ENVCONTENT; @@ -110,7 +110,7 @@ DB::connect($databaseConfig); $url = isset($_SERVER['argv'][1]) ? $_SERVER['argv'][1] : null; if(!$url) { echo 'Please specify an argument to cli-script.php/sake. For more information, visit' - . ' http://doc.silverstripe.org/framework/en/topics/commandline'; + . ' http://docs.silverstripe.org/en/developer_guides/cli'; die(); } diff --git a/control/HTTP.php b/control/HTTP.php index 85e6eb26a..a14efa3af 100644 --- a/control/HTTP.php +++ b/control/HTTP.php @@ -24,6 +24,11 @@ class HTTP { */ protected static $etag = null; + /** + * @config + */ + private static $cache_ajax_requests = true; + /** * Turns a local system filename into a URL by comparing it to the script * filename. @@ -325,7 +330,9 @@ class HTTP { // Popuplate $responseHeaders with all the headers that we want to build $responseHeaders = array(); - if(function_exists('apache_request_headers')) { + $config = Config::inst(); + // currently using a config setting to cancel this, seems to be so taht the CMS caches ajax requests + if(function_exists('apache_request_headers') && $config->get(get_called_class(), 'cache_ajax_requests')) { $requestHeaders = apache_request_headers(); if(isset($requestHeaders['X-Requested-With']) && $requestHeaders['X-Requested-With']=='XMLHttpRequest') { $cacheAge = 0; diff --git a/control/HTTPRequest.php b/control/HTTPRequest.php index b54f18aaf..62229e2f4 100644 --- a/control/HTTPRequest.php +++ b/control/HTTPRequest.php @@ -68,7 +68,7 @@ class SS_HTTPRequest implements ArrayAccess { protected $body; /** - * @var array $allParams Contains an assiciative array of all + * @var array $allParams Contains an associative array of all * arguments matched in all calls to {@link RequestHandler->handleRequest()}. * It's a "historical record" that's specific to the current call of * {@link handleRequest()}, and is only complete once the "last call" to that method is made. diff --git a/control/HTTPResponse.php b/control/HTTPResponse.php index fafa43962..061c09311 100644 --- a/control/HTTPResponse.php +++ b/control/HTTPResponse.php @@ -161,6 +161,7 @@ class SS_HTTPResponse { */ public function setBody($body) { $this->body = $body ? (string)$body : $body; // Don't type-cast false-ish values, eg null is null not '' + return $this; } /** @@ -191,7 +192,6 @@ class SS_HTTPResponse { public function getHeader($header) { if(isset($this->headers[$header])) return $this->headers[$header]; - return null; } /** @@ -238,13 +238,17 @@ class SS_HTTPResponse { $url = Director::absoluteURL($this->headers['Location'], true); $urlATT = Convert::raw2htmlatt($url); $urlJS = Convert::raw2js($url); - echo - "

Redirecting to " - . "$urlATT... (output started on $file, line $line)

- - "; + $title = Director::isDev() + ? "{$urlATT}... (output started on {$file}, line {$line})" + : "{$urlATT}..."; + echo <<Redirecting to {$title}

+ +"; +EOT + ; } else { $line = $file = null; if(!headers_sent($file, $line)) { diff --git a/core/Constants.php b/core/Constants.php index eb98ce9ff..574773fc9 100644 --- a/core/Constants.php +++ b/core/Constants.php @@ -49,14 +49,12 @@ if ($dirsToCheck[0] == $dirsToCheck[1]) { foreach ($dirsToCheck as $dir) { //check this dir and every parent dir (until we hit the base of the drive) // or until we hit a dir we can't read - do { - //add the trailing slash we need to concatenate properly - $dir .= DIRECTORY_SEPARATOR; + while(true) { //if it's readable, go ahead if (@is_readable($dir)) { //if the file exists, then we include it, set relevant vars and break out - if (file_exists($dir . $envFile)) { - define('SS_ENVIRONMENT_FILE', $dir . $envFile); + if (file_exists($dir . DIRECTORY_SEPARATOR . $envFile)) { + define('SS_ENVIRONMENT_FILE', $dir . DIRECTORY_SEPARATOR . $envFile); include_once(SS_ENVIRONMENT_FILE); //break out of BOTH loops because we found the $envFile break(2); @@ -66,11 +64,14 @@ foreach ($dirsToCheck as $dir) { //break out of the while loop, we can't read the dir break; } + if (dirname($dir) == $dir) { + // here we need to check that the path of the last dir and the next one are + // not the same, if they are, we have hit the root of the drive + break; + } //go up a directory $dir = dirname($dir); - //here we need to check that the path of the last dir and the next one are - // not the same, if they are, we have hit the root of the drive - } while (dirname($dir) != $dir); + } } /////////////////////////////////////////////////////////////////////////////// diff --git a/core/Core.php b/core/Core.php index cebc9283c..6048b1a0b 100644 --- a/core/Core.php +++ b/core/Core.php @@ -96,7 +96,7 @@ Injector::set_inst($injector); // The coupling is a hack, but it removes an annoying bug where new classes // referenced in _config.php files can be referenced during the build process. $requestURL = isset($_REQUEST['url']) ? trim($_REQUEST['url'], '/') : false; -$flush = (isset($_GET['flush']) || $requestURL == 'dev/build' || $requestURL == BASE_URL . '/dev/build'); +$flush = (isset($_GET['flush']) || $requestURL === trim(BASE_URL . '/dev/build', '/')); global $manifest; $manifest = new SS_ClassManifest(BASE_PATH, false, $flush); diff --git a/core/TempPath.php b/core/TempPath.php index ed725e447..1d3e80d3e 100644 --- a/core/TempPath.php +++ b/core/TempPath.php @@ -64,8 +64,9 @@ function getTempParentFolder($base = null) { } // failing the above, try finding a namespaced silverstripe-cache dir in the system temp - $cacheFolder = DIRECTORY_SEPARATOR . 'silverstripe-cache' . str_replace(array(' ', '/', ':', '\\'), '-', $base); - $tempPath = sys_get_temp_dir() . $cacheFolder; + $tempPath = sys_get_temp_dir() . DIRECTORY_SEPARATOR . + 'silverstripe-cache-php' . preg_replace('/[^\w-\.+]+/', '-', PHP_VERSION) . + str_replace(array(' ', '/', ':', '\\'), '-', $base); if(!@file_exists($tempPath)) { $oldUMask = umask(0); $worked = @mkdir($tempPath, 0777); diff --git a/dev/install/install.php5 b/dev/install/install.php5 index 3971fb1da..9491e354f 100755 --- a/dev/install/install.php5 +++ b/dev/install/install.php5 @@ -31,60 +31,11 @@ if(function_exists('session_start') && !session_id()) { session_start(); } -/** - * Include _ss_environment.php file - */ -$usingEnv = false; -$envFileExists = false; -//define the name of the environment file -$envFile = '_ss_environment.php'; -//define the dirs to start scanning from (have to add the trailing slash) -// we're going to check the realpath AND the path as the script sees it -$dirsToCheck = array( - realpath('.'), - dirname($_SERVER['SCRIPT_FILENAME']) -); -//if they are the same, remove one of them -if($dirsToCheck[0] == $dirsToCheck[1]) { - unset($dirsToCheck[1]); -} -foreach($dirsToCheck as $dir) { -//check this dir and every parent dir (until we hit the base of the drive) - // or until we hit a dir we can't read - do { - //add the trailing slash we need to concatenate properly - $dir .= DIRECTORY_SEPARATOR; - //if it's readable, go ahead - if(@is_readable($dir)) { - //if the file exists, then we include it, set relevant vars and break out - if(file_exists($dir . $envFile)) { - include_once($dir . $envFile); - $envFileExists = true; - //legacy variable assignment - $usingEnv = true; - //break out of BOTH loops because we found the $envFile - break(2); - } - } else { - //break out of the while loop, we can't read the dir - break; - } - //go up a directory - $dir = dirname($dir); - //here we need to check that the path of the last dir and the next one are -// not the same, if they are, we have hit the root of the drive - } while(dirname($dir) != $dir); -} +require_once FRAMEWORK_NAME . '/core/Constants.php'; // this also includes TempPath.php; -if($envFileExists) { - if(!empty($_REQUEST['useEnv'])) { - $usingEnv = true; - } else { - $usingEnv = false; - } -} +$envFileExists = defined('SS_ENVIRONMENT_FILE'); +$usingEnv = $envFileExists && !empty($_REQUEST['useEnv']); -require_once FRAMEWORK_NAME . '/core/Constants.php'; // this also includes TempPath.php require_once FRAMEWORK_NAME . '/dev/install/DatabaseConfigurationHelper.php'; require_once FRAMEWORK_NAME . '/dev/install/DatabaseAdapterRegistry.php'; @@ -1554,7 +1505,7 @@ HTML; if($base != '.') $baseClause = "RewriteBase '$base'\n"; else $baseClause = ""; - if(strpos(strtolower(php_sapi_name()), "cgi") !== false) $cgiClause = "RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]\n"; + if(strpos(strtolower(php_sapi_name()), "cgi") !== false) $cgiClause = "RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]\n"; else $cgiClause = ""; $modulePath = FRAMEWORK_NAME; $rewrite = << Apache`. + 5. With that setup, we are ready to install `composer`. This is a two step process if we would like this to be installed globally (only do the first step if you would like `composer` installed to the local working directory only). + - First, run the following command in the terminal: `curl -sS https://getcomposer.org/installer | phpmamp` + + We are using `phpmamp` so that we correctly use the MAMP installation of PHP from above. + + - Second, if you want to make composer available globally, we need to move the file to '/usr/local/bin/composer'. To do this, run the following command: + `sudo mv composer.phar /usr/local/bin/composer` + + Terminal will ask you for your root password, after entering it and pressing the 'return' (or enter) key, you'll have a working global installation of composer on your mac that uses MAMP. + + 6. You can verify your installation worked by typing the following command: + `composer` + It'll show you the current version and a list of commands you can use. + + 7. Run the following command to get a fresh copy of SilverStripe via composer: + + `composer create-project silverstripe/installer /Applications/MAMP/htdocs/silverstripe/` + + 8. You can now [use composer](http://doc.silverstripe.org/framework/en/getting_started/composer/) to manage future SilverStripe updates and adding modules with a few easy commands. + + +### Package Download + +[Download](http://silverstripe.org/software/download/) the latest SilverStripe installer package. Copy the tar.gz or zip file to the 'Document Root' for MAMP - By Default its `/Applications/MAMP/htdocs`. +Don't know what your Document Root is? Open MAMP Click `Preferences -> Apache`. Extract the tar.gz file to a folder, e.g. `silverstripe/` (you always move the tar.gz file first and not the other way around as SilverStripe uses a '.htaccess' file which is hidden from OSX so if you move SilverStripe the .htaccess file won't come along. -###Run the installation wizard +### Run the installation wizard Once you have a copy of the required code (by either of the above methods), open your web browser and go to `http://localhost:8888/silverstripe/`. Enter your database details - by default with MAMP its user `root` and password `root` and select your account details. Click "Check Details". -Once everything is sorted hit "Install!" and Voila, you have SilverStripe installed +Once everything is sorted hit "Install!" and Voila, you have SilverStripe installed diff --git a/docs/en/00_Getting_Started/01_Installation/03_Windows.md b/docs/en/00_Getting_Started/01_Installation/03_Windows.md index cc59f5733..5eaa68884 100644 --- a/docs/en/00_Getting_Started/01_Installation/03_Windows.md +++ b/docs/en/00_Getting_Started/01_Installation/03_Windows.md @@ -40,8 +40,10 @@ $ composer create-project silverstripe/installer ./silverstripe * Unpack the archive into `C:\wamp\www` * Rename the unpacked directory from `C:\wamp\www\silverstripe-vX.X.X` to `C:\wamp\www\silverstripe` -### Install and configure -* Visit `http://localhost/silverstripe` - you will see SilverStripe's installation screen. +## Install and configure +* Option 1: Environment file - Set up a file named _ss_environment.php either in the webroot or a directory above webroot and setup as per the [Environment Management process](/getting_started/environment_management). + +* Option 2: Installer - Visit `http://localhost/silverstripe` - you will see SilverStripe's installation screen. * You should be able to click "Install SilverStripe" and the installer will do its thing. It takes a minute or two. * Once the installer has finished, visit `http://localhost/silverstripe`. You should see your new SilverStripe site's home page. @@ -61,4 +63,16 @@ alternatives for incoming connection". Make sure that it is de-selected. Right clicked on the installation folder and go to Permissions > Security > Users > Advanced and give the user full control. -3. If you find you are having issues with URL rewriting. Remove the index.php file that is bundled with SilverStripe. As we are using Apache web server's URL rewriting this file is not required (and in fact can result in problems when using apache 2.4+ as in the latest versions of WAMP). The other option is to enable the mod_access_compat module for apache which improves compatibility of newer versions of Apache with SilverStripe. \ No newline at end of file +3. Apache rewrite (mod_rewrite) isn't working and it's installed (prior to SilverStripe 3.1.11) + +Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler) (precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site. Further requests are then handled by index.php rather than `mod_rewrite` (framework/main.php). To fix this place the following within the `mod_rewrite` section of your .htaccess file: + +``` + + # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4 + + DirectoryIndex disabled + +# ------ # + +``` diff --git a/docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md b/docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md index 2a5270594..ebfed3a73 100644 --- a/docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md +++ b/docs/en/00_Getting_Started/01_Installation/05_Common_Problems.md @@ -25,6 +25,20 @@ On "live" environments, the `?isDev=1` solution is preferred, as it means that y (and potentially security sensitive) PHP errors as well. +## mod_rewrite isn't working but it's installed (prior to SilverStripe 3.1.11) + +Due to some changes to `mod_dir` in [Apache 2.4](http://httpd.apache.org/docs/current/mod/mod_dir.html#DirectoryCheckHandler) (precedence of handlers), index.php gets added to the URLs as soon as you navigate to the homepage of your site. Further requests are then handled by index.php rather than `mod_rewrite` (framework/main.php). To fix this place the following within the `mod_rewrite` section of your .htaccess file: + +``` + + # Turn off index.php handling requests to the homepage fixes issue in apache >=2.4 + + DirectoryIndex disabled + +# ------ # + +``` + ## My templates don't update on page refresh Putting ?flush=1 on the end of any SilverStripe URL will clear out all cached content; this is a pretty common solution @@ -108,4 +122,4 @@ foreach($files as $name => $file){ $matched = true; } } -``` \ No newline at end of file +``` diff --git a/docs/en/00_Getting_Started/01_Installation/index.md b/docs/en/00_Getting_Started/01_Installation/index.md index 429655a15..fb8b83df8 100644 --- a/docs/en/00_Getting_Started/01_Installation/index.md +++ b/docs/en/00_Getting_Started/01_Installation/index.md @@ -1,7 +1,7 @@ # Installation These instructions show you how to install SilverStripe on any web server. -The best way to install from the source code is to use [Composer](composer). +The best way to install from the source code is to use [Composer](../composer). Check out our operating system specific guides for [Linux](linux_unix), [Windows Server](windows-pi) and [Mac OSX](mac-osx). @@ -24,4 +24,4 @@ If the above steps don't work for any reason have a read of the [Common Problems SilverStripe ships with default rewriting rules specific to your web server. Apart from routing requests to the framework, they also prevent access to sensitive files in the webroot, for example YAML configuration files. Please refer to the [security](/topics/security) documentation for details. - \ No newline at end of file + diff --git a/docs/en/01_Tutorials/01_Building_A_Basic_Site.md b/docs/en/01_Tutorials/01_Building_A_Basic_Site.md index 1317de48c..4c8b84819 100644 --- a/docs/en/01_Tutorials/01_Building_A_Basic_Site.md +++ b/docs/en/01_Tutorials/01_Building_A_Basic_Site.md @@ -1,6 +1,9 @@ title: Building a basic site summary: An overview of the SilverStripe installation and an introduction to creating a web page. +
+This tutorial is deprecated, and has been replaced by Lessons 1, 2, 3, and 4 in the [Lessons section](http://www.silverstripe.org/learn/lessons) +
# Tutorial 1 - Building a Basic Site ## Overview diff --git a/docs/en/01_Tutorials/02_Extending_A_Basic_Site.md b/docs/en/01_Tutorials/02_Extending_A_Basic_Site.md index 0d40bf2d1..5a7fb60cd 100644 --- a/docs/en/01_Tutorials/02_Extending_A_Basic_Site.md +++ b/docs/en/01_Tutorials/02_Extending_A_Basic_Site.md @@ -1,6 +1,10 @@ title: Extending a basic site summary: Building on tutorial 1, a look at storing data in SilverStripe and creating a latest news feed. +
+This tutorial is deprecated, and has been replaced by Lessons 4, 5, and 6 in the [Lessons section](http://www.silverstripe.org/learn/lessons) +
+ # Tutorial 2 - Extending a basic site ## Overview @@ -246,7 +250,7 @@ page layout. ### ArticlePage Template First, the template for displaying a single article: -**themes/simple/templates/Layout/ArticlePage.ss** +**themes/simple/templates/Layout/ArticlePage.ss** :::ss @@ -409,6 +413,9 @@ An RSS feed is something that no news section should be without. SilverStripe ma } +Ensure that when you have input the code to implement an RSS feed; flush the webpage afterwards +(add ?flush=all on the end of your URL). This is because allowed_actions has changed. + This function creates an RSS feed of all the news articles, and outputs it to the browser. If we go to [http://localhost/your_site_name/news/rss](http://localhost/your_site_name/news/rss) we should see our RSS feed. When there is more to a URL after a page's base URL, "rss" in this case, SilverStripe will call the function with that name on the controller if it exists. Depending on your browser, you should see something like the picture below. If your browser doesn't support RSS, you will most likely see the XML output instead. For more on RSS, see `[api:RSSFeed]` diff --git a/docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md b/docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md index cac565c1b..1696369ec 100644 --- a/docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md +++ b/docs/en/01_Tutorials/05_Dataobject_Relationship_Management.md @@ -1,6 +1,10 @@ title: DataObject Relationship Management summary: Learn how to create custom DataObjects and how to build interfaces for managing that data. +
+This tutorial is deprecated, and has been replaced by Lessons 7, 8, 9, and 10 in the [Lessons section](http://www.silverstripe.org/learn/lessons) +
+ # Tutorial 5 - Dataobject Relationship Management ## Overview diff --git a/docs/en/01_Tutorials/index.md b/docs/en/01_Tutorials/index.md index 8f847469b..c2b4be94e 100644 --- a/docs/en/01_Tutorials/index.md +++ b/docs/en/01_Tutorials/index.md @@ -2,18 +2,24 @@ title: Tutorials introduction: The tutorials below take a step by step look at how to build a SilverStripe application. ## Written Tutorials - -[CHILDREN] - +
+These tutorials are deprecated, and have been replaced by the new [Lessons](http://silverstripe.org/learn/lessons) section. +
+[CHIDLREN] ## Video lessons These include video screencasts, written tutorials and code examples to get you started working with SilverStripe websites. * [How to set up a local development environment in SilverStripe](https://vimeo.com/108861537) * [Lesson 1: Creating your first theme](http://www.silverstripe.org/learn/lessons/lesson-1-creating-your-first-theme/) * [Lesson 2: Migrating static templates into your theme](http://www.silverstripe.org/learn/lessons/lesson-2-migrating-static-templates-into-your-theme/) -* [Lesson 3: Adding dynamic content](http://www.silverstripe.org/learn/lessons/lesson-3/) +* [Lesson 3: Adding dynamic content](http://www.silverstripe.org/learn/lessons/lesson-3-adding-dynamic-content/) * [Lesson 4: Working with multiple templates](http://www.silverstripe.org/learn/lessons/lesson-4-working-with-multiple-templates/) * [Lesson 5: The holder/page pattern](http://www.silverstripe.org/learn/lessons/lesson-5-the-holderpage-pattern/) +* [Lesson 6: Adding Custom Fields to a Page](http://www.silverstripe.org/learn/lessons/lesson-6-adding-custom-fields-to-a-page/) +* [Lesson 7: Working with Files and Images](http://www.silverstripe.org/learn/lessons/lesson-7-working-with-files-and-images/) +* [Lesson 8: Introduction to the ORM](http://www.silverstripe.org/learn/lessons/lesson-8-introduction-to-the-orm) +* [Lesson 9: Data Relationships - $has_many](http://www.silverstripe.org/learn/lessons/lesson-9-working-with-data-relationships-has-many) +* [Lesson 10: Introduction to the ORM](http://www.silverstripe.org/learn/lessons/lesson-10-working-with-data-relationships-many-many) ## Help: If you get stuck diff --git a/docs/en/02_Developer_Guides/00_Model/10_Versioning.md b/docs/en/02_Developer_Guides/00_Model/10_Versioning.md index 9494b6f73..b344df6d2 100644 --- a/docs/en/02_Developer_Guides/00_Model/10_Versioning.md +++ b/docs/en/02_Developer_Guides/00_Model/10_Versioning.md @@ -30,7 +30,7 @@ The extension is automatically applied to `SiteTree` class. For more information ## Database Structure Depending on how many stages you configured, two or more new tables will be created for your records. In the above, this -will create a new `MyClass_Live` table once you've rebuilt the database. +will create a new `MyRecord_Live` table once you've rebuilt the database.
Note that the "Stage" naming has a special meaning here, it will leave the original table name unchanged, rather than @@ -174,4 +174,4 @@ permissions, and avoid exposing unpublished content to your users. ## API Documentation -* [api:Versioned] \ No newline at end of file +* [api:Versioned] diff --git a/docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md b/docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md index 79d508417..f66d57d15 100644 --- a/docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md +++ b/docs/en/02_Developer_Guides/00_Model/11_Scaffolding.md @@ -26,7 +26,7 @@ An example is `DataObject`, SilverStripe will automatically create your CMS inte public function getCMSFields() { // parent::getCMSFields() does all the hard work and creates the fields for Title, IsActive and Content. $fields = parent::getCMSFields(); - $fields->fieldByName('IsActive')->setTitle('Is active?'); + $fields->dataFieldByName('IsActive')->setTitle('Is active?'); return $fields; } @@ -39,7 +39,7 @@ To fully customise your form fields, start with an empty FieldList. public function getCMSFields() { $fields = FieldList::create( - TabSet::create("Root", + TabSet::create("Root.Main", CheckboxSetField::create('IsActive','Is active?'), TextField::create('Title'), TextareaField::create('Content') @@ -225,4 +225,4 @@ Non-textual elements (such as images and their manipulations) can also be used i ## API Documentation * [api:FormScaffolder] -* [api:DataObject] \ No newline at end of file +* [api:DataObject] diff --git a/docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md b/docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md index 9db989739..b2a3291ac 100644 --- a/docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md +++ b/docs/en/02_Developer_Guides/02_Controllers/01_Introduction.md @@ -67,16 +67,14 @@ It is standard in SilverStripe for your controller actions to be `lowercasewithn Action methods can return one of four main things: - * an array. In this case the values in the array are available in the templates and the controller completes as - usual by returning a [api:SS_HTTPResponse] with the body set to the current template. - * `HTML`. SilverStripe will wrap the `HTML` into a `SS_HTTPResponse` and set the status code to 200. - * an [api:SS_HTTPResponse] containing a manually defined `status code` and `body`. - * an [api:SS_HTTPResponse_Exception]. A special type of response which indicates a error. By returning the - exception, the execution pipeline can adapt and display any error handlers. - - :::php +* an array. In this case the values in the array are available in the templates and the controller completes as usual by returning a [api:SS_HTTPResponse] with the body set to the current template. +* `HTML`. SilverStripe will wrap the `HTML` into a `SS_HTTPResponse` and set the status code to 200. +* an [api:SS_HTTPResponse] containing a manually defined `status code` and `body`. +* an [api:SS_HTTPResponse_Exception]. A special type of response which indicates a error. By returning the exception, the execution pipeline can adapt and display any error handlers. **mysite/code/controllers/TeamController.php** + + :::php /** * Return some additional data to the current response that is waiting to go out, this makes $Title set to * 'MyTeamName' and continues on with generating the response. @@ -155,14 +153,13 @@ Each controller should define a `Link()` method. This should be used to avoid ha **mysite/code/controllers/TeamController.php** - :::php - public function Link($action = null) { + :::php + public function Link($action = null) { return Controller::join_links('teams', $action); } -
-The [api:Controller::join_links] is optional, but makes `Link()` more flexible by allowing an `$action` argument, and -concatenates the path segments with slashes. The action should map to a method on your controller. +
+The [api:Controller::join_links] is optional, but makes `Link()` more flexible by allowing an `$action` argument, and concatenates the path segments with slashes. The action should map to a method on your controller.
## Related Documentation diff --git a/docs/en/02_Developer_Guides/03_Forms/00_Introduction.md b/docs/en/02_Developer_Guides/03_Forms/00_Introduction.md index 9b039cf8e..df1730567 100644 --- a/docs/en/02_Developer_Guides/03_Forms/00_Introduction.md +++ b/docs/en/02_Developer_Guides/03_Forms/00_Introduction.md @@ -156,7 +156,7 @@ information on the CMS interface. Each [api:FormField] subclass has a number of methods you can call on it to customize its' behavior or HTML markup. The default `FormField` object has several methods for doing common operations. -
+
Most of the `set` operations will return the object back so methods can be chained.
@@ -238,14 +238,14 @@ with the particular button. In the previous example, clicking the 'Another Butto * The `Form` instance. * The `Controller` instance. -
+
If the `$action` method cannot be found on any of those or is marked as `private` or `protected`, an error will be thrown.
The `$action` method takes two arguments: - * `$data` an array containing the values of the form mapped from `$name` => '$value' + * `$data` an array containing the values of the form mapped from `$name => $value` * `$form` the submitted [api:Form] instance. :::php diff --git a/docs/en/02_Developer_Guides/03_Forms/01_Validation.md b/docs/en/02_Developer_Guides/03_Forms/01_Validation.md index c1910e70a..a9c9f0064 100644 --- a/docs/en/02_Developer_Guides/03_Forms/01_Validation.md +++ b/docs/en/02_Developer_Guides/03_Forms/01_Validation.md @@ -102,7 +102,7 @@ the same validation logic applied to it throughout. } else if($this->value > 5 || $this->value < 2) { $validator->validationError( - $this->name, "Your number must be between 2 and 5, "validation", false + $this->name, "Your number must be between 2 and 5", "validation", false ); return false; @@ -232,4 +232,4 @@ Again, custom error messages can be provided through the `FormField` ## API Documentation * [api:RequiredFields] - * [api:Validator] \ No newline at end of file + * [api:Validator] diff --git a/docs/en/02_Developer_Guides/05_Extending/04_Shortcodes.md b/docs/en/02_Developer_Guides/05_Extending/04_Shortcodes.md index 36b265b73..42484385d 100644 --- a/docs/en/02_Developer_Guides/05_Extending/04_Shortcodes.md +++ b/docs/en/02_Developer_Guides/05_Extending/04_Shortcodes.md @@ -57,7 +57,7 @@ First we need to define a callback for the shortcode. ); public function MyShortCodeMethod($arguments, $content = null, $parser = null, $tagName) { - return str_replace($content, "$content", $this->Content); + return "" . $tagName . " " . $content . "; " . count($arguments) . " arguments."; } } diff --git a/docs/en/02_Developer_Guides/06_Testing/index.md b/docs/en/02_Developer_Guides/06_Testing/index.md index 34673853a..6d826d73d 100644 --- a/docs/en/02_Developer_Guides/06_Testing/index.md +++ b/docs/en/02_Developer_Guides/06_Testing/index.md @@ -78,9 +78,9 @@ You will generally write two different kinds of test classes. Tutorials and recipes for creating tests using the SilverStripe framework: -* [Creating a SilverStripe test](creating-a-silverstripe-test): Writing tests to check core data objects -* [Creating a functional test](creating-a-functional-test): An overview of functional tests and how to write a functional test -* [Testing Outgoing Email](testing-email): An overview of the built-in email testing code +* [Creating a SilverStripe test](how_tos/write_a_sapphiretest): Writing tests to check core data objects +* [Creating a functional test](how_tos/write_a_functionaltest): An overview of functional tests and how to write a functional test +* [Testing Outgoing Email](how_tos/testing_email): An overview of the built-in email testing code ## Running Tests diff --git a/docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md b/docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md index 013b7c939..863116696 100644 --- a/docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md +++ b/docs/en/02_Developer_Guides/07_Debugging/01_Error_Handling.md @@ -41,10 +41,13 @@ You can indicate a log file relative to the site root. :::php if(!Director::isDev()) { // log errors and warnings - SS_Log::add_writer(new SS_LogFileWriter('/my/logfile/path'), SS_Log::WARN, '<='); - + SS_Log::add_writer(new SS_LogFileWriter('../silverstripe-errors-warnings.log'), SS_Log::WARN, '<='); + // or just errors - SS_Log::add_writer(new SS_LogFileWriter('/my/logfile/path'), SS_Log::ERR); + SS_Log::add_writer(new SS_LogFileWriter('../silverstripe-errors.log'), SS_Log::ERR); + + // or notices (e.g. for Deprecation Notifications) + SS_Log::add_writer(new SS_LogFileWriter('../silverstripe-errors-notices.log'), SS_Log::NOTICE); }
@@ -62,7 +65,7 @@ You can send both fatal errors and warnings in your code to a specified email-ad :::php if(!Director::isDev()) { // log errors and warnings - SS_Log::add_writer(new SS_LogEmailWriter('admin@domain.com'), SS_Log::WARN, '<='); + SS_Log::add_writer(new SS_LogFileWriter('../silverstripe-errors-warnings.log'), SS_Log::WARN, '<='); // or just errors SS_Log::add_writer(new SS_LogEmailWriter('admin@domain.com'), SS_Log::ERR); @@ -70,4 +73,4 @@ You can send both fatal errors and warnings in your code to a specified email-ad ## API Documentation -* [api:SS_Log] \ No newline at end of file +* [api:SS_Log] diff --git a/docs/en/02_Developer_Guides/08_Performance/00_Partial_Caching.md b/docs/en/02_Developer_Guides/08_Performance/00_Partial_Caching.md index c2836e24e..e50d3c1be 100644 --- a/docs/en/02_Developer_Guides/08_Performance/00_Partial_Caching.md +++ b/docs/en/02_Developer_Guides/08_Performance/00_Partial_Caching.md @@ -159,7 +159,7 @@ To cache the contents of a page for all anonymous users, but dynamically calcula ## Uncached -Yhe template tag 'uncached' can be used - it is the exact equivalent of a cached block with an if condition that always +The template tag 'uncached' can be used - it is the exact equivalent of a cached block with an if condition that always returns false. The key and conditionals in an uncached tag are ignored, so you can easily temporarily disable a particular cache block by changing just the tag, leaving the key and conditional intact. @@ -235,4 +235,4 @@ Can be re-written as: <% end_loop %> <% end_cached %> - <% end_cached %> \ No newline at end of file + <% end_cached %> diff --git a/docs/en/02_Developer_Guides/08_Performance/01_Caching.md b/docs/en/02_Developer_Guides/08_Performance/01_Caching.md index 91a08140d..578d895ac 100644 --- a/docs/en/02_Developer_Guides/08_Performance/01_Caching.md +++ b/docs/en/02_Developer_Guides/08_Performance/01_Caching.md @@ -51,7 +51,7 @@ The returned object is of type `Zend_Cache`. $cache = SS_Cache::factory('foo'); if (!($result = $cache->load($cachekey))) { $result = caluate some how; - $cache->save($result); + $cache->save($result, $cachekey); } return $result; @@ -103,7 +103,7 @@ which can provide better performance, including APC, Xcache, ZendServer, Memcach If `?flush=1` is requested in the URL, e.g. http://mysite.com?flush=1, this will trigger a call to `flush()` on any classes that implement the `Flushable` interface. Using this, you can trigger your caches to clean. -See [reference documentation on Flushable](/reference/flushable) for implementation details. +See [reference documentation on Flushable](/developer_guides/execution_pipeline/flushable/) for implementation details. ### Memcached diff --git a/docs/en/02_Developer_Guides/09_Security/00_Member.md b/docs/en/02_Developer_Guides/09_Security/00_Member.md index 2cd7c9680..f84ebf425 100644 --- a/docs/en/02_Developer_Guides/09_Security/00_Member.md +++ b/docs/en/02_Developer_Guides/09_Security/00_Member.md @@ -91,7 +91,7 @@ and another subclass for the same email-address in the address-database. Using inheritance to add extra behaviour or data fields to a member is limiting, because you can only inherit from 1 class. A better way is to use role extensions to add this behaviour. Add the following to your -`[config.yml](/topics/configuration)`. +`[config.yml](/developer_guides/configuration/configuration/#configuration-yaml-syntax-and-rules)`. :::yml Member: diff --git a/docs/en/02_Developer_Guides/09_Security/03_Authentication.md b/docs/en/02_Developer_Guides/09_Security/03_Authentication.md index fa7722418..8a7033a3b 100644 --- a/docs/en/02_Developer_Guides/09_Security/03_Authentication.md +++ b/docs/en/02_Developer_Guides/09_Security/03_Authentication.md @@ -8,21 +8,24 @@ authentication system. The main login system uses these controllers to handle the various security requests: - * `[api:Security]` Which is the controller which handles most front-end security requests, including +`[api:Security]` Which is the controller which handles most front-end security requests, including Logging in, logging out, resetting password, or changing password. This class also provides an interface to allow configured `[api:Authenticator]` classes to each display a custom login form. - * `[api:CMSSecurity]` Which is the controller which handles security requests within the CMS, and allows + +`[api:CMSSecurity]` Which is the controller which handles security requests within the CMS, and allows users to re-login without leaving the CMS. ## Member Authentication The default member authentication system is implemented in the following classes: - * `[api:MemberAuthenticator]` Which is the default member authentication implementation. This uses the email +`[api:MemberAuthenticator]` Which is the default member authentication implementation. This uses the email and password stored internally for each member to authenticate them. - * `[api:MemberLoginForm]` Is the default form used by `MemberAuthenticator`, and is displayed on the public site + +`[api:MemberLoginForm]` Is the default form used by `MemberAuthenticator`, and is displayed on the public site at the url `Security/login` by default. - * `[api:CMSMemberLoginForm]` Is the secondary form used by `MemberAuthenticator`, and will be displayed to the + +`[api:CMSMemberLoginForm]` Is the secondary form used by `MemberAuthenticator`, and will be displayed to the user within the CMS any time their session expires or they are logged out via an action. This form is presented via a popup dialog, and can be used to re-authenticate that user automatically without them having to lose their workspace. E.g. if editing a form, the user can login and continue to publish their content. @@ -32,10 +35,11 @@ The default member authentication system is implemented in the following classes Additional authentication methods (oauth, etc) can be implemented by creating custom implementations of each of the following base classes: - * `[api:Authenticator]` The base class for authentication systems. This class also acts as the factory +`[api:Authenticator]` The base class for authentication systems. This class also acts as the factory to generate various login forms for parts of the system. If an authenticator supports in-cms reauthentication then it will be necessary to override the `supports_cms` and `get_cms_login_form` methods. - * `[api:LoginForm]` which is the base class for a login form which links to a specific authenticator. At the very + +`[api:LoginForm]` which is the base class for a login form which links to a specific authenticator. At the very least, it will be necessary to implement a form class which provides a default login interface. If in-cms re-authentication is desired, then a specialised subclass of this method may be necessary. For example, this form could be extended to require confirmation of username as well as password. diff --git a/docs/en/02_Developer_Guides/14_Files/01_Image.md b/docs/en/02_Developer_Guides/14_Files/01_Image.md index 682183362..bd3b4537a 100644 --- a/docs/en/02_Developer_Guides/14_Files/01_Image.md +++ b/docs/en/02_Developer_Guides/14_Files/01_Image.md @@ -97,7 +97,7 @@ For output of an image tag with the image automatically resized to 80px width, y $Image.SetSize(80,80) // returns a 80x80px padded image $Image.SetRatioSize(80,80) // Returns an image scaled proportional, with its greatest diameter scaled to 80px $Image.CroppedImage(80,80) // Returns an 80x80 image cropped from the center. - $Image.PaddedImage(80, 80) // Returns an 80x80 image. Unused space is padded white. No crop. No stretching + $Image.PaddedImage(80, 80, FFFFFF) // Returns an 80x80 image. Unused space is padded white. No crop. No stretching $Image.Width // returns width of image $Image.Height // returns height of image $Image.Orientation // returns Orientation diff --git a/docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/01_ModelAdmin.md b/docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/01_ModelAdmin.md index 0d3c7ba3d..f1669e074 100644 --- a/docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/01_ModelAdmin.md +++ b/docs/en/02_Developer_Guides/15_Customising_the_Admin_Interface/01_ModelAdmin.md @@ -150,7 +150,7 @@ The results are shown in a tabular listing, powered by the [GridField](../forms/ the [api:GridFieldDataColumns] component. This component looks for a [api:DataObject::$summary_fields] static on your model class, where you can add or remove columns. To change the title, use [api:DataObject::$field_labels]. -**mysite/code/Page.php** +**mysite/code/Product.php** :::php load('mykey'); if(!$something) { $something = 'value to be cached'; - $cache->save($something); + $cache->save($something, 'mykey'); } return $something; } diff --git a/docs/en/02_Developer_Guides/16_Execution_Pipeline/02_Manifests.md b/docs/en/02_Developer_Guides/16_Execution_Pipeline/02_Manifests.md index 269382e26..694d5190a 100644 --- a/docs/en/02_Developer_Guides/16_Execution_Pipeline/02_Manifests.md +++ b/docs/en/02_Developer_Guides/16_Execution_Pipeline/02_Manifests.md @@ -76,7 +76,7 @@ The chapter on [configuration](/topics/configuration) has more details. ## Flushing If a `?flush=1` query parameter is added to a URL, a call to `flush()` will be triggered -on any classes that implement the [Flushable](/reference/flushable) interface. +on any classes that implement the [Flushable](flushable) interface. This enables developers to clear [manifest caches](manifests), for example when adding new templates or PHP classes. Note that you need to be in [dev mode](/getting_started/environment_management) diff --git a/docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md b/docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md index e250b8b9b..45310ae44 100644 --- a/docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md +++ b/docs/en/02_Developer_Guides/16_Execution_Pipeline/index.md @@ -130,7 +130,7 @@ The ["Request Filters" documentation](../controller/request_filters) shows you h ## Flushing Manifests If a `?flush=1` query parameter is added to a URL, a call to `flush()` will be triggered -on any classes that implement the [Flushable](/reference/flushable) interface. +on any classes that implement the [Flushable](flushable) interface. This enables developers to clear [manifest caches](manifests), for example when adding new templates or PHP classes. Note that you need to be in [dev mode](/getting_started/environment_management) diff --git a/docs/en/04_Changelogs/3.0.10.md b/docs/en/04_Changelogs/3.0.10.md new file mode 100644 index 000000000..8e06089aa --- /dev/null +++ b/docs/en/04_Changelogs/3.0.10.md @@ -0,0 +1,26 @@ +# 3.0.10 + +## Upgrading + + * If relying on partial caching of content between logged in users, be aware that the cache is now automatically + segmented based on both the current member ID, and the versioned reading mode. If this is not an appropriate + method (such as if the same content is served to logged in users within partial caching) then it is necessary + to adjust the config value of `SSViewer.global_key` to something more or less sensitive. + +## Security + + * [BUG Fix issue with versioned dataobjects being cached between stages](https://github.com/silverstripe/silverstripe-framework/commit/4415a75d9304a3930b9c28763fc092299640c685) - See [announcement SS-2014-007](http://www.silverstripe.org/ss-2014-007-confidentiality-breach-can-occur-between-draft-and-live-modes/) + * [BUG Fix encoding of JS redirection script](https://github.com/silverstripe/silverstripe-framework/commit/f8e3bbe3ae3f29f22d85abb73cea033659511168) - See [announcement SS-2014-006](http://www.silverstripe.org/ss-2014-006-xss-in-returnurl-redirection/) + * [Amends solution to SS-2014-006](https://github.com/silverstripe/silverstripe-framework/commit/5b0a96979484fad12e11ce69aef98feda57b321f) + * [FIX Prevent SQLi when no URL filters are applied](https://github.com/silverstripe/silverstripe-cms/commit/114df8a3a5e4800ef7586c5d9c8d79798fd2a11d) - See [announcement SS-2014-004](http://www.silverstripe.org/ss-2014-004-sql-injection-in-sitetree-with-custom-urlsegmentfilter-rules/) + * [FIX Do now allow arbitary class creation in CMS](https://github.com/silverstripe/silverstripe-cms/commit/bf9b22fd4331a6f78cec12a75262f570b025ec2d) - See [announcement SS-2014-005](http://www.silverstripe.org/ss-2014-005-arbitrary-class-creation-in-cms-backend/) + +## General + + * [Rewrote usages of error suppression operator](https://github.com/silverstripe/silverstripe-framework/commit/6d5d3d8cb7e69e0b37471b1e34077211b0f631fe) + +## Changelog + + * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.10) + * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.10) + * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.10) diff --git a/docs/en/04_Changelogs/3.0.11.md b/docs/en/04_Changelogs/3.0.11.md new file mode 100644 index 000000000..71191bd7e --- /dev/null +++ b/docs/en/04_Changelogs/3.0.11.md @@ -0,0 +1,19 @@ +# 3.0.11 + +Minor security release + +## Security + + * 2014-04-16 [9d74bc4](https://github.com/silverstripe/sapphire/commit/9d74bc4) Potential DoS exploit in TinyMCE - See [announcement SS-2014-009](http://www.silverstripe.org/ss-2014-009-potential-dos-exploit-in-tinymce/) + * 2014-05-05 [9bfeffd](https://github.com/silverstripe/silverstripe-framework/commit/9bfeffd) Injection / Filesystem vulnerability in generatesecuretoken - See [announcement SS-2014-010](http://www.silverstripe.org/ss-2014-010-injection-filesystem-vulnerability-in-generatesecuretoken/) + * 2014-05-07 [0099a18](https://github.com/silverstripe/silverstripe-framework/commit/0099a18) Folder filename injection - See [announcement SS-2014-011](http://www.silverstripe.org/ss-2014-011-folder-filename-injection/) + +### Bugfixes + + * 2013-06-20 [f2c4a62](https://github.com/silverstripe/sapphire/commit/f2c4a62) ConfirmedPasswordField used to expose existing hash (Hamish Friedlander) + +## Changelog + + * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.0.11) + * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.0.11) + * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.0.11) diff --git a/docs/en/04_Changelogs/3.1.10.md b/docs/en/04_Changelogs/3.1.10.md new file mode 100644 index 000000000..f3ba68e3d --- /dev/null +++ b/docs/en/04_Changelogs/3.1.10.md @@ -0,0 +1,57 @@ +# 3.1.10 + +## Upgrading + +### Form Actions + +Form action titles are now safely XML encoded, although this was an implicit assumption, it is now explicitly enforced. +XML encoding titles will not cause an error, but is deprecated at framework 4.0. FormAction buttons with custom HTML +content should be assigned using the `FormAction::setButtonContent` method instead. + +## Security + +Several medium and some low level security XSS (cross site scripting) vulnerabilites have been closed in this release. +All users of SilverStripe framework 3.1.9 and below are advised to upgrade. + + * 2015-02-10 [1db08ba](https://github.com/silverstripe/sapphire/commit/1db08ba) Fix FormAction title encoding (Damian Mooyman) - + See announcement [ss-2015-007](http://www.silverstripe.org/software/download/security-releases/ss-2015-007) + * 2015-02-10 [1db08ba](https://github.com/silverstripe/sapphire/commit/1db08ba) Core CMS XSS Vulnerability Fixes (Damian Mooyman) - + See announcements + [ss-2015-003](http://www.silverstripe.org/software/download/security-releases/ss-2015-003), + [ss-2015-004](http://www.silverstripe.org/software/download/security-releases/ss-2015-004), + [ss-2015-006](http://www.silverstripe.org/software/download/security-releases/ss-2015-006) + * 2015-01-22 [7733c43](https://github.com/silverstripe/silverstripe-cms/commit/7733c43) Correctly sanitise Title (Michael Strong) - + See announcement [SS-2015-005](http://www.silverstripe.org/software/download/security-releases/ss-2015-005) + * 2015-02-05 [70e0d60](https://github.com/silverstripe/sapphire/commit/70e0d60) Fix developer output in redirection script (Damian Mooyman) - + See announcement [SS-2015-001](http://www.silverstripe.org/software/download/security-releases/ss-2015-001) + +### Features and Enhancements + + * 2015-01-22 [2e4bf9a](https://github.com/silverstripe/sapphire/commit/2e4bf9a) Update sake to reference new docs (Cam Findlay) + +### Bugfixes + + * 2015-02-17 [aa77e12](https://github.com/silverstripe/sapphire/commit/aa77e12) Fixed infinity loop when searching _ss_environment (Zauberfish) + * 2015-02-12 [047fe3a](https://github.com/silverstripe/sapphire/commit/047fe3a) Include php version in default cache folder name Update CoreTest.php (JorisDebonnet) + * 2015-02-08 [a530085](https://github.com/silverstripe/silverstripe-cms/commit/a530085) External redirects shouldnt show in preview pane (Daniel Hensby) + * 2015-02-06 [d68435e](https://github.com/silverstripe/sapphire/commit/d68435e) SelectionGroup no longer shows empty FieldLists (Daniel Hensby) + * 2015-02-06 [a0f9535](https://github.com/silverstripe/sapphire/commit/a0f9535) issue where empty composite fields created a fieldlist with empty items (Daniel Hensby) + * 2015-02-03 [abd1e6b](https://github.com/silverstripe/sapphire/commit/abd1e6b) GridFieldExportButton should honour can method. (Will Rossiter) + * 2015-01-22 [eed7093](https://github.com/silverstripe/sapphire/commit/eed7093) dev/build not flushing manifests if site is in a subfolder (Loz Calver) + * 2015-01-19 [77ebdc2](https://github.com/silverstripe/sapphire/commit/77ebdc2) DataObject::db returned fields in incorrect order, with incorrect data types (Loz Calver) + * 2015-01-15 [32ce85d](https://github.com/silverstripe/sapphire/commit/32ce85d) . Summary fields can't be translated (Elvinas L.) + * 2015-01-13 [2e6e8af](https://github.com/silverstripe/sapphire/commit/2e6e8af) insert media trims whitespace - fixes #845 (Emma O'Keefe) + * 2015-01-13 [2861e7c](https://github.com/silverstripe/sapphire/commit/2861e7c) insert media trims whitespace fixes #845 (Emma O'Keefe) + * 2015-01-09 [ef237f6](https://github.com/silverstripe/sapphire/commit/ef237f6) Expands the CMS' centre-pane when collapsed and it's clicked. (Russell Michell) + * 2014-10-24 [9d78eb7](https://github.com/silverstripe/sapphire/commit/9d78eb7) Fix BasicAuth not resetting failed login counts on authentication (Damian Mooyman) + * 2014-10-16 [e4ddb4b](https://github.com/silverstripe/sapphire/commit/e4ddb4b) Ensure query string in X-Backurl is encoded (fixes #3563) (Loz Calver) + * 2014-08-25 [f823831](https://github.com/silverstripe/sapphire/commit/f823831) making minify javascript fail-safe (Igor Nadj) + * 2014-04-03 [5180452](https://github.com/silverstripe/sapphire/commit/5180452) Fixed handling of numbers in certain locales. Fixes #2161 (Damian Mooyman) + + +## Changelog + + * [framework](https://github.com/silverstripe/silverstripe-framework/releases/tag/3.1.10) + * [cms](https://github.com/silverstripe/silverstripe-cms/releases/tag/3.1.10) + * [installer](https://github.com/silverstripe/silverstripe-installer/releases/tag/3.1.10) + diff --git a/docs/en/04_Changelogs/3.1.3.md b/docs/en/04_Changelogs/3.1.3.md new file mode 100644 index 000000000..d43eb42fb --- /dev/null +++ b/docs/en/04_Changelogs/3.1.3.md @@ -0,0 +1,29 @@ +# 3.1.3 + +## Overview + + * Security: Require ADMIN for ?flush=1&isDev=1 ([SS-2014-001](http://www.silverstripe.org/ss-2014-001-require-admin-for-flush1-and-isdev1)) + * Security: XSS in third party library (SWFUpload) ([SS-2014-002](http://www.silverstripe.org/ss-2014-002-xss-in-third-party-library-swfupload/)) + * Security: SiteTree.ExtraMeta allows JavaScript for malicious CMS authors ([SS-2014-003](http://www.silverstripe.org/ss-2014-003-extrameta-allows-javascript-for-malicious-cms-authors-/)) + * Better loading performance when using multiple `UploadField` instances + * Option for `force_js_to_bottom` on `Requirements` class (ignoring inline `