Merge pull request #8107 from open-sausages/pulls/3/docs-remove-old-changelogs

Removed old changelogs (fixes #8035)
This commit is contained in:
Loz Calver 2018-05-30 09:10:08 +01:00 committed by GitHub
commit f43361ad66
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
51 changed files with 0 additions and 9793 deletions

View File

@ -1,46 +0,0 @@
# 2.0.1 (2007-04-17)
SilverStripe 2.0.1 was released on '''17 April 2007''' and had the following changes:
## Overview
* Improved layout of UserDefinedForm submissions in CMS
* Don't show name field on root folder in Assets section
* Mime types fallback for servers don't have /etc/mime.types
* mb_string module is now an optional dependency
* Added strong_create method to Object, as useCustomClass was not working correctly
## Bugfixes
* Sapphire
* Text->FirstParagraph() now only shows the first paragraph
* Fixed HTMLText->Summary()
* Fixed layout issues on IE7 for TreeDropdownField
* Don't show Akismet errors to user
* Removed overloaded MemberTableField->sourceItems() that was causing problems
* Fixed UserDefinedForm submission emails
* Fixed UserDefinedForm permissions
* If a file extension doesn't have a maximum upload size associated with it, then allow uploads of any size
* Fixed a bug with the TreeMultiselectField that prevented it from displaying the checkboxes
* Made Scheduled tasks concrete so they can be instantiated
* TableField fixes
* Fixed security vunerability in search
* GD::color_web2gd() was using incorrect substr
* Fixed last link css
* Fixed duplicate checkbox fields in UserDefinedForm
* Fixed css in UserDefinedForm
* CMS
* Fixed sizing of tabs in CMS
* Fixed popup for single asset in Files & Images section
* Fixed link to CMS on default homepage
* Fixed permissions table in Security section
* Fixed el no properties error in IE
* Pressing the flash button a second time now hides the dropdown
* Installer
* Fixed MySQL version check
* Merge with existing .htaccess file
* Test that mod_rewrite is working
* Added option to delete installer files after successful install
* Fixed PHP4 parse error so installer loads and shows correct error message
* Apache test passes if apache is used but apache php functions are not available
* SilverStripe needs at least PHP version 5.0.4

View File

@ -1,155 +0,0 @@
# 2.0.2 (2007-07-14)
SilverStripe 2.0.2 was released on '''14 July 2007''' and had the following changes:
## Overview
* BlackCandy is the new default theme
* Added pagination for page comments
* Updated date field in CMS-edited forms to use CalendarDateField
* Added 'open in new window' checkbox to link inserter
* Added dimension fields when inserting images
## Features and Enhancements
* Much more API Documentation
* Modules must now have _config.php files in order to be loaded
* New Classes
* PermissionProvider
* Improved Classes
* CalendarDateField
* Added a calendar icon
* CheckboxSetField
* Prepared for use editing a many-many join in the CMS, popualted with a SQLMap object
* ClassInfo
* Added implementorsOf()
* ContentNegotiator
* Added set_encoding() to choose a character set other than utf-8
* DatabaseAdmin
* Removed populate() as it was a security risk, the initial content is now loaded via requireDefaultRecords()
* DataObject
* Added add_extension() for adding decorators in _config.php
* DataObjectDecorator
* Added extraDBFields() for modifying the decorated data objects, adding extra database fields
* Email
* Added send_all_emails_to()
* Added cc_all_emails_to()
* Added bcc_all_emails_to()
* Replaced sentLiveErrorsTo() with send_errors_to(), for more flexibility
* Form
* Added current_action()
* Added single_field_required()
* FormField
* Added Required(), so that you can put asterisks into a form template if you wish
* GenericDataAdmin
* Updated to use new permission model
* LeftAndMain
* Added second argument to setApplicationName() so that the name in the top corner and the name shown elsewhere can be 2 different strings
* Permission
* Added get_codes()
* Profiler
* Added trace argument to show()
* Added profiling scaffolds
* Added ?profile_trace=1 url variable tool to show a trace on the profiler
* Sorted the output of profiler
* Improvements to profiling information
* TableField
* Added option to aid putting TableFields inside the ComplexTableField popup
* TreeDropdownField
* Added setTreeBaseID(), for showing a sub-tree in your field
* Javascript
* Added event.setStyle to prototype_improvements.js
* Add class text field to image properties dialog in TinyMCE
* Added ?debug_behaviour=1 URL option for debugging behaviour calls with Firebug
## Bugfixes
* CMS
* Forms in newsletter & security section were incorrectly submitting when enter was pressed
* Fixed search in MemberTableField
* Don't show popup when validation fails in Security section
* Fixed bug where scrollbars aren't shown in the CMS
* Let CMSMain be used to manage objects without Sort
* The help button now redirects to http://userhelp.silverstripe.com
* Version displayed in CMS now works correctly
* Fixed CMS action button support when text size increases
* Added message when report is empty
* fixed (overrides) to CSS to avoid larger font-size due to em values
* Fixed tree scrolling and resizing issues
* Fixed sizing issues with CMS right content area
* Fixed bug with image insertion
* Fixed bug where new pages weren't being highlighted in the CMS
* Fixed bug where the last page in the site tree wasn't being highlighted in the CMS
* Fixed reordering of groups in security section
* Improvements to image inserter
* Sapphire
* Reduced warnings when E_NOTICE is enabled
* Fixed validation of date fields in a user defined form
* Fixed multiple security groups being created when logging in with default admin
* Fixed permissions for administrating page comments
* Fixed ContentController::PageComments() method to die if spammers are POSTing form data when comments are disabled
* Fixed permission checking on PHP 5.0.5
* Fixed 'cannot access protected property' error in Security section on PHP 5.0.5
* Fixed javascript validation of forms
* Fixed error when asp_tags = On
* Fixed bug where you have a non-required field with numeric validation
* Added a limit of 20 steps in Breadcrumbs generation
* Changed SiteTree.Title length from 100 to 255
* Fixed random password generator in Member::createNewPassword()
* Fixed BatchProcess to not display an error if no objects could be processed
* Fixed a bug where a user is redirected incorrectly after logging in
* Changed temp-folder selection to not leave temp files lying around, and put silverstripe temp files into a silverstripe-cache folder
* Made guid of PageComments in rss feed unique
* Removed duplicate XML class
* Fixed bugs caused by missing html elements
* Fixed code to remove need for short_open_tag
* Fixed FileSize generation for sizes of just over 1 meg
* only show $messageBlock in FormField::FieldHolder() if $Message is existing
* fixed rightTitle and id in FormField::FieldHolder()
* Fixed ?isDev=1 mode
* Set default of sendWarnings on Debug::send_errors_to
* Fixed formatting of error emails sent from ajax requests
* Removed debug plumbing from the results of Debug::backtrace()
* Simplified return data of htmlEmail, an inconsequential internal optimisation
* Create assets folder if it doesn't exist when uploading a file
* Fixed bug in SiteTree::NestedTitle()
* Don't append /home to the home page URL
* Small fix for windows installations
* Fixed efficiency problems in Versioned::get_latest_version
* Fixed File::sync(), to let it recurse into new directories in a single execution
* Fixed bug with getting form action that was breaking form submission and complextablefield pop-up
* Fixed SQLMap iteration
* Simplified EmailField validation error message
* Fixed some bugs in the debug emailer
* Reduced amount of ajax-refetching that the TreeSelectorFields do
* Fix macron support in reports
* Improved debug message (remove big blocks of redundant data)
* Allow for the disabling of default buttons. Apply this to CMSMain and GenericDataAdmin in the administration, so that we don't default to clicking the *DELETE* button.
* Added default value to first arg of permissionFailure(); it's not actually used!
* Improved handling of EditableFormFields on new UserDefinedForms
* Improved search results message shown on first load
* Made calendar control register a date change when the calendar is used
* Set some good defaults in DataObjectSet::TotalPages() if they have not been set
* Changes to support forum
* Require authenficiation to do a db/build on live sites
* Close directories before trying to remove them
* Fixed a bug where CheckboxSetField wouldn't save if there was a method the same as the field name
* Fix multiple "broken" in class attribute of HTML Content
* Fixed bug with TreeDropdownField when you clicked the expand link 3 or more times, it wouldn't close
* Fixed bug when editing properties of new text fields
* Fixed duplicate of UserDefinedForm objects
* JSParty
* Fixed a bug where you couldn't always edit the bottom of an WYSIWYG editor field
* Ensure that WYSIWYG context menu always appears on the screen
* Javascript performance improvements
* Fix weird bug in behaviour to do with class.applyToChildren
* Improved console.log alternative
* Installer
* Added option of installing either the default template, or the tutorial template
* mod_rewrite check now works with http authentification
* Workaround for 'URL file-access is disabled in the server configuration' using curl for mod_rewrite test
* Better error message if the installer can't detect the web server
* Added an alternative .htaccess configuration
* Less file permissions required by the installer
* Made deleting the installer files more prominent, it now deletes all the installations files, not just php.
* MySQL password is now a hidden field.

View File

@ -1,171 +0,0 @@
# 2.1.0 (2007-10-02)
SilverStripe 2.1.0 was released on '''2 October 2007''' and had the following changes:
## Overview
* Comment administration section, and comment moderation
* Allow CMS users to limit view/edit access to a page
* Show an rss link for page comments on each page
## Upgrading
### Too many redirects
A problem occurs of 'too many redirects' or the page just doesn't load (home page) because of these situations:
* Access tab for home page has 'logged in users only', OR
* NO radio buttons have been set. This happens when upgrading site from old DB.
It's caused by a redirect to Security/login on the home page controller, which is blocked off, so you can't actually
login, so it infinitely loops a redirect. See http://open.silverstripe.com/ticket/1488
## Features and Enhancements
* Theme support
* Widget support
* Better extension API
* Unit testing framework
* More API documentation
* Added support for __ss_environment.php files
* New classes
* BankAccountField
* BBCodeParser
* HasManyComplexTableField
* HasOneComplexTableField
* ManyManyComplexTableField
* NewsletterType
* RestfulService (from mashups module)
* Improved classes
* ComplexTableField
* Validation in popup
* ContentController
* Added project()
* Controller
* Added redirectedTo()
* Convert
* Added raw2htmlatt()
* Added raw2mailto()
* DatabaseAdmin
* Drastically improved database build performance
* DataObject
* Added ID,ID,ID syntax for populating many-many joins
* DataObjectDecorator
* Allow member CMS fields to be added
* DataObjectSet
* Added getRange()
* Date
* Added past_date()
* Director
* Added set_dev_servers()
* Added set_test_servers()
* Added redirected_to()
* Refactored CMS page-URL accessing to use ->AbsoluteLink(), which can be overridden by defining alternateAbsoluteLink()
* Debug
* Optionally hide backtrace-headers in message() and show() (applied in 'showqueries')
* Email
* MimeType-fallback (from /etc/mime.types)
* Improved validation in is_valid_address()
* FieldSet
* Added insertAfter()
* Form
* Automatic filesystem backup of POST-data
* FormField
* Support for right-aligned titles
* Custom CSS-classes by addExtraClass() and removeExtraClass()
* Group
* Added Description field
* HtmlEditorField
* Allow classes other than 'typography' to be set
* Image
* Added PaddedImage()
* ImageField
* Added readonly transformation
* PageCommentInterface
* Added anchors to page comments, and made rss feed link to them
* Permission
* Added $strict flag to check()
* Allow passing of an array of permission codes to get_members_by_permission()
* Added get_groups_by_permission()
* PhoneNumberField
* Improved validation
* Security
* Added basicauthlogin()
* SecurityAdmin
* Added EDIT_PERMISSIONS permission code
* TableField
* Validation and RequiredFields
* TableListField
* Added sorting, highlighting, formatting
* Improved styling
* TreeDropdownField
* Improved styling
* Varchar
* Added RTF()
* ViewableData
* Added `<% if HasPerm(PERM_CODE() %>` for templates
* Javascript
* Implemented showIndicator() and hideIndicator()
* Improved statusMessage() to clear manually instead of fixed interval
* Added hideStatusMessage()
#### Bug Fixes
* CMS
* Fix specific newsletter bug
* Don't show classes user doesn't have permissions to change to in class dropdown
* Fix reading of Live pages in CMSMain
* Fix double page reading after changing the class
* Fix insert flash
* Fix version regex for release candidates
* Fix delete in Files and Images section
* Fixed saving root folder causes error
* Fixed "non-numeric ID" error that occurs when visiting newsletter section for a newsletter that doesn't exist (caused by session sometimes)
* Fixed CMS sort subpages bug
* Sapphire
* Improved spam detection
* Support for running SilverStripe in safe mode and under open_basedir restrictions
* PHP notice fixes
* Use normal authentification rather than basicauth for db/build
* Fix CSS of profiler pop-up
* Changed DropdownField $emptyString syntax from '0' to ''
* Fixed IE6 DOM-parsing bug caused by FormResponse::load_form()
* Triggering previewwrite for 'delete' and 'replace' SQL-actions
* Changed record-insertion in DataObject
* Boolean accepts database-default
* Fixed Permission::get_members_by_permission()
* Added memory_limit to publishall()
* Fix many-many component set relation setting
* The Link for a RedirectorPage points to its target
* Add SQL_ prefix in place it was missing in Email
* Added a check to make sure record exists before calling hasMethod on it in CheckboxSetField
* Fixed bug in DataObject::addStaticVars()
* Check for string 'true' as well as boolean in SiteTree::MetaTags()
* Fix AllNewsletters value not being passed to OptionSetField in SubscribeForm
* Improved the encapsulation of ErrorPage publication
* Fix redirect back after failing login
* Fixed renaming of .tar.gz and .tar.bz2 files
* Fixed validation of DateField, EmailField and NumericField
* Fix livesite bug for visibility handling difference between PHP5.2.0 and PHP5.1.6
* Changed colouring of db/build to be more appropriate for the actual meaning of the messages
* Fixed redirection from /home/ to /./ in IE6
* Use the homepage as a model for the security base-page, so that things like the current subsite are factored in
* Sorted permission codes in Permission::get_codes
* Changes to support gallery module
* Added missing has_many in DataObjectDecorator
* Replace empty strings in SQL queries with NULL
* JSParty
* TinyMCE has been updated to 2.1.1.1
Installer
* New installer look based on BlackCandy
* Use the new theme system
* Add first and last name fields
* Added ability to set servers that will be in dev mode
* When the posix module isn't present, throw a warning instead of dying
* Warn if PHP version is less that 5.2.0 in support of GoPHP5 (http://www.gophp5.org)
* Added favicon to installer and default template
* Optional reporting of version information to SilverStripe
* Installer now runs with short tags disabled
* open_basedir and safe mode fixes

View File

@ -1,22 +0,0 @@
# 2.1.1 (2007-11-02)
SilverStripe 2.1.1 was released on '''2 Nov 2007''' and had the following changes:
## Bug Fixes
* CMS
* BBCode help link now works inside CMS
* Fixed invalid 'cursor: normal' CSS in cms_left.css
* Ensure ComplexTableField CSS is loaded in CMS
* Fixed blank comments showing in Comment Admin
* Ensure behaviour is applied correctly to new fields in a UserDefinedForm
* Fixed fatal error in Newsletter Admin on some servers
* Sapphire
* Fix infinite redirects when upgrading from 2.0.2
* Use the hostname, not the ip address, in dev/test mode tests
* Changed the include of the BBCodeParser so it works on more systems
* Fixed saving of HasOneComplexTableField and HasManyComplexTableField when value is undefined
* Removed extra comma in TableListField.js
* Fixed redirection of login when login fails
* Fixed bug where removing a comment via ajax removed all comments from display
* Fix $_SESSION not saving correctly on some servers

View File

@ -1,341 +0,0 @@
# 2.2.0 (2007-11-28)
SiverStripe 2.2.0 was released on '''28 November 2007''' and had the following changes:
## Upgrading
### Login Form
Check that you have a Layout/Page.ss file for your site, or alternately have a Security_login.ss template.
Your template file needs a $Form variable for it to work. This is where the login form gets included. Without either of
these, the Security/login form will be blank.
### Form Actions HTML/CSS
Check css/js and subclassed templates of Form.ss for changed markup. A global search for "p.Actions" should cover both
js/css changes.
:::ss
// before
<p class="Actions">
// after
<div class="Actions">
See http://open.silverstripe.com/changeset/43562
### Form Security Token
There has been a hidden 'SecurityID' field added to SilverStripe generated forms by default, with the purpose to stop
CRSF attacks. If you wish your form not to be tied to a specific session, and able to be able to be executed by URL
without the SecurityID, you can disable it on your form with
:::php
$form->disableSecurityToken();
The other issue to be aware of is constructing the URL to execute the form manually, as is done in javascript sometimes.
If the security token is enabled, you need to add its value to the URL, eg:
:::js
updateURL += ($('SecurityID') ? '&SecurityID=' + $('SecurityID').value : '');
### Custom Section in CMS
Special attention will need to be given to custom sections on a case-by-case basis.
As we have changed the design of the CMS, the top bar for your custom sections is no longer needed. We've moved the
buttons that it once held down to the bottom.
![](/_images/cms22screenie.jpg)
### Classes added to 2.2 that may conflict
Sitemap.php
## Features
* New look for CMS
* Support for authentification by OpenID (auth_openid module included with installer)
* Google Sitemaps support
* Internationalisation support
* German translation
* Dutch translation
* Chinese (simplified) translation
* Spanish translation
* French translation
* Croatian translation
* Polish translation
* Portuguese (Portugal) translation
* Support for multilingual content
* Added a Statistics area showing the following reports
* Page views
* User activity
* Trends
* Operating Systems
* Browsers
* Added an image editor, allowing a user to rotate, crop and resize an image from within the CMS
* Added profile popup in CMS
* Added a 'Sent Status Report' tab to Newsletters with the following reports
* Sending to the following recipients failed
* Sending to the following recipients bounced
* The newsletter has never been sent to following subscribers
* Sending to the following recipients was successful
* Sending to the following recipients did not occur because they are blackListed
* Add 'Send to only people not previously sent to' option for sending newsletters
* Added SWFUpload library as default method of uploading files
* Added photo upload in from the Site Content section
* Added the ability to search the Site Content tree
* Added the ability to publish selected pages
* Added a list of unused assets in the Files & Images section, and the ability to delete unused thumbnails
* Usability improvements
* Move action buttons to bottom right of screen
* Moved insert image/flash/link to pane on right
* Removed right frame headers as the buttons have been moved and they only contain redundant information
* Use a javascript dialog box for confirming unsaved changes instead of the slow loading model one
* Reworked the tabs in the Newsletter section to be less confusing
* Cancel button added to Send Newsletter window
* External logo link opens in a new window
* Left sections in Site Content 'Site Tree', 'History' and 'Reports' now use expandable sections rather than tabs
* Relabeled 'Site Tree' to 'Site Content & Structure', 'History' to 'Page Version History' and 'Reports' to 'Site Reports' in left sections of Site Content
* Relabeled 'Files & Images' left frame to 'Folders'
* Added tooltips to site content tree, showing the page type
* In the 'Page Version History', use a checkbox lable 'Compare mode (click 2 below)' instead of a dropdown
* Renamed 'Save draft' button to 'Save'
* The 'Save' button text changes to 'Saving...', and the 'Publish' button text changes to 'Publishing...' when they are clicked
* Added save indicator to all 'Save' buttons, the 'Save & Publish' button and the 'Unpublish' button while they are being submitted
* Added a go button to the 'Site Reports' dropdown
* Relabeled 'Name' field to 'Folder Name' in Files & Images section
* Renamed the 'Save' button to 'Save folder name' in Files & Images section
* Relabeled 'Send newsletters from' field to 'From email address' in Newsletter section
* Removed the 'Move Files' button from Files & Images section, implemented multi-file drag & drop moving
* Add 'Newsletter Settings' tab to Newsletter type edit form for consistency with other forms
* Make the status message shown after sending a newsletter always include the # of emails sent
* Added delete confirmation for items in Newsletter left tree
* Added delete confirmation for items in Security left tree
* Make 'Add new draft' the default action for 'Create...' in the Newsletter section
* Replace the 'reorganise' button with 'Allowing drag & drog reordering' checkbox
* Delete and Unpublish buttons turn red on hover
* Added the ability to align images 'left on their own'
## Enhancements
* New classes
* Authenticator, allowing multiple authentification methods
* ConfirmPasswordField
* DropdownTimeField
* i18n, for internationalisation
* LanguageDropdownField
* LoginForm, base class for login forms for each authentification method
* MemberAuthenticator, providing username/password authentification
* MemberLoginForm, refactored from old LoginForm form
* PopupDateTimeField
* ToggleField
* OpenIDAuthenticatedRole, which is an extension to Member that adds OpenID authentification columns
* OpenIDAuthenticator, providing OpenID authentification
* OpenIDLoginForm, providing OpenID sign in
* PageView, which saves the details of each page view for statistics
* Statistics, which provides static methods for statistics
* Translatable, for multilingual content
* New third party libraries
* PHP OpenID (http://openidenabled.com/php-openid/)
* Browscap (http://garetjax.info/projects/browscap/)
* Plotr (http://www.solutoire.com/plotr/)
* SWFUpload (http://profandesign.se/swfupload/)
* Improved classes
* CalendarDateField
* Refactored part of Field() into HTMLField() so it can be used in PopupDateTimeField
* ComplexTableField
* Improved pagination in popup
* Better transformation of save-button (replaced indicator with "saving..." label)
* CompositeField
* Added SmallFieldHolder() to properly render fields in a FieldGroup
* Added insertBeforeRecursive()
* Allow empty children
* Added Field()
* Added linebreaks for HTML
* ConfirmedFormAction
* Respect $extraClass
* ContentController
* Save statistics on page views
* Added LangAttributes(), for use in XML header
* Draft/Archived content can only be viewed by users with permission to access the CMS
* Core
* Added _t() for internationalisation
* Check if TEMP_FOLDER is already defined before defining it, allowing the user to set the temporary folder themself
* DataObject
* Added merge()
* Director
* Added extend_site(), which allows modules to register a function that will be run on every page load
* redirectBack() now redirects to the base URL if neither the referrer nor the _REDIRECT_BACK_URL is set
* Added support for translatable URLs
* Added is_cli()
* Added set_status_code() and get_status_code()
* Email
* Define 'EMAIL_BOUNCEHANDLER_KEY' in sapphire/_config.php and require its value to be sent as 'Key' $_GET var in pings to /Email_BounceHandler to prevent fake email bounce pings
* Display an error on duplicate bounce logs instead of a blank screen
* If the contents of the X-SilverStripeMessageID header is sent to /Email_BounceHandler in the 'SilverStripeMessageID' _GET variable, then it will be logged in the Newsletter_SentRecipient table so that the bounce report will show up on the 'Sent Status Report' tab of the Newsletter
* Bounced newsletter recipient emails and blacklisted by default
* FieldSet
* Added insertBeforeRecursive()
* FileSystem
* Added $file_create_mask and $folder_create_mask, which are used whenever creating new files/folders in sapphire
* Form
* All Forms now have a hidden SecurityID field to prevent CSRF attacks
* Added disableSecurityToken() to disable the SecurityID field
* Added securityTokenEnabled()
* Changed `<p class="Actions">` to `<div class="Actions">`
* Renamed PureName() to Name()
* GD
* Added rotate()
* Added rotatePixelByPixel(), allowing rotation where the imagerotate function is unavailable
* Added crop()
* Added getWidth()
* Added getHeight()
* Hierarchy
* Versioned now automatically add suffixes, so Hierarchy no longer needs to
* HTTP
* Added register_modification_timestamp()
* Added register_etag()
* ImageField
* Improved layout
* Int
* Added support for default value
* ManifestBuilder
* Refactored getClassManifest() for clearer ignore rules
* Ignore i18n language files
* Ignore folders that have a '_manifest_exclude' file
* Member
* Automatically login user if the 'remember login' cookie is set
* Added createNewPassword(), which generates a random password, optionally using a word list
* Added support for password encryption
* Added Locale field to store user preferred language
* Added the ability for Member decorators to augment MemberFormFields()
* MemberLoginForm (refactored from old LoginForm)
* Save the email address in the session to reuse when the login fails
* ModelAsController
* Added support for translatable URLs
* Object
* Added require_developer_login(), which allows you to check if the user has permission to use URL debugging tools
* ?debugmethods=1 now requires developer login
* PageComment
* Added the ability to have BBCode in comments (disabled by default)
* PasswordField
* Always show five stars in performReadonlyTransformation(), so it is impossible to use the information of the password length for brute-force attacks
* Permission
* Added declare_permissions()
* Added get_declared_permissions_list()
* Added traverse_declared_permissions()
* Added Permission_Group class, used to group permissions together for showing on an interface
* Added $admin_implies_all, if this is false then the 'ADMIN' permission doesn't imply all permissions
* Refactored Permission::checkMember(), should be faster now because the non-strict checking is now only executed if the user doesn't has the permission
* Added deny(), giving the ability to define 'deny permissions'
* RecipientImportField
* Added default 'GenericEmail.ss' template
* RestfulService
* Added caching
* RSSFeed
* Added support for conditional GETs
* Security
* Added support for password encryption
* Added set_word_list() and get_word_list(), to set the location of the word list used in Member::generateNewPassword()
* Session
* Added save(), which copies the current controllers session to $_SESSION
* SiteTree
* Changed references to 'stage site' to 'draft site' in TreeTitle()
* Use Translatable interface by default
* Add content language in MetaTags()
* Add delete class to unpublish and rollback buttons
* SSViewer
* Added support for internationalisation in templates, using `<% _t() %>`
* Added $Iteration in templates, which keeps track of the number of iterations in a control block
* TableListField
* Prevent onclick event in td.markingcheckbox from showing the popup
* TabSet
* Remove tabset div to reduce wasted space on tabs
* Added insertBeforeRecursive()
* ToggleCompositeField
* Refactored from TogglePanel
* Added icons and used 'cursor: pointer' to make it obvious that it is clickable
* Versioned
* Added the ability to versionise suffixed tables that have names that are not DataObject descendants
* Added canBeVersioned()
* Added extendWithSuffix()
* Added hasVersionField()
## Bugfixes
* Sapphire
* E_NOTICE fixes
* Fixed incorrect deprecated message in Convert::raw2xml()
* Don't show and error message and quit the script when @ is used to suppress the error
* Changed width of HTMLEditorFields to prevent horizontal scrollbars in IE7
* Added checks in DataObjectSet::First() and DataObjectSet::Last() to prevent errors on an empty $items array
* Fixed incorrect treatment of Member::logout() as a static method in Security::logout()
* Ensure Priority is set in SiteTree::onBeforeWrite(), otherwise an invalid SQL statement will be generated when the page is published
* Only highlight broken links in HTMLEditorFields once, to prevent execution timeouts when there are lots of identical broken links
* Fixed bug "Fatal error: Access to undeclared static property: Controller::$db in ../sapphire/core/Object.php(282) : eval()'d code on line 1"
* Fixed DataObjectDecorators not supporting indexes and defaults
* Fixed ReportField generating invalid HTML
* In Member::setBlacklistedEmail() call this->write() so that the BlacklistedEmail field state will be saved to the Member database table
* Fix Email_BlackList::isBlocked() to check the BlockedEmail field instead of non-existant Email field so that it will actaully return true when an email is blocked
* Fix layout problems with search box in IE by only generating a label tag if TItle is set in FormField::FieldHolder()
* Fixed Permission::check() not p[assing $strict to Permission::checkMember()
* Fixed HTTP::gmt_date()
* Fix validation of Member extensions
* Removed DriversLicense references from LoginForm (project specific clutter)
* Added check for existence of #sitetree in RelationComplexTableField.js
* Fixed VirtualPage creation
* Fixed lighttpd flushing bug
* Fixed CustomRequiredFields
* Fix bugs with ComplexTableField when it is used outside of the CMS
* Fixed error saving when value is undefined in HasOneComplexTableField and HasManyComplexTableField
* Fixed saving error in FileIFrameField
* Added a security fix for Security::check_default_admin()
* Fixed caching in DataObject::getManyManyComponents() to take into account different SQL parameters
* Geop::ip2country() now throws an E_USER_NOTICE instead of an error when it cannot run geoiplookup
* Added if() check around a foreach loop that was causing errors when there were no entries in an RSS feed
* Fix inheritance in ManyManyComplexTableField
* Fixed FormField::setRightTitle() not showing because of a typo
* Create assets folder if doesn't eixts on ErrorPage publish
* Fixed submission of ImageField when no file was selected
* Catch errors in ContentController::deleteinstallfiles()
* Fix generation of group codes on creation of a Group
* Fix title on LabelledLiteralField
* Fix ImageField deleting the Image instead of unlinking it from the page
* Set TimeField value to null when a bad value is passed
* Don't return a span when the Title doesn't exist in DropdownField
* Fix bug where NumericField couldn't have 0 as a default value
* Call Page_Controller->init() when rendering Security/changepassword etc to respect any Requirements called in there
* Fixed an error when a CheckboxSetField is submitted with no checkboxes ticked
* Fixed exporting of TableListField to use commas for CSV files
* ?previewwrite no longer works on live sites
* Fixed incorrect CSS in TableListField.css
* Fixed incorrect namespacing in TableListField::BaseLink()
* If a CreditCardField is completely blank, then it's not invalid. Required-fields should be used to check for values.
* CMS
* E_NOTICE fixes
* New pages are created in the database straight away, which solves a number of issues
* Fixed Email link not working in page history
* Unsaved changes detection now works in Security section member tables
* Fix typo in LeftAndMain::addTreeNodeJS() by renaming 'select' parameter to 'selected' because 'selected' is what is used in the method body
* Delete image thumbnails after deleting an image
* Use 'html>body' instead of just 'html>' so that #sitetree correctly gets assigned width:auto on Mozilla browsers (prevents Folders being selected from 500px away on file drag and drop)
* Display a useful error message if getCMSFields() returns null
* When 'Duplicate this page' is clicked, first silently (without confirmation) save the page, then duplicate it so the new page is identical to the other page
* Fix errors when importing recipients to newsletter mailing list
* Fixed blocking during resize in IE6
* Don't show a 'No template selected' error when sending a test Newsletter if no template has been selected since templates for Emails are optional
* Fixed bug 'for newly created newsletter drafts, content of newsletter sent is not what is shown on screen'
* Don't save new Newsletter drafts as soon as they are created to prevent TinyMCE Javascript errors in IE
* Add if((typeof tinyMCE != 'undefined')) statement around call to tinyMCE.init() to prevent "Error: 'tinyMCE' is undefined" error in IE7 on Newsletter Recipient import
* Don't allow a deleted draft to be edited in the Newsletter section
* Fix a bug where newsletter drafts will be added, but not show up in the left tree (because of a Javascript error), if no selection has been made
* If there are no newsletter types, and 'Add new draft' is chosen, create a newsletter type to prevent errors
* Fix changed icon only showing after Save button is clicked twice
* Fixed VirtualPage creation
* Fix 'Sort subpages' not working correctly
* Use classes instead of the align tag to align images

View File

@ -1,33 +0,0 @@
# 2.2.1 (2007-12-21)
SilverStripe 2.2.1 was released on '''21 December 2007''' and had the following changes:
## Features and Enhancements
* Translations
* Added Italian translation
* Added Russian translation
* Added Slovak translation
* Added Turkish translation
* Added Bulgarian translation
* Added Czech translation
* Added Hungarian translation
* Added Portuguese (Brazil) translation
* Added Swedish translation
* Added Chinese (Taiwan) translation
* Added support for sapphire to Portuguese (Portugal) translation
#### Developer Tools
* Added augmentDefaultRecords(), so DataObjectDecorators can extend requireDefaultRecords
Bug fixes
* Sapphire
* Hardcoded array of encryption algorithims in Security::get_encryption_algorithms(), as a bug in MySQL causes corruption in dumps with enums with commas
* Fixed bug with google sitemap on translated sites
* Removed title from SecurityID fields, as some forms show labels on HiddenFields
* Fixed Object::uninherited() for PHP 5.1.2
* Added empty array to member so that roles can add their own has_one relations
* CMS
* Added SecurityAdmin_rightbottom.ss
* Javascript
* Upgraded TinyMCE to 2.1.3

View File

@ -1,396 +0,0 @@
# 2.2.2 (2008-05-22)
SilverStripe 2.2.2 was released on '''22 May 2008''' and had the following changes:
## Features and Enhancements
* Set svn:externals for new phpinstaller release tags/2.2.2 (changeset 54973)
* Disable / fix flash uploading (changeset 54959)
* Fixed php/code snippets in forum posts (changeset 54619)
* BUGFIX #2504 - Fixed translation interface not working in CMS (changeset 54472)
* Removed references to 'mot' folder in code (changeset 54407)
* #2501 + #2500 - Fixed notice-level errors in editable forms (changeset 54402)
* #2482 - Fixed newsletter unsubscribe (changeset 54215)
* #2447 - Bug in editing comment (changeset 54212)
* Don't mark a test site as being in dev mode if set_test_servers matches (changeset 53373)
* FEATURE: added phpdoc comments to the API calls for customising CMS rebranding (changeset 53216)
* BUGFIX: Ticket #2449 - Fixed unsubscribe function - because it's extending ContentController without a data record, we have to hack this by using null in the parent::__construct() - This however, should be refactored to have a data record (page in the CMS) (changeset 53210)
* MINOR: PHP notice fix - undefined variable (changeset 53204)
* MINOR: Fixed some php notices (changeset 53188)
* BUGFIX: Removed display: none for "nolabel" class - this is custom project code, and shouldn't be in sapphire! (changeset 53175)
* BUGFIX: Ticket #2455 - Check variable exists before accessing Password index (changeset 53160)
* BUGFIX: Removed undefined variable $mem - we include ini_set for memory_limit in main.php instead (changeset 53156)
* _t call for EXPORTCSV problem fixed (changeset 53106)
* DataReport EXPORTCSV field missing (changeset 53105)
* API CHANGE Removed deprecated/incomplete Synchronise class - please do not use for production purposes (changeset 53101)
* Made has_one, has_many, and many_many methods more reliable (changeset 53075)
* Fix drag&drop in assets and security (changeset 53073)
* Make double-redirects a warning rather than an error, since they are usually benign. (changeset 53066)
* Don't redirect from /home to / if you've already called a redirection. (changeset 53066)
* Fixed ContentController where ->dataRecord is empty (changeset 52719)
* Don't strtolower ->action, as it had too many side-effects. (changeset 52452)
* #2387 - Fields specified in DataObjectDecor not saved in some cases (changeset 52448)
* Newsletter import: only send a change notification email if there are changes to be sent (changeset 52434)
* #2378 - Fixed newsletter import (changeset 52432)
* Fixed Authenticators to work with r52400 (changeset 52401)
* #2299 - Fatal error in specific version of PHP (changeset 52400)
* BUGFIX re-initializing tabstrip javascript after ajax-reload in AssetTableField popup (#2309 AssetTableField popup fails after saving) (changeset 52399)
* Fix to ManifestBuilder when running site on windows in a directory containing \r or \t or \n (changeset 52398)
* #2388 - Fixed CMS search. (changeset 52395)
* BUGFIX disable third party browscap by default (#2336) (changeset 52394)
* formatting (changeset 52393)
* Upgraded SWFUpload to improve CMS uploads (changeset 52392)
* Show security id errors on test sites as well as dev (changeset 52391)
* Improved behaviour of contentcontrollerInit when extensions are applied to subclasses of SiteTree (changeset 52350)
* fix comment admin not working correctly (changeset 52309)
* Added LeftAndMain::set_loading_image() for replacing the image shown when the CMS is loading (changeset 52298)
* Fix pagecomment links and feeds (changeset 52296)
* fix links in RSS feeds (changeset 52295)
* don't cache in overridden instance_get(), as the fields are different for subclasses (changeset 52293)
* #2314 - Fixed SQLMap implementation so that Group::map() returns appropriate data, and the group dropdown on the access tab works. (changeset 52224)
* #2362 - Fixed change password form (changeset 52213)
* Add scrollbar to RHS link inserter, so you can see everything (changeset 51973)
* Fix to anchor insertion (changeset 51963)
* fix php notice (changeset 51938)
* Make Object::hasMethod() and Object::__call() case-insensitive, and added tests for it (changeset 51462)
* Test for hasMethod (changeset 51461)
* Fixes to TestRunner for latest PHPUnit/PHP (changeset 51459)
* API CHANGE Allow for tests that don't use the database - don't define a static SapphireTest:: (changeset 51150)
* Fixed typo in r51150 (changeset 51151)
* Fixed HomepageForDomain behaviour when entering multiple domains (changeset 51436)
* API CHANGE Added RestfulService::httpHeader() for setting custom headers on REST requests (changeset 51203)
* API CHANGE Added RestfulService::basicAuth() for setting authentication for REST requests (changeset 51203)
* API CHANGE Added param to RestfulService::connect(), to allow for requesting of multiple URLs from a single RestfulService object. (changeset 51203)
* Updates to usability & IE support of link insertion (changeset 51081)
* #2265 Installer falsely claims modrewrite fails (mamp) (merged from trunk, r50698) (changeset 51070)
* #2282 Undefined index in install.php (merged from trunk, r50698) (changeset 51069)
* #2266 Fresh install of SilverStripe? doesn't let you upload or view images to insert, until you first go into Files and Images area (merged from trunk, r50695) (changeset 51068)
* Cleaned up ChangeLog (changeset 51064)
* updated changelog for 2.2.2 (changeset 51042)
* Added delete from stage button to CMS (changeset 50852)
* Added Translations for Danish (Denmark) - thanks to Jesper and Dennis (changeset 50824)
* Added Translations for Esperanto - thanks to Wojtek, Donald, Evan and Joop (changeset 50824)
* Added Translations for Finnish (Finland) - thanks to Elias, Vesa and Nina (changeset 50824)
* Added Translations for LOLCAT - thanks to Wojtek (changeset 50824)
* Added Translations for Sinhalese (Sri Lanka) - thanks to Nivanka, Himali and Lakshan (changeset 50824)
* Updated several translations in cms/auth_openid/sapphire (changeset 50824)
* Added package names for i18n files (changeset 50824)
* Reverted patch from r47694 which introduced conditional statements in lang-files (changeset 50824)
* Added Translations for Danish (Denmark) - thanks to Jesper and Dennis (changeset 50824)
* Added Translations for Esperanto - thanks to Wojtek, Donald, Evan and Joop (changeset 50824)
* Added Translations for Finnish (Finland) - thanks to Elias, Vesa and Nina (changeset 50824)
* Added Translations for LOLCAT - thanks to Wojtek (changeset 50824)
* Added Translations for Sinhalese (Sri Lanka) - thanks to Nivanka, Himali and Lakshan (changeset 50824)
* Updated several translations in cms/auth_openid/sapphire (changeset 50824)
* Added package names for i18n files (changeset 50824)
* Reverted patch from r47694 which introduced conditional statements in lang-files (changeset 50824)
* Added Translations for Danish (Denmark) - thanks to Jesper and Dennis (changeset 50824)
* Added Translations for Esperanto - thanks to Wojtek, Donald, Evan and Joop (changeset 50824)
* Added Translations for Finnish (Finland) - thanks to Elias, Vesa and Nina (changeset 50824)
* Added Translations for LOLCAT - thanks to Wojtek (changeset 50824)
* Added Translations for Sinhalese (Sri Lanka) - thanks to Nivanka, Himali and Lakshan (changeset 50824)
* Updated several translations in cms/auth_openid/sapphire (changeset 50824)
* Added package names for i18n files (changeset 50824)
* Reverted patch from r47694 which introduced conditional statements in lang-files (changeset 50824)
* #2283 Permissions are a bit broken - what happened to all the CMS permissions? (changeset 50957)
* #2310 MemberTableField Popup breaks after saving (changeset 50954)
* #2310 MemberTableField Popup breaks after saving (changeset 50954)
* BUGFIX fixed csv export in MemberTableField by checking for valid database columns when building SELECT statement (changeset 50952)
* FEATURE added hasDatabaseField() (changeset 50949)
* BUGFIX properly setting $childID in form for newly created items to avoid duplicates after subsequent saving (the form reloaded without the ID connection) (changeset 50947)
* Make RSS feed work with objects that don't support AbsoluteLink, such as the forum (changeset 50921)
* fixing typo in parameter name $validate --> $validator (changeset 50641)
* made $messageType parameter of Validator::validationError optional, and added API docs to explain what (apparently) is going on (changeset 50645)
* fixing bug with in-memory child objects not having their parent ID field updated via the ->add() method (changeset 50815)
* #2302 - Fixed double-escaping of CTF popup page-navigation links (changeset 50903)
* reverted r49775 (accidental removal of "add" feature, its actually not redundant functionality) (changeset 50854)
* fixed xhtml error (forgot closing `<p>`) (changeset 50849)
* updated en_US master entities (changeset 50844)
* updated en_US master entities (changeset 50844)
* updated en_US master entities (changeset 50844)
* fixed PHP notices (changeset 50840)
* fixed PHP notices (changeset 50838)
* formatting, fixed PHP notices (changeset 50836)
* fixed PHP notice (changeset 50829)
* documentation (changeset 50814)
* #2285 - Fixed widget editor (changeset 50812)
* added $searchable_fields in preparation for a more generic search implementation, currently limited to Member.php and MemberTableField.php (mainly to fix bugs caused by r49774 and r47856) (changeset 50805)
* fixed weird indentation formatting in Member.php (changeset 50805)
* Fixed default-setting for link anchor (changeset 50786)
* Added 'anchor' option to link inserter (changeset 50783)
* Fixed svn:externals (changeset 50776)
* Moved externals to used HTTP for 3rd-party friendliness (changeset 50764)
* fixed typo (changeset 50729)
* added database indexes for AuthorID and PublisherID (changeset 50723)
* #2265 Installer falsely claims modrewrite fails (mamp) (changeset 50697)
* #2295 - DataObjectSets cannot be iterated over multiple times concurrently (changeset 50683)
* #2280 - Fixed XML parsing errors in CTF (changeset 50488)
* #2287 - Removed notice-level error when geoip's not installed (changeset 50487)
* Fixed newlines in to-do report (changeset 50361)
* #2277 - Fixed notice-level error on controllers that are direct subclasses of controller (changeset 50352)
* Added support for password and old_password encryption mechanisms if you're using MySQL (changeset 50290)
* Small fix for session bugs on Lightspeed server (changeset 50245)
* A bit of a hack to fix double-escaped URLs in the CMS. (changeset 50214)
* Fixed CMS bottom-navigation after publish, when using the subsites module (or other alternateAbsoluteLink implementors) (changeset 50205)
* Fixed password emailing for edited members (changeset 50200)
* Allow use of on controller extensions (changeset 50180)
* Fixed 4.1-sort-by-group-aggregate query rewriter for sort functions containing columns, eg, ORDER BY if(A,B,C), X (changeset 50179)
* Fixed notice level error (changeset 50047)
* Fixed bug with BasicAuth enabled on an old database, it was preventing you from visiting db/build (changeset 50031)
* Fixed MySQL 4.1 support for situations where we are sorting by a group aggregation function (changeset 49999)
* Fixed notice level error (changeset 49999)
* fixed caching in getManyManyComponents (see r43848) (changeset 49946)
* removed redundant error strings (changeset 49922)
* Added a default exception handler. Any uncaught exceptions thrown from application code are now scooped up by the Debug::fatalHandler (changeset 49906)
* (changeset 49906)
* Still some small problems with displaying stack traces of exceptions because the context array from trigger_error looks quite different from that of Exception::getTrace (changeset 49906)
* (changeset 49906)
* Also fixed a couple of echo/print bugs in Debug::friendlyError. From the looks of the code there may be more bugs to cleanup here. (changeset 49906)
* Fixed Controller::allowed_actions documentation (changeset 49896)
* Added to main CMS controllers (changeset 49895)
* Removed warning in group admin (changeset 49894)
* Improved allowed_actions support for subclassed controllers, such as CMSMain extends LeftAndMain (changeset 49893)
* Removed use of deprecated setExtraClass (changeset 49892)
* Moved _ss_environment.php include to very top (changeset 49891)
* Added deprecation note to BulkLoaderAdmin (changeset 49890)
* added $casting for BaseHref() (changeset 49843)
* fixed sql-injection (changeset 49834)
* Updated AssetAdmin to use TreeTitle() in place of Title for tree generation (changeset 48425)
* > Updated TreeTitle() to allow use of alternateTreeTitle() in decorator (changeset 48425)
* > Updated File to allow the insertion of extra columns by decorator (changeset 48425)
* Updated subject line of warning/error emails (changeset 49732)
* Moved folder admin form to Folder::getCMSFields() to let you more easily manipulate the form with a decorator (changeset 49804)
* Disabled notice level error until more of the core is compliant (changeset 49803)
* Moved CMS page-disabled logic into SiteTree::CMSTreeClasses(), so that it can be more easily customised for specific sites (changeset 48376)
* Added Member->SetPassword, a field that lets you have a write-only password field (changeset 46525)
* Used Member->SetPassword to create a password column on the MemberTableField for SecurityAdmin (changeset 46525)
* Send 'changed password' emails when a user is first created as well as edited (changeset 46525)
* Fixed DataObjectSet::insertFirst() - it now uses a numeric key rather than null (changeset 45750)
* Create Group::canEdit(), which can be used to filter the SecurityAdmin group list (changeset 45748)
* Redirect to legislation section when there are only legislation pages (changeset 45654)
* Allow selection of folder when inserting files / images (changeset 45654)
* Minor bugfixes (changeset 43980)
* Added additional checks so that the email doesn't get sent to new members, or on the test site. (changeset 43384)
* Used Object::create() to create email instances sent by the system. (changeset 43342)
* Added BaseHref() to Member_ChangePasswordEmail so that the email shows the domain name of the current subsite. (changeset 43340)
* Tidied up lost password form. (changeset 43339)
* Added Member::$notify_password_change (changeset 43336)
* Added missing ChangePasswordEmail.ss (changeset 43335)
* Saving the member with a changed password now sends an email to the member. (changeset 43334)
* Updated AssetAdmin to use TreeTitle() in place of Title for tree generation (changeset 48425)
* > Updated TreeTitle() to allow use of alternateTreeTitle() in decorator (changeset 48425)
* > Updated File to allow the insertion of extra columns by decorator (changeset 48425)
* Updated core to allow for subsites restriction of filesystem: Folder::getCMSFields() is now responsible for generating the folder form. (changeset 48401)
* Folder::syncChildren() now exclusively uses DB::query() calls instead of DataObject::get(). (changeset 48401)
* Moved CMS page-disabled logic into SiteTree::CMSTreeClasses(), so that it can be more easily customised for specific sites (changeset 48376)
* Removed redundant Add Member button at the top-right (changeset 46526)
* Added Member->SetPassword, a field that lets you have a write-only password field (changeset 46525)
* Used Member->SetPassword to create a password column on the MemberTableField for SecurityAdmin (changeset 46525)
* Send 'changed password' emails when a user is first created as well as edited (changeset 46525)
* Changed call to ViewableData::castingHelperPair to fix sort not being set by getNewItem (changeset 43365)
* Added LeftAndMainSubsites->augmentNewSiteTreeItem that allows extensions of LeftAndMain to provide the current SubsiteID for the new item. (changeset 43321)
* CMSMain->getNewItem now calls $this->extend('augmentNewSiteTreeItem', $newItem); (changeset 43321)
* Changed DataObject to be a subclass of ViewableData instead of Controller, so that it can't be hacked by visiting Page/write. (changeset 49767)
* reverted accidental delete in r49761 (changeset 49766)
* e-This line, and those below, will be ignored-- (changeset 49766)
* (changeset 49766)
* A svn://svn.silverstripe.com/silverstripe/open/themes/blackcandy/trunk/blackcandy_blog (changeset 49766)
* reverted accidental delete in r49760 (changeset 49765)
* revert accidental commit in r49763 (changeset 49764)
* readding blackcandy (reverted r49761, r49762) (changeset 49763)
* Removed unused blackcandy blog (changeset 49762)
* Removed unused themes (changeset 49761)
* #2200 - Allowed subclasses in ComponentSet::add/remove (changeset 49715)
* #1878: wakeless: Supress disabled errors on live site (changeset 49709)
* Merged r49479 from branches/2.1.1-madebyme (changeset 49658)
* Merged r46528 from branches/2.1.1-madebyme (changeset 49657)
* Bypass debug handler for E_USER_NOTICE as well as E_NOTICE (changeset 49593)
* #2203 - ManifestBuilder regex (changeset 49448)
* fix caching in complex table field (changeset 49447)
* added setFields()/setActions() (changeset 49386)
* formatting (changeset 49386)
* reverted accidental commit (changeset 49352)
* added gwgtn theme files (changeset 49349)
* Added SS_DEFAULT_ADMIN_USERNAME/PASSWORD defines to conf/ConfigureFromEnv.php (changeset 49308)
* #177 - Don't let people create a page name the same as a class name (changeset 49193)
* Disabled unused files list, as it uses way too much memory (changeset 49192)
* #1921 - Make DataObject::write() call the recursive write on components, even when the dataobject itself hasn't changed (changeset 49187)
* #1956 - Show Title in RSSFeed (changeset 49184)
* simon_w: #1954 - Added object caching methods (changeset 49182)
* #1951 - Fix newsletter subscription form (changeset 49181)
* Removed clone behaviour from Form::Fields() (changeset 49180)
* Added SubscribeSubmission template to get subscribeforms to work (changeset 49177)
* Added default SubscribeForm.ss (changeset 49176)
* Fixed ManifestBuilder execution in restrictive openbasedir environments (changeset 49172)
* #1987 - Fixed sitename/?url=sitename bug (changeset 49151)
* #2016 - Added all the types of error pages (changeset 49150)
* #2137 - Changed email encoding from iso-8859-15 to utf-8, in compliance with other parts of SilverStripe and IMC recommendations (changeset 49149)
* fixed i18n::get_owner_module() calls on classes with _s (changeset 49148)
* Improvement to link-insertion logic when selecting text that doesn't have a link (changeset 49147)
* #1881 - Duplicated words in error message text (changeset 49066)
* documentation (changeset 49033)
* documentation (changeset 49032)
* fixed typo in doc comment (changeset 48972)
* fix sql error on comments section (changeset 48970)
* #2088 - Notice level error on compare versions (changeset 48969)
* #2005 - Fixed seamonkey browser recognition (changeset 48968)
* fix upload folder (changeset 48857)
* #2212 / #2201 - Fix notice-level errors in PageView updates (changeset 48941)
* mrickerby: #2201 - fixed PageView's recording of referrers. (changeset 48912)
* For some project we need server run some scheduled task yearly, such as upgrade high school students for GSO. (changeset 48906)
* updating form in ctf-popup after saving (including validation-errors and fields that have may changed on the serverside, e.g. ImageField) (changeset 48874)
* not all cms panel has sitetree, so better check if($('sitetree')) exsit, otherwise IE broken with all genericDataAdmin panel. (changeset 48869)
* adding "delete" class to DeleteImageForm (changeset 48865)
* compressed ImageField layout to fit in CTF-popup (removed "click here to remove" label) (changeset 48855)
* removed iframe-borders for IE (changeset 48855)
* fixed "object not found" error in ie6 (somehow Observable is not applied to sitetree at window-load) (changeset 48847)
* Polishing EducatorAdmin's Students Tab (changeset 48844)
* locking down URLs: image/iframe, image/flush, image/transferlegacycontent (changeset 48835)
* Recover ExportForm for genericDataAdmin Which is needed for CRM CreateCommunication (changeset 48792)
* Add ability to choose which file to upload to in a FileField (changeset 48785)
* Fixed illegal reference to this (changeset 48688)
* Put MenuTitle in the CMS LHS tree instead of Title (changeset 48462)
* (changeset 48451)
* Fix incorrect text boxes being set on an ajax request (changeset 48178)
* Allow many-many complex table fields to be used on the reverse side of the join (belongs many many) (changeset 48082)
* Removed ranking tools from DataObjectSet (changeset 47743)
* implemented equal values (changeset 47459)
* (changeset 47454)
* Added simple to-do list facility to SiteTree (changeset 47172)
* Added title attributes to the SilverStripeNavigator messages (changeset 47156)
* Fix bug when duplicating pages with reorganise enabled (changeset 48507)
* Added paste plain text and paste from word buttons to the HtmlEditorField in the CMS (changeset 47155)
* Added 'duplicate page and children' context-item in addition to 'duplicate just this page' (changeset 48503)
* Fixed context menus in CMS (changeset 48474)
* Fixed 404 on spacer.gif (changeset 47190)
* Fixed bug in todo list reprot (changeset 47174)
* Added simple to-do list facility to SiteTree (changeset 47172)
* Added paste plain text and paste from word buttons to the HtmlEditorField in the CMS (changeset 47157)
* Added paste plain text and paste from word buttons to the HtmlEditorField in the CMS (changeset 47155)
* #2005 - Fixed fatal error due to browscap.ini capitalisation error (changeset 48514)
* Updated windmill tests - sleeps and waits (changeset 48431)
* Added in_array_recursive() to ArrayLib, for recursively checking an array with nested arrays (changeset 48423)
* fix the bug that initialises with preloaded selected items with right hide/show (changeset 48419)
* Added sapphire/conf/ConfigureFromEnv.php for making use of _ss_environment.php (changeset 48359)
* Fixed formatting of code, and added some documentation on what the source for this field should be (changeset 48326)
* (changeset 48313)
* Fix sorting in complextablefield (changeset 48257)
* wakeless: #2144 - More memory-efficient version of admin/publishall (changeset 48242)
* #1736 - Make Security::get_encryption_algorithms() a dynamic function again. (changeset 48227)
* Fixed comment. (changeset 48200)
* Fixed bug: Page class wasn't shown in add-page dropdown (changeset 48176)
* Fixed admin credentials setting from 'make install' and 'make test' (changeset 48175)
* Added the contents of assets/ to svn:ignore (changeset 48175)
* Added Windmill test for editing content (changeset 48173)
* Re-enabled session_regenerate_id() (changeset 48172)
* renamed escapeFlagForField() to escapeTypeForField(), updated documentation (changeset 48168)
* Deprecated use of DBField 'Text' for saving HTML-Content (added check in HTMLEditorField->saveInto()) (changeset 48164)
* Added ViewableData->escapeFlagForField() to determine if the record-field needs escaping (currently only 'xml' supported) (changeset 48164)
* Refactored session_regenerate_id to make it easier to disable in some circumstances. (changeset 48161)
* Temporarily disabled session_regenerate_id so that Windmill can work. (changeset 48161)
* Removed notice level errors for better cli-script operation (changeset 48153)
* Better error for cli-install errors, uses exit(1) to stop make (changeset 48152)
* Added note about Makefile so that people don't think they should use that for normal installation. (changeset 48133)
* Allow calling of installer by running 'make install' from an environment with an _ss_environment.php file. This is important for continuous integration. (changeset 48132)
* formatting (changeset 48113)
* formatting (changeset 48112)
* removed dropDatalessFields() - needs serious refactoring before going into core again (changeset 48110)
* removed dropDatalessFields() - needs serious refactoring before going into core again (changeset 48109)
* renamed $wantDefaultAddRow to $showAddRow (changeset 48105)
* fixed escaping errors in default homepage content (changeset 48104)
* Added Makefile so that you can execute 'make test' in sapphire and it will run tests. (changeset 48100)
* Added support for array in _ss_environment.php for specifying URLs to use for cli-script.php (changeset 48100)
* Improved the Behaviour.addLoader() method to play more nicely with tools such as windmill (changeset 48086)
* fix bug: when no source items found, the table should still show and it should works as adding new records (changeset 48085)
* Fixed the $hide_ancestor static on SiteTree subclasses so that it actually works. (changeset 48056)
* Fixed login test (changeset 48049)
* Added initial windmill test (changeset 48042)
* Fix php notice (changeset 47985)
* FIx php notice (changeset 47982)
* Fix autocompletion in Security Admin (changeset 47956)
* #892 - Error attaching an existing folder to an ImageField (changeset 47948)
* Fix spelling mistake (changeset 47947)
* Remove having clause as it can't be used (changeset 47946)
* simon_w: #2122 - Bug in PageComments class (Security) (changeset 47937)
* #2058 - Installer does not escape passwords in _config files (changeset 47910)
* converted TODO into @todo for better PHPDocumentor support (changeset 47891)
* Fix i18n errors (changeset 47890)
* #2094: Make ContentNegotiator send XHTML to the W3C validator (changeset 47882)
* Fix externals (changeset 47881)
* Fix DataObjectSet constructor breaking with associative arrays (changeset 47880)
* simon_w: #2118 - When removing a value from an enum, set affected rows back to the default (changeset 47877)
* simon_w: #2098: Fixed notice level error (changeset 47876)
* #1874 - generated .htaccess lacks "Rewritebase" (changeset 47875)
* fix wrong warning info: Director -> Debug (changeset 47858)
* rbarreiros: 019 - Lost Locale when translatable string not found (changeset 47857)
* rbarreiros: #1907 - Patch for more i18n strings (changeset 47856)
* #1959 - You can't reorganise pages without creating pages (changeset 47855)
* Don't fail in i18n::include_by_class if the module isn't translatable (changeset 47854)
* Remove debug message (changeset 47847)
* Added $SecurityID for templates (changeset 47846)
* lperera: #1975 - Improvements to RestfulService (changeset 47844)
* #2003: Don't close img and br tags on HTMLText.Summary (changeset 47843)
* Fix syntax error (changeset 47842)
* Error checking in i18n::include_by_class shouldn't complain if mysite/lang doesn't exist - only if a module doesn't have internationalisation options. (changeset 47841)
* Reverted 47595, are it broke $defaults (changeset 47840)
* rbarreiros: #1918 Translate newsletter and other strings (changeset 47839)
* Fix building manifest before database is created (changeset 47838)
* #1352 - Better handling of memory limit (changeset 47836)
* #1212 - Show the saved value of EditableEmailField.SendCopy (changeset 47832)
* #1352 - Better handling of memory limit (changeset 47831)
* Allow insertion of `<img>` tags that refer to external domains (changeset 47827)
* Add alt= to any images that don't have alt tags (changeset 47827)
* Improvements to API docs (changeset 47826)
* documentation (changeset 47815)
* allowing object-parameters in DataObjectSet and ArrayData, added ArrayData::object_to_array() (changeset 47808)
* added is_associative() (changeset 47807)
* added lc_XX locale for LOLCAT (changeset 47813)
* Improved API documentation (changeset 47806)
* Improved API documentation (changeset 47805)
* Moved test control files into sapphire/testing, so that sapphire/tests can be ignored by the documentor. (changeset 47804)
* Use lighter version of browscap.ini (changeset 47802)
* #1088 - attachments cannot be emailed from mac or windows systems (changeset 47800)
* #172 - Reorganise : new page (changeset 47797)
* Fix php notice (changeset 47792)
* API Documentation updates (changeset 47773)
* Added tests for DataObject (changeset 47767)
* Take orderby clause into account when caching in DataObject::get_one() (changeset 47756)
* Fix caching in DataObject::get_one() (changeset 47755)
* Remove HAVING clause from methods where it doesn't make sense to have them (changeset 47754)
* set $template and $itemClass to public (according to parent implementation) (changeset 47748)
* fixed formatting (changeset 47748)
* fixed getParentIdName() call in DetailForm() - paramter-order was wrong (changeset 47747)
* better checking in saveComplexTableField() to avoid PHP-notice (changeset 47747)
* Fix YAML many_many/has_many relationships (changeset 47746)
* YAML comma seperated => lists should work on has_meny relationships as well (changeset 47739)
* Added package tags and docblock info for API documentation (changeset 47733)
* Fixed whitespace (changeset 47733)
* Updated API documentation package tags (changeset 47732)
* Fixed some whitespace (changeset 47732)
* Removed unnecessary file CMSHelp (changeset 47729)
* Removed unnecessary class Staged (changeset 47725)
* Fix stack trace on objects that don't extend the Object class (changeset 47723)
* PDODatabase got the wrong end of the stick - Database::createDatabase() shouldn't need any arguments. Fixed this in the core class and MySQLDatabase, but PDODatabse still needs fixing. (changeset 47698)
* Fixed TestRunner (changeset 47699)
* Added paste plain text and paste from word buttons to the HtmlEditorField in the CMS (changeset 47155)
* Added paste plain text and paste from word buttons to the HtmlEditorField in the CMS (changeset 47155)
* wakeless: #1976 - DataObject queries the database for child elements when it hasn't been serialized (changeset 47695)
* #1666 - Interface translations don't show in footer (changeset 47694)
* Fix title and description in RSS feeds (changeset 47688)
* Update copyright to 2008 (changeset 47657)
* update copyright to 2008 (changeset 47654)
* Update copyright to 2008 (changeset 47653)
* Added release date (changeset 47430)
* Updated Changelog (changeset 47262)
* Updated ChangeLog (changeset 46870)
* add function fieldByName (changeset 47479)
* made breadcrumbs-delimiter configurable (changeset 47634)
* Reversed isset() change which was causing some side effects (changeset 47602)
* Fixed PHP notice undefined index - $messageSet['alreadyLoggedIn'] (changeset 47600)
* Fixed ID undefined PHP notice error (changeset 47595)
* removed DetailForm() (was just needed to set custom class which is now in $popupClass), updated saveComplexTableField() to reflect parent class code (changeset 47593)
* added $popupClass to avoid duplication, getting basedataclass for existing children in DetailForm() (in case we're dealing with different subclasses) (changeset 47592)
* more solid ID-detection in php() (changeset 47591)
* additional checks before foreach() loop (changeset 47589)
* fixed PHP notice in implementorsOf (changeset 47588)
* #2069 Locale file /lang/en_US.php should exist (Windows) (changeset 47587)

View File

@ -1,36 +0,0 @@
* BUGFIX: Don't allow calling of magically added methods via URL unless explicitly listed in allowed_actions (changeset 64988)
* BUGFIX: Fixed HTTP/1.0 support (changeset 64722)
* Fix typo (changeset 64643)
* Fix accept button in CommentAdmin not working (changeset 64640)
* Fix CMS export (changeset 64639)
* MINOR: PHP notice fixes (changeset 64638)
* MINOR: fix php notice (changeset 64637)
* Allow default value to be set on CountryDropdownField (changeset 64636)
* Add ability to disable 'None' option and to choose the title field in TypeDropdown (changeset 64635)
* BUGFIX: Allow disabling of updateCMSFields() on SiteTree so subclasses that want decorators to have access to (changeset 64634)
* their added fields can call it themselves. (changeset 64634)
* MINOR: Fix PHP notices (changeset 64625)
* Show '(Choose)' text on TreeDropdownField when a non-existent object is selected, as can happen when related data is removed (changeset 64355)
* When calling Folder::findOrMake(), set the Title as well as the Name of new folders (changeset 64354)
* Allow updating of File detail CMS fields by defining updateCMSFields in a decorator (changeset 64353)
* Add macron about native name of maori (changeset 64130)
* Added ->itemWriteMethod parameter, to adjust the way that CTFs write (for instance, to save and publish instead of just save) (changeset 64128)
* BUGFIX: Form::sessionMessage() didn't set type (changeset 63966)
* Fixed sorting in TableListField and subclasses (changeset 63524)
* Removed hard-coded limits in ConfirmedPasswordField. This should be configured in a member password validator (changeset 63405)
* BUGFIX: Fixed tree.js to work with TreeMultiselectField (changeset 63343)
* ENHANCEMENT: Use get variable rather than session for Security::permissionFailure()'s BackURL, as it's more reliable (changeset 63030)
* BUGFIX Set ID of lostpassword page to -1 so we don't get top level pages (changeset 62107)
* as its children (changeset 62107)
* BUGFIX Revert r61631 for Translatable but kept SiteTree changes instact from that revision since they are still useful (changeset 61815)
* API CHANGE: Decorators on SiteTree can now define updateCMSActions (changeset 61625)
* API CHANGE: Decorators on SiteTree can now define updateCMSActions (changeset 61624)
* BUGFIX: Don't show publish button when editing translatable page, as it is broken (changeset 61624)
* BUGFIX: search is now html valid! (changeset 60980)
* merged from trunk (changeset 60651)
* BUGFIX: Fix typedropdown not working when there are no records of that (changeset 60240)
* dataobject. (changeset 60240)
* commented out line 121 that put line breaks (changeset 60194)
* add missing semicolon (changeset 60026)
* Fix null title value on tiny mce inserted images (changeset 60025)
* Overwriting Date.php to output US Date format (changeset 59710)

View File

@ -1,43 +0,0 @@
# 2.2.4 (2009-03-20)
## Features and Enhancements
* ![rev:65263] Default permission failure message set can be changed
* ![rev:73365] Text->FirstParagraph?() now works for `<div>` containers in HTML, as you may not always have paragraph tags.
* ![rev:73272] Added Director::is_relative_url() and Director::is_site_url()
* ![rev:69634] After a javascript validation error from a form submission, focus on the first errored field
## Bugfixes
* ![rev:73367] Allow translation of front-end content into all languages, not just common ones (Merged from r64943)
* ![rev:73347] Removed canEdit() call that doesn't exist in SecurityAdmin::savemember()
* ![rev:73319] Added missing action 'DeleteImageForm' to Image::$allowed_actions
* ![rev:73305] Added missing action 'EditImageForm' to Image::$allowed_actions
* ![rev:73302] Fixed too strict permission checking on Image::$allowed_actions. Replaced broken * permission check with explicit method names
* ![rev:73298] Fixed array to string conversion caused by patch committed in r73272
* ![rev:73295] Validating $_FILES in Image::loadUploadedImage() (Original patch was applied to Upload->validate() in trunk - r73254)
* ![rev:73294] Validating $_FILES in Folder::addUploadToFolder() (Original patch was applied to Upload->validate() in trunk - r73254)
* ![rev:73292] Fixed undefined variable $backURL that should've been $_REQUEST['BackURL']
* ![rev:73282] Using $allowed_actions in ImageEditor (Merged from r73248)
* ![rev:73280] Using $allowed_actions in Image_Uploader (Merged from r73255)
* ![rev:73279] Validating $_FILES in File::loadUploaded (Original patch was applied to Upload->validate() in trunk - r73254)
* ![rev:73278] Existence check for Member autologin token (Merged from r73253)
* ![rev:73276] Checking for Director::is_site_url() before redirecting in Controller->redirectBack() and MemberLoginForm (Merged from r73252)
* ![rev:73273] Added isDev() and Permission::check() directives to DatabaseAdmin (Merged from r73251)
* ![rev:73272] Validating $_FILES array in Director::direct()
* ![rev:73271] Using auto-escaped get_by_id() in CommentAdmin and SecurityAdmin (Merged from r73247)
* ![rev:72220] changed target blank to only exist by default for files
* ![rev:69598] Corrected layout of Security/lostpassword and Secuirty/changepassword pages to not show a glitchy main menu, ie, matches Security/login
* ![rev:69138] Fix readonly checkbox fields always setting the field to true
* ![rev:65490] Fixed usability issue with CalendarDateField required field validation. Slightly over-coupled; resolve that in the jQuery validation rewrite.
* ![rev:65258] Fixed ComplexTableField showing export link correctly
* ![rev:65219] Fixed i18n entity problem with TableListField_Item.ss
* ![rev:69594] Corrected changed-password email layout
* ![rev:67482] Merged db/build fix for auto_increment
* ![rev:65473] Preserve BackURL get-variable on failed log-ins
* ![rev:65488] Removed 'Welcome back, FirstName', message that appears if you log-in, out, then in again
* ![rev:66552] Make sure only fields that exist can be autocompleted on MemberTableFields, and never autocomplete on password. (merged from branches/2.3)
* ![rev:69440] forced tinymce to keep iframes in html rather then deleting them
* ![rev:66769] Reverted r66440 - this was causing too many bugs
* ![rev:66479] Fixed error on CommentAdmin
* ![rev:66440] Merged r57599 from branches/roa

View File

@ -1,2132 +0,0 @@
# 2.3.0 (2009-02-23)
## Upgrading
### Translatable Problems
**Don't use Translatable for multilingual database content. Don't upgrade to 2.3.0 if you're already using
Translatable.**
The [Translatable extension](/developer_guides/i18n) is currently marked as
unstable for the initial 2.3 release. **If your site uses more than one language for page content, don't upgrade to this
release.** We're working on bugfixes which will be contained in a minor 2.3.x release soon. Check our [releaseannouncements](http://groups.google.com/group/silverstripe-announce) for updates on Translatable bugfixes.
### BasicAuth disabled on test sites by default
Basic auth isn't enabled by default on test sites. If you need this, put this in your _config.php
if(Director::isTest()) BasicAuth::enable();
### /silverstripe and /cms no longer work as aliases to /admin
Removed certain URL aliases for CMS interface to allow for common page URLs like "silverstripe" or "cms". Please use
/admin as the main URL to access the CMS. See http://open.silverstripe.com/ticket/3267
### SiteTree Access tab now lets you select multiple groups
In order to do this, `SiteTree->ViewersGroup` and `SiteTree->EditorsGroup` have been changed from has_one relations
to many_many relations.
Your group-assignements for "Who can view this page" and "Who can edit this page" should be automatically migrated upon
calling `dev/build`. See [#2847](http://open.silverstripe.com/ticket/2847)
### Newsletter moved into new module
Newsletter functionality has been moved into its own module called **[newsletter](http://addons.silverstripe.org/add-ons/silverstripe/newsletter)**. If you were
previously using this as a feature out of the box with SilverStripe, then you will need to download the userforms module
to continue using it.
If you **don't** require the functionality, it's safe to delete these database tables:
* Newsletter
* NewsletterType
* SubscribeForm
* UnsubscribeRecord
#### auth_openid removed from default installation
The auth_openid module has been removed from default installation. Please install the module separately from
[silverstripe.org](http://silverstripe.org/auth-openid-module/)
### GenericDataAdmin and RelatedDataEditor moved into new module
GenericDataAdmin functionality has been moved into its own module. If you were previously using this as a feature out of the box with
SilverStripe, then you will need to download this module to continue using it.
### User Defined Form moved into new module
User Defined Form has been moved into its own module called **[userforms](http://addons.silverstripe.org/add-ons/silverstripe/userforms)**. If you were previously
using this as a feature out of the box with SilverStripe, then you will need to download the userforms module to
continue using it.
//Important note: If you **do** have an existing page of User Defined Form type in your CMS site tree, it's best to
install the module first as shown above. If you run dev/build?flush=1 without installing userforms, you'll lose the User
Defined Form page type until you install it then run dev/build?flush=1.//
If you **don't** require the User Defined Form functionality, it's safe to delete these database tables:
* EditableCheckbox
* EditableCheckboxOption
* EditableDropdownOption
* EditableEmailField
* EditableFileField
* EditableFormField
* EditableMemberListField
* EditableRadioOption
* EditableTextField
* SubmittedFileField
* SubmittedForm
* SubmittedFormField
* UserDefinedForm
* UserDefinedForm_Live
* UserDefinedForm_versions
### PostBackup
PostBackup has been moved into a module. See [postbackup
module](http://open.silverstripe.com/browser/modules/postbackup/trunk).
### /db/build/?flush=1 is now called /dev/build
Flushing the manifest with `?flush=1` doesn't need to be explicitly added.
### Core API Changes
* Removed ViewableData->setVal(), use ViewableData->setValue() ===
* Removed Director::isLiveMode(), use Director::isLive() ===
* Removed DataObjectSet->append(), use DataObjectSet->push() or DataObjectSet->merge()
* Removed Controller->LinkTo(), use Controller->join_links()
* Removed DataObject->getLastWriteFields(), use DataObject->getChangedFields()
* Removed Convert::raw2attr(), use Convert::raw2att()
* Removed Member->isAdmin(), use Permission::check('ADMIN')
* Removed Debug::warning(), use user_error("your message", E_USER_WARNING)
* Removed SiteTree->canView_page(), Use instance-specific SiteTree->canView() instead by checking for `$this->ID`.
* Deprecated URL parameter ?buildmanifest=1 (please use ?flush=1)
* i18ntextcollector is executed from a new URL. Use http://mysite.com/dev/task/i18nTextCollectorTask instead of
http://mysite.com/i18ntextcollector
### Director::addRules()
If you have made your own custom director rules with `Director::addRules`, you will need to add a double-slash into
the rule, to separate the part of the URL that specifies "this is how I get to this controller" from the part that
specifies "these are arguments to the controller".
In other words, change this:
:::php
Director::addRules(50, array(
'admin/ImageEditor/$Action' => 'ImageEditor',
));
To this:
:::php
Director::addRules(50, array(
'admin/ImageEditor//$Action' => 'ImageEditor',
));
### Decorators
* Renamed DataObjectDecorator->extraDBFields() to extraStatics() (see
[r65065](http://open.silverstripe.com/changeset/65065))
* DataObjectDecorator->updateCMSFields() is now called from DataObject->getCMSFields(), instead of only SiteTree
instances
* Changed return values for DataObjectDecorator->updateCMSActions() to FieldSet, rather than an array.
### Data Model
* Removed Datetime class, use SSDatetime instead (it was conflicting with PHP 5.2 integrated classes)
* Removed Text->Att(), use Text->ATT_val() instead
### Forms
* Removed NoScriptField, use LiteralField
* Removed EncryptField, use PasswordField
* Removed NamedLabelField, use LabelField
* Removed NoScriptFormAction, use unobtrusive scripting
* Removed FormField->setExtraClass(), use FormField->addExtraClass()
* Removed deprecated ComplexRequiredFields, `RequiredFields` and custom javascript instead
* If you have created your own FormField classes, FormField::performReadonlyTransformation() and
FormField::performDisabledTransformation() must return new form fields, e.g., cloned instances, or unit tests will fail.
### Templates
* '''$Top''' in templates has changed its behaviour; if you call $Top from inside a template that is rendered
separately (eg, a Form template), it will point to the top element of that template execution (in this case, the Form
object) rather than the top element of the outermost template (which would presumably be the page in question). This
was a bug that we have fixed, but some people may rely on it. See http://open.silverstripe.com/ticket/2781
* A `<legend>` element has been added before any `<fieldset>` in all SilverStripe forms. SearchForm.ss and Form.ss are
where it has been added. This now validates the form HTML for W3C compliance. Please verify that your forms visually
look okay after upgrading. Legend can be set by calling ''->setLegend('my legend here')'' on your Form object.
### CMS menu API
We have deprecated the LeftAndMain menu customisation API.
* Don't set any menu-item static variables any more.
* For the most part, you won't need to add anything to _config.php to add CMS menu items; just define the static
variables `$menu_title` and `$url_segment` on your `LeftAndMain` subclasses.
* If you want to add a menu item that's not a subclass of `LeftAndMain` (eg, help or a link to a webstats package),
use `CMSMenu::add_menu_item()`
* To remove a menu item, use `CMSMenu::remove_menu_item()`. It identifies items by classname rather than arbitrary
$code value.
### ContentNegotatior is now disabled by default, mostly
The ContentNegotatior system was a bit of voodoo that confused a lot of people, so we have disabled it by default for
regular templates. It will still enabled by default for templates that include the `<?xml ?>` header, because these
are the only templates that benefit from it significantly.
If you want to enable it for your HTML4 templates, then you can do so by calling `ContentNegotiator::enable()`. Note
also that the DOCTYPE altering, which was a frequent cause of pain, only executes if your original template had the
`<?xml ?>` header.
### Other API Changes
* Removed deprecated File::loadallcontent(), use Upload class
* Image->URL returns relative instead of absolute URL. Use Image->AbsoluteURL instead.
* Moved DataReport and SQLReport into the ecommerce module. If you're using these classes, please see the
[ecommerce modules](http://addons.silverstripe.org/add-ons?search=ecommerce&type=&compatibility%5B%5D=3.1).
### Default mysite/_config.php
The installer includes a default configuration file: *mysite/_config.php*. If you have already have your own
*mysite/_config.php*, you can safely keep your own version and disregard the new file.
### Default validators for Form instances (PHP and JavaScript)
Enforcing usage of a Validator instance in Forms if its not explicitly passed to the Form constructor. By default a new
RequiredField instance is used without any fields marked as required. This was necessary because some FormField
implementations rely on their validate() method, sometimes as a wrongly placed processing hook, but mostly for security
reasons. One example are file extension checks in FileField subclasses.
In most cases this won't have any effect on existing forms, although you might get additional JavaScript dependencies
like Validator.js and behaviour.js. If you want to disable JavaScript validation across forms, add the following to your
_config.php:
:::php
Validator::set_javascript_validation_handler('none');
See http://open.silverstripe.com/changeset/69688
## New Features
* ![rev:71761] Allow combined files to be disabled
* ![rev:70697] CRM Security with two levels: viewable and writeable.
* ![rev:70422] added silverstripe version number to meta generator tag
* ![rev:70142] add permission control for AddForm and EditForm
* ![rev:69687] added Smiliey support to BBCode / forum. Now BBCode supports :) :P :D :( 8-) and :^). Yays for icons. Should move from BBCodeParser to TextParser so its available in tinymce but this will do for the forum
* ![rev:66163] #1531 - Allow moving files in root assets file (hamish)
* ![rev:65904] #1614: Allow use of admin/addpage?ParentID=(ID)&PageType=(Class) url to quick-add pages
* ![rev:65690] #594: Added javascript-on-demand support
* ![rev:65689] #594: Added javascript-on-demand support
* ![rev:65688] #594: Added javascript-on-demand support
* ![rev:65555] #2767 wakeless: Allow popuplation of non-DataObject tables with YamlFixture
* ![rev:65351] merged back patch for image editor. Currently completely broken on trunk this patch does nothing to fix it sadly. I think its a prototype thing
* ![rev:65095] Added CMSMenu and CMSMenuItem and adjusted existing LeftAndMain subclasses to use new notation.See #2872 (thanks to hamish for the patch!)
* ![rev:64881] Making DataObject attributes translatable through i18n class, e.g. $db and all relation statics. Use DataObject->fieldLabels() to access translated attributes.
* ![rev:64877] Added JavaScript unit tests with jQuery QUnit. Can be viewed similiarly to PHPUnit tests through dev/jstests URL. Uses an `<iframe>` to include all tests.
* ![rev:64758] Update to TinyMCE 3.2 - CMS changes
* ![rev:64492] Support for i18n entity namespaces in templates
* ![rev:64480] Added support for 'sake dev/tests/all --showslow' to list slow tests
* ![rev:64473] Added ?debug_memory=1 flag
* ![rev:64461] Show max memory usage on dev/tests/all
* ![rev:64444] Flush template cache before running tests
* ![rev:64417] Added SiteTreeMaintenanceTask
* ![rev:64345] #2956 seaeagle1: Added If-Modified-Since support to HTTP::add_cache_headers() [16:00:18]
* ![rev:64308] Allowing for field-level permissions in DataObject::$api_access - respecting those permissions for reading and writing in RestfulServer (#2918)
* ![rev:64307] Allowing for field-level permissions in DataObject::$api_access - respecting those permissions for reading and writing in RestfulServer (#2918)
* ![rev:64231] #2951 simon_w: Use 301 redirect on Director::forceWWW()
* ![rev:64157] Added FormScaffolder for more flexible scaffolding of FieldSets from DataObject metadata
* ![rev:64103] #2601 - More template handlers
* ![rev:63679] Added HTTP method override support to HTTPRequest and Form (through $_POST['_method'] or $_SERVER['X-HTTP-Method-Override']), incl. unit tests
* ![rev:63659] Frontend CRUD scaffolding with RecordController and CollectionController (not fully functional yet, needs correct Link() methods)
* ![rev:63637] Added coloured output to dev/tests/all
* ![rev:63623] Added DataObject->getFormFields() - uses DataObject->scaffoldFormFields() by default. Added DataObjectDecorator->updateFormFields() for easy customization
* ![rev:63462] Added Email::obfuscate()
* ![rev:62477] Including Firebug Lite when requested by ?debug_firebug=1 for easy debugging in IE/Opera/Safari- otherwise including fake-objects with FirebugX by default to enable usage of console.* commands without javascript errors
* ![rev:62472] Added GoogleSitemap::enable()
* ![rev:62467] Formatting MySQL error messages with newlines through new SQLFormatter class (used in MySQLDatabase)
* ![rev:62458] Allow Use of ?fields=ID,Name,OtherField,RelName get variable on RESTful server queries, to restrict the fields and relations returned int the data set
* ![rev:62396] Added BulkLoader_Result for better inspection of import results, replacing the simple numeric count result format.
* ![rev:62333] TableListField's TRs can now have class=loading added to them to show a loading icon. (Used by ModelAdmin)
* ![rev:62286] Allow customisation of HTTPResponse status text, as well as status code
* ![rev:62284] Files & Images tree now shows filename rather than meta-data title, to make it easier to find the file you're looking for
* ![rev:62211] #1403 - addFieldToTab(), push(), insertBefore(), etc will allow duplicates - the old field is replaced with the new.
* ![rev:61824] #2594 - Allow decoration of getCMSActions() (simon_w)
* ![rev:61605] relate groups with column selections in SearchForm of CRM Admin
* ![rev:61444] xml2array now works with recursion so it will actually work with most xml files. Unit tests to comei
* ![rev:60396] Added configurable Requirements::$write_js_to_body for performance improvements (turned off by default)
* ![rev:60368] Improved debugging view on CLI interface, by having a separate DebugView subclass that takes care of error output for this situation.
* ![rev:60220] Merged in CompositeDBField
## API Change
* ![rev:70697] add Group::canView() so that give group object a different level of security control.
* ![rev:70150] we move the filedata generation part of export() function to a new function generateExportFileData, so that, a child class could reuse the function when overload export function
* ![rev:70057] Decimal->requireField now includes 'not null' constraint, as Sapphire doesn't expect the value to be null. MySQL switches null values to 0.00 on build.
* ![rev:69730] Removed access to broken image editor feature
* ![rev:69688] Enforcing usage of a Validator instance in Forms if its not explicitly passed to the Form constructor. By default a new RequiredField instance is used without any fields marked as required. This was necessary because some FormField implementations rely on their validate() method, sometimes as a wrongly placed processing hook, but mostly for security reasons. One example are file extension checks in FileField subclasses.
* ![rev:69363] Added ModelAdmin_CollectionController::columsnAvailable() and ModelAdmin_CollectionController::columnsSelectedByDefault() that can be overridden to customise the fields available in the column selection control.
* ![rev:69360] Add keyField and titleField arguments to SQLMap
* ![rev:68484] ContentNegotiator is now disabled by default, unless you include the xml header in your template. (merged from r68482)
* ![rev:67426] Added SSViewer::set_source_file_comments() to allow disabling of comments in SSViewer output
* ![rev:67380] Deprecated Email->setFormat()
* ![rev:66894] Move some of the installer into the sapphire directory.
* ![rev:66394]
* ![rev:66392] if a DataObject has getCMSActions, its model admin should be able to add them.
* ![rev:66268] Deprecated Controller::PastVisitor(), it generates a lot of unused cookies
* ![rev:66266] Improve encapsulation of cookies in Director::test()
* ![rev:66264] Revamped CMSMenu system to not instantiate any objects, so that _config.php doesn't get fskd
* ![rev:66175] Moving GoogleSitemap functionality into new "googlesitemaps" module
* ![rev:65744] make CreateForm be able to disable
* ![rev:65742] introduce SearchFilter::getDbFormattedValue() and GreateThanFilter will used this method to make the qurey so that it can apply to a field that input format is different that its db format, such as CalendarDateField.
* ![rev:65669] even when no results found, the HTTPResponse should return a "200" HTTPResponse rather than "404" HTTPResponse, otherwise, the right panel didn't refresh the result table, and the error message shows up.
* ![rev:65581] Deprecated CompositeField->insertBeforeRecursive(), use CompositeField->insertBefore()
* ![rev:65554] tidy up NewsletterAdmin.
* ![rev:65454] Deprecated DataObjectDecorator->augmentInit(), use LeftAndMainDecorator->init()
* ![rev:65453] Deprecated DataObjectDecorator->alternateCanCreate(), use DataObjectDecorator->canCreate()
* ![rev:65452] Removed Folder->userCan*() and File->userCan*()permissions and added more consistent behaviour with Folder->can*() and File->can*()
* ![rev:65451] Don't include NULL returns in decorated methods called through Object->extend(), meaning empty method bodies in decorators won't confuse permission checks through $myObj->extend('canView') etc.
* ![rev:65388] make DataObject::getField() visible to the public
* ![rev:65385] Removed manifest's dependency on database, by removing hastable information [17:47:04]
* ![rev:65229] Use return value of alternateCanPublish()
* ![rev:65150] Changed SiteTree->EditorsGroup has_one relationship to SiteTree->EditorGroups has_many relationship (see #2847)
* ![rev:65095] Removed LeftAndMain::add_menu_item(), LeftAndMain::remove_menu_item(), LeftAndMain::replace_menu_item(), LeftAndMain::clear_menu()
* ![rev:65068] Removed DataObjectSet->consolidate(), use DataObjectSet->toNestedArray()
* ![rev:65066] Removed DataObjectSet->consolidateString()
* ![rev:65065] Renamed DataObjectDecorator->extraDBFields() to extraStatics()
* ![rev:65060] Moved DataObject::get_by_url() to SiteTree::get_by_url()
* ![rev:65059] Marked DataObject->filledOut() deprecated
* ![rev:64958] #2922: RequestHandler:: now inherit
* ![rev:64954] #2857 - Renamed RequestHandlingData to RequestHandler
* ![rev:64953] #2857 - Renamed RequestHandlingData to RequestHandler
* ![rev:64951] #2698 ajshort: URL handler only passes control to subclasses of RequestHandlingData
* ![rev:64807] Added LastChange() method to BulkLoader_Result
* ![rev:64806] Updated CsvBulkLoader to have hasHeaderRow = true by default, even when a columnMap is specified
* ![rev:64805] add updateFieldLabels() to DataObjectDecorator, so as that a dataobject could update fieldLables by its decorator.
* ![rev:64792] A Text db field, by default, should be rendered as a TextareaField in its scaffoldForm
* ![rev:64528] delete GenericDataAdmin, RelatedDataEditor, DropdownField_WithAdd and their related code (js, css, etc) from cms, sapphire, "GenericDataAdmin" name space has also been deleted from lang files. They are all added in the new module "genericdataadmin"
* ![rev:64504] Changed HTMLVarchar->scaffoldFormField() to use HtmlEditorField instead of HtmlOneLineField, which does not work.
* ![rev:64428] Moved CheckboxFieldDisabled class to more common CheckboxField_Disabled notation
* ![rev:64426] Removed NoScriptField, please use LiteralField
* ![rev:64425] Removed EncryptField, use PasswordField
* ![rev:64421] Moved setAllowHTML() to DataLessField
* ![rev:64420] Removed NamedLabelField, use LabelField
* ![rev:64416] Removed SiteTree->makelinksunique() and SiteTree->makelinksuniquequick() - use new SiteTreeMaintenanceTask
* ![rev:64407] Removed NoScriptFormAction, use unobtrusive scripting
* ![rev:64402] Removed deprecated File::loadallcontent(), use Upload class
* ![rev:64401] Removed Filesystem::moverootfilesto()
* ![rev:64399] Removed deprecated ComplexRequiredFields, use RequiredFields and custom javascript instead
* ![rev:64398] Removed SecurityAdmin->listmembers()
* ![rev:64394] Removed deprecated Datetime class, use SSDatetime instead (was conflicting with PHP 5.2 integrated classes)
* ![rev:64384] Removed Email_Template, use Email
* ![rev:64383] Removed ViewableData->setVal(), use ViewableData->setValue()
* ![rev:64381] Removed Debug::mailBuffer()
* ![rev:64380] Removed Director::isLiveMode(), use Director::isLive()
* ![rev:64379] Removed FormField->setExtraClass(), use FormField->addExtraClass()
* ![rev:64378] Removed DataObjectSet->append(), use DataObjectSet->push() or DataObjectSet->merge()
* ![rev:64377] Removed Controller->LinkTo(), use Controller->join_links()
* ![rev:64376] Removed Image->transferlegacycontent()
* ![rev:64375] Removed DataObject->getLastWriteFields(), use DataObject->getChangedFields()
* ![rev:64374] Removed Convert::raw2attr(), use Convert::raw2att()
* ![rev:64373] Removed deprecated RestfulService->connect(), use RestfulService->request()
* ![rev:64372] Removed deprecated CustomValidator class
* ![rev:64371] Removed deprecated EditForm classa
* ![rev:64351] #551: Move code from CMSMain to SiteTree
* ![rev:64350] #551: Move code from CMSMain to SiteTree
* ![rev:64332] Removed deprecated methods related to CanCMS and CanCMSAdmin which are now removed from the Group class in favour of the Permission system
* ![rev:64330] Removed deprecated method isAdmin() on Member - use Permission::check('ADMIN') instead
* ![rev:64327] Removed references to CanCMS and CanCMSAdmin in Group, including references to it in Member. See ticket #2959 for more details.
* ![rev:64157] Added third optional parameter $object to DBField::create() to comply with ForeignKey and PrimaryKey constructors
* ![rev:63997] Deprecated GhostPage
* ![rev:63922] Added support for dot syntax to FieldSet::fieldByName()
* ![rev:63827] Added initial CMS tests to the system. These will execute tests on the data model provided by a user's project code
* ![rev:63764] Deprecated Form->loadNonBlankDataFrom() - it was duplicating loadDataFrom() without allowing for the same options, and it was buggy in its definition of "blank" by doing non-typesafe checks with if($value) $field->setValue($value) which resulted in '0' strings not being loaded
* ![rev:63759] Moved PostBackup class to module (see r63758)
* ![rev:63637] Added SSCli class to help with outputting coloured text on the command line
* ![rev:63579] Deprecated HTTP::sendFileToBrowser() in favour of more testable HTTPRequest::send_file()
* ![rev:63563] Created CSVParser class and updated CSVBulkLoader to use it
* ![rev:63468] Deprecated Form->resetData() - use Form->resetField()
* ![rev:63465] Changed parameters for Debug::friendlyError()
* ![rev:63337] Deprecated DataObject->listOfFields() - use custom code instead
* ![rev:63310] Removed SiteTree->canView_page() - originally created under the false assumption that SiteTree->can('view_page') is still valid. Every canView() can be instance specific. Original patch by simon_w in r53183 and #2198
* ![rev:63182] Deprecated URL parameter ?buildmanifest=1 (please use ?flush=1)
* ![rev:63177] Removed Text->Att(), use Text->ATT_val() instead
* ![rev:63176] Deprecated Varchar->Attr(), use Varchar->ATT_val() instead
* ![rev:63077] Removed useless File->test() method
* ![rev:62883] TableListField::sourceFilter() can be overloaded to change the querying logic.
* ![rev:62847] Deprecated Member::isInGroup() - use Member::inGroup() instead
* ![rev:62846] Deprecated Member::isInGroup() - use Member::inGroup() instead
* ![rev:62843] Removed Debug::warning()
* ![rev:62325] Moved DataReport and SQLReport into the ecommerce module, since this is the only place it is used, plus it's going to be deprecated soon anyway
* ![rev:62324] Moved DataReport and SQLReport into the ecommerce module, since this is the only place it is used, plus it's going to be deprecated soon anyway
* ![rev:62316] Deprecated LabelledLiteralField by adding a @deprecated note with alternate approaches, and added a PHP notice for people currently using it
* ![rev:62309] Moved ProgressBar and support files to newsletter/trunk module, as this is the module where it's used
* ![rev:61683] TableListField::ajax_refresh is deprecated. Removed all calls to it from the core, instead getting HTML fragments by visiting the field's URL.
* ![rev:61632] BasicAuth is now disabled by default on test sites
* ![rev:61505] Allow definition of DataObject::getCMSAddFormFields() to alter modeladmin step 1
* ![rev:61485] Deprecated GroupedDropdownField, DropdownField should now be used instead
* ![rev:60894] Added Validator::set_javascript_validation_handler() and ->setJavscriptValidatorHandler(), to choose a different way of dealing with javascript validation. Currently 'none' and 'prototype' are the only legal options, but 'jquery' would be an obvious thing to implement.
* ![rev:60711] Template precedence changed. Page_results now takes precedence over HomePage. That is, all action templates of parent classes take precedence over the actionless templates.
* ![rev:60665] TableListField utility links no longer have target=_blank
* ![rev:60405] Removed merged USZipCode field - should be custom code until we figure out proper localization
* ![rev:60392] Renamed static Member::autologinhash() to static Member::member_from_autloginhash() to be more in line with naming convnetions, and not conflict with Member.AutoLoginHash in the database
* ![rev:60376] Allow the definition of SS_ERROR_LOG in _ss_environment.php to set up Debug::log_errors_to().
* ![rev:60368] Added Debug::log_errors_to(), to log errors to a file.
## Bugfixes
* ![rev:71923] In SSViewer::parseTemplateContent($content, $template=""), when the $content is a xml template, we should not wrap anything around it, for web browser able to correct parse the xml
* ![rev:71872] #3491 - Fix nonexistant plugin stopping tinymce from working in safari.
* ![rev:71846] #3481 - Check if classes exist before trying to instantiate a singleton on database build, to work around stale manifest errors
* ![rev:71841] #2723 - Allow more than more subclass of RelationComplexTableField on a page at a time.
* ![rev:71797] removed doubled up pipes and border on switch view links in footer.
* ![rev:71764] Fix wrong conditional
* ![rev:71709] BUGFIX Fixed redirection to external URLs through Security/login with BackURL parameter (merged from trunk
* ![rev:71642] Disable DataObject validation temporarily while importing yaml fixtures
* ![rev:71568] CRM "select all" and "select none" doesn't work when the crm manages multiple models.
* ![rev:71499] i18n::include_by_locale() should skip check the web root level and ../webroot level for language file, this is not only "not necessary" but also "must" because some server configuration prevent from any file access above the site root folder.
* ![rev:71436] Error adding custom header in Email because of non-existant array key. Thanks ed! Ticket #3485
* ![rev:71348] Removed unused ComplexTableField->unpagedSourceItems - was already commented out in r70956, and doesn't seem to be used across parent- or subclasses. Added ticket #3484 to re-enable popup pagination, which was broken and disabled due to the deprecation of $unpagedSourceItems (see r53830)
* ![rev:71250] fixed site page restoration
* ![rev:71177] cms ui, fixed loading spinner style
* ![rev:71024] #3429: Fixed CMS change detection
* ![rev:71023] #3443: Fixed refreshing of relation CTFs after editing data
* ![rev:71018] #3442: Fix pagination in HasManyComplexTable, HasOneComplexTableField, ManyManyComplexTable
* ![rev:70997] #3441 funkygibbon: Stop ThumbnailStripField breaking on orphaned images
* ![rev:70994] CMS UI site content > search > add criteria select element now returns back to prompt & tweaked layout
* ![rev:70935] adjust positioning of SilverStripeNavigator published/draft message
* ![rev:70895] Ensure string "0" is not considered a NULL value when CsvBulkLoader imports values from a CSV file
* ![rev:70893] reinstating silverstripe navigator and restyling to match cms ui
* ![rev:70891] removed extra colon appearing in SilverStripeNavigator
* ![rev:70848] Removed reference to Requirements::javascript() for including jquery as it's already included, and causes JS errors in MemberLoginForm
* ![rev:70847] Fixed correct path to jquery.js in MemberLoginForm
* ![rev:70832] $hide_ancestor hides Page as well when set from multiple subclasses of Page. Thanks dio5!
* ![rev:70784] #3415 ajshort: Requesting root page via ajax now preserves isAjax value.
* ![rev:70781] #3430 page versions don't appear automatically in Safari - versions DOM panel was floated behind the edit form
* ![rev:70775] Fixed "cancel" button for inline "create folder" functionality (was not stopping event in IE7)
* ![rev:70773] Disabled faulty usage of setStyle() with object literals instead of strings in SWFUpload
* ![rev:70766] Removed hack that hid the Avatar field for the forum
* ![rev:70750] Fix incorrect URL when adding a new Member via the MemberTableField
* ![rev:70747]
* ![rev:70743] 1. TableListField exportfunality random bug. 2. make Email_BounceRecord::canCreate() return false; so that it can not be manully create from CRM, instead, it should create through email buncing system.
* ![rev:70741]
* ![rev:70729] Add EditForm to list of allowed actions
* ![rev:70725]
* ![rev:70724] Fixed loader_frame.html scrollbar madness. Removed hacked CSS and tidied up popup to work in IE6/7 and Firefox consistently
* ![rev:70698] Group::AllChildrenIncludingDeleted() should filter on canEdit() rather than a can() call
* ![rev:70695] $_POST[$this->Name] in TableField::SubmittedFieldSet are not always set
* ![rev:70691] show flash icon and box if flash file exists. MINOR: created a default editor.css file which has base css styles for the CMS.
* ![rev:70683] cms ui added colon to image upload prompt (inline with other step)
* ![rev:70682] cms ui remove errant dashed borders in IE6
* ![rev:70681] cms ui text size in righthand image panel
* ![rev:70680] Fixed behaviour.reapply() call in TableListField->refresh() javascript to applyToParent (the actual DOM container). Otherwise methods of the TableListField prototypes aren't properly attached to the DOM nodes, which causes problems like #3377
* ![rev:70671] Fixed newsletter send button alignment
* ![rev:70616] stopped double scrollbars on popups in IE7 (IE6 still broken)
* ![rev:70613] Fixed styling for "Delete selected files" in the left-hand tree actions for AssetAdmin. Thanks ajshort!
* ![rev:70609] Defined jsValidation() and validate() so that inherited validation from DateField doesn't break PopupDateTimeField - this still needs fixing, and PopupDateTimeField shouldn't inherit from CalendarDateField
* ![rev:70604] autocomplete style change.
* ![rev:70603] cms ui fix files & images upload images styling
* ![rev:70602] cms ui fix files & images table styling
* ![rev:70601] cms ui removed backgound from delete button on files & images
* ![rev:70583] cms ui fixing up treetool
* ![rev:70573] cms ui removed extra padding from bottom of tools
* ![rev:70572] cms ui fix styling of tools on files & images section
* ![rev:70567] cms ui fix styling of tools on files & images section
* ![rev:70566] reverted previous tree tool change
* ![rev:70565] when the total number of rows is 0 the pagination says 1 to 0 of 0
* ![rev:70563] cms ui fix styling of tools on files & images section
* ![rev:70561] cms ui padding on tree
* ![rev:70545] Hidden field needs to exist for DateField_Disabled in order for validation to pass correctly
* ![rev:70541] cms ui padding on tree in right pane (eg. image selector)
* ![rev:70508] cms ui tidying up tree tools
* ![rev:70507] cms ui tidying up tree tools
* ![rev:70497] merged patch from ajshort. Fixed getURL() so it preserved the extension
* ![rev:70496] cms ui tidying up padding of tree tools elements
* ![rev:70495] cms ui fix specifivity of alignment of radio buttons and labels in right pane
* ![rev:70486] cms ui fix alignment of radio buttons and labels in right pane
* ![rev:70481] If __form.elements.ID is not defined, don't cause an error in the CMS under certain circumstances
* ![rev:70479] cms ui site tree tools style fix
* ![rev:70474] Fixed float issue caused by change in r70303
* ![rev:70445] fixed size of popup on 1024x768 resolutions
* ![rev:70441] added scroll bars
* ![rev:70404] site tree form element alignment
* ![rev:70397] stopped swfupload div appearing behind cms ui in firefox 2 on windows
* ![rev:70396] cms ui sitetree tools padding
* ![rev:70395] IE6 cms login remember me alignment
* ![rev:70393] cms ui sitetree padding across cms sections
* ![rev:70392] centered GreyBox popup in the CMS
* ![rev:70390] cms ui form site tree input alignments
* ![rev:70389] cms ui form site tree input alignments
* ![rev:70388] cms ui fixed width of tools at top of site tree
* ![rev:70377] fixed site tree padding issue
* ![rev:70376] URL input validation for RestfulServer
* ![rev:70356] fixed positioning on site tree actions on left tree for Security and comment tags
* ![rev:70172] due to changeset 65289 by phalkunz, the ImportForm() and import() functions need to move from CRMAdmin class to CRMAdmin_CollectionController class, fix relative bugs by the move.
* ![rev:70160] Add workaround for PHP bug #46753
* ![rev:70135] Fixed spacing at the top of right forms in the CMS caused by the `<legend>` element. Fixed by hiding it via CSS instead of removing it completely
* ![rev:70130] Fixed issue of not enough space in the AssetAdmin "Upload" tab for multiple file uploading, mostly affecting IE6/7
* ![rev:70127] Changed the FieldHolder method to use explicit functionality instead of statically calling FormField::FieldHolder()
* ![rev:70117] Fixed clearing issue in IE7 for the left hand tree
* ![rev:70077] Removed ANSI compatible SQL that shouldn't be in branches/2.3 - this feature is available in trunk
* ![rev:70063] Removed ID for back links table which is ambiguous, unncessary and caused the CSV export to break
* ![rev:70052] Deleted setting of $content variable that broke HTTP::findByTagAndAttribute()
* ![rev:70049] Strip out any "~" characters that may stop the staging link from working in IE6/IE7
* ![rev:70046] Check for form object before calling observe() on the element. The CheckBoxRange constructor allows for a null form, so a check for a form object is essential.
* ![rev:70026] Disallow execution from DailyTask and HourlyTask by website visitors.
* ![rev:69988] `<% end_if %>` was breaking the template where it should've been a `<% end_control %>`. This fixes the export link in #3333
* ![rev:69986] Added page-limiting back to CMS tree querying
* ![rev:69975] Fixed FileField->getFolderName() - it was not returning $this->folderName, instead it was returning an undefined variable in error
* ![rev:69973] error when creating a form
* ![rev:69951] More solid string-parsing through regular expressions in SQLQuery->filtersOnID() and SQLQuery->filtersOnFK(), incl. unit tests
* ![rev:69943] #3329: Improved speed of folder creation in files + images
* ![rev:69931] Fixed flash HTML that gets inserted into the content so it's cross browser compatible with browsers that don't support the `<object>` tag (`<embed>` is added inside)
* ![rev:69930] Checkbox "Remeber me next time?" now works because of a missing method call logIn() on Member
* ![rev:69927] #3024 - Stopped style dropdowns from getting stuck by making them regular dropdowns. Not as pretty but more stable.
* ![rev:69921] Fixed minor error on dev/buildcache
* ![rev:69910] Allowing to pass $context into Hierarchy->markPartialTree() and Hierarchy->markChildren()
* ![rev:69909] Making sure a valid DataObjectSet is returned from Hierarchy->stageChildren()
* ![rev:69899] Explicitly setting "lang" as a GET var when getting a page within the CMS (if the language chooser DOM object is available, hence translation mode is enabled). Used in CMSMain->init() to set the "current language". (merged from branches/translatable in r64523, thanks wakeless!)
* ![rev:69894] Using baseDataClass() in Translatable::get_existing_content_languages()
* ![rev:69893] Added extension point for augmentAllChildrenIncludingDeleted(), augmentNumChildrenCountQuery(), augmentStageChildren() in Hierarchy (merged from branches/translatable in r64523, thanks wakeless!)
* ![rev:69891] Using SQL DISTINCT in get_existing_content_languages()
* ![rev:69879] Fixed label positioning in CompositeFields for original language fields in translation mode (was shifted left before)
* ![rev:69878] Fixed $add_action behaviour for SiteTree classes (through i18n_singular_name() method). Deprecated in favour of "`<myclassname>`.TITLE" entity to enable localized page titles. Limited add_action behaviour to SiteTree (was implemented on DataObject before)
* ![rev:69872] Fixed status checking in SiteTree->getIsDeletedFromStage()/getIsModifiedOnStage()/getIsAddedToStage() for new pages with non-numeric IDs
* ![rev:69870] Fixed use of undefined constant error, and undefined variable error in TableField stopping CMS user from adding records to a TableField
* ![rev:69832] #3235: Fixed linking of images and other HTML tags
* ![rev:69830] #3219: dev/buildcache showing up in static links
* ![rev:69828] Fixed styling for caption checkbox field on the right hand image panel in CMSMain
* ![rev:69803] If TreeDropdownField source object is "Folder", don't show "File" tree items unless the marking filter function is explicitly set. This fixes the bug where files were appearing for selecting a folder in the thumbnailstrip field in CMS
* ![rev:69752] somtimes +/- icons hidden. ticket #893
* ![rev:69728] #3254 - Fixed fatal errors when creating subclass of member
* ![rev:69720] #3199: No longer warned about saving changes if you have actually pressed save.
* ![rev:69718] #2550 - Fixed bug with draggability of newly created nodes.
* ![rev:69715] #2342: Database names with hyphens and other special characters can now be used.
* ![rev:69700] #3224 ajshort: Get HTTP::setGetVar() working with variables that contain array indexes
* ![rev:69697] #3165 nicolaas: Fixed Director::history() in some cases.
* ![rev:69696] #3248: Fixed TreeDropdownField when using non-ID key field
* ![rev:69695] #3188: Fixed default HeaderField name to be non-conflicting with other fields, for backward compat
* ![rev:69694] #3097: Removed buggy template feature
* ![rev:69693] #3249: Allow altering of encryption algorithm
* ![rev:69690] #3081 simon_w: Fixed pagination on spam comments
* ![rev:69689] Don't include Validator.js if Validator->javascriptValidationHandler is set to 'none' (in Validator::__construct()).
* ![rev:69681] Fixed HTML insertion through TinyMCE in Safari - TextArea fallback for lacking Codepress-support wasn't working. Known bug in Codepress JS Highlighter, see http://sourceforge.net/tracker/index.php?func=detail&aid=1913725&group_id=186981&atid=919470
* ![rev:69657] Fixed js error due to inlined inclusion of CMSMain_upload.js which was conflicting with inline initialization. Disabled initializiation as the flash uploader was pulled out a while ago anyway (see #3251)
* ![rev:69504] Fixed SiteTreeHandlers.loadTree_url url concatenation
* ![rev:69442] Fixed permissions in CMSMain->revert() - only needs edit permissions, not publish permissions
* ![rev:69378] CountryDropdownField now allows for title to be optional, which uses the name of the field if not set. This makes it consistent with DropdownField
* ![rev:69377] Added check before foreach() to fix potential HMCTF bugs
* ![rev:69360] Get DrodpownField::$emptyString working when used with a SQLMap source
* ![rev:69321] Added `<td class="action">` to AssetTableField.ss to comply with template semantics of parent classes (necessary to detect javascript actions)
* ![rev:69222] Strip potential whitespace from the beginning and end of string before limiting word count in Text->LimitWordCount(), fixing potential interference with truncation process
* ![rev:69220] Fixed Text->LimitWordCount() not returning the correct number of words in the truncated text.
* ![rev:69204] Making Password formfield in Member->getCMSFields() translatable
* ![rev:69203] Making "Main" tab in FormScaffolder translatable
* ![rev:69065] Fixed notice-level error in no-get-var URL processing when there is no querystring.
* ![rev:68999] Make sure the website URL that the commenter posts has a correct "http://" or "http://" bit at the start of the string
* ![rev:68940] Fixed bug in SQLQuery::unlimitedRowCount() when used with grouped queries, that should fix a lot of pagination situations.
* ![rev:68935] Fixed PHP notice potential error in MemberTableField->addtogroup()
* ![rev:68921] Turned english text into translatable entity for PageCommentInterface link for RSS feed of all comments for all pages
* ![rev:68890] "console not defined" error in IE in en_US.js, check typeof(console) is not undefined before calling console.error()
* ![rev:68881] remove Debug::message
* ![rev:68875] Fix uglyness when title is longer than the tree dropdown field
* ![rev:68858] Added closing tags to relation XML in XMLDataFormatter. Was relying on ContentNegotiator fixing self-closing tags automatically, but this form of content parsing is disabled for xml content by default now (see r68484)
* ![rev:68834] Make sure date is a string before trying to use strtotime
* ![rev:68817] Fixed sprintf detection bug in SiteTree->getClassDropdown()
* ![rev:68810] Making only formfields readonly (not formactions) when comparing versions and showing historical versions within CMSMain
* ![rev:68809] Check hasChanged method exists before calling it
* ![rev:68764] Fixed translation of CommentAdmin_SiteTree.ss
* ![rev:68762] Fixed label spacing in Date->TimeDiff()
* ![rev:68757] Fixed additional tabs for image popus in AssetTableField. They we're not being generated in non-english interfaces due to the translated title being used as the tab identifier
* ![rev:68754] Limiting readonly transformation of form in CMSMain->EditForm() to fields only (excluding actions). FormAction readonly transformations were fixed a while ago, which meant that they were actually enforced now, causing unavailable cms actions in certain scenarios (e.g. with a page deleted from live, which should make the fields readonly, but leave buttons functional)
* ![rev:68752] Fixed TranslatableTest to instanciate Page instead of SiteTree fixtures - pages in the database should never have ClassName=SiteTree. This was causing failing tests due to the changes in SiteTree->getClassDropdown()
* ![rev:68751] Including all translated language tables by default in i18n::_t() instead of selectively including modules based on filename. This caused bugs where entities were located in language tables in a different module than their filepath would suggest. Example: Page.SINGULARNAME is stored in sapphire/lang/en_US.php, while Page.php is stored in mysite/Page.php
* ![rev:68746] Don't overwrite existing module arrays in i18nTextcollector - fixing bug with entities for "foreign modules" being reset during parsing
* ![rev:68702] Updated CMS to support HtmlEditorField changes in r68701
* ![rev:68662] #3166 jam13: Fixed caching in RestfulService
* ![rev:68628] Fixed HasManyComplexTableField/ManyManyComplexTableField issue with source items which broke from changes in r66080. Thanks hamish!
* ![rev:68627] Fixed javascript error in the CMS
* ![rev:68626] Fixed javascript error in the CMS
* ![rev:68603] Fixed new searchform changes for Live/Stage
* ![rev:68515] Making sure phpinstaller works on subdomains (see #3167)
* ![rev:68463] Fixed PHP notice in RebuildStaticCacheTask
* ![rev:68331] Fixed ModelAdmin import success message (too few arguments for sprintf())
* ![rev:68194] Allowing FormAction instances to be readonly by setting disabled="disabled". Adding CSS class "disabled".
* ![rev:68177] Moved creation of "help" menu entry from cms/_config.php to LeftAndMain::init() to get localized titles (locale isn't set at _config.php level)
* ![rev:68176] Fixed i18n display of menu titles rendered by CMSMenu in LeftAndMain->MainMenu()
* ![rev:68170] Escape table name in versioned to allow creation of page type classes with the same names as SQL reserved words
* ![rev:68159] Changing i18n entity format in CMSMenu->provideI18nEntities() to have actual class as namespace (related: r66264)
* ![rev:68155] Added stub PDODatabase->renameField() implementation to avoid errors when batch-instanciating singletons
* ![rev:68130] Supporting URLs with folder-structure in "sake -start `<myprocessname>` `<myurl>`"
* ![rev:68039] Improved DataObjectSet->PaginationSummary() to show full context (instead of halved) when on first or last page
* ![rev:68027] Don't show template comments in RSSFeed, or it'll break the XML document
* ![rev:68026] Fixed undefined variable $matches in SSViewer::parseTemplateContent()
* ![rev:68024] SSViewer::set_source_file_comments(false) wasn't working because of lack of checking if enabled.
* ![rev:67777] Added check ot i18n::include_by_class() to prevent repeated calls.
* ![rev:67681] Add a unique identifier to the "direction" method for Email::obfuscate() to avoid duplicate custom CSS being included in the page header
* ![rev:67678] Method not found error. Requirements::customCSS() should be calling self::backend()->customCSS() not custom()
* ![rev:67609] #3182 - Fix URL fixing on machines where url is case insensitive (hamish)
* ![rev:67605] #3204 - Broken link tracking is broken (ajshort)
* ![rev:67587] #3174 - Unable to drop widgets into widget areas in CMS (marcink)
* ![rev:67584] #3218 - Spelling mistake in RestfulService (hamish)
* ![rev:67582] Fixed a check for CSV field formatting.
* ![rev:67580] Fixed an aliasing problem when saving popup items, and a bug with when associating a new record with the parent ID associated with the field.
* ![rev:67530] SSDatetime can handle being given a NZ date in dd/mm/yyyy format
* ![rev:67529] Only setting LockedOutUntil to NULL in Member->logIn() if the column is actually present in the database. Otherwise this setting will case an UPDATE Member SQL query to fail on the first /dev/build call on a 2.2->2.3 upgrade if not in dev-mode (=requiring login) (see #3171)
* ![rev:67526] Added $CurrentLink to templates of AssetTableField and MemberTableField in order to support auto-refreshing after popup-close (see #2925)
* ![rev:67520] Fixed i18n::get_owner_module() to detect template paths in themes (array notation) correctly (see #3022)
* ![rev:67519] Added GoogleSitemap.ss from sapphire
* ![rev:67506] Avoid ugly border in CMS forms by adding "border: none" in CSS to cms/css/layout.css
* ![rev:67503] disabling template comments for xml output like sitemap.xml
* ![rev:67455] Fixed incorrect parameter variable name in Mailer->sendPlain()
* ![rev:67417] Added `<legend>` element immediately after `<fieldset>` for SearchForm and Form templates. This is required to validate these templates as W3C compliant
* ![rev:67401] Moving Requirements::combine_files() calls from cms/_config.php to LeftAndMain->init() to avoid side-effects in non-CMS contexts. Examples:
* ![rev:67363] $allowHTML argument was not passed to DatalessField::__construct
* ![rev:67304] Since ModelAsController->handleRequest() expects a URLSegment, we make the ErrorPage Link() return a relative URLSegment in ErrorPage->publish()
* ![rev:67299] Changed Director::test($this->URLSegment) to Director::test($this->Link()) in ErrorPage->publish() to be more robust
* ![rev:67290] Added parent::setUp() and parent::tearDown() calls to various tests, in preparation for push/pop a mock controller the controller-stack
* ![rev:67271] dev/build should function even when new classes are referenced in _config.php
* ![rev:67268] Filter on the baseclassid in Hierarchy, not the class id, in case the class doesnt have a table (aoneil)
* ![rev:67221] Save default locale for new members, so the profile form doesn't show first available locale in dropdown because its defaults are overwritten by Member->Locale = NULL (see #3159)
* ![rev:67201] Declared behaviour.js variables as local for better recursive functionality
* ![rev:67199] Fixed incorrect permission checking when the current member isn't being used
* ![rev:67162] Scrollbars didn't appear properly in CMS without resizing the window manually, so used jQuery to properly detect when document is ready before attempting resize. Ticket #3089
* ![rev:67150] Checking for "$this instanceof VirtualPage" instead of "$this->class == 'VirtualPage' to support subclassing in VirtualPage->onBeforeWrite()
* ![rev:67147] Fix requirements not being restored after an email is sent
* ![rev:67140] Checking for existence of $this->record in VirtualPage_Controller->init()
* ![rev:67137] Fix publishing of error pages
* ![rev:67083] Fixed StaticExporter output format
* ![rev:67078] Put the order of save and publish buttons back to normal (so save and publish are next to eachother)
* ![rev:67045] Fixed Enum::scaffoldSearchForm() to always include an (All) option
* ![rev:67035] Fixed error in javascript (because of commented out code) that broke IE6/7 in the CMS
* ![rev:66946] Fixing tests
* ![rev:66940] Fixed warning on AssetAdmin (merged from trunk)
* ![rev:66922] #3100: Graceful degradation for codepress in safari
* ![rev:66918] #3115 ajshort: Fixed backslashes in temp folder location in manifest builder
* ![rev:66894] Friendlier error when you have a site running on a PHP4 server, or a server without PHP.
* ![rev:66891] Don't make blank dates show 1/1/1970
* ![rev:66888] Better generation of PastMember cookie when you have stale login info
* ![rev:66828] Fixed sortWidgets() function in WidgetAreaEditor not working because it was picking up comment nodes
* ![rev:66820] Added extension to email address when accessing Security/passwordsent since the . (dots) are split into extensions when the URL is parsed
* ![rev:66799] Fixed importer not working because of i18n_singular_name(), just use the class name of the model instead
* ![rev:66793] Made use of Convert::raw2att() before returning the ModelName for Import spec fields
* ![rev:66791] Fixed "Show specification..." link not working because ModelName had spaces in it
* ![rev:66784] Only including ModelAdmin->ImportForm() if an actual importer was specified
* ![rev:66740] Passing through $member param from SiteTree->canPublish() to SiteTree->canEdit()
* ![rev:66723] fixed typo in filesystem
* ![rev:66707] Fixed notice-level errors in PhoneNumberField
* ![rev:66701] Add LeftAndMain:$url_rule to minimise bugs in modules
* ![rev:66698] Fixed sake bug when checking for an argument in bash script. Ticket #3112. Thanks simon_w.
* ![rev:66638] Fixed flaw logic checking for $member variable, since it's always set the alternative for choosing Member::currentUser() would never work.
* ![rev:66635] Fixed SiteTree->getCMSActions() so it returns a FieldSet, instead of a DataObjectSet. This makes it consistent with DataObject->getCMSActions() as well as SiteTree->getCMSFields()
* ![rev:66632] Fixed SiteTree->getCMSActions() not extending properly because it was passing an array to the extend() 2nd argument, which expected a FieldSet object
* ![rev:66629] Fixed incorrect class name in user_error message for deprecated function HTTP::sendFileToBrowser()
* ![rev:66608] ModelAdmin clear search now preserves the result column selection
* ![rev:66505] Consistenly returning cloned instances for all FormField classes when calling performReadonlyTransformation() or performDisabledTransformation(). Making sure that these instances are actually flagged as readyonly/disabled. Addd unit tests to dynamically instanciate most FormField classes to check for this behaviour. Originally, this bugfix was necessary to avoid changed FormField state when recursively calling replaceField() on FieldSet->dataFields() in Translatable->updateCMSFields()
* ![rev:66431] Removed SearchForm->FormMethod() and used $this->setFormMethod() in SearchForm constructor instead which is a nicer solution instead of overloading a Form method
* ![rev:66334] Hiding "change password" fields by default in admin/myprofile, they shouldn't validate the input by default. Replaced with a link to toggle those fields (#3106)
* ![rev:66332] Include jquery_improvements.js whenever jquery.js is required, so jQuery.noConflict() is set. This is required to ensure $() behaves in the prototypey way (alias for document.getElementByID()) rather than jQuery style (document.getElementsBySelector())
* ![rev:66331] Removed overloaded $() function which added support for multiple string arguments in behaviour.js - was conflicting with argument usage in jQuery when not in noConflict() mode. As far as i can tell, multiple string arguments in $() were never used anyway.
* ![rev:66319] Removed dependency on ComplexTableField JS in LeftAndMain for "My Profile" popup
* ![rev:66318] Check if $member variable isn't empty before looking for first name in MemberLoginForm
* ![rev:66317] Fixed call to incorrect case of function name, Member::currentUser() should be used
* ![rev:66313] Fixed ForeignKey->scaffoldFormField() usage of model class instead of relation class to generate dropdown list
* ![rev:66309] Fixed far too small height and width of "Profile" popup in CMS, popupHeight and popupWidth should be defaultPopupHeight and defaultPopupWidth instead according to the ComplexTableField prototype
* ![rev:66306] Fixed HasManyComplexTableField, and subclass fields HasOneComplexTableField and ManyManyComplexTableField saving bug because javascript wasn't being included properly
* ![rev:66305] Fixed recursion bug with FieldSet::fieldPosition
* ![rev:66274] Improved reliability of LeftAndMain->CMSVersion() - not failing on empty $URL$ placeholder with subversion path to determine version numbers
* ![rev:66269] Merged from trunk; fix DataObject::hasDatabaseFields()
* ![rev:66266] Fix test/cookie conflict in ErrorPage rendering
* ![rev:66252] Immediately apply behaviours that are added after the Behaviour.apply() call, in Behaviour.register() calls as well as Class.applyTo() calls
* ![rev:66251] Removed unnecessary and bug-causing Behaviour.apply() call.
* ![rev:66250] Made Behaviour.apply calls more specific
* ![rev:66229] Added flash button to tinymce_ssbuttons
* ![rev:66196] #2714 - Cookie::set doesn't operate correctly with expiryDays 0 (wakeless)
* ![rev:66195] #2694 - Mathspam question clear
* ![rev:66194] Fixed draggable bug in AssetTableField - thanks for ajshort for the patch - ticket #3051
* ![rev:66162] #118 - Fixed count of marked pages (hamish)
* ![rev:66137] Fixed editable formfields not showing up in translation mode (#3083). Updated Translatable->updateCMSFields() by partially merging wakeless' patch from (r64523)
* ![rev:66136] Disabled js code in CMSMain->switchlanguage() which was assuming wrong DOM structure (TODO: Replace with more robust selectors)
* ![rev:66135] Fixed field labels for original readonly fields in translation mode
* ![rev:66107] Fixed PHP variable initialization in SiteTree->getClassDropdown() which broke class dropdown in behaviour tab (regression from r66092)
* ![rev:66091] $cache flag wasn't passend through from ViewableData_Customised->XML_val() to ViewableData->XML_val()
* ![rev:66079] #3051 ajshort: Improved layout of assettablefield drag icon
* ![rev:66070] Fixed HTTP->findByTagAndAttribute missing variable error causing HtmlEditorField to break since it used HTTP::getLinksIn()
* ![rev:66067] #3065: Fixed restore page
* ![rev:66066] #3012 jam13: Fixed tabstrip default tab selection when working with querystrings
* ![rev:66065] Fixed security tabs for JSoD code
* ![rev:66062] #3063: Allow old-school method of adding menu items to LeftAndMiain:
* ![rev:66052] #3087 simon_w: Added ResfulService::connect() back, for backward compatability
* ![rev:66049] Fixed unescaped html display in DevelopmentAdmin (#3080)
* ![rev:66044] Fixed `<% require %>` call in ModelAdmin_left.ss
* ![rev:66043] Fix PHP notice where variable with array didn't exist in HTTP->findByTagAndAttribute()
* ![rev:66029] use a undefined variable $member.
* ![rev:66027] Fixed incorrect call to Permission::checkMember() - missing second argument, first argument should've been a Member object or Member ID
* ![rev:66026] Fixed PHP notice level error in some circumstances in DataObject->buildDataObjectSet()
* ![rev:65944] #3073: Fixed LeftAndMain::deleteitems()
* ![rev:65923] #3066: Fix ?isDev=1 option
* ![rev:65900] #2868: Fix after-popup-close behaviour on security member table
* ![rev:65899] #2820: Fixed use of buggy reflection in Object::uninherited()
* ![rev:65896] #2706: Fixed JS error in multi-nested pages deletion
* ![rev:65895] #2232: Prevent requirements from breaking ErrorPage publication
* ![rev:65894] #1721: Fixed del/ins styling in page comparison
* ![rev:65881] Don't let permission errors on assets/ folder completely prevent javascript from loading
* ![rev:65865] Fixed tabstrip JS error in ReportAdmin
* ![rev:65863] Ensure that menu items of the same priority show the first added item closes to the left
* ![rev:65860] Fixed JS error in ReportAdmin
* ![rev:65851] #3062: Fixed ondemand support for jQuery responses as well as prototype
* ![rev:65850] Alow decoration of Member with has_many relationships
* ![rev:65843] #3062: Fixed ondemand support for jQuery responses as well as prototype
* ![rev:65842] #3061: Text.FirstSentence returns '.' instead of empty string on an empty field
* ![rev:65827] Fixed flash uploader not searching for the correct files, due to changes in r65820
* ![rev:65825] Tidied up messages in flash uploader right hand panel in CMS
* ![rev:65769] Fixed deletion of RedirectorPage
* ![rev:65763] Missing variable in some circumstances caused Requirements::include_in_response() to break
* ![rev:65761] Missing variable in some circumstances caused Requirements::include_in_response() to break
* ![rev:65711] Added support for CSS media types to CSS on demand
* ![rev:65680] there is no horizontal scroll bar for Model Admin right panel if the results table is long.
* ![rev:65671] temp fix for flash inserter.
* ![rev:65616] Fixed searching on sapphire/trunk due to Form changes - FormAction was useless on SearchForm anyway
* ![rev:65612] Removed offending $this->canEdit() which returned a boolean, not appropriate to be passed into Member::mapInCMSGroups()
* ![rev:65583] Adjusted Translatable to api changes from r65581
* ![rev:65554] a lot of methods in this class now passed $params as HTTPRequest object, rather than as a array if the function is called from Ajax or top-level of front-end, some method is called in both manner, ie. called from Ajax and called internally as well, so we need to check $params type and do further process. This is a partial fix of open source ticket #3035
* ![rev:65539] Setting correct user locale in ImageField and FileIframeField - the controller is separate from the CMS context, so wasn't initialized with i18n (see #1727)
* ![rev:65538] Using 'SiteTree' classname instead of 'Page' in UpgradeSiteTreePermissionSchemaTask to avoid clashes in schema when Page.php has its own tables
* ![rev:65536] Making Metadata fields writeable in translation mode (see #2993)
* ![rev:65518] Removed project-specific hack in DataObject->getManyManyComponentsQuery() as it was breaking Translatable saving
* ![rev:65517] Fixed breadcrumb exploding in DebugView when base-URL is "/" - was confusing the str_replace() logic
* ![rev:65515] Fixed Translatable::default_lang() call in CMSMain
* ![rev:65512] Fixed SiteTreeMaintenanceTask from extending unkown class Task to extending Controller
* ![rev:65510] #3015: Fixed close buttons on tinymce side panels
* ![rev:65502] Fixed bug with // placement in CMSMenu Director rule generation
* ![rev:65469] Better initial-site-setup boundary condition checking needed after the manifest builder update
* ![rev:65462] Setting Director::set_site_mode('site') in RootURLController in newly added init() method, which fixes Translatable::choose_site_lang(). The original bug was a wrong selected language in the `<meta>` tags through SiteTree->MetaTags()
* ![rev:65456] Using uncached DataObject::get_one() calls in ModelAsController to avoid stale data with subsequent Director::test() calls which alter the page relations inbetween
* ![rev:65424] #2987 - IE8 support via IE7 compatability mode
* ![rev:65394] Fixed broken dev/build compilation of manifest
* ![rev:65361] Added SSViwer support for i18n namespaces in templates with `<% _t('MyNamespace.MyEntity', ... %>`, to work around magically added namespaces from the parsed template file. Those auto-namespaces were logically not working in includes, as the parsing context is always the including template. Legacy support for auto-namespaces is still present due to its high usage.
* ![rev:65336] Making ModelAdmin labels in left panel translatable again (regression from moving them into one common panel)
* ![rev:65335] Respecting $dontEscape in FormAction
* ![rev:65293] Using empty title in TreeDropdownField->Field() if the related DataObject cannot be found
* ![rev:65291] Reverted text replacement performance improvement in SQLQuery - it was replacing more ocurrences via str_replace() than the previous implementation based on arrays, which broke queries augmented by Translatable (originally committed in r60468 and r54044)
* ![rev:65282] Fixed page comment javascript to suit new Form name
* ![rev:65275] #2243: Fixed ViewableData::Odd
* ![rev:65271] #2630 - Removed notice-level error
* ![rev:65269] #2954 - Fixed support for negative numbers in decimal fields
* ![rev:65250] #2992: Fixed T_PAAMAYIM_NEKUDOTAYIM error in RequestHandler
* ![rev:65242] fixed canPublish() so it actually got the member if none was passed and fixed notice with $results not existing
* ![rev:65232] #2056: Removed all references to deprecated Member::isAdmin()
* ![rev:65229] Allow DBField::__construct() without a name
* ![rev:65214] Remove LeftAndMain entry from CMSMenu (#3014). Thanks to hamish for the patch!
* ![rev:65213] Only enforcing record-level permissions in LeftAndMain if passed ID is numeric to avoid breaking AssetAdmin with string-based IDs (regression from r65152). See #3017
* ![rev:65212] Calling parent constructor in ComplexTableField_ItemRequest, was confusing RequestHandler
* ![rev:65180] Add magic methods on ModelAdmin to $allowed_actions (regression from r64988)
* ![rev:65174] MemberTableField use of sourceFilter should be treated as a string, not an array as per the API of TableListField
* ![rev:65152] Enforce permission checks in LeftAndMain and CMSMain through SiteTree->canView()/canEdit()/canAddChildren()/canPublish()/canDelete() (see #2701)
* ![rev:65151] Fixed SiteTreeAccess.js DOM IDs to field changes made in r65150
* ![rev:65150] Disallow SiteTree->canEdit() if SiteTree->canView() is not granted
* ![rev:65148] Fixed js error in LeftAndMain_right.js when displaying readonly pages
* ![rev:65141] TableField delete row inconsistency with TableListField which caused table fields to not fade the row out
* ![rev:65135] Fixed call to Member function that didn't exist
* ![rev:65127] Fix potential PHP notice opening a ComplexTableField popup
* ![rev:65123] Fixed bug with ID-less generation of YamlFixture entries that trigger $this->write() in setters
* ![rev:65106] Setting menu titles for CMSMenu items in LeftAndMain::init() to get translated values for the current user locale (see #2873)
* ![rev:65104] Fixed menu titles entity references in CMSMain and AssetAdmin
* ![rev:65094] Fixed SearchContextTest to comply to new scaffolded searchfield in Text DBFIeld
* ![rev:65071] Reverted auto-detection of i18n statics like $db in DataObject through provideI18nEntities() - was getting too complicated with decorated properties. Overload DataObject->fieldLabels() or DataObjectDecorator->updateFieldLabels() instead
* ![rev:65063] Checking for array existence before iterating through DataObjectDecorator->provideI18nEntities()
* ![rev:65062] Dont instanciate abstract classes in i18nTextCollector
* ![rev:65061] Using SiteTree::get_by_url() (see r65060)
* ![rev:65057] Collecting i18n entities for decorators separately from the decorated classes, as decorated properties like $db have to be stored in the module of the decorated, not in the module of the decorated class.
* ![rev:65030] Different class_implements() usage without instanciating the class in i18nTextCollector - not all classes are instanciatable without arguments. This raises the minimum requirement for text collection to PHP 5.1+
* ![rev:65028] Fixed SecurityAdminTest to work with i18n enabled
* ![rev:65026] Fixed CsvBulkLoaderTest to comply to hasHeaderRow API change (r64806)
* ![rev:65024] Fixed CMSMainTest to check for translated entities to avoid failing tests with i18n enabled
* ![rev:65023] Changed i18nTextCollectorTest to only trigger _t() calls in instance methods (they don't fully work in __construct()). Manually adding ClassInfo state for the fakewebroot needed to test textcollection - ManifestBuilder/ClassInfo currently don't support setting of other webroots, or flexible inclusion/exclusion of certain subfolders which would be necessary to do this without hacks.
* ![rev:64981] Don't allow calling of magically added methods via URL unless explicitly listed in allowed_actions
* ![rev:64976] Fixed wrong case of class names for ImageIFrameField causing errors
* ![rev:64879] Fixed title-handling in FormAction, regression from r64410
* ![rev:64878] Fixed missing $H() reference in i18n.js (#2989)
* ![rev:64850] Avoid ajax evaluator errors by checking if $resizedImage actually exists before calling relativePath() on it
* ![rev:64812] Content wasn't saving on subsequent page loads, after TinyMCE3 upgrade
* ![rev:64798] Fix DataObject::write() with a specified ID and forceInsert to be true
* ![rev:64788] in IE, overflow left pane is hidden and cannot enable scrollbar
* ![rev:64771] Made ContentController work properly if it doesn't have a dataRecord
* ![rev:64770] merged patch from ajshort to fix checkbox fields in the cms
* ![rev:64754] Fixed old references to GenericDataAdmin in ModelAdmin.php and ModelAdmin_Results.ss
* ![rev:64739] Security->passwordsent() didn't get the "Email" variable from the URL properly, because of updates to HTTPRequest
* ![rev:64736] Fixed non-object or not null error in TreeSelectorField
* ![rev:64732] New folders weren't getting their name set correctly, instead they would just be called "NewFolder". This occurred in the Site Content section of the CMS, creating a folder using the right hand panel in that section.
* ![rev:64604] Fixed incorrectly reverted methods related to sizing of the popup.
* ![rev:64601] Fixed extra class addition on various FormField->Field() methods
* ![rev:64562] Using include_once() instead of include() for _ss_environment.php in install.php and Core.php to avoid PHP notice errors about double constant defines (see r64561)
* ![rev:64506] Renamed "Save & Publish" to "Save and Publish" since this value is used in the value attribute of input elements, properly parsed, this would produce &amp; instead of &
* ![rev:64494] Fixed distribution of textcollector files to modules (was collecting all entities into all modules before) - added unit tests
* ![rev:64491] Fixed wrongly formatted _t() call in Security class
* ![rev:64490] Fixed $module parameter for i18nTextCollectorTask
* ![rev:64471] Fix issue with language files not being included
* ![rev:64467] Removed duplicate setValue() method on Time (was supposed to be deleted instead of renamed from setVal() to setValue())
* ![rev:64466] posix_isatty sometimes returns a benign error
* ![rev:64462] Don't run migration code for permissions if the old field doesn't exist.
* ![rev:64443] Fixed RestfulServerTest fixture path
* ![rev:64440] Unit tests for RestfulServer (see r64439)
* ![rev:64439] Returning 409 Conflict HTTP Header when trying to create a resource on an existing URL through RestfulServer
* ![rev:64438] Removed $headingLevel reference from LabelField (was supposed to go into HeaderField)
* ![rev:64437] Second constructor argument $title for HeaderField should be optional for legacy reasons
* ![rev:64427] Using PasswordField instead of deprecated EncryptField
* ![rev:64423] Adjusted HeaderField and LabelField implementation to new constructor arguments (see r64421)
* ![rev:64422] Adjusted HeaderField and LabelField implementation to new constructor arguments (see r64421)
* ![rev:64361] #2963 - Fix RSSFeed to work with new add_cache_headers
* ![rev:64334] Reverted Member->isAdmin() removal since it's being used in a lot of places, we shouldn't deprecated it... yet.
* ![rev:64329] correct wrong syntax of TableField class in its frontend javascript
* ![rev:64328] avoid a CSSClass is added to a veiwable data twice.
* ![rev:64325] $this->extraData is not alway set for an TableField_Item
* ![rev:64320] If DropdownField->Field() lack of source checking before looping through it
* ![rev:64318] Fixed DropdownField handling of Iterator objects rather than arrays in the newly created getSource()
* ![rev:64314] If ajaxActionsOnTop is called twice, the actions are removed.
* ![rev:64313] Don't use singleton() to create DataFormatter instances, as it will cause weird side-effects with multiple formatter instances with different parameters (broke subsequent test runs of RestfulServerTest and SoapModelAccessTest) - all aboard the failboat!
* ![rev:64310] Unsetting $_SERVER globals in RestfulServerTest to avoid side-effects across unit tests
* ![rev:64309] Added RestfulServerTest->testApiAccessBoolean()
* ![rev:64307] Fixed RestfulServerTest->testAuthenticatedGET()
* ![rev:64275] fixed default_country_value so that it will actually call the default country if IP lookup doesnt work
* ![rev:64263] Fix disappearing fields when a field without a name was being pushed onto a FieldSet (eg a CompositeField)
* ![rev:64251] Fixed ComplexTableField->saveComplexTableField() success message object link - was assuming same context as ComplexTableField_ItemRequest
* ![rev:64239] Adjusted ForeignKey->scaffoldFormField() to new scaffolding notation ("ajaxSafe" instead of "ajax")
* ![rev:64237] Fixed FormScaffolder string literal parsing FALE in getFieldSet()
* ![rev:64229] Storing HTTP "Referer" header from $_SERVER in Director::direct() and passing it along in Director::test()
* ![rev:64228] Checking for an empty array for $postVars in Director::test() to determine HTTP method - an existing array should cause POST rather than GET, even if its empty
* ![rev:64227] Fixed stupid ommission from r64223 which caused HTTPRequest to construct without a proper URL
* ![rev:64224] Using fieldLabel() for $has_one relationships in FormScaffolder
* ![rev:64173] Fixed wrong call to scaffoldCMSFields() in Member->getCMSFields(), removed addScaffoldRelationFields() call as this is done by the newly called parent::getCMSFields() already
* ![rev:64153] #2906 - Fixed manifest conflict in web-tests
* ![rev:64142] fixed ss.i18n.sprintf() call in Validator.js
* ![rev:64124] #2936: Define STDOUT if it's not already defined...
* ![rev:64109] Fixed order of arguments.
* ![rev:64099] Bad XHTML in en_US language file (#2624) - thanks tiwoc!
* ![rev:64098] Director::fileExists() fails on windows with absolute paths (#2935) - thanks to ajshort!
* ![rev:64097] Fixed CSSContentParser to only use tidy on CLI mode if its available, and first check for existence of PHP tidy extension. Fixes failing unit tests on standard WAMP windows installations.
* ![rev:64096] Fixed CSVParser assumptions about absolute unix-style filepaths - using Director::absFile() instead now
* ![rev:64081] Consistent usage of ss.i18n.sprintf() instead of ss.i18n.printf() - the method is returning a string rather than outputting directly, so should be sprintf()
* ![rev:64077] Fixing AssetAdmin translations which were previously moved to Folder.php - i18n::include_by_class() doesn't like filenames/namespaces which are in a different folder than the language file they're referenced in (see #2359) - started in r64076
* ![rev:64076] Fixing AssetAdmin translations which were previously moved to Folder.php - i18n::include_by_class() doesn't like filenames/namespaces which are in a different folder than the language file they're referenced in (see #2359)
* ![rev:64074] Fixed AssetTableField javascript errors caused by r64049
* ![rev:64072] Fixed DebugView Breadcrumbs to not include query string as separate link, and don't append an arrow after the last element
* ![rev:64049] fix the bug that add some rules for summary columns even when they are not there.
* ![rev:64042] Using _t() to check content strings in unit tests and avoid tests failing when i18n is enabled
* ![rev:64038] Removed $_ALL_CLASSES in ReportAdmin::has_reports() - this doesn't need to be here anymore, due to changes in ManifestBuilder
* ![rev:64013] Limited error message scope on invalid classname for TestRunner
* ![rev:64011] Ignore TestOnly classes when collecting permissions
* ![rev:64010] Removed dependency of ss.i18n.js on other libraries by replacing $$ with document.getElementsByTagName() and implementing a custom event attacher - see #2927
* ![rev:64007] Making less assumptions about object structure in FieldSet->addFieldToTab() error messages
* ![rev:64005] YamlFixture->saveIntoDatabase(): In order to support reflexive relations which need a valid object ID, the record is written twice: first after populating all non-relational fields, then again after populating all relations (has_one, has_many, many_many). Fixes a bug where FileTest was testing onBeforeWrite() behaviour
* ![rev:64004] Writing record from yml before parsing relations in YamlFixture->saveIntoDatabase() to avoid missing lookups for reflexive relations on the same object
* ![rev:64002] Moved RecordController and CollectionController to external module (see r63905)
* ![rev:64001] Adjusted FormTest->testLoadDataFromObject() to new assumptions about changed behaviour on loadDataFrom() from $loadBlanks to $clearMissingFields - which means that form fields are cleared regardless if they have blank values in the passed object or not
* ![rev:64000] Making sure that DataObject->has*Field() methods always return an array, in order not to fail any array_key_exists() checks
* ![rev:63999] Fixing DataObject->hasField() to detect dynamic getters by using hasMethod("get$fieldName")
* ![rev:63998] Fixed Form->loadDataFrom() to properly populate FormField->setValue() when an object is passed as the first parameter (needed e.g. for CheckboxSetField->setValue()) - see mailinglist discussion at http://groups.google.com/group/silverstripe-dev/browse_thread/thread/717bada8ccafdd70
* ![rev:63983] Fixes so ?flush=1 doesn't stop showing the Reports tab in CMS
* ![rev:63981] Allow use of ClassInfo methods in _config.php when manifest is being rebuilt
* ![rev:63945] Added missing slash in TableListField_Item->Link()
* ![rev:63939] Improved RedirectorPage's handling of invalid configuration options to prevent infinite loops and segfaults
* ![rev:63927] Improved detection of CLI colour support
* ![rev:63920] Fix broken breadcrumbs
## Bugfixes
* ![rev:63915] #2588 Fix issue with IIS not stripping GET variables from the URL (mackeyn)
* ![rev:63909] Prevent misconfigured redirector pages from breaking static publishing
* ![rev:63890] Validation result was ignoring the $valid flag passed as the first argument.
* ![rev:63858] Fixed js i18n entity names for TableField (see #2916)
* ![rev:63857] Properly merging different dictionaries for javascript i18n implementation (see #2916)
* ![rev:63839] Added missing default english text to i18n call in TableField and TableListField javascript
* ![rev:63828] MemberTableField_Popup had an odd way of overloading saveComplexTableField() - this should be on MemberTableField instead, since that's the direct subclass of ComplexTableField for where saveComplexTableField() is defined. This broke the "Add Member" button in CMS Security, probably due to the way the form URLs have been changed. See ticket #2907 for the reported problem.
* ![rev:63825] Don't let Director::test() clobber current stage
* ![rev:63824] Fix FieldSet::replaceField() so that it doesn't clobber tabs
* ![rev:63823] SiteTree::onAfterPublish() will still pass an object to the handlers on the first publish
* ![rev:63819] Fixed pagination in TableListField after hsmith's changes
* ![rev:63813] Fixed array_key_exists check in DataObject->setField that was failing when DataObject->record was not yet initialised by DataObject->setField.
* ![rev:63809] PHP Notice in InlineFormAction_Readonly
* ![rev:63804] Side reports weren't working on initial opening of the side tab
* ![rev:63799] Fixed blatant error where $SNG_member wasn't defined
* ![rev:63797] Member->getCMSFields() should use scaffoldCMSFields() instead of scaffoldFormFields() - currently it is operating in the wrong context.
* ![rev:63793] MemberTableField->AddLink() was calling &methodName=add - this should be just "add", as per changes to the forum URLs in sapphire
* ![rev:63786] Removed query that was causing issues displaying members in the security groups. Open ticket #2591
* ![rev:63785] URLs to security groups in CMS were not linked correctly. Removed Director::link() references and replaced with strings. Director::link() is deprecated and shouldn't be used.
* ![rev:63769] Fixed paths to CSV fixtures for case-sensitive file systems.
* ![rev:63768] Fixed $fixture_file for Ext2fs and other case-sensitive file systems.
* ![rev:63748] Use of getOwnerID() in ReportAdmin which doesn't make sense, since ID() is sufficient.
* ![rev:63739] Fixed bug in getCMSFields scaffolding of relations
* ![rev:63716] Fixed createTag for proper generation of DropdownField blank items
* ![rev:63698] Only include i18n.js if javascript files are included - and to be safe, include the required prototype.js along with the library
* ![rev:63691] Removed old reference to ?executeForm=EditForm
* ![rev:63681] Requiring a parentController for RecordController
* ![rev:63649] Fixed unclear SQL escaping responsibilities in SearchFilter subclasses - it now expects unescaped data, and escapes automatically when adding to the query)
* ![rev:63647] Making "add %s" translatable for ComplexTableField
* ![rev:63640] Automatically including sapphire/javascript/i18n.js in Requirements::process_i18n_javascript() to avoid errors when Requirements are manually overwritten
* ![rev:63635] #2901 - RootURLController didn't properly manipulate the Controller stack
* ![rev:63634] Reverted earlier change to ModelAdmin.js statusMessage() display
* ![rev:63629] Translated Member formfields through fieldLabels()
* ![rev:63627] php notice in CountryDropdownField
* ![rev:63622] Disabled user_error in ComplexTableField->sourceID() when no formfield 'ID' is found in ComplexTableField->$detailFormFields - not strictly required as we can deduce it from the URL. It was causing conflicts with DataObject->scaffoldFormFields() not returning an 'ID' field
* ![rev:63621] Making sure that Dataobject->getManyManyJoin() inserts a valid database table for the relation - not all component classes returned by ComponentSet->ownerClass are valid tables (see r54797 and r60909 for previous commits on this issue)
* ![rev:63618] Escaping added database columns in queries for TableListField
* ![rev:63611] typo mentioned in #2775
* ![rev:63602] Fixed bounce-address generation so that it doesn't have a human component to the email address
* ![rev:63593] #1816: Added a little padding to page version table
* ![rev:63581] Fixed ComplexTableField export
* ![rev:63571] typo in js file
* ![rev:63570] typo in js file
* ![rev:63549] Updated TreeSelectorField to work properly within CTF popups
* ![rev:63527] Removed notice-level errors in ListboxField
* ![rev:63525] #2883 - Remove use of short tag
* ![rev:63509] Fixed DataObject::dbObject() operation with CompositeDbFields
* ![rev:63467] Fixed Upload->isValidExtension() - was checking array keys instead of array values ....
* ![rev:63464] Fixed hardcoded HTTP protocol information in BasicAuth
* ![rev:63457] AssetAdmin->Link() returned a trailing slash that was not necessary. See ticket #2884
* ![rev:63452] Fixed ReportAdmin breakages - changes to HTTPRequest required that show($params) be changes to show($request) and then check $request->allParams() for the URL parameters - this caused major breakages as this code was not updated to reflect the new URL handling changes.
* ![rev:63432] #2753: Couldn't have fields named the same as methods
* ![rev:63304] #2529: Fixed HTTP/1.0 support
* ![rev:63297] Fixed loading indicator in for add form in ModelAdmin.js
* ![rev:63296] wrong jsparty PATH references
* ![rev:63295] wrong jsparty PATH references
* ![rev:63294] Fixed ModelAdmin Requirements path references
* ![rev:63291] Don't try to use HTTP_HOST environment variable if its not set in Director::protocolAndHost(). Throw a warning, then return false - before if script execution was not set to stop on WARNING, you'll get a NOTICE as well.
* ![rev:63290] Moved *_PATH and PR_*constants from main.php/cli-script.php back to Core.php - was causing problems with installer (directly includes Core.php, but doesn't run through main.php) - see ticket #2867 for improvement suggestions in bootstrapping code to avoid these bugs
* ![rev:63204] Moved TEMP_FOLDER define back from main.php/cli-script.php to Core.php, as it was causing problems with the installer
* ![rev:63157] Reverted Director class using BASE_PATH instead of dirname(dirname(['SCRIPT_FILENAME'])), originally committed in r63154
* ![rev:63079] decrease width of elements in image/flash/link panel on right-hand side to avoid close-button being shoved off to the void (#1669)
* ![rev:62910] #2390: Not indexed pages are removed from sitemap.xml
* ![rev:62909] Fixed bug introduced into AssetTableField by previous CTF change
* ![rev:62892] #2721 - Show decent preview on FileIFrameField
* ![rev:62885] Fixed a number of really basic problems with a number of date fields - got basic loading and saving working across them all
* ![rev:62875] More robust setting of defaults; necessary due to altered ViewableData::__isset()
* ![rev:62868] #2697 - Removed junk slash from login message
* ![rev:62701] Changed URL format for password sent confirmation display, to avoid issues with new request handling trying to detect the email-TLD as a pseudo-file-extension (which resulted in truncated email-addresses in display). Old: /Security/passwordsent/myemailaddress. New: Security/passwordsent/?email=myemailaddress
* ![rev:62490] createTag() on FormField subclasses should use getTabIndex() instead of getTabIndexHTML() as createTag() is responsible for generating the HTML, and all we need is the tabindex value
* ![rev:62471] Allowing HTTPRequest::match() to match rules with extensions (e.g. /sitemap.xml used for GoogleSitemap)
* ![rev:62463] Pushing current controller into stack in RootURLController->handleRequest to Session-usage in Translatable if enabled. Session::get() is dependent on controllers, and is needed to determine the current language for any Translatable queries (like RootURLController::get_homepage_urlsegment())
* ![rev:62381] Type checking problem in LookupField->Field(), merged in from r62387
* ![rev:62325] Removed DataReport.js calls in LeftAndMain until we figure out a better way of doing
* ![rev:62324] Removed DataReport.js calls in LeftAndMain until we figure out a better way of doing
* ![rev:62320] Allow creation of a tab and a field of the same name; bug cause by the duplicate field merging code introduced recently.
* ![rev:61975] not all decorators has a summary_fields defined, so the code need to deal with this.
* ![rev:61699] Fixed bulk loader constructor
* ![rev:61686] Fixed styling, searching, and pagination of CommentTableField
* ![rev:61505] Fix direct access of (class)/(id)/edit on the ModelAdmiN
* ![rev:61395] SetHeight() was calling SetWidth using getFormattedImage()
* ![rev:61292] fixed ManyMany relation for same object
* ![rev:61202] Reverted change r61158 which stopped scrollbars working
* ![rev:61195] Asset area in CMS refused to load because of error in code from r60920 - #2751
* ![rev:61162] sourceFilter should be a string, not an array
* ![rev:61155] HtmlEditorField_Toolbar->LinkForm() for editing a link inside an HtmlEditorField instance was showing page titles using the "Title"
* ![rev:61151] ComplexTableField_popup.css "overflow: auto" should only be applied to the container HTML element instead of HTML and BODY which can
* ![rev:60920] #1458 - GEOIP now does not return any error if it cannot look up the ip address (as it uses a shell command this is not enabled on many WAMP systems)
* ![rev:60897] fixed Member name not being saved in database with ReadonlyField()
* ![rev:60757] Fixed TableListField->Link() to allow for instanciation without a form/controller (e.g. for unit tests)
* ![rev:60756] Fixed ScaffoldINGComplexTableField file name
* ![rev:60726] Fixed DataObject::fieldLabels() to detect labels on inherited database fields
* ![rev:60723] Fixed partial merge from nzct (originally from r47039, partially merged in r60440)
* ![rev:60712] Fixed ModelAdmin typo in $searchCriteria method parameter
* ![rev:60710] Fixed $this reference in static Member call
* ![rev:60643] Reinstated error_handling(E_ALL) for dev environments in main.php after clarifying with sam - we want to force developers to recard notice-level errors unless they expicitly opt-out in their _config.php
* ![rev:60636] Disabled mandatory override of default PHP error handler to E_ALL when in dev mode (which means you have no way of overriding error_reporting() in your _config.php, and by that no way of disabling e.g. E_NOTICE level errors)
* ![rev:60635] Fixed CMSMainTest to use /admin/crm as a standard URL rather than /admin (which could be overloaded by other admins for application-like interfaces without CMS components)
* ![rev:60573] Fixed bug with unpaginated TableListFields. Added tests for TableListField pagination
* ![rev:60415] Added Requirements::path_for_file() to support external URLs in required paths (incl. unit test)
* ![rev:60413] Fixed RequirementsTest combine_files() testing to accept new javascript inclusion format with added modified flags
* ![rev:60412] Fixed JSON.php include path in Convert.php
* ![rev:60410] Fixed test runner's handling of errors
* ![rev:60404] Further fixes to Director::test()
* ![rev:60397] Changes to DataObject::get_one() caching to try and fix segfaults
* ![rev:60393] Fixed superglobal masquerading in Director::test()
* ![rev:60388] Fixed Yaml fixtures for SapphireTest
* ![rev:60382] Re-added additional GroupTest tests (merge error from branches/roa)
* ![rev:60378] Removed duplicate GroupTest.php files
* ![rev:60224] Fixed merge error in ModelAsController
* ![rev:60219] Fixed reverted access checks in Controller->handleAction() due to merge error
* ![rev:60213] Javascript error in ComplexTableField_popup.js - missing a comma in an object literal which broke ajax updates in the CMS
* ![rev:60092] Using $extraClass in AutocompleteTextField
* ![rev:59340] Fixed TableListField->setClick_PopupLoad() to parse ID-value out of new `<td>` identifiers
* ![rev:59285] Changed span.middleColumn to .middleColumn in cms_right.css in preparation for building proper HTML/XHTML nesting in formfields
* ![rev:59284] Changed span.middleColumn to .middleColumn in cms_right.css in preparation for building proper HTML/XHTML nesting in formfields
* ![rev:59283] Fixed i18n namespacing issue in TableListField_Item.ss - was using _t('Form.DELETE'), but templates don't allow to re-use variables outside their own namespace
* ![rev:59282] Removed duplicate SecurityID fields on each row of a TableField (calls $myForm->Fields() which by default will include more than the actual form fields passed to the constructor)
* ![rev:59281] Fixed colspan on `<td class="actions">` in MemberTableField.ss
## Enhancement
* ![rev:71650] Applying the asynch request patch to our tag field. We use a simple queue management idea to keep only the latest ajax request is valid, ie, we abort all requests before the current request is submitted, so that there is only at most one request spanning in the client side, so no early request's response cover late request's response, also greatly enhance the performance of both sides, especially in case of complicated operations in server side and complicated post-events in client side.
* ![rev:71597] delete button keep spinning when cancel a deletion operation from the confirm window.
* ![rev:70956] Ticket 2756: Newsletter performance problem, run out of memory.
* ![rev:70861] Allow selection of the unique identifier field on Member by setting Member::set_unique_identifier_field(AnotherField). Default is "Email".
* ![rev:70846] When MemberLoginForm controller page has loaded, focus on the Email input field so the user doesn't have to focus the field themselves. Ticket #3418
* ![rev:70809] Removed blacklist newsletter specific code out of core and into newsletter module
* ![rev:70783] Export to CSV data of MemberTableField gets all fields on the member from the db array, instead of just FirstName, Surname and Email
* ![rev:70775] Removed BrowserDetect javascript library which was randomly placed in Security_login.js and just included in AssetAdmin. Reverted to regex-matching for simple browser detection for now
* ![rev:70465] Allow Member::getCMSFields() to be extended via DataObjectDecorator->updateCMSFields()
* ![rev:70190] Added nicer (and more useful) error message if ErrorPage cannot open the error HTML file for writing
* ![rev:70131] Creation of a new page type now uses a consistent source of classes that respect $hide_ancestor on SiteTree.
* ![rev:70064] Default to "Page" for new page type dropdown
* ![rev:70060] Added a table for showing linked pages in the Report -> BackLinks tab
* ![rev:69954] Calling augmentSQL() on decorators in DataObject::get(), which is necessary (among others) to limit ContentController->getMenu() with Translatable enabled to the currently active language. Was previously just implemented in DataObject::get_one()
* ![rev:69953] Passing through same arguments in SiteTree::get_by_url() than in the wrapped DataObject::get_one()
* ![rev:69952] Removing specialized routing for Translatable from Director->currentPage() and ModelAsController->getNestedController. Calls SiteTree::get_by_url() now, which abstracts out the Translatable handling.
* ![rev:69924] #3313 gigtech: Added ComplexTableField::setAddTitle()
* ![rev:69909] Allowing for passing of $context in Hierarchy->markChildren()
* ![rev:69896] Allowing more arguments in Object->extend() (merged from branches/translatable in r64523, thanks wakeless!)
* ![rev:69895] Added SQLQuery->filtersOnFK() (merged from branches/translatable in r64523, thanks wakeless!)
* ![rev:69891] Moved i18n::get_existing_content_languages() to correct namespace in Translatable::get_existing_content_languages().
* ![rev:69888] Added DataObjectSet->replace()
* ![rev:69864] Allow selection of parent page with adding page through URL - Ticket #3177. Thanks simon_w!
* ![rev:69833] Separated the class name for captioned images to normal images, so styling can be separately applied
* ![rev:69824] Caption support for the HtmlEditorField in the SS CMS. Ticket #2937
* ![rev:69823] Caption support for the TinyMCE editor in the SS CMS. Ticket #2937
* ![rev:69821] #3180: Added RsyncMultiHostPubilsher to 2.3 from trunk
* ![rev:69734] Allow specifying application URL for the top right logo instead of hardcoded silverstripe.com. Thanks hamish!
* ![rev:69661] Removed /cms URL alias for CMS interface to allow for pages named "cms" (see #3267)
* ![rev:69660] Removed /silverstripe URL alias for CMS interface to allow for pages named "silverstripe" (see #3267)
* ![rev:69449] Added .message styles to cms/css/layout.css
* ![rev:69370] Add a `<span class="highlight">` around all keywords (space delimited) and not just the entire search phrase
* ![rev:69360] Update ForeignKey and Primary key default fields to use SQLMap for their dropdown source for better performance.
* ![rev:69323] Added styling for "form .message.notice" in sapphire/css/Form.css
* ![rev:69322] More readable (and linked) output of "you are comparing..." message when viewing version of a page
* ![rev:69244] Added renameField() to FieldSet
* ![rev:69224] Allow choosing ellipsis for truncated text on Text->LimitWordCountXML()
* ![rev:69218] Added ability to define the ellipsis for LimitWordCount() setting "..." as the default
* ![rev:69207] Changed order of array merging in DataObject->db() - contains fields from subclasses at end of the array instead of the beginning. Important because db() is used by FormScaffolder, which shoved custom fields on the front of auto-generated forms. Shouldn't have any effect on the actual content of returned array
* ![rev:69204] Hiding Member->BlacklistedEmail field in getCMSFields() by default - only relevant in newsletter/bounce context at the moment
* ![rev:68860] Added RestfulServerTest->testGETRelationshipsXML()
* ![rev:68818] Appending classnames to translated pagetype titles in CMSMain->getPageTypes() when the cms is loaded in a non-english version - see inline comment
* ![rev:68817] Appending classnames to translated pagetype titles in SiteTree->getClassDropdown() when the cms is loaded in a non-english version - see inline comment
* ![rev:68771] Improved display of class permissions in /admin/security by using the menu title in addition to the classname (users won't necessarily know which classname an admin area corresponds to). Also using "Access to all CMS interfaces" as a permission description for CMS_ACCESS_LeftAndMain
* ![rev:68761] Making Date->Ago() translatable
* ![rev:68747] Using i18nEntityProvider on SiteTree to ensure entities in "Page" namespace get stored on sapphire instead of the "module folder" for Page.php - we can't make those properties translatable within core if they are in a custom folder
* ![rev:68745] Allowing textcollection of multiple modules selectively
* ![rev:68701] Allow HtmlEditorField on front-end forms
* ![rev:68508] Checking for $_FILE_TO_URL_MAPPING in DevelopmentAdmin if called in CLI mode to avoid nasty bugs e.g. during FunctionalTest sessions (Example: Controller stack was failing for some weird reason in LeftAndMainTest)
* ![rev:68460] Added CMSMenu::get_viewable_menu_items() and using it in LeftAndMain->MainMenu()
* ![rev:68193] Added Email->setTemplate() and Email->getTemplate() (as the Email_Template class is deprecated)
* ![rev:68160] Added support for specifying target module in i18nEntitityProvider->provideEntities()
* ![rev:68156] Added support for specifying target module in i18nEntitityProvider->provideEntities()
* ![rev:67984] Documented and improved DataObjectSet->PaginationSummary(). Removed DataObjectSet->paginationSummaryDots
* ![rev:67675] Fixed Email::obfuscate() to include custom CSS for reversing the email address using the "direction" method
* ![rev:67638] Added "reverse" method to Email::obfuscate() to reverse the email address in PHP, then CSS can be used to reverse it back to normal to avoid email harvesting
* ![rev:67502] Added SSViewer::get_source_file_comments()
* ![rev:67422] Allow setting of the legend value in the Form template by use of Form->setLegend('my legend')
* ![rev:67398] Added ability to include a blockquote in the CMS WYSIWYG editor
* ![rev:67345] Allowing custom methods in DataObjectSet->column()
* ![rev:67321] Only showing import form in ModelAdmin if an importer is set
* ![rev:67294] Added SITETREE_GRANT_ACCESS permission code to SiteTree to control editability of the "Access" tab (incl. unit tests)
* ![rev:67292] Supporting object parameter in FieldSet->makeFieldReadonly()
* ![rev:67291] Added mock controller instances to each FunctionalTest, which passes the existing mock session object into the controller stack. This means Sesssion::get()/set() in application code will use the test session. Helpful mainly for overriding login information used by Member::currentUser().
* ![rev:67242] Make it easier to create pageless subclasses of Page_Controller
* ![rev:67224] Adding "close popup" link after saving /admin/myprofile (see #3195)
* ![rev:67139] Added TreeDropdownField->refresh() js method
* ![rev:67138] Allowing usage of extraClass() in TreeDropdownField
* ![rev:67083] Using TEMP_FOLDER for StaticExporter
* ![rev:67072] Disallowing CMSMain->revert() if SiteTree->canPublish() is not granted (used to be SiteTree->canEdit()). If a user isn't allowed to publish, he shouldn't be allowed to revert the live state of a page either.
* ![rev:67061] Moving "save" and "delete" cms actions from CMSMain->EditForm() into SiteTree->getCMSActions() to make them decoratable (e.g. disallow delete action) and easier to cover with unit tests. Leaving fallback "save" and "delete" actions in CMSMain in case no actions are defined (necessary e.g. for Group class in SecurityAdmin)
* ![rev:66958] Added SearchForm->setPageLength() and SearchForm->getPageLength()
* ![rev:66946] Add `<%-- --%>` comments
* ![rev:66830] Disabled sending of warnings through Debug::send_errors_to() by default. If you need extended error reporting including warnings (e.g. for a site which is still in active development), use Debug::send_errors_to('example@example.com', true) or Debug::send_warnings_to('example@example.com')
* ![rev:66803] Just redirect back after "import" action called, and set the session message on the Form object instead of hardcoded ID
* ![rev:66654] Renamed tab "Meta-data" to "Metadata" for better readability (see #3142)
* ![rev:66646] Fixed default level in HeaderField - was duplicating defaults already present in two other places (see r66639)
* ![rev:66625] Allow CheckboxSetField to use extra classes as other FormField classes do. Also dded test for this behaviour in CheckboxSetFieldTest.
* ![rev:66622] Sort test class list by alphabetical order so it's easier to read
* ![rev:66596] Defaulting to show all columns in ModelAdmin CSV export, ignoring user selection of result table columns (users can always limit CSV columns by manually deleting them e.g. in Excel)
* ![rev:66583] Added experimental support using (relname)Query methods to pass complex relations (those defined by methods) into searchfilter
* ![rev:66343] Added comments in rendered templates to indicate the source .ss files, on dev sites only:
* ![rev:66333] Added ConfirmedPasswordField->setShowOnClickTitle()
* ![rev:66323] If there are no files in a folder in AssetAdmin, show a message
* ![rev:66322] Added SearchFormTest
* ![rev:66320] Added more known file extensions (tiff, js, html, css, ico) to File->getFileType()
* ![rev:66312] Added support for $relationCallbacks on the importer class (in addition to methods on the model class)
* ![rev:66173] Moving GoogleSitemap functionality (priority dropdown and database fields) from SiteTree to GoogleSitemapDecorator
* ![rev:66168] Removed GoogleSitemap references in SiteTree (moving to decorator implementation)
* ![rev:66137] Added TranslatableTest with minimal assertions about existing form fields in translation mode
* ![rev:66045] Added support for custom importer methods in CsvBulkLoader
* ![rev:65827] Added error messages to flash uploader panel, to be consistent with the image uploader one
* ![rev:65582] Using actual classname in DataObjectSet->debug()
* ![rev:65581] Added unit tests for FieldSet->insertBefore()/insertAfter()
* ![rev:65513] Using currently used content languages for options in the TinyMCE spellchecker (see http://open.silverstripe.com/ticket/2498#comment:2)
* ![rev:65508] Added language tables for tinymce_ssbuttons Plugin, incl. German translation
* ![rev:65495] Calling UpgradeSiteTreePermissionSchemaTask from SiteTree->requireDefaultRecords as a temporary workaround for missing migration infrastructure. This means that upgrading the schema for 2.3 can be done without manual task triggers, just the usual dev/build (see http://open.silverstripe.com/ticket/2847#comment:4)
* ![rev:65494] Added DatabaseTest
* ![rev:65464] Better CLI output for browsing dev/tests
* ![rev:65463] Allowing strings instead of arrays in ModelAdmin::$managed_models to make it less error-prone for beginners
* ![rev:65457] Allowing to pass strings instead of arrays into FunctionalTest->assert*() methods, and convert them internally to arrays
* ![rev:65455] Adjusted AssetAdmin to Folder->can*() changes
* ![rev:65454] Added LeftAndMainDecorator
* ![rev:65453] Added stub methods to DataObjectDecorator for documentation purposes
* ![rev:65452] Allowing decoration of can*() methods in File and Folder
* ![rev:65361] Added unit tests for i18n template parsing
* ![rev:65266] Folder name can now be used for uploading files. Ticket #3026 - Thanks simon_w!
* ![rev:65181] Updated LeftAndMain->getMenuTitle() to use classname as fallback if $menu_title is not defined - one less thing to specify in a minimalist ModelAdmin subclass
* ![rev:65173] Refactored CSS applied to filter boxes by using common selector
* ![rev:65153] Added UpgradeSiteTreePermissionSchemaTask as a manual migration of SiteTree schema upgrades in 2.3 (see #2847)
* ![rev:65150] Added unit tests for SiteTree permissions
* ![rev:65147] Only logging out users on Security::permissionFailure() is called in non-ajax context. For ajax requests, we now return a 403 HTTP Status in a HTTPResponse Object, with a ":NOTLOGGEDIN" body for backwards compatibility. If a logout+redirection is required after an ajax-request, this should be handled by the clientside.
* ![rev:65125] Added a "strict-mode" for Member->inGroup() and Member->inGroups() to determine true membership to a group (without inheritance)
* ![rev:65092] Scaffolding TextField instead of TextareaField in Text DBField due to size
* ![rev:65073] Added fieldLabels() overloading to various DataObject subclasses. Use this method instead of directly calling _t() in getCMSFields(), and use fieldLabel('MyField') to get the label for a specific FormField. This way, we can transparently support formfield scaffolding and re-use the labels for search fields automatically.
* ![rev:65072] Added fieldLabels() overloading to various DataObject subclasses. Use this method instead of directly calling _t() in getCMSFields(), and use fieldLabel('MyField') to get the label for a specific FormField. This way, we can transparently support formfield scaffolding and re-use the labels for search fields automatically.
* ![rev:65056] Removed DataObjectDecorator->updateSummaryFieldsExcludeExtra() - was a straight copy of updateSummaryFields()...
* ![rev:65055] More solid fulltext checks against master language tables in i18nTextCollectorTest
* ![rev:65054] Using eval() in textcollector to test for valid PHP syntax
* ![rev:65051] Added unit tests for i18nTextCollector handling of newlines in entity values
* ![rev:65029] Using namespaces for filenames in RequirementsTest
* ![rev:65027] Using safer get_by_id() call in SecurityAdmin->getMemberForm()
* ![rev:65022] Added i18nEntityProvider interface (see comments in #1625) incl. unit tests
* ![rev:65020] Allowing translation of some static properties on DataObject and subclasses through DataObject->fieldLabels(). Part of the provideI18nEntities() work which was started in r64881 (see #1625)
* ![rev:64881] Ignoring entity-names with $ signs (most likely dynamic properties) in i18nTextCollector->collectFromCode()
* ![rev:64878] Added unit tests for i18n.js
* ![rev:64682] Changed FormField->Field() to make use of FormField->createTag() over complicated dynamic string building
* ![rev:64596] Allow use of RestfulService->setQueryString() and test to support it. Patch from ticket #2973. Thanks to simon_w!
* ![rev:64558] Used _t() entity instead of hardcoded "not set" string in TextareaField->Field()
* ![rev:64556] Clearer indication of setting disabled attribute in DropdownField->Field() since the disabled attribute shouldn't be set if the field isn't to be disabled
* ![rev:64553] Clearer indication of setting disabled attribute in CheckboxField->Field() since the disabled attribute shouldn't be set if the field isn't to be disabled
* ![rev:64552] If TextField->disabled has been set to true, then add the "disabled" attribute to the input type text attribute list
* ![rev:64551] Made use of FormField->createTag() functionality for creating a textarea field in TextareaField->Field()
* ![rev:64494] Using ksort() in textcollector to get alphabetized language master files (=easier to compare and debug)
* ![rev:64493] Made _t() global function in Core.php an alias for the new i18n::_t() method
* ![rev:64492] Refactored i18nTextCollector and added unit tests
* ![rev:64489] Added ClassInfo::classes_for_file()
* ![rev:64447] Moving i18n->textcollector() and related methods to new class i18nTextCollector and i18nTextCollectorTask - enabling running textcollector through CLI, refactored to instance methods for better testability
* ![rev:64446] Improved TaskRunner and BuildTask metadata and styling
* ![rev:64421] Using createTag() to create HeaderField and LabelField, which adds support for HTML id attributes and extra css classes through addExtraClass()
* ![rev:64410] Made use of createTag() on FormAction->Field()
* ![rev:64408] Added ID to allow CSS styling of forgot password link on MemberLoginForm
* ![rev:64406] Added a message if no email address was specified, for user feedback purposes on MemberLoginForm->forgotPassword()
* ![rev:64405] Changed the "I've lost my password" action to a link instead, since the button is too prominent, and usability is poor having this as a form submit button.
* ![rev:64397] Versioned::get_one_by_stage() and Versioned::get_by_stage() were missing parameters from their get_one() and get() counterparts in DataObject. Those parameters have been added. See ticket #2965 for the origin of this patch.
* ![rev:64366] Pulled out Newsletter specific stuff from Member, the changes in the newsletter module were done on r64365
* ![rev:64356] Added additional known file types, for audio and video files
* ![rev:64311] Added unit tests for Silverstripe's custom static handling (with lots of commented out failing tests)
* ![rev:64306] is_array() checks in DataFormatter to respect empty arrays as a form of denying permissions on fields
* ![rev:64305] Added BankAccountField::is_valid_array_structure() to avoid PHP Notices when converting empty array values
* ![rev:64304] Added DropdownFieldTest
* ![rev:64252] Making confirmation message in ConfirmedFormAction translatable
* ![rev:64238] Showing image thumb before input field in a separate block `<div class="thumbnail">` in SimpleImageField
* ![rev:64236] Added unit tests for form session messages and session validation, FormTest->testSessionValidationMessage() and FormTest->testSessionSuccessMessage()
* ![rev:64229] Storing a "fake referer" in TestSession->lastURL to allow for redirectBack() calls, e.g. after failed form validation
* ![rev:64224] Disrecard $includeRelations setting when scaffolding $has_one relationships in FormScaffolder - use $restrictFields to limit instead
* ![rev:64223] Making URL accessible through HTTPRequest->getURL()
* ![rev:64157] Added $params parameter to all DBField->scaffoldFormField() subclasses
* ![rev:64144] Setting default level for ContentController->getMenu($level = 1) to allow for calls without arguments
* ![rev:64078] Using $locale in _t() instead of repeatedly calling i18n::get_locale()
* ![rev:64075] Replaced hardcoded "en_US" references in i18n class with $default_locale
* ![rev:64073] Supporting titles in FieldSet->findOrMakeTab()
* ![rev:64071] Added german translation for ModelAdmin
* ![rev:64067] Using i18n fieldlabels for column-headlines in TableListField
* ![rev:64041] Re-enabled RSSFeedTest - seems to work now due to Director::baseURL() fixes (#2861)
* ![rev:64012] Improved error message on invalid classname for TestRunner
* ![rev:64003] Added DataFormatter->setCustomRelations()
* ![rev:64001] Made FormTest fixtures more expressive
* ![rev:63999] Re-enabled two test cases in DataObjectSet as a result of the above fixes
* ![rev:63996] Added unit test CheckboxSetFieldTest?->testLoadDataFromObject()
* ![rev:63995] Using fixtures in CheckboxSetFieldTest?, restructured from hard-to-debug manymany-join on self to a Article`<->`Tag relation
* ![rev:63955] Pulled out Report::has_reports() which was hardcoded into LeftAndMain, and put into cms/_config.php which makes more sense
* ![rev:63763] Reformatted and documented Form->loadDataFrom() - no functionality changed
* ![rev:63762] Added unit tests for "_unchanged" handling in Form->loadDataFrom()
* ![rev:63761] Added unit tests for Form->loadDataFrom()
* ![rev:63748] Added missing "abstract" Report class to compliment ReportAdmin. Currently it is unclear what abstract base class you're supposed to implement from.
* ![rev:63681] Custom getViewer() methods to use Page main templates if CollectionController is nested in a ContentController
* ![rev:63680] Added SSViewer->getTemplateFileByType() and SSViewer->setTemplateFile()
* ![rev:63679] Added HTTPRequest::detect_method()
* ![rev:63653] Added Controller->getRequest()
* ![rev:63652] Added Controller->render($params) as a shortcut for Controller->customise($params)->renderWith(array('MyTemplate','MySubTemplate')) - templates are auto-detected by Controller->getViewer() and Controller->getAction()
* ![rev:63651] Consistently allowing for $restrictFields and $fieldClasses parameters passed to DataObject->scaffoldFormFields(), DataObject->scaffoldSearchFields(), DataObject->scaffoldCMSFields()
* ![rev:63650] Added RequestHandlingTest->testNestedBase()
* ![rev:63648] Added support for customise parameters to ViewableData->renderWith() to avoid unnecessary chaining ($this->customise($params)->renderWith($template))
* ![rev:63633] Better i18n for TableField and ComplexTableField
* ![rev:63632] Using DataObject->Title for has_one dropdowns generated in DataObject->scaffoldFormFields()
* ![rev:63630] Added DataObject->fieldLabel() and removed $fieldname parameter from DataObject->fieldLabels($fieldName) to simplify overloading of fieldLabels() for i18n
* ![rev:63628] Added FieldSet->hasTabSet() incl. unit test
* ![rev:63626] Removed overloaded MemberTableField->DetailForm() and reduced overloaded constructor logic - same behaviour found in parent classes
* ![rev:63624] Scaffolding Member->getCMSFields() to allow for easy extension
* ![rev:63623] Calling DataObjectDecorator->updateCMSFields() in DataObject->getCMSFields() - was previously only called in SiteTree instances
* ![rev:63620] Only list ID field in DataObject->summaryFields() if no summaryfields are defined (or can be autodetected). Listing all fields was not feasible, as some subclasses have more fields than fits the column layout
* ![rev:63619] Added ObjectTest->testSingletonCreation()
* ![rev:63615] Added FieldSetTest->testRemoveTab()
* ![rev:63614] Updated translations from translate.silverstripe.com
* ![rev:63613] Updated translations from translate.silverstripe.com
* ![rev:63572] Removed project-specific requirements from CMSMain
* ![rev:63569] Started using ss.i18n clientside javascript in LeftAndMain classes (only a fraction made translatable)
* ![rev:63567] Using ss.i18n in all sapphire form fields with clientside language strings
* ![rev:63566] Added javascript i18n support through Requirements::process_i18n_javascript() and ss.i18n javascript lib
* ![rev:63565] Added ViewableData->i18nLocale, used in LeftAndMain.ss to determine interface language through meta tags (see r63564)
* ![rev:63564] Added ViewableData->i18nLocale, used in LeftAndMain.ss to determine interface language through meta tags
* ![rev:63554] Checking for instanceof DataObject instead of has_one() in DataObject->update() to support virtual relations as well (fix to r63531)
* ![rev:63528] #1848 - Select the title field for new pages
* ![rev:63526] #2875: Make CLI execution more robust when FILE_TO_URL_MAPPING not set
* ![rev:63493] Added support for dot syntax to DataObject::update()
* ![rev:63470] Setting SimpleImageField->allowedExtensions to sensible defaults
* ![rev:63468] Added Form->resetField()
* ![rev:63465] Showing contact information in Debug::friendlyError() from Email::getAdminEmail()
* ![rev:63463] Added Director::get_environment_type()
* ![rev:63452] Better URL handling. Instead of "admin/showreport/something", we do "admin/report/show/something", which is more consistent with the rest of the CMS.
* ![rev:63388] Director::forceWWW() now does a 301 redirect for SEO (to be consistent with Director::forceSSL())
* ![rev:63337] Added DataObjectTest test cases for checking various field existence levels
* ![rev:63327] #2172: Added counts to comment admin submenu items
* ![rev:63321] Updated cli-script handling to be more in line with web calls, and improved Director::setBaseURL() calls.
* ![rev:63289] Tidied up DropdownField->Field() by making use of FormField->createTag() as other FormField subclasses such as TextField do
* ![rev:63249] Moved UserDefinedForm and related code, templates, CSS and javascript out of cms and sapphire classes into userforms/trunk
* ![rev:63198] Added user_error() if RebuildStaticCacheTask is called without a Page->allPagesToCache() method defined
* ![rev:63182] Added ManifestBuilder::$cache_expiry_mins
* ![rev:63181] Using HTTP Status 301 for RedirectorPage class, to be nice to search engines and improve SEO (with 200 page rank gets split between pages, with 301 its all transferred to the target page)
* ![rev:63175] Introduced constants for system paths like /sapphire in preparation for a more flexible directory reorganisation. Instead of hardcoding your path, please use the following constants: BASE_PATH, BASE_URL, SAPPHIRE_DIR, SAPPHIRE_PATH, CMS_DIR, CMS_PATH, THIRDPARTY_DIR, THIRDPARTY_PATH, ASSETS_DIR, ASSETS_PATH, THEMES_DIR, THEMES_PATH
* ![rev:63154] Introduced constants for system paths like /sapphire in preparation for a more flexible directory reorganisation. Instead of hardcoding your path, please use the following constants: BASE_PATH, BASE_URL, SAPPHIRE_DIR, SAPPHIRE_PATH, CMS_DIR, CMS_PATH, THIRDPARTY_DIR, THIRDPARTY_PATH, ASSETS_DIR, ASSETS_PATH, THEMES_DIR, THEMES_PATH
* ![rev:63153] Moved procedural bootstrapping code hiding away between function definitions in Core.php to main.php and cli-script.php (TEMP_FOLDER and PR_* constants)
* ![rev:63057] Updated argument handling for sake
* ![rev:63025] Better CLI output of 'sake dev'
* ![rev:63022] #2853 - Added dev/build as a the new name for db/build; prettied it up
* ![rev:62995] Prevent CMS session timing out and losing content - Added a ping to Security/ping every 5 mins, and altered the onSessionLost behaviour to open login form in a pop-up instead of closing the CMS (see #2242)
* ![rev:62994] Prevent CMS session timing out and losing content - Added Security/ping as a destination for session-preserving ajax pings
* ![rev:62894] #2700 - Added section title to CMS title tag
* ![rev:62883] ComplexTableFilters used to edit relations have their filter automatically set, as well as the foreign key on new records.
* ![rev:62867] #2417: Replaced http://www.yoursite.com with the actual base URL
* ![rev:62848] Allowing to specify dropdown title field in TypeDropdown->setTitleFieldName() - patch by nicolaas (#2689)
* ![rev:62847] Allowing usage of ID, Code-String or Object as $group parameter in Member::inGroup()
* ![rev:62844] Allowing usage of $member parameter for Member::check() as ID, Code or Object
* ![rev:62843] Added Debug::send_warnings_to()
* ![rev:62841] Using optional $member parameter for DataObject::can*() methods
* ![rev:62477] Improved ajax error display within the CMS: Using Firebug (or Firebug Lite) for plaintext output instead of cramming everything into the CMS-status field
* ![rev:62468] In Debug::showError(), if error is displayed through ajax with CliDebugView, use plaintext output
* ![rev:62467] Removed "ERROR:" prefix hack for ajax error responses - clientside evaluation should inspect HTTP status codes instead
* ![rev:62397] Adjusted ModelAdmin->import() to new BulkLoader_Result API (see r62403)
* ![rev:62267] Added DBFieldTest to test prepValueForDB()
* ![rev:61685] You can now use Controller::join_links() to add querystring arguments to a URL
* ![rev:61627] Added dev/tests/startsession and dev/tests/endsession to allow the use of fixtures with external test frameworks, such as Windmill
* ![rev:61618] wakeless - Added SQLQuery::filtersOnID()
* ![rev:61485] DropdownField now allows for `<optgroup>` elements in the field source by passing in a two dimensional array - this was taken from GroupedDropdownField
* ![rev:61420] RequiredFields->php() uses quotes around title of field, falling back to the name of the field if title isn't available
* ![rev:61415] Added LowerCase() to DBField to return the raw2xml converted value as lower case for any type of field if applicable
* ![rev:61394] Added SetHeight() to the Image class, so we can call it from the templates
* ![rev:61392] Added SetSize() to the Image class so we can use it in the templates
* ![rev:61166] Consistent styling of TypeDropdown in the CMS
* ![rev:61165] Added h3, h4 and h5 CSS styles
* ![rev:61157] Added FieldSet->removeFieldsFromTab() which does exactly what removeFieldFromTab() does, but with an array of field names
* ![rev:61154] Director::forceSSL() redirects are now 301 instead of 302 redirects, which is better for SEO
* ![rev:61153] ErrorPage:: should also list ShowInSearch as 0, since it is not required to be searched
* ![rev:61149] Added getter method for CompositeField->children
* ![rev:61147] If title not passed into TextareaField constructor, it defaults to the name value
* ![rev:60724] Removed recently added DataObject::$result_permissions and replaced with more specific TableListField::permissions_for_object()
* ![rev:60645] Added Maori to i18n::$common_languages
* ![rev:60637] Showing error level in custom error handlers on DebugView and CliDebugView
* ![rev:60635] Added default /admin/cms route to cms/_config.php to clear default namespace for other controllers
* ![rev:60395] Using Requirements instead of hardcoded template logic to include some LeftAndMain js/css
* ![rev:59286] Added `<div class=""middleColumn">` around TableListField templates and all subclasses
## Minor changes
* ![rev:71706] Make FirstName and Surname of Member table be indexed.
* ![rev:71621] Allow setting page size for MemberTableField
* ![rev:71569] some label, texture change for AHIP project SC #99
* ![rev:71345] added user friendly labels - should really be _t compatible I guess
* ![rev:71292] Fixed tab-spacing in cms/upload js files
* ![rev:71194] Fixed CSVParserTest with encoding issues
* ![rev:70960] Added basic tests for Date and DateField
* ![rev:70953] Code formatting fix in DateField
* ![rev:70895] Updated tests to check boolean values in CsvBulkLoaderTest
* ![rev:70843] Added phpDoc comments for documentation that needs to be written explaining the different source data that can be used with CheckboxSetField
* ![rev:70833] Ensure that $result is defined before calling array functions on it in SiteTree::getClassDropdown()
* ![rev:70807] Code formatting cleanup in Member
* ![rev:70799] Code formatting fix in SecurityAdmin_left.ss
* ![rev:70783] Code formatting fix
* ![rev:70769] Defensive handling of events in TreeSelectorField->hideTree
* ![rev:70761] Added important piece of information for where the callback method should be defined for duplicate checks in BulkLoader
* ![rev:70693] fixing flash insertion and removing console log messages
* ![rev:70678] Use FormResponse instead of echoing strings as JS
* ![rev:70677] Removed hard-to-debug error trap in SecurityAdmin_right.js
* ![rev:70666] merged r70665 from trunk
* ![rev:70664] removed dulicate css code
* ![rev:70663] merged r70323 from trunk
* ![rev:70662] tinymce toolbar improvements. Fixed gradient image and border issue
* ![rev:70657] #3416 MCE Editor Minor Beautification (thanks ajshort!)
* ![rev:70647] Changed $title parameter to HtmlEditorField constructor to null to be consistent with TextareaField and so title is derived based on the name of the field if no title is given.
* ![rev:70635] Patch from ajshort. changed site tree shortcut icon to transparent.
* ![rev:70608] Code formatting fix in FormField
* ![rev:70598] ticket 1846. Changed Action to title case
* ![rev:70596] ticket 1846. changed logout text to title case
* ![rev:70591] merged patch from simon_w. Fixed language in model admin
* ![rev:70587] fix for ticket 3384. Instead of messing round with added requirements back if you cannot merge them just return
* ![rev:70571] in-line documentation correction
* ![rev:70548] Added default english text for "Email" in Secrity->LostPasswordForm()
* ![rev:70540] Added default english text for "Email" and "Password" fields in MemberLoginForm
* ![rev:70530] merged patch from keeny. Put comment data into Cookie and load if user fails maths spam question. Clear comment cookie on successful posting
* ![rev:70498] Fixed incorrect parameters breaking PasswordField HTML validity because maxlength and size were being populated by non-numeric characters
* ![rev:70494] merged patch from simon_w. Removed unnesscary comments
* ![rev:70493] merged patch from simon_w. Changed can*() methods to check they are sent valid member objects rather then arrays
* ![rev:70484] merged patch from rjmackay. Fixed inclusion of BBCode filters and reported error supression
* ![rev:70483] merged patch from simon_w: added check to Children() to make sure user has canView() rights
* ![rev:70411] added empty statics for decoration
* ![rev:70409] added empty statics to allow decoration
* ![rev:70408] added empty statics to PageComment to allow for decoration
* ![rev:70400] SilverStripeNavigator toolbar is now i18n friendy
* ![rev:70360] removed Gallery Module code from AssetTableField
* ![rev:70355] CSS hover background fix. Merged from ticket #3264. Thanks gigtech
* ![rev:70269] Update ResetFormAction to make use of createTag() method instead of patching together strings to make the form input
* ![rev:70257] Fixed undefined variable error in TableListField->generateExportFileData()
* ![rev:70255] Whitespace removal at end of DataObjectDecorator class
* ![rev:70252] Update phpDoc for DataObject->getFrontEndFields()
* ![rev:70251] Renamed DataObjectDecorator->updateFormFields() to updateFrontEndFields() to be more accurate to the extended method
* ![rev:70238] Removed "Groups" field that wasn't used in Member::getCMSFields()
* ![rev:70236] Code tidy up and coding style fixes for MemberTableField
* ![rev:70188] If the error-404.html or error-500.html file can't be opened, supress the warning so an error isn't shown in the CMS
* ![rev:70154] phpDoc for Varchar->getName()
* ![rev:70153] Removed redundant code from Varchar
* ![rev:70133] Fix potential undefined variable errors in Query->column() and Query->keyedColumn() by always returning an array, even if it's empty. This now conforms to the phpDoc for these two functions, instead of returning null if there's no $column variable set
* ![rev:70132] Defined $column as an array so "undefined variable" error is supressed
* ![rev:70070] tidied up padding in headings complextablefields with long titles
* ![rev:70065] Removed redundant code in CMSMain->AddPageOptionsForm()
* ![rev:70061] Removed redundant code
* ![rev:70059] Code formatting fixes in HtmlEditorField
* ![rev:70053] Added test for HTTP::getLinksIn() which subsequently tests HTTP::findByTagAndAttribute()
* ![rev:70048] fix on-line documentation syntax so that phpDocumentor can creating automatically the API doc
* ![rev:70032] fix on-line documentation syntax so that phpDocumentor can creating automatically the API doc
* ![rev:69955] Passing context object through in LeftAndMain->getSiteTreeFor() (necessary for Translatable)
* ![rev:69939] Removed "edit image" button since the image editor has been removed
* ![rev:69890] Updated language tables
* ![rev:69889] Added Extension->getOwner()
* ![rev:69883] Fixed alignment of "Create translation" button in CMS - removed unnecessary horizontal floating and removed background
* ![rev:69871] merged r69857 from trunk
* ![rev:69865] Removed old references to check-php, which has since been removed
* ![rev:69843] Moved form session error set up from Form constructor to method so it can be used again if need be
* ![rev:69840] Added SiteTreeActionsTest
* ![rev:69839] Merged r69410 from trunk
* ![rev:69838] Merged r69409 and r69410 from trunk
* ![rev:69749] Fixed Sitetree expand and collapse icons alignment in FF3
* ![rev:69717] added support for :-) as well as :) in the Similes
* ![rev:69706] search interface design improvements
* ![rev:69686] Updated correct HTTPRequest class for @deprecated notice on HTTP::sendFileToBrowser()
* ![rev:69611] Updated cms master tables
* ![rev:69592] Added french translation (see #3290)
* ![rev:69591] Added french translation (see #3290)
* ![rev:69562] merge patch from ajshort: allow db build without running requireDefaultRecords
* ![rev:69514] fixed ModelAdmin right tab layout. Removed scrollbar off the tab strip. Ticket #2900
* ![rev:69419] Code syntax tidy up
* ![rev:69369] Removed @todo from Text->ContextSummary as it's already done
* ![rev:69368] Added phpDoc to Text->ContextSummary() $string argument
* ![rev:69348] Added todo and phpDoc to Text->ContextSummary()
* ![rev:69249] Disable caching in RestfulService test
* ![rev:69248] Removed debug message
* ![rev:69244] Added test for FieldSet->renameField() to test method behaviour
* ![rev:69226] Added tests for Text->LimitWordCountXML()
* ![rev:69225] Added phpDoc to Convert::raw2xml() and Convert::raw2js()
* ![rev:69221] Removed comment that isn't appropriate
* ![rev:69220] Added TextTest for testing Text class methods
* ![rev:69219] Updated phpDoc cautionary message on Text->LimitCharacters()
* ![rev:69218] Added documentation to various Text class methods for limiting field values
* ![rev:69206] logical bug in FormScaffolder
* ![rev:69205] translation
* ![rev:68973] reorganized layout of bbcode list elements to move longer ones to bottom row for BBCode popouts
* ![rev:68858] renamed $json to $xml in XMLDataFormatter
* ![rev:68853] added link to all Comments feed in Page Comments
* ![rev:68771] Updated language tables
* ![rev:68763] translation
* ![rev:68760] Making Folder->getCMSFields() translatable
* ![rev:68759] translation
* ![rev:68758] Making CTF save button translatable
* ![rev:68753] translation
* ![rev:68749] translation
* ![rev:68748] translation
* ![rev:68747] translation
* ![rev:68743] Translation
* ![rev:68742] Translation
* ![rev:68741] translation
* ![rev:68600] Removed debug message
* ![rev:68534] Hardcoded yoursite.com in assets treeview (see #3230)
* ![rev:68531] fixed javascript initialization bug in SecurityAdmin_left.js (see #3211)
* ![rev:68526] Hiding border around `<fieldset>`s in ModelAdmin add form (see #3214)
* ![rev:68517] fixed php notices on AssetAdmin (see #3187)
* ![rev:68457] formatting in Security.php
* ![rev:68195] Styling for input.disabled
* ![rev:68178] updated translations
* ![rev:68162] Updated language master table
* ![rev:68161] Updated language master table
* ![rev:68147] Updated cms lang master table
* ![rev:68029] Added whitespace after <!-- end include to be consistent
* ![rev:67705] formatting
* ![rev:67689] Documented ClassInfo::subclassesFor() and added unit tests
* ![rev:67682] Updated phpDoc for Requirements::customCSS() and Requirements_Backend::customCSS()
* ![rev:67676] Code formatting cleanup
* ![rev:67675] Code formatting cleanup
* ![rev:67468] Removed whitespace after ?> end PHP tag
* ![rev:67467] Removed whitespace after ?> end PHP tag
* ![rev:67424] Tidy up of Form.ss template in sapphire/templates/Includes
* ![rev:67380] Documentation in Email class
* ![rev:67327] Added test for ErrorPage
* ![rev:67301] Declared Director::direct() and Director::test() as static functions to avoid confusion
* ![rev:67300] Code formatting improvements for Director->test()
* ![rev:67295] Re-enabled calls to updateCMSFields() accidentally disabled in r67294
* ![rev:67293] Removing custom mock controller from SearchFormTest, now handled in FunctionalTest (see r67291)
* ![rev:67230] ImageEditor indentation
* ![rev:67213] Merged r66794 from trunk (related to #3192)
* ![rev:67188] fixed typo in email_template docblock and added note from sean
* ![rev:67176] Reverted r64384 and re-added Email_Template (see #3183)
* ![rev:67083] Documentation for StaticExporter
* ![rev:67075] removed debug code
* ![rev:66958] Deprecated internal property SearchForm->$numPerPage, use $pageLength instead
* ![rev:66944] merged from trunk
* ![rev:66942] merged r66670 from trunk
* ![rev:66939] Merged r66681 from trunk
* ![rev:66819] Code formatting conventions in HTTPRequest->param()
* ![rev:66803] phpDoc comments for ModelAdmin->import()
* ![rev:66800] Added code example of $model_importers array item
* ![rev:66751] Reverted replacement of jQuery.js with minified version, we're doing minification on the fly, and there's jQuery-packed.js as a readymade alternative (see r66708)
* ![rev:66748] Revered jquery/orig folder, not necessary as we have an unminified jQuery.js anyway (see r66717)
* ![rev:66747] Reverted reference to jquery-packed.js which causes problems by double minification in cms (see r66735)
* ![rev:66745] Revered accidental deletion of jQuery.js in r66719
* ![rev:66736] Formatting in Permission::checkMember()
* ![rev:66735] fixed path include for jquery
* ![rev:66700] merged r66672 from trunk
* ![rev:66643] Removed unused action "waitingon" from CMSMain::$allowed_actions
* ![rev:66642] Removed TaskList remnants of old cms workflow code
* ![rev:66640] Removed redundant code
* ![rev:66637] Code formatting of !isset($member) on SiteTree->canAddChildren() for consistency with other can*() methods
* ![rev:66636] Renamed to correct updateCMSActions() in php comment
* ![rev:66631] Removed unused private static $dataobject_select in File
* ![rev:66630] phpDoc comments for File->getAbsoluteSize()
* ![rev:66628] Code formatting cleanup on CheckboxSetField->Field()
* ![rev:66624] Added tests for checking extra class was added to DropdownField
* ![rev:66623] Added tests for checking extra class was added to FormField subclasses (TextField, EmailField and OptionsetField)
* ![rev:66615] Readd of end php tag as per coding conventions
* ![rev:66614] Added missing end php tag for ImageEditor, as per coding conventions
* ![rev:66613] Removed whitespace after end php tag for AssetTableField
* ![rev:66612] Removed commented out code that shouldn't be lying around
* ![rev:66542] actually allow youtube / blip videos to be embedded into the cms content area
* ![rev:66426] added setter function to write_js_on_body() so I can override the settings
* ![rev:66386] SecurityAdmin code formatting cleanup
* ![rev:66385] Removed old references to "rightbottom", which is now obsolete and caused a big box to appear in the CMS sometimes
* ![rev:66373] Tidied up messy template syntax in LeftAndMain.ss
* ![rev:66333] Documentation for ConfirmedPasswordField
* ![rev:66322] Documentation for SearchForm
* ![rev:66318] Coding conventions, inconsistent use of tabs and spaces
* ![rev:66317] Code conventions (spaces should be between operator characters)
* ![rev:66311] Removed old references from workflow in SiteTree and VirtualPage (AssignedToID and RequestedByID were old properites of a workflow page type)
* ![rev:66310] Removed old workflow instances in the cms module. See ticket #3044
* ![rev:66302] Added isset($_SERVER['HTTP_HOST']) checks to Director->isDev() and Director->isTest() - these environment variables are not available in CLI mode, and show up as PHP notices in a default cli-script/sake execution
* ![rev:66270] Code formatting in FormField
* ![rev:66167] Fixed class naming in LeftAndMainDecorator.php
* ![rev:66093] Removed debug code in AjaxUniqueTextField
* ![rev:66092] Fixed PHP Notice in SiteTree
* ![rev:66024] Removed debug code committed in r65554
* ![rev:65616] Removed unused code from SearchForm, commented out junk etc
* ![rev:65537] removed debug commits from r65523 in Folder.php
* ![rev:65516] Updated merge-info
* ![rev:65485] type enviroment -> environment
* ![rev:65484] Removed obsolete code from MySQLDatabase
* ![rev:65458] Removed duplicate dev/simpletest, already present in thirdparty/simpletest
* ![rev:65457] PHPDoc for FunctionalTest
* ![rev:65446] Tidied up ThumbnailStripField->getimages() formatting
* ![rev:65445] Tidied up ThumbnailStripField->getflash() formatting
* ![rev:65444] Tidied up ThumbnailStripField->getimages() formatting
* ![rev:65443] Tidied up formatting - spaces to tabs
* ![rev:65437] Changed die() to user_error() so that correct error level is returned
* ![rev:65418] Tidied up messy code formatting
* ![rev:65409] Tidied up AssetAdmin->SiteTreeAsUL()
* ![rev:65398] images for the new imageeditor which didnt get included in the patch
* ![rev:65292] JS translations in LeftAndMain
* ![rev:65233] Removed redundant code
* ![rev:65205] phpDoc of HtmlEditorField
* ![rev:65190] Improve robustness of some of the widget definition
* ![rev:65149] Moved tasks from sapphire/cli to new folder sapphire/tasks
* ![rev:65146] Fixed PHP Notices in Member.php
* ![rev:65145] Fixed PHP Notices in TreeMultiSelectField
* ![rev:65135] Check if OldPassword data exists before running checkPassword()
* ![rev:65127] Code formatting in ComplexTableField
* ![rev:65126] Code formatting in CMSMenuItem
* ![rev:65124] Formatting in Group.php
* ![rev:65095] Disabled LeftAndMainTest, now covered by CMSMenuTest
* ![rev:65075] Updated master language tables
* ![rev:65074] Updated master language tables
* ![rev:65067] formatting
* ![rev:65058] Restructured code in Object.php to consistently have properties and important methods like __call() at the top of definitions (no logic changes). Added minor documentation.
* ![rev:65052] rearranged methods in i18nTextCollector
* ![rev:65043] Collecting entities for language master table with new i18nTextCollector functionality. The table is now sorted alphabetically by namespace and entity. Entities now include more translatable statics from DataObject subclasses like $db, $has_one etc.
* ![rev:65035] Collecting entities for language master table with new i18nTextCollector functionality. The table is now sorted alphabetically by namespace and entity. Entities now include more translatable statics from DataObject subclasses like $db, $has_one etc.
* ![rev:65025] Moved i18n tests into sapphire/tests/i18n subfolder
* ![rev:65022] documentation for i18nTextCollector
* ![rev:65021] package information for ModuleManager
* ![rev:65019] Moved js unit tests from sapphire/javascript/tests to sapphire/tests/javascript to have a consistent location for all tests on server- and clientside
* ![rev:64986] Renamed variable to avoid confusion in SecurityAdmin->SiteTreeAsUL()
* ![rev:64982] Tests for r64981
* ![rev:64871] Code formatting in TextareaField->Field()
* ![rev:64850] Code formatting cleanup
* ![rev:64786] Added deprecated note to ConfirmedFormAction
* ![rev:64771] phpDoc update for ContentController->getMenu()
* ![rev:64733] Code formatting cleanup in AssetAdmin->addfolder()
* ![rev:64560] Temporarily disabled Debug::message() calls in i18nTextCollector as they're disturbing unit test output and we currently dont have context switches for this
* ![rev:64559] Adjusted i18nTextCollector to use DataObject->i18nCollectStatics()
* ![rev:64557] Unnecessary check of trim() twice on TextareaField->Field()
* ![rev:64555] whitespace removal
* ![rev:64551] Documentation tweaks in TextareaField
* ![rev:64550] Convert::raw2att() isn't required because FormField->createTag() already does this
* ![rev:64505] Added to @deprecated note for TypeDropdown about why this class shouldn't be used
* ![rev:64503] phpDoc changes in LeftAndMain - removal of @usedby which doesn't exist, replaced with @uses on the remote function
* ![rev:64502] Code formatting changes to be more consistent
* ![rev:64498] Moved CollectionController_Results template into genericviews module
* ![rev:64460] documenting my new method, correct a coding convention about whitespace
* ![rev:64442] moved RestfulServerTest from cms to sapphire module, same as the actual RestfulServer class
* ![rev:64441] moved RestfulServerTest from cms to sapphire module, same as the actual RestfulServer class
* ![rev:64429] deprecation notes
* ![rev:64419] Misc deprecation notes
* ![rev:64418] Changed visibility of SiteTree->getClassDropdown()
* ![rev:64415] documentation
* ![rev:64414] Removed unused DatabaseAdmin->makeURL()
* ![rev:64413] documentation
* ![rev:64412] Marked some Convert methods as deprecated, as their purpose is unclear, they're neither documented nor tested. Stuff like Convert::xml2js() is just way too fuzzy
* ![rev:64411] phpDoc comment error fix
* ![rev:64409] Changed visibility of Convert::recursiveXMLToArray
* ![rev:64406] Tidied up code formatting for MemberLoginForm->forgotPassword() to be clearer
* ![rev:64404] Security->LostPasswordForm() code formatting changes for clarity
* ![rev:64403] Moved Controller::init() to top of file
* ![rev:64400] Misc deprecation notes
* ![rev:64397] phpDoc for Versioned::get_by_stage() to be consistent with Versioned::get_one_by_stage()
* ![rev:64396] Removed deprecated method addmember() from CMSMain - this should be contained on SecurityAdmin instead
* ![rev:64395] Removed commented out code in CMSMain->PageTypes()
* ![rev:64385] Misc deprecation fixes
* ![rev:64382] Misc deprecation notices
* ![rev:64369] Removed Group_Unsecure which was never used
* ![rev:64364] Removed Director::addRules() item for Unsubscribe_Controller that should will be done by the Newsletter _config.php file instead
* ![rev:64362] Fixed FileTest for changes to getFileType() on the File class
* ![rev:64356] Tweaked text of file type descriptions slightly
* ![rev:64344] Whitespace changes in TextField
* ![rev:64338] delete some unnecessary duplicated variable in a assignment statement.
* ![rev:64322] Removed useless comment and commented out code that went along with it in Group class
* ![rev:64319] fixed php notice error in DataObject
* ![rev:64312] Todos for ObjectTest
* ![rev:64301] Added mergeinfo
* ![rev:64300] Added mergeinfo
* ![rev:64261] Moved HTTPRequest constructor to beginning of method definitions
* ![rev:64079] Documentation in i18n class
* ![rev:64068] Removed CollectionController language strings from master table
* ![rev:64020] Removed subtree mergeinfo
* ![rev:64014] Formatting
* ![rev:64009] Swapped $mainFields and $fields assignments in Member->getCMSFields() to reflect what they're actually containing
* ![rev:64008] Syntax fix in CliTestReporter which was causing wrong array indices
* ![rev:64006] Fixed PHP notice in CLITestReporter
* ![rev:63985] Documentation
* ![rev:63982] Removed unnecessary $this->extend() on SSReport->getCMSFields()
* ![rev:63961] Updated inconsistent documentation on SSReport
* ![rev:63959] Updated SSReport class documentation to make sense
* ![rev:63958] Documentation and @package phpDoc code additions to ReportAdmin and SSReport
* ![rev:63937] Reformatting
* ![rev:63898] Add warning for deprecated function.
* ![rev:63897] Change memory limit to -1 on publishall to stop sapphire running out of memory on unit tests.
* ![rev:63873] Updated entities from translate.silverstripe.com
* ![rev:63869] Updated entities from translate.silverstripe.com
* ![rev:63864] Updated language master table
* ![rev:63861] Updated language master table
* ![rev:63856] Reverted manual setting of i18n fallback strings in r63839, fixed original problem (wrong entity name)
* ![rev:63840] Renamed Report to SSReport as it was conflicting with project code
* ![rev:63822] Fix to SiteTreeTest's data fixtures
* ![rev:63815] Tidied up argument list for Object::create() in ComplexTableField->AddForm()
* ![rev:63802] Fixed JS undefined errors with 'addgroup' and 'deletegroup' elements
* ![rev:63801] Fixed JS undefined error with 'Loading' element
* ![rev:63790] Line break between static variables on SecurityAdmin
* ![rev:63766] removed subtree mergeinfo on ModelAdmin_Results.ss in preparation for client branch merge
* ![rev:63760] Documentation for Form class
* ![rev:63753] Code formatting cleanup
* ![rev:63752] Very minor whitespace change
* ![rev:63747] Removed PageTypes directory from cms which is not used anymore
* ![rev:63680] Documentation and formatting in SSViewer and Controller
* ![rev:63657] Documentation for HTTPRequest and RequestHandlingData
* ![rev:63655] Documentation for HTTPRequest and RequestHandlingData
* ![rev:63632] Removed scaffolded header field in DataObject->scaffoldFormFields()
* ![rev:63617] Documentation
* ![rev:63616] Documentation
* ![rev:63608] fixed formatting on no images found
* ![rev:63568] Documentation
* ![rev:63531] Documentation in DataObject
* ![rev:63530] Reverted my email address with something more spambot safe from r63489 ;)
* ![rev:63492] removed `< and >` characters from @author phpdoc token
* ![rev:63491] phpdoc tweaks
* ![rev:63490] phpdoc tweaks
* ![rev:63489] Filled in Ingo's email for phpdoc since he failed to do it himself
* ![rev:63469] Formatting in Member
* ![rev:63468] Documentation for Form
* ![rev:63466] Documentation in ErrorPage
* ![rev:63459] Code formatting inconsistency
* ![rev:63458] Added TODOs for areas of code that needs some work, either in documentation or code cleanup.
* ![rev:63456] Committed missing files related to r63452
* ![rev:63453] Fixed wrong position of return array() in ReportAdmin->showWithEditForm()
* ![rev:63452] Documentation and TODO for ReportAdmin methods
* ![rev:63449] Fix undefined variable error in ManifestBuilder::get_manifest_info()
* ![rev:63420] Code formatting changes for readability and consistency in DropdownField->Field()
* ![rev:63390] Ticket #2869 Fixed PHP notice in Director::forceWWW()
* ![rev:63388] Fix PHP notice in checking $_SERVER['HTTPS']
* ![rev:63385] Fixed PHP notices in ListboxField->Field() by defining the variables first
* ![rev:63370] documentation
* ![rev:63355] allow tinymce to suck down script code at least in tinymce
* ![rev:63339] todos for DataObjectTest
* ![rev:63293] Documentation
* ![rev:63180] Added externals for thirdparty JSON library
* ![rev:63179] Moved JSON library to thirdparty externals
* ![rev:63178] Reverted accidental commit to main.php from r63177
* ![rev:63174] Documentation for image uploads
* ![rev:63156] Reverted accidental disabling of ManifestBuilderTest cleanup code
* ![rev:63155] Temporarily disabled RSSFeedTest as its overriding environment variables that should be handled by Director class with Director::setBaseURL() (which is currently not fully working). Added stub-tests for Director.
* ![rev:63127] Fix phpdoc parsing error
* ![rev:63125] Fix phpdoc parsing error
* ![rev:63124] Fix phpdoc parsing error
* ![rev:63123] Fix phpdoc parsing error
* ![rev:63122] Fix phpdoc parsing error
* ![rev:63121] Fix phpdoc parsing error
* ![rev:63081] Added CMS->SiteTreeAsUL() to $allowed_actions (#2733)
* ![rev:63080] Removed stale version number from `<meta name="generator">` tag (#1908)
* ![rev:62877] Added some more api doku for DataObject::
* ![rev:62845] Added documentation and TODOs for RestfulServer
* ![rev:62843] Documentation and formatting for Debug class
* ![rev:62842] Documentation
* ![rev:62841] Added documentation to DataObject about permission handling
* ![rev:62484] Changed console.log() to console.error() in ajax error handling
* ![rev:62470] documentation
* ![rev:62462] documentation
* ![rev:62461] documentation
* ![rev:62424] FileField->Field() code formatting changes
* ![rev:62313] HTMLVarchar->scaffoldFormField() was referencing a class name of different case that didn't exist (change it to the correct one to be sure)
* ![rev:61840] fixed comment on MathSpamProtection
* ![rev:61826] #2696 - Add message when trying to load the CMS with javascript
* ![rev:61825] Fixed PHP notice
* ![rev:61702] Remove commented out code
* ![rev:61484] added @deprecated note in PHPdoc to show that Email_Template is deprecated
* ![rev:61483] phpdoc of @package and @subpackage to reflect the actual package and subpackage
* ![rev:61482] comment changes to allow better readability of comments of what we're testing
* ![rev:61481] Additions to FieldSetTest to test removeByName() and removeFieldsFromTab()
* ![rev:61217] setRelationAutoSetting function adding
* ![rev:61164] Fixed PHP notice in CheckboxSetField when transforming to readonly
* ![rev:61161] PHPdoc for FieldSet->replaceField()
* ![rev:61160] PHP notice fix for FileIFrameField->Field()
* ![rev:60949] Added FieldSetTest to the test library
* ![rev:60409] Re-activated tabstrip.js in LeftAndMain (merge error?)
* ![rev:60408] Renamed jquery_improvement.js to plural form (consistent with prototype_improvements.js)
* ![rev:60407] Re-enabled DataObjectDecoratorTest
* ![rev:60406] Moved sapphire/misc* to sapphire/thirdparty and sapphire/integration
* ![rev:60401] Moved ScaffoldComplexTableField to separate file
* ![rev:60400] Removed DataObject->mapRelationshipObjects() - incomplete functionality
* ![rev:60398] Removed sapphire/tools
* ![rev:60371] Documentation
* ![rev:60370] Removed debug code from Member.php
* ![rev:60367] removed obsolete code from DataObject.php
* ![rev:60217] syntax error
* ![rev:60216] syntax error
* ![rev:60210] Documentation
* ![rev:60157] Fix php notice
* ![rev:59518] Fixed crazy messed up indentation in TableField
* ![rev:59279] wording for "IP Range" description
## Other
* ![rev:71921] Undo the change committed in r71918 since the commit message is missing
* ![rev:71758] Improved DataObject validation tests to use PHPUnit's setExpectedException stuff.
* ![rev:71755] Disable xdebug in the test runner, because it has a habit of causing bus errors
* ![rev:71170] BUGIX: CMS UI search spinner style tweak
* ![rev:71169] BUGIX: CMS UI changed search spinner, hide search button while processing (better interaction feedback)
* ![rev:71035] Include the media widget into the CMS
* ![rev:71034] Removed media plugin code that got copied into ssbuttons
* ![rev:70995] Disable basicauth in RestfulServiceTest
* ![rev:70900] BUGIFX tweak to navigator layout and tidying up unnecessary styles
* ![rev:70894] BUGIFX tweak to navigator layout
* ![rev:70860] Made selection of custom security templates easier
* ![rev:70845] Don't let content negotiator clobber the mime types of things other than HTML & XHTML
* ![rev:70844] Replaced HTTPReponse settings of Content-type header with Content-Type, to match RestfulServer
* ![rev:70747] 2. make Email_BounceRecord::canCreate() return false; so that it can not be manully create from CRM, instead, it should create through email buncing system.
* ![rev:70740] Undoing change committed in r 70734
* ![rev:70738] Undoing change committed in r 70734
* ![rev:70725] 2. Not all DataObject has a 'Title' database field, but all DataObject has a 'Title' field due to function DataObject::getTitle() exists.
* ![rev:70702] Merged patch submitted by ajshort that calls loadDataForm on a newly created object in ModelAdmin so that properties of the object are loaded properly
* ![rev:70372] fixed ajax button alignment
* ![rev:70303] cms ui: site tree tools visual update
* ![rev:70240] cms ui: fixed line background to drop down from root node
* ![rev:70239] cms ui: fixed line background for open nested lists
* ![rev:70237] cms ui fix: styles for uniform site tree line
* ![rev:70235] cms ui fix: make site tree hierarchy line uniformly dotted
* ![rev:70206] cms ui fix: adding separator above allow drag and drop
* ![rev:70143] IE6 ui fixe for search filter date input width
* ![rev:70141] IE6 ui fixes for calendar in search filters (positioning and when sidebar is expanded)
* ![rev:70136] ui fixes for calendar in search filters (positioning and when sidebar is expanded)
* ![rev:70127]
* ![rev:70091] stopped null properties being added when images inserted in cms (hspace, vspace, align)
* ![rev:70090] Added missing Decimal->nullValue method.
* ![rev:69983] Removed unnecessary db query in CMS tree generation
* ![rev:69982] Pre-cache page version numbers when querying CMS tree for query efficiency
* ![rev:69981] Added Versioned::prepopulate_versionnumber_cache() to allow for querying efficiencies
* ![rev:69977] Added cache to Permission::checkMember() to reduce the number of queries
* ![rev:69933] Reverted change because it wasn't necessary
* ![rev:69925] EHANCEMENT #3326 hamish: Added Image::getOrientation()
* ![rev:69815] Added getter to retrieve alternative database name.
* ![rev:69731] Better error messages when HasManyComplexTableField can't configure itself properly.
* ![rev:69681] See #3275
* ![rev:69382] Fixed label of back button
* ![rev:69350] Simplified implementation of FieldSet::makeReadonlyField()
* ![rev:69349] Simplified implementation of FieldSet::makeReadonlyField()
* ![rev:69052] Fixed URL in the list of tasks.
* ![rev:68945] Fixed loading of CMS toolbar with the HtmlEditorField
* ![rev:68873] Improved rendering of [php] tags in BBCode view
* ![rev:68700] Made CalendarDataField JS more self-suffficient
* ![rev:68598] Added SearchForm::classesToSearch() to set the classes that you want it to search. Still limited to SiteTree and File but you can exclude one of those.
* ![rev:68474] Merged r67482 to branches/2.3 - let db/build add auto_increment
* ![rev:68326] Added ability for comment authors to leave a URL as a separate form field
* ![rev:67877] PaginationSummary return all pages by default
* ![rev:67793] Added PaginationSummary function that enable DataObjectSet to display a portion of page list
* ![rev:67776] Added headers_sent() check to header() call in main.php to stop it from being so brittle.
* ![rev:67583] Restore requirements after sending email
* ![rev:67432] Improved graphs displayed on dev/viewmodel
* ![rev:67427] Added diagrams to dev/viewmodel
* ![rev:67414] Added simple model viewer at dev/viewmodel
* ![rev:67401] - including greybox.js had caused the screen to become unscrollable because of an (unrelated) inclusion of LeftAndMain.js which sets `<body>` to overflow:hidden on javascript page load
* ![rev:67194] Merged r67152 from trunk
* ![rev:67169] Add TableListField::setFieldList()
* ![rev:67165] Added ModelAdmin:: for changing the class used to generate results tables
* ![rev:67131] Moved LegacyIDs from BlogEntry and File to Decorators
* ![rev:67114] Added LegacyID for keeping orginal ID. Used for site migration
* ![rev:66941] Fixed SiteTreePermissionsTest login failure tests
* ![rev:66923] #1885: Fixed safari bold, italic, underline by removing HTML scrubbing.
* ![rev:66889] Better checking of tabstrip stuff
* ![rev:66834] Removed call-time pass by reference from CsvBulkLoader
* ![rev:66824] Removed unnecessary updateCMSFields call; DataObject::getCMSFields does this for us
* ![rev:66719] getting things tidied up
* ![rev:66717] trying to get jquery to stick
* ![rev:66712] packed jquery
* ![rev:66708] packed jquery and jquery ui
* ![rev:66645] DataObject::relObject() throws an exception rather than an error so that it can be caught
* ![rev:66639] Set default level for HeaderField
* ![rev:66634] Added white background for tabs in all places; not just the right frame
* ![rev:66626] Allow passing of columns to ColumnSelectionField() and allow different ColumnSelectionField() values to influence the result columsn
* ![rev:66582] Added support to DataObject::relObject() for looking at $casting to get information about the relation - good for dynamic relations
* ![rev:66546] Fix incorrect logic in r66544
* ![rev:66544] Make sure only fields that exist can be autocompleted on MemberTableFields, and never autocomplete on password.
* ![rev:66431]
* ![rev:66394] 1. Add note to each record in 1-many relation. Add the tab "Notes" for showing/editing/deleting notes of a record.
* ![rev:66356] Merged pre-2.3-oct08 into 2.3 (via trunk)
* ![rev:66353] Merge pre-2.3-oct08 into 2.3 (via trunk)
* ![rev:66350] Fix to LeftAndMain to ensure that jquery doesn't break other admin sections
* ![rev:66304] Fixed bug in test makefile
* ![rev:66296] Build database before testing, for RestfulService test, etc
* ![rev:66267] Return an HTTPResponse consistently from controllers
* ![rev:66265] Fixed RequirementsTest
* ![rev:66225] #2771: Fix SQLQuery::filtersOnID() (wakeless)
* ![rev:66192] #2635 - More informative errors in DataObject (simon_w)
* ![rev:66103] FIX: permission migrator for missing groups
* ![rev:66086] Merged pre-2.3-oct08 into branches/2.3 (via trunk)
* ![rev:66084] Merged pre-2.3-oct08 into branches/2.3 (via trunk)
* ![rev:66008] Boundary condition check for top-level pages with 'inherit' permission
* ![rev:65981] Update sapphire so that it can run with the default .htaccess and mysite/_config.php files provided in the phpinstaller. If database config is missing, then redirect to install.php
* ![rev:65971] Include tabstrip js and css for modeladmin
* ![rev:65970] Fixed WYSIWYG styling
* ![rev:65967] Added validation for DataObject::db, has_one, has_many, many_many, belongs_many_many properties, so that improper use of the array syntax doesn't raise strange bugs elsewhere.
* ![rev:65959] #3068 - Fixed memory issue in IE
* ![rev:65939] Replace source view with one based on codepress
* ![rev:65938] Added advcode tinymce plugin that is a wrapper around codepress
* ![rev:65915] Set default view/edit permissions
* ![rev:65913] Added light blue colouring to notinmenu items
* ![rev:65912] Added notinmenu class to CMS tree items that aren't in menus
* ![rev:65861] Fixed dropdown-based ModelAdmin navigation
* ![rev:65859] Fixed root node not displaying correctly
* ![rev:65828] Removed console debug messages for ThumbnailStripField
* ![rev:65824] Merged in image search capabilities from trunk version - r65820, r65823
* ![rev:65802] Fixes for IE support of script tags being down the bottom
* ![rev:65789] #2991 - Fixed change detection in mce fields
* ![rev:65783] Fixed fatal error in CommentTableField:
* ![rev:65782] New test for old URL redirection
* ![rev:65781] #2679: Auto-redirect renamed pages
* ![rev:65778] Get sapphire to self-allocate at least 64M of memory, if possible.
* ![rev:65735] Fixed media-type selection on demand in IE
* ![rev:65718] Added livequery to leftandmain install
* ![rev:65717] Refactored tabstrip.js to use livequery for loading
* ![rev:65716] Refactored tabstrip.js to use livequery for loading
* ![rev:65709] Removed time limit when minifying files and disabled processing of multiple files if on dev.
* ![rev:65673] Change back to english on teardown
* ![rev:65530] No execution time limit on test runner
* ![rev:65529] Replaced 300-second 'long execution' times with unlimited
* ![rev:65524] Merged branches/2.2
* ![rev:65523] Merged from branches/2.2
* ![rev:65507] Ensure that Requirements backend instance is preserved between tests
* ![rev:65506] Reformatted memory usage to be more concise
* ![rev:65503] #2997 - Added `<% require %>` tag to SSViewer
* ![rev:65471] Added default for HTTP_USER_AGENT
* ![rev:65465] Cleaned up the commented-code
* ![rev:65438] Bugfixes to Requirements alterations
* ![rev:65436] ARCHITECTURE #3034 wakeless: Make Requirements mockable by pushing the meat of the functionality to Requirements_Backend
* ![rev:65407] Removed redundant code
* ![rev:65397] Removed redundant code
* ![rev:65385] dquote> API CHANGE: Simplified Core.php manifest include to just call ManifestBuilder::include_manifest() - manifest takes care of its own cache file
* ![rev:65332] IMPROVEMENT Fix tab display and button position when adding a record (ticket #3029)
* ![rev:65289] IMPROVEMENT moved managed models' forms to one panel (ticket #2898)
* ![rev:65287] #2135 - Disallow XSS bug in development RestfulService use
* ![rev:65252] Added deprecation method for LeftAndMain::add_menu_item()
* ![rev:65229] API CAHNGE: Allow augmentPopulateDefaults on data object decorators
* ![rev:65189] Added spellchecker to CMS
* ![rev:65175] Reverted previous change, as MemberTableField has it's own use of sourceFilter - not the most documentation situation however.
* ![rev:65173]
* ![rev:65150] Note: Use dev/tasks/UpgradeSiteTreePermissionSchemaTask/run to migrate legacy data to the new schema as outlined above
* ![rev:65140] Simplified CliTestReporter output so that buildbot can read it
* ![rev:64952] Text scaffolds to a TextareaField, not a TextField
* ![rev:64947] #2975 - Malformed javascript language string (ajshort)
* ![rev:64896] In general all Form Fields should imply with this rule if a page contain mulitiple forms, but this is not under our current developing cycle, since our form fields validation is changing to use jQuery.
* ![rev:64880] Deleted SmallerThanFilter - please use LessThanFilter
* ![rev:64863] Changed default # of rows on HTMLEditorField from 15 to 30
* ![rev:64862] Fixed TinyMCE stylihg
* ![rev:64839] Fixed CMS uploading
* ![rev:64814] call $this->extend('updateFieldLabels', $labels) in FieldLabels() to get its decorator's customised field labels
* ![rev:64778] Removed scrubbing of the HTML
* ![rev:64768] #2957 - Fixed entity decoding in Convert::html2raw
* ![rev:64760] Fixed bug in tinymce_ssbuttons plugin inclusion
* ![rev:64759] Added LinkText field to link inserter
* ![rev:64684] Removed sapphire/images/fe_icons - these will be put in the userforms module instead, where the FieldEditor
* ![rev:64470] Removed junk text from CSSContentParserTest
* ![rev:64368] HTTP:add_cache_headers() - don't throw warning when not passed
* ![rev:64345] dquote> API CHANGE: HTTP::add_cache_headers() now designed to manipulate an HTTPResponse object rather than add headers directly
* ![rev:64343] Removed TextField_Disabled - this is unnecessary
* ![rev:64340] Included jquery.js before prototype.
* ![rev:64339] Implemented a jQuery based version of documents.getElementsBySelector
* ![rev:64326] API: add CurrencyField_Readonly
* ![rev:64325] API: add funcion TableField_Item::IsAddRow()
* ![rev:64324] Feature: attach extraClasses to a FormField when it is transform to readonly
* ![rev:64323] API: add TextField_Disabled
* ![rev:64152] Removed #! entry from cli-script.php; its unreliable and cli-script.php should be called as 'php cli-script.php' instead
* ![rev:64070] ENHANCMENT Making ModelAdmin translatable (#2874)
* ![rev:63938] Improved backtrace generation in test reporter, to limit the amount of unnecessary waffle.
* ![rev:63912] BGFIX: #2587 Fix HTTPS detection on IIS (mackeyn)
* ![rev:63904] BGFIX: #2527 - Fix mysql version detection on hosts with custom mysql version names (HakTom)
* ![rev:63892] Added PHP doc for the ValidationException thrown by DataObject::write
* ![rev:63891] DataObject::write now throws a ValidationException rather than calling user_error if the call to DataObject::validate fails. This allows the validation exception to be caught and handled by tests or other controllers.
* ![rev:63883] Added missing TableListField_printable.ss template.
* ![rev:63882] Corrected reverted merge. ComplexTableField::setPopupSize is now present.
* ![rev:63843] Removed legacy Report.php
* ![rev:63842] BUGF Renamed Report class to SSReport, file name wasn't altered but class name was
* ![rev:63837] Updated Member's getCMSFields() to consistently work with fields in a tab
* ![rev:63821] Moved error_reporting setting from main.php to Core.php
* ![rev:63820] Removed relational CTFs reliance on DataObject->ClassName
* ![rev:63807] Merged from branches/nzct-trunk. Use 'svn log -c `<changeset>` -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField.
* ![rev:63806] Merged from branches/nzct-trunk. Use 'svn log -c `<changeset>` -g' for full commit message. Merge includes stability fixes and minor refactor of TableListField and ComplexTableField.
* ![rev:63748]
* ![rev:63745] Updated Member::isInGroup() to function as well as being deprecated
* ![rev:63733] Added get data to a form submission of SearchForm/search, so that ResultAssembly is passed
* ![rev:63715] Updated errorMessage() call in ModelAdmin to actually show the message to the user. For example, 404s return messages of the form 'your search returned no results'
* ![rev:63636] Added instructions to try and prevent #2901 issues reoccurring
* ![rev:63625] ENHANCMENT Using errorMessage() instead of statusMessage('bad') for ModelAdmin.js
* ![rev:63594] Fixed FormField::createTag() generation for empty `<select>` tag, which meant that page version history was displayed in single-language mode
* ![rev:63583] Updated file functions to use HTTPRequest::send_file
* ![rev:63582] Added tests for security group export
* ![rev:63580] Break sake dev/tests/all status dots onto lines of 80
* ![rev:63552] Updated BankAccountField to allow setting it to blank without a notice-level error
* ![rev:63548] #2397 - Fixed HTMLEditorField style dropdown
* ![rev:63546] Added groups field on member details, so that you can add members to other group
* ![rev:63545] Added dev/modules/remove and cleaned up rebuilding code on add and remove module
* ![rev:63537] Fixed dumb error in my makeRelative change
* ![rev:63535] Added security for experimental module manager
* ![rev:63534] Added initial module manager API, with the capability of adding a module to svn:externals
* ![rev:63532] Secured SapphireInfo
* ![rev:63531] ENHANCMENT Checking for valid has_one relationship on dot-notation-usage in DataObject->update
* ![rev:63506] Don't claim that there's an invalid password if no password is set - members may be created for newsletters, etc.
* ![rev:63488] fixed fix position of action area (status message and ajax action buttons) in IE6 using javascript
* ![rev:63452]
* ![rev:63431] Fixed bug in cli-script argument parsing
* ![rev:63389] Reverted r63388
* ![rev:63388]
* ![rev:63383] removed debug::show
* ![rev:63382] - commented out this.style.position = "absolute"; in LeftAndMain.js
* ![rev:63251] Reverted en_US.php changes from r63249
* ![rev:63113] Turned dos line endings into unix
* ![rev:63078] Link Editor: Close button dissapears in Firefox 3 (#2478)
* ![rev:63020] EHANCEMENT #2853 - You can now use db/build instead of db/build?flush=1
* ![rev:62998] Fixed bug with ComplexTableField inappropriately referencing a relation field that doesn't exist
* ![rev:62912] Added status notifications to cli test runs
* ![rev:62866] Corrected layout of field groups
* ![rev:62865] Replaced alert()s in UniqueFields.js with statusMessage()s, to be less obnoxious
* ![rev:62756] Fixed bug publishing homepage using Director::test
* ![rev:62692] Added CountryDropdownField::defaultToVisitorCountry(false):
* ![rev:62689] Removed save button from add form
* ![rev:62654] Update test runner so that password validation config isn't tested by default
* ![rev:62653] This results in more reliable log-in redirection
* ![rev:62648] Fixed bug with preivous CheckboxSetField change
* ![rev:62641] Fixed loadDataFrom for CheckboxSetFields that are used to edit a many-many relation, if loadBlanks is set to true
* ![rev:62599] comment Debug.traceback that occur when the field is a tab
* ![rev:62386] Added empty string as a default (first item)
* ![rev:62335] Improved ModelAdmin.js - removed formData and showRecord, creating .fn('loadForm') instead; used livequery more to reduce the amount of behaviour reapplication that was necesary.
* ![rev:62334] Updated ModelAdmin's javascript to provide more status indicator (loading icons, success/failure messages), using HTTP status codes and custom status text.
* ![rev:62331] Fixed ConfirmedPasswordField validation for min password length
* ![rev:62325]
* ![rev:62324]
* ![rev:62322] Merged branches/roa into trunk
* ![rev:62321] Merged branches/roa into trunk
* ![rev:62318] Add another test for addFieldToTab when creating tabs
* ![rev:62312] SearchContext generates SELECT DISTINCT query rather than SELECT, so that duplicate records aren't shown as a result of certain search filters
* ![rev:62311] MemberTableField delete just removes the member from the group
* ![rev:62310] Fixed MemberTableField ajax actions after a search
* ![rev:62295] Allow MetaTags to be extended by a decorator.
* ![rev:62287] Introduce notion of using HTTP status text to pass status message to the end user
* ![rev:62278] Reorganised ModelAdmin javascript to be better structured
* ![rev:62268] Fixed bugs with #1403 changes made in r62218.
* ![rev:62267]
* ![rev:62213] Made allowed_actions case insensitive
* ![rev:62188] Null values fixed for PHP 5.3
* ![rev:62184] Multiple 'protected' variable declaration fixed
* ![rev:61826] disabled (simon_w)
* ![rev:61721] Show result-assembly columns so that you read down the column instead of zigzagging
* ![rev:61720] Removed Created from member summary fields
* ![rev:61714] adding ?flush=all option which clears all cached templates from the LOLCACHE
* ![rev:61698] Updated CSV bulk loader to import unix/windows files on a mac server
* ![rev:61685] TESTS: Added tests for Controller::join_links()
* ![rev:61634] Windmill test - whacked up timeout on CMS load for slow build slave
* ![rev:61631] Fixed setup of windmill admin tests
* ![rev:61630] Disabled across-the-board use of windmill tests in continuous integration; instead a specific build is set up for it
* ![rev:61629] Included windmill testing in the continous integration again
* ![rev:61628] Fixed glitch in test
* ![rev:61626] Updated windmill tests to use python syntax, as this will scale better
* ![rev:61614] Fixed bugs in MemberTableField search
* ![rev:61613] Fixed bug in TableListField::ajax_refresh
* ![rev:61578] added a call to magic method to check extra (crm) permission
* ![rev:61525] Added EPMU's process control sake
* ![rev:61523] add Created as summary_fields
* ![rev:61511] The searchCriteria will be added as $_GET to the form action, rather than that TableListField's extraLinkParams
* ![rev:61509] getSummaryFields() will also get those summary fields defined in Member's decorator applied to the results and export
* ![rev:61497] Reverted r61492
* ![rev:61462] Improved File tests
* ![rev:61461] Fixed coverage reporting on test runner
* ![rev:61411] Fixed saving of TableField and added tests
* ![rev:61410] Better error message if you have forgotten to set fixture_file
* ![rev:61370] Undeprecated a critical feature of TableField, and reimplemented in the Group's permission field. Cleaned up its implementation to be more in line with TableListField
* ![rev:61351] Fixed display of Permission dropdown in SecurityAdmin
* ![rev:61344] Fixed bug with manifest generation
* ![rev:61184] Merged branches/kiwiselect into trunk
* ![rev:61155] field, changed to "MenuTitle" to be consistent with the main CMS site tree and to avoid confusion
* ![rev:61152] Work to decouple the ManifestBuilder from the database, so that you can run manifest builder tests without an active database existing
* ![rev:61151] introduce double scrolling and thus poor usability
* ![rev:61136] Fixed bug with CsvBulkLoader
* ![rev:61135] uncommmented processRecord that process each record because it was mistakenly commented previously
* ![rev:61123] $resultsCount now gets int value from loader directly instead of DataObjectSet
* ![rev:61122] change the return type of processAll of CsvBulkLoader from DataObjectSet to int, the number of affected row
* ![rev:61120] modified csv import function documention. It returns number of affected records.
* ![rev:61067] Made some methods on SearchFilter public so that SearchFilters can be co-opted for other purposes. Really, moving the magic to a DataQuery object would be better
* ![rev:61066] Fixed action handlers on fields of ResultsForm (notably the TableListField) by adding querystring arguments to the Link() of the form.
* ![rev:61065] Fixed bug in TableListField sort links
* ![rev:61064] Fix FormField::Link() to allow querystrings in the form's action
* ![rev:61063] Turn off default caching
* ![rev:61056] Added back button to ModelAdmin detail views
* ![rev:60937] Removed double quoute from the from fields as it means field terminator
* ![rev:60913] Updated AssetTableField to work with ComplexTableField updates
* ![rev:60912] Fixed bug in Member::mapInCMSGroups()
* ![rev:60911] Reverted Folder::CanEdit() to its original behaviour; that of returning a many-many join. Note that this conflicts with DataObject::CanEdit() now.
* ![rev:60910] Added ComplexTableField::getCustomFieldsFor() that you can overload in subclasses of ComplexTableField to create alternative pop-up forms
* ![rev:60909] Added table references to many-many join used by scaffolder, to remove 'ambiguous column' bugs
* ![rev:60907] replaced `<br />` with newline for CSV export
* ![rev:60886] Removed memory limit for publication
* ![rev:60885] Added warnings for parts of Member that require the newsletter module. Note that this code should really be moved to the newsletter module at some stage.
* ![rev:60874] Made all sapphire/thirdparty classes _manifest_exclude'd
* ![rev:60873] Renamed illegal function that was hiding in Time.php
* ![rev:60870] Removed time-limit for publication process
* ![rev:60841] Fixed page comment system for new URL handler
* ![rev:60830] Fixed saving of blank values to the has_one relations on versioned objects
* ![rev:60829] Fixed HasManyComplexTableField and ManyManyComplexTableField in trunk
* ![rev:60789] Fixed layout of CMS RHS panel to suit new form HTML structure
* ![rev:60779] Fixed bugs with Image upload fields
* ![rev:60778] Trap potential data-integrity bug
* ![rev:60717] Ensure that a theme template is tried before getting a non-theme template
* ![rev:60711] Added logging of SSViewer and Controller behaviour when using ?debug_request=1
* ![rev:60664] Added tests for CheckboxSetField
* ![rev:60612] Removed notice level error when ArrayLib::valuekey() is passed an empty array
* ![rev:60608] Correct line numbers in error source fragment view
* ![rev:60607] Ensure that MySQLDatabase::tableList() always returns an array
* ![rev:60606] Fix error in Geoip when REMOTE_ADDR isn't set
* ![rev:60605] Include full traces in unit test failures, for easier debugging
* ![rev:60604] Removed unnecessary chatter from test runner
* ![rev:60603] Improved db/build output for CLI
* ![rev:60602] Removed junk output from stderr
* ![rev:60601] Added Debug::get_rendered_backtrace() for rendering backtraces from other contexts (such as exceptions)
* ![rev:60597] Improved performance of testrunner so that it doesn't create a new database for each test, instead only once per test run.
* ![rev:60592] Removed warning when session_regenerate_id can't be set. It's not strictly necessary and just causes testing headaches
* ![rev:60586] Passed controller argument to ChangedPasswordForm constructor
* ![rev:60582] Fixed MemberAuthenticator::authenticationFailedUnknownUser code
* ![rev:60581] Improve CLI use of Debugging tools and test execution.
* ![rev:60579] Removed code that used 2nd arg as HTTP_HOST value, in favour of more robust $_FILE_TO_URL_MAPPING
* ![rev:60578] Add checks to see if REMOTE_ADDR is set before making use of it.
* ![rev:60577] Improvements to better allow for CLI-based testing
* ![rev:60575] Ensure that IP-based security can't be bypassed if an IP address isn't set.
* ![rev:60572] Improved DataObjectTest to use more helpful assertions
* ![rev:60571] Blocked [rev:47113].
* ![rev:60570] Merged [rev:47110]: Hack fix for an email validation problem. Needs better solution.
* ![rev:60569] Blocked [rev:47109].
* ![rev:60568] Merged [rev:47108]: Ajax requests no longer trigger the audit trail hook in LeftAndMain::init.
* ![rev:60567] Merged [rev:47107]: Added audit logging hook.
* ![rev:60563] Fixed bug in Requirements::clear()
* ![rev:60561] Blocked [rev:47106].
* ![rev:60560] Merged [rev:47105]: Fixed a typo.
* ![rev:60558] Blocked [rev:47104].
* ![rev:60557] Merged [rev:47103]: MemberTableField.js now uses named sheets.
* ![rev:60556] Merged [rev:47102]: Optimization for Behaviour sheets that allows you to provide a unique identifier so that duplicate sheets aren't applied twice.
* ![rev:60555] Changed Debug::loadErrorHandlers to use value returned by error_reporting() rather than E_ALL. This way, the user can adjust the error handler screens with the error_reporting function.
* ![rev:60548] Merged [rev:47101]: Adds class=action to action cells in MemberTableField.
* ![rev:60546] Merged [rev:47094]: Fixes Session IP addresses in reverse order.
* ![rev:60544] Blocked [rev:47093].
* ![rev:60543] Refactored [rev:47092]: Add TableListField::getCastedValue
* ![rev:60536] Merged [rev:47091]: Added Round and NiceRound to Float.
* ![rev:60529] Refactored [rev:47088]: File::getFullPath now compares the filename with Director::baseFolder and returns filename if the filename stars with Director::baseFolder.
* ![rev:60526] Blocked [rev:47084]: Needs refactoring for new Sapphire code which provides similar functionality.
* ![rev:60522] Refactored [rev:47082]: Modified Member::mapInCMSGroups to make use of CMSMain::providePermissions.
* ![rev:60515] Merged [rev:47081]: Modified construction of manifest to allow custom definition of MANIFEST_FILE constant filename in _config.php.
* ![rev:60514] Merged [rev:47080]: Fix for pagination when using customSourceItems in TableListField.
* ![rev:60512] Merged [rev:47079]: Fix for template logic.
* ![rev:60511] Refactored [rev:47078]: AccessLogEntry will be created via an object extension.
* ![rev:60510] Blocked [rev:47074] to [rev:47077].
* ![rev:60509] Merged [rev:47074]: Added register and unregister as aliases to Authenticator.
* ![rev:60508] Merged [rev:47073]: Fix for pagination in TableListField::sourceItems.
* ![rev:60507] Blocked [rev:47072]: Changeset needs to be refactored so Session logging isn't strictly required.
* ![rev:60506] Merged [rev:47071]: Added Session::get_timeout.
* ![rev:60505] Blocked [rev:47070].
* ![rev:60504] Merged [rev:47069]: Replaced explicit calls to AccessLogEntry::create with more flexible calls to extensions. AccessLogEntry to be refactored into separate module.
* ![rev:60498] Refactored [rev:47068]: Member::logOut now calls memberLoggedOut on any extensions on Member.
* ![rev:60491] Blocked [rev:47065] to [rev:47067].
* ![rev:60490] Merged [rev:47064]: Set 'show' as the default action for ComplexTableField.
* ![rev:60488] Blocked [rev:47062].
* ![rev:60487] Merged [rev:47061].
* ![rev:60486] Merged [rev:47060].
* ![rev:60485] Merged [rev:47059]: Session expiry times can now be set based on the client's IP address.
* ![rev:60481] Blocked [rev:47057] to [rev:47058].
* ![rev:60480] Merged [rev:47056]: Adds unique identifier when creating Behaviour rule sheets to prevent duplicate behaviours from being applied repeatedly.
* ![rev:60479] Merged [rev:47055]: Modified FormResponse to append Behaviour rules last.
* ![rev:60478] Blocked [rev:47047] to [rev:47054].
* ![rev:60477] Merged [rev:47046]: Minor optimisation to BankAccountField and added methods to get specific parts of the account number.
* ![rev:60474] Reverted accidental change
* ![rev:60473] Included regression test
* ![rev:60470] Ability to lock down comments to logged-in members only
* ![rev:60469] Merged [rev:47044]: Introduces modifications to Sapphire's form handling that allows it to ignore fields marked as Disabled when saving the contents of a form's fields to a DataObject.
* ![rev:60468] Merged changes from 2.2.2-assets - everything except the asset refactoring
* ![rev:60448] Allow object-methods to be used as columns in TableListField
* ![rev:60446] Fixed js error when defaultAction isn't set
* ![rev:60442] Reverted Hierarchy::extraDBFields() because it interfered with normal generation of the site hierarchy. Note that children(), stageChildren(), and liveChildren() cannot be simply labelled as relations because they are methods with a different semantic meaning. I recommend the use of something similar to to enable access to information beyond relations via the data formatters
* ![rev:60440] Refactored [rev:47041] to [rev:47043]: Moved to project-specific PhoneNumberField.
* ![rev:60437] Refactored [rev:47040]: Functionality moved to project-specific Member subclass.
* ![rev:60433] Merged [rev:47039]: Introduces custom actions to TableListField and ComplexTableField. By default, the show, edit and delete actions are included.
* ![rev:60431] API Change: Turned Requirements::clear_combined_files() into Requirements::delete_combined_files() and Requirements::clear_combined_files()
* ![rev:60428] Fix test runner to show errors as well as assertion failures
* ![rev:60427] Updated SecurityTest to use new FunctionalTest system consistently
* ![rev:60426] Added FunctionalTest->autoFollowRedirection, so that redirection following can be disabled on a test by test basis
* ![rev:60425] Improved error checking in TestSession
* ![rev:60411] Fixed call to badly named static method
* ![rev:60394] Update SecurityTest to use the FunctionalTest base-class
* ![rev:60391] Improved robustness of MemberTest
* ![rev:60390] Improved Debug::backtrace() output
* ![rev:60385] Blocked [rev:47034] to [rev:47038].
* ![rev:60383] Merged [rev:47033]: TableListField::performReadonlyTransformation now sets show permission.
* ![rev:60377] Added argument checking to Controller::handleRequest()
* ![rev:60375] Set [REQUEST_URI] in cli-script for better error reporting
* ![rev:60362] Fixed URL handling for /dev after merge from branches/roa to trunk
* ![rev:60355] Fixed sake to pass cli-script error levels through
* ![rev:60354] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60353] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60352] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60348] Blocked [rev:47098] to [rev:47100].
* ![rev:60347] Blocked [rev:47020] to [rev:47026].
* ![rev:60346] Blocked [rev:47012] to [rev:47014].
* ![rev:60345] Blocked [rev:47006].
* ![rev:60343] Blocked [rev:46198].
* ![rev:60342] Blocked [rev:46193].
* ![rev:60341] Blocked [rev:47029].
* ![rev:60340] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60339] Blocked [rev:47027].
* ![rev:60338] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60336] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60335] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60334] Blocked [rev:46974] to [rev:47005].
* ![rev:60333] Blocked [rev:46960] to [rev:46972].
* ![rev:60332] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60331] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60330] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60329] Blocked [rev:46953] to [rev:46958].
* ![rev:60328] Blocked [rev:46951].
* ![rev:60327] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60326] Blocked [rev:46262] to [rev:46288].
* ![rev:60324] Blocked [rev:46261].
* ![rev:60323] Committing missing mergeinfo for [rev:47028] for ManifestBuilder and ComplexTableField.ss
* ![rev:60322] Blocked [rev:46192] and [rev:46197]
* ![rev:60321] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60320] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60319] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60314] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60311] Merged [rev:47028]: Encountered a problem with Form::formHtmlContent not always including javascript validation, so added a call to includeJavascriptValidation on the validator in Form::formHtmlContent. Also modified Validator to notify the form that the client-side validation JavaScript has already been included. This way it isn't included twice.
* ![rev:60307] Merged [rev:47019]: Actual merge in [rev:60309]
* ![rev:60303] Committing merge info for [rev:60309]: Merge was performed manually.
* ![rev:60302] Merged [rev:47018]: Some additions made to use Object::create to allow MemberTableField to deal with subclasses of Member. Also merged a modification to MemberTableField::__construct that allowed greater control over the details form's fields (defaults to same behaviour as trunk), and MemberTableField::DetailForm, although this might need to be removed later.
* ![rev:60290] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60289] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60287] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60281] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60279] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60278] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:60276] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60268] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60266] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60265] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60264] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60261] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60259] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60258] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60257] Merged [rev:47017]: Modified behaviour for MemberTableField popups so that the behaviour is applied if the Security section uses a subclass of MemberTableField rather than an instance of MemberTableField.
* ![rev:60256] Committing missing svn:mergeinfo for [rev:46973].
* ![rev:60255] Merged [rev:47016]: Used Object::create to allow SecurityAdmin to use subclasses of MemberTableField to list members.
* ![rev:60236] removed duplicate RestfulServerTest files, they're already in /cms (merge error)
* ![rev:60235] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60234] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60233] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60232] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60231] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60230] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60229] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60228] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60227] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60226] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60225] (manually merged from branches/roa)
* ![rev:60215] blocked r54568
* ![rev:60214] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60212] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60211] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60209] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60208] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60207] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60206] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60205] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60204] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60203] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:60179] Merged [rev:47015]: Moved call to DataObject::write and makes use of DataObject::destroy.
* ![rev:60178] Improved behaviour of ViewableData_Iterator. It's not clear why, but this was causing a bug on our build slave. Maybe a PHP version difference?
* ![rev:60175] Merged [rev:47011]: Additional CSS for GenericDataAdmin.
* ![rev:60173] Merged [rev:47010]: Modified GenericDataAdmin::buildResultFieldValue to accept relations of the form: obj1.obj2...objN->MethodCall, similar to TableListField_Item.
* ![rev:60169] Merged [rev:47009]: Calls bind using Prototype Event.
* ![rev:60168] Merged [rev:47008]: Disables the create button while creating a new entry with GenericDataAdmin.
* ![rev:60167] Merged [rev:47007]: Fix to prevent GenericDataAdmin setting a status on a new record and thus overwritting a data field named 'Status'. Includes a fix for onclick on Ajax buttons if event is not passed.
* ![rev:60162] Merged [rev:46973]: Notes a correction that will need to be made in the future.
* ![rev:60137] Blocked [rev:46952]
* ![rev:60123] Merged [rev:46959]: Summary values calculated on server are shown in the summary row when displaying a ComplexTableField.
* ![rev:60108] Merged [rev:46289]: Committing the missing meta-data for sapphire.
* ![rev:59969] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:59927] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:59925] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:59923] (blocked bidirectional merge from trunk into branches/roa)
* ![rev:59922] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:59920] (merged from branches/roa. use "svn log -c `<changeset>` -g `<module-svn-path>`" for detailed commit message)
* ![rev:59897] r52080, r52101, r52102 (merged from branches/roa)
* ![rev:59890] r52079 (merged from branches/roa)
* ![rev:59876] Merged [rev:46959]: ComplexTableField.ss now includes server-generated values in summary row cells.
* ![rev:59875] Merged [rev:46289]: Spaces in SCRIPT_FILENAME are now replaced with underscores.

View File

@ -1,68 +0,0 @@
# 2.3.1 (2009-03-19)
## New Features
* ![rev:72804] #3659 - Update key to show what purple means (ezero)
* ![rev:72791] #3614 - Allow spell checking in HTMLEditorField when used outside of the CMS
* ![rev:72788] #3612 - Option to auto-login with basic auth (jshipman)
* ![rev:72771] added ability to disable AJAX commenting
* ![rev:72763] #3610 - Require ADMIN permissions for ?flush=all
* ![rev:72517] Allow access to the live site via RESTful api
* ![rev:73435] more robust conditional check before we go to foreach loop, more robust conditional checking before we call a FormField function where we are not sure the caller is a FormField object.
* ![rev:73285] Added Director::is_relative_url() and Director::is_site_url()
* ![rev:73149] Allow calling methods on DataObjects using RESTful API. Methods which can be called must be specified in the $allowed_actions array of the DataObject.
* ![rev:72574] Made JS i18n optional; disable it by calling Requirements::set_js_i18n(false)
* ![rev:72497] Database will fix itself if you view the site and the database doesn't exist
* ![rev:72496] Added BASE_SCRIPT_URL that lets you run a site without rewriting rules
* ![rev:72346] Added onBeforeSecurityLogin event handler to Security/login, for extensions to plug into
* ![rev:72229] Fixed invalid RSSFeed format - added `<atom:link>` and `<dc:creator>` elements, removed `<author>` element (invalid unless it contains an email address)
* ![rev:72119] #3232 lenix: Added Date::FormatI18N()
## Bugfixes
* ![rev:73437] Fixed possible SQL injection in file name part for File::find()
* ![rev:73318] Added missing action 'DeleteImageForm' to Image::$allowed_actions
* ![rev:73304] Added missing action 'EditImageForm' to Image::$allowed_actions
* ![rev:73301] Fixed too strict permission checking on Image::$allowed_actions. Replaced broken * permission check with explicit method names
* ![rev:73299] Fixed array to string conversion caused by patch commited in r73285
* ![rev:73291] Using $allowed_actions in Image_Uploader (Merged from r73255)
* ![rev:73290] Validating $_FILES in Upload->validate() (Merged from r73254)
* ![rev:73289] Existence check for Member autologin token (Merged from r73253)
* ![rev:73288] Checking for Director::is_site_url() before redirecting in Controller->redirectBack() and MemberLoginForm (Merged from r73252)
* ![rev:73286] Added isDev() and Permission::check() directives to DatabaseAdmin and DevelopmentAdmin (Merged from r73251)
* ![rev:73285] Validating $_FILES array in Director::direct()
* ![rev:73284] Using $allowed_actions in ImageEditor (Merged from r73248)
* ![rev:73261] Interpret 401s and 403s created init() methods as 'finished' requests
* ![rev:73117] Fixed ajax-response for multiple-item deletion
* ![rev:73099] Fix notice-level error in rewriteless operation of homepage when db needs to be created
* ![rev:73084] #3715: Show the changes message in a popup instead of a blank confirm box
* ![rev:73082] #3716: Added error trapping to WYSIWYG side forms
* ![rev:73080] #3714: Added default value to modeladmin search button
* ![rev:73016] redirect user down to their posted comment if it was not posted via AJAX
* ![rev:72926] #3591: Make Controller::isAjax() more reliable
* ![rev:72854] #3529 - SilverStripeNavigator causes strict XHTML pages to fail in Firefox (michaek)
* ![rev:72852] #3596 - Creating more than one new folder causes infinite loop (hamish)
* ![rev:72819] Only use target="_blank" for files by default
* ![rev:72816] #3645 - CommenterURL missing from CMS
* ![rev:72798] #1450 - Passwords should be obscured when adding a member in a MemberTableField
* ![rev:72760] Make sure "Template to install" retains its value when rechecking requirements
* ![rev:72694] #3590: Allow subclassing of Folder
* ![rev:72693] #3590: Allow subclassing of Folder
* ![rev:72564] Include i18n where necessary. 2nd part of r72563
* ![rev:72563] Updated i18n javascript system so that the i18n javascript needs to be explicitly included, so that it doesn't poke its nose in where it's not wanted.
* ![rev:72557] #3418: Remove jQuery coupling from Email field focus, and only include email focus when validation is enabled
* ![rev:72457] #3644 - _ss_environment.php search creates open_basedir error (ed)
* ![rev:72341] Ensure that $this->class is set on ArrayData objects
* ![rev:72338] Allow SilverStripe to work when asp_tags is on
* ![rev:72252] Memory usage improvements to CsvBulkLoader and Member::onBeforeWrite()
* ![rev:72201] fixed syntax fail in silverstripe navigator
* ![rev:72200] Prevent infinite redirection when the homepage isn't available, when using modules such as subsites.
* ![rev:72190] escaped filename before querying with it - #ajoneil
* ![rev:73283] Using auto-escaped get_by_id() in CommentAdmin and SecurityAdmin (Merged from r73247)
* ![rev:73395] Disallow access of cli-script.php through a browser
* ![rev:72602] restored image panel showing 3 across (#3670)
* ![rev:72254] Fix tabs not being correct size when first loaded
## Other
* ![rev:73285] (Merged from r73250)

View File

@ -1,36 +0,0 @@
# 2.3.10 (2010-12-21)
## Overview
* Security: XSS in controller handling for missing actions
* Security: SQL injection with Translatable extension enabled
* Security: Version number information disclosure
* Security: Weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts
* Security: HTTP referer leakage on Security/changepassword
* Security: CSRF protection bypassed when handling form action requests through controller
* Improved security of PHPSESSID and byPassStaticCache cookies (setting them to 'httpOnly')
## Upgrading Notes
See [2.4.4](2.4.4)
## Changelogs
### Features and Enhancements
* [rev:114501] Added !RandomGenerator for more secure CSRF tokens etc. (from r114497) (from r114499)
### Bugfixes
* [rev:115200] Removing form actions from in !AssetAdmin, CMSMain, !LeftAndMain - handled through Form->httpSubmission() (merged from r115185)
* [rev:115191] Checking for existence of !FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form
* [rev:115191] Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)
* [rev:114776] Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)
* [rev:114772] Disallow web access to cms/silverstripe_version to avoid information leakage (from r114770)
* [rev:114763] Avoid potential referer leaking in Security->changepassword() form by storing Member->!AutoLoginHash in session instead of 'h' GET parameter (from r114758)
* [rev:114741] Fixed CSRF warning in image form after selecting a folder. (from r80237)
* [rev:114517] Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation (from r114515) (from r114516)
* [rev:114513] Limiting usage of mcrypt_create_iv() in !RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510) (from r114512)
* [rev:114509] Using !RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of '!RememberLoginToken' and '!AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504) (from r114507)
* [rev:114502] Using !RandomGenerator class in !SecurityToken->generate() for more random tokens (from r114500)
* [rev:114266] Removing quotes from test data in !RestfulServiceTest, it gives different results depending on magic_quotes_gpc setting on PHP configuration (merged from r80132).

View File

@ -1,11 +0,0 @@
# 2.3.11 (2011-02-02)
## Overview
* Bugfix: CMSMain->rollback() fails because of CSRF protection
## Changelog
### Bugfixes
* [rev:115919] #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer

View File

@ -1,37 +0,0 @@
# 2.3.12 (2011-10-17)
## Overview
* Security: Cross-site scripting on anchor links
* Security: Possible SQL injection for MySQL when using far east character encodings
* Security: SQL injection in Folder::findOrMake() parameter (used mostly in author-only CMS through `Upload::load()`)
* Security: Privilege escalation from `EDIT_PERMISSIONS` to `ADMIN` for users access to the CMS (through `Member->getCMSFields()` and `TreeMultiselectField`)
## Upgrading Notes ##
See [2.4.6]
## Changelog
### Features and Enhancements
* 2011-10-17 [8113e9c](https://github.com/silverstripe/sapphire/commit/8113e9c) Added SSViewer::getOption() as a logical counterpart to SSViewer::setOption() (Ingo Schommer)
* 2011-02-07 [e2267a0](https://github.com/silverstripe/sapphire/commit/e2267a0) Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) (Ingo Schommer)
### Bugfixes
* 2011-10-18 [bdd6391](https://github.com/silverstripe/sapphire/commit/bdd6391) Respecting SSViewer::$options["rewriteHashlinks"] in SSViewer::process() (Ingo Schommer)
* 2011-10-17 [52a895f](https://github.com/silverstripe/sapphire/commit/52a895f) Escaping base URLs for anchor links rewritten by SSViewer::process() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a &lt;base&gt; tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks' (Ingo Schommer)
* 2011-09-15 [07dc3e9](https://github.com/silverstripe/silverstripe-cms/commit/07dc3e9) Consistently using Convert::raw2sql() instead of DB::getConn()-&gt;addslashes() or PHP's deprecated addslashes() for database escaping (Ingo Schommer)
* 2011-09-15 [6d6c294](https://github.com/silverstripe/sapphire/commit/6d6c294) Consistently using Convert::raw2sql() instead of DB::getConn()-&gt;addslashes() or PHP's deprecated addslashes() for database escaping (Ingo Schommer)
* 2011-03-09 [5bc0d00](https://github.com/silverstripe/sapphire/commit/5bc0d00) Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member-&gt;getCMSFields()) by checking for admin groups in Member-&gt;onChangeGroups() (Ingo Schommer)
### Minor changes
* 2011-02-21 [b37836f](https://github.com/silverstripe/sapphire/commit/b37836f) Added deprecated SapphireTest-&gt;assertType() in order to support PHPUnit 3.5 or newer, but stay backwards compatible to PHPUnit 3.4 (Ingo Schommer)
* 2011-02-07 [e527e54](https://github.com/silverstripe/sapphire/commit/e527e54) Fixing image links in docs/en/tutorials/ (Ingo Schommer)
### Other
* 2011-10-18 [fbe8b7b](https://github.com/silverstripe/sapphire/commit/fbe8b7b) MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att() to strip_tags() to make the resulting PHP more portable when mode is set to 'php' (Ingo Schommer)
* 2011-09-15 [ca78784](https://github.com/silverstripe/sapphire/commit/ca78784) SECURITY Backporting MySQLDatabase-&gt;addslashes() to use mysql_real_escape_string() instead of the non-multibyte-safe addslashes() PHP function, and using it in Convert::raw2sql() (Ingo Schommer)

View File

@ -1,21 +0,0 @@
# 2.3.13 (2012-02-01)
## Overview
* Security: Cross-site scripting on text transformations in templates
* Security: Cross-site scripting (XSS) related to page titles in the CMS
## Upgrading Notes ##
See [2.4.7](2.4.7).
## Changelog ##
### Bugfixes
* 2012-01-31 [15e9e05](https://github.com/silverstripe/sapphire/commit/15e9e05) Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
* 2009-05-26 [acf9e01](https://github.com/silverstripe/sapphire/commit/acf9e01) Don't break CMS tree if HTML gets into MenuTitle (Sam Minnee)
### Other
* 2012-01-31 [475e077](https://github.com/silverstripe/sapphire/commit/475e077) SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published &lt;page title&gt;' messages (Ingo Schommer)

View File

@ -1,540 +0,0 @@
# 2.3.2 (2009-06-18)
## Upgrading
### Feature Changes
#### CMS image alignment changes
Image alignment elements have been changed slightly. There are no longer any `<DIV>` elements created with the images
using the insert image toolbar in the CMS.
All of these selectors in your typography.css are affected:
* div.image.left
* div.image.right
* div.image.leftAlone
* div.image.center
They need to be changed to the following (respectively):
* img.left
* img.right
* img.leftAlone
* img.center
Here's an example of how the default Blackcandy theme was changed:
[http://open.silverstripe.org/changeset/75917/themes/blackcandy/branches/2.3/blackcandy/css/typography.css](http://open.silverstripe.org/changeset/75917/themes/blackcandy/branches/2.3/blackcandy/css/typography.css)
#### Translatable Datamodel
The datamodel for the Translatable extension was changed from multiple language tables to multiple rows for each
translated record in the original table. We've also introduced the concept of "Translation groups", which means not
every translated record has to exist in a "master language". Please review our updated documentation on how to [enable Translatable](/developer_guides/i18n).
If you are upgrading an existing database with existing translations, you'll need migrate these before using the
database.
For in-depth discussion of the schema changes and translation groups, please refer to our developer mailinglist:
[1](http://groups.google.com/group/silverstripe-dev/browse_thread/thread/91e26e1f78d3c1b4/bd276dd5bbc56283?lnk=gst&q=translatable#bd276dd5bbc56283)
and
[2](http://groups.google.com/group/silverstripe-dev/browse_thread/thread/575001296360a1cc/e3268963c6d8cef7?lnk=gst&q=translatable#e3268963c6d8cef7).
#### Translatable property selection
It is no longer possible to exclude certain properties on a DataObject from being translatable. This is a limitation by
our database schema choice. See
[discussion](http://groups.google.com/group/silverstripe-dev/browse_thread/thread/2b3df26361d17119/be8f9f08a797bd43?lnk=gst&q=translatable#be8f9f08a797bd43)
on our mailinglist and ticket [#3722](http://open.silverstripe.com/ticket/3722).
#### Translatable URLs
Every page is now forced to have a unique URL, different languages can't be switched by appending a `?lang=xx`
property any longer. Languages don't have to be set in sessions or cookies, as every request is able to determine the
language for the remaining site by inspecting the URL. Unique URLs are enforced because of SEO concerns, problematic
caching on proxies, browser and framework-level, as well as difficult debugging with session states. See
[discussion](http://groups.google.com/group/silverstripe-dev/browse_thread/thread/17908f7318decfac/0c2b2e2a07ea6955?lnk=gst&q=translatable+url#0c2b2e2a07ea6955)
on our mailinglist.
### API Changes
#### Important, but simple, ModelAdmin change
The configuration statics for ModelAdmin have been changed from protected to public, so that `Object::get_static()`
can access them. In particular the following static variables have been changed.
* `ModelAdmin::$managed_models`
* `ModelAdmin::$collection_controller_class`
* `ModelAdmin::$record_controller_class`
* `ModelAdmin::$model_importers`
* `ModelAdmin::$page_length`
Because of this, you will need to change the static definitions in your ModelAdmin subclasses. For example, you should
change this:
:::php
class MyCatalogAdmin extends ModelAdmin {
protected static $managed_models = array(
'Product',
'Category'
);
...
}
To this:
:::php
class MyCatalogAdmin extends ModelAdmin {
public static $managed_models = array(
'Product',
'Category'
);
...
}
#### Deprecated Translatable::enable()
* Use ''Object::add_extension('SiteTree','Translatable'')'' instead of `Translatable::enable()`
* Use ''Object::remove_extension('SiteTree','Translatable'')'' instead of `Translatable::disable()`
* Use ''Object::has_extension('SiteTree','Translatable'')'' instead of `Translatable::is_enabled()`
#### Deprecated Translatable "lang" methods
## 2.3.2-rc4
### Bugfixes
* ![rev:79278] Fixed TranslatableTest->testSavePageInCMS(), needed admin login to edit ViewersGroups field (Merged via: r79282)
* ![rev:79269] Excluding Access fields on SiteTree from Translatable->updateCMSFields(), as their original values break the javascript logic for showing/hiding the fields (Merged via: r79282)
* ![rev:79266] Passing locale through to TreeSelectorField ajax calls (Merged via: r79282)
* ![rev:79240] Marking new TreeMultiSelectField_Readonly with $readonly flag, otherwise breaks CMS saving with Translable enabled etc. (see #4240)
## 2.3.2-rc3
### Enhancement
* ![rev:78919] DevelopmentAdmin: Changed dev/build to produce nicer formatting when running from sake/dev/build CLI
* ![rev:78618] Add HTMLText#FirstSentence based on new HTMLText#Summary
### API Change
* ![rev:78632] Added increase_memory_limit_to() for increasing but not decreasing memory limit.
* ![rev:78618] Added two arguments to HTMLText#Summary. Minimal impact since previously any usage of this function threw an error.
### Bugfixes
* ![rev:79208] Don't remove translation groups in Translatable->onBeforeDelete() if the decorated record uses Versioned, as other representations of the record might still exist in other tables (e.g. SiteTree_Live) (see #4219) (Merged via: r79211)
* ![rev:79194] Writing Locale in Translatable->onBeforeWrite() regardless of the record ID existing (see #4232). This is more in line with Translatable->requireDefaultRecords() which automatically updates all NULL locale values anyway. (Merged via: r79195)
* ![rev:78920] DevelopmentAdmin: Don't allow dev/reset to be run from CLI, as this could be accidentally run - give a message that the user should run this from their web browser instead
* ![rev:78732] #4119: Fixed encoding of readonly TextareaFields and unicode in TextareaFields.
* ![rev:78729] Fixed Translatable->requireDefaultRecords() for non-SiteTree objects (was assuming Versioned to be present) (Merged via: r79195)
* ![rev:78728] A couple of bugfixes on HTMLText#Summary and HTMLText#FirstSentence so the trickiest tests pass
* ![rev:78618] Replace HTMLText#Summary with one that works.
* ![rev:78542] Don't allow the use of get-var ?isDev=1 when security DB isn't available.
* ![rev:78496] WidgetAreaEditor shouldn't ever call editable segment "NoWidgets" - this is just a placeholder
* ![rev:78471] Fixed readonly version of TreeMultiselectField
* ![rev:78470] Get backtrace rather than crazy context stuff shown in dev error messages
* ![rev:78469] Fix readonly versions of grant fields.
* ![rev:78452] fixed spelling of spam protector
* ![rev:78352] modified convertDataObjectWithoutHeader to handle empty relationships.
* ![rev:78256] Removing operating system limitations for Flash Player checks which determine showing/hiding of upload button (which currently requires exactly FP9 in our version of SWFUpload). See #3679 and #3023 for followup tickets.
* ![rev:78155] Changing from unset record entry to an empty value shouldn't register as a 'level 2' change
* ![rev:78118] Using language dropdown to determine locale for partial tree ajax loads, because we can't rely on a page with a hidden "Locale" field being loaded in the CMS. Fixed bug with wrong spelling of "locale" argument. (see #3995). (Merged via: r78119)
* ![rev:76517] Closing `<link type="alternate">` tags for XHTML compliance on Translatable->MetaTags(). Use ContentNegotiator to transform them back to HTML markup. See #3989 (Merged via: r78167)
## 2.3.2-rc2 Changelog
### API Change
* ![rev:77658] Added DataDifferencer, for comparing DataObjects. Note that it won't be used by the core features until 2.3.3, but is made available here for the cmsworkflow module.
* ![rev:77385] Removed @deprecated 2.3 JS function ingize() from LeftAndMain.js: Please use ss.i18n instead
### Bugfixes
* ![rev:77937] fixed is_array error in TableListField. #4123
* ![rev:77849] Fixed bugs in previous change to DOD
* ![rev:77822] Fix edge-case bug with application of decorators
* ![rev:77766] #4133 Fixed case where ComplexTableField failed to detect a has_many relation from the parent
* ![rev:77737] fixed #4119 by using htmlentities rather then Convert functions
* ![rev:77733] #4113: Fixed bugs with template processing in i18nTextCollectorTask.
* ![rev:77727] #4119 netminds: Fix error page publication for lang to locate replacement.
* ![rev:77726] a redirection with an external link that has more than one query string variables. Do not convert the link to html entities
* ![rev:77662] #2328: Show backtrace for uncaught exceptions (merged from r70444)
* ![rev:77596] fixed clearing issue with IE7
* ![rev:77553] Removed spurious console.log() functions (merged from r77552)
* ![rev:77528] missing unmoderated action in CommentAdmin.php
* ![rev:77461] Ensure that when a page is deleted from stage or live, its descendants are also deleted.
### Minor changes
* ![rev:78083] Reverted r78055, it breaks TableListFieldTest and doesn't actually fix the bug it was supposed to (PHP segfaulting)
* ![rev:78082] Merged from trunk
* ![rev:78081] Merged from trunk
* ![rev:77992] Merged from trunk
* ![rev:77766] Updated tests for ComplexTableField
* ![rev:77595] fixed layout for SelectionGroup file
* ![rev:77554] mergeinfo
* ![rev:77384] Removed cases where GhostPage was being unset from the tests
* ![rev:77381] Removed unused ReportField_Controller URL rule from cms/_config.php
## 2.3.2-rc1 (changes since 2.3.2-beta1)
### API Change
* ![rev:77006] Deprecated Translatable::set_reading_lang(), use Translatable::set_current_locale().
* ![rev:76853] Deprecated Translatable::current_lang(), use Translatable::get_current_locale() (Merged via: r76855)
* ![rev:76839] Deprecated Translatable->getTranslatedLangs(), use getTranslatedLocales()
* ![rev:76723] Added SiteTree::doDeleteFromLive()
* ![rev:76666] Made batch actions pluggable through CMSBatchActionHandler::register()
* ![rev:76207] When there are script tags in the body, put requirements script just before them, instead of at the very top of the body. Since this reduces the cost of the (sometimes necessary) script tags in the body, the notice-level error has been removed.
### Bugfixes
* ![rev:77282] WidgetAreaEditor gets it's related WidgetArea using getComponent(), a more robust way of getting the component
* ![rev:77259] Fixed Debug::friendlyError() to use Translatable::get_current_locale() instead of deprecated Translatable::current_lang()
* ![rev:77256] Fixed undefined variable $langAvail in Translatable
* ![rev:77242] Added a missing default english string to ADDITEM translatable entity in TableField.ss
* ![rev:77140] If CTF doesn't have a parent class (set to false), avoid breakages in ComplexTableField::getFieldsFor()
* ![rev:77111] #4082 - Translatable CMS fields layout broken in IE6
* ![rev:77031] Add JavaScript for HtmlEditorField on every CMS page, to avoid issue where loading form with HtmlEditorField via ajax doesn't work because scripts are stripped out.
* ![rev:77016] TableListField items couldn't be deleted because TableListField_ItemRequest::__construct() didn't call parent::__construct()
* ![rev:76955] Make requirements combiner work with jQuery
* ![rev:76949] #4038 If attempting to set a default locale that doesn't exist, throw a warning in Translatable::set_default_locale()
* ![rev:76948] Fixed case where SiteTree->getCMSFields() is missing a parent page, and thus it results in a non-object
* ![rev:76930] Fixed potential non-object error in LeftAndMain::callPageMethod()
* ![rev:76913] Fixed missing tinymce_template bug in ReportAdmin
* ![rev:76896] Fixed ErrorPage not showing up properly due to a SQL query that was merged from trunk not compatible with 2.3
* ![rev:76890] #4058 Requirements::process_combined_files() fixed small typo in the output
* ![rev:76881] #4068 - Fixed spelling mistake in en_US.php
* ![rev:76875] Fix javascript error in IE caused by Changeset 76845 where reloading a page would trigger a resetChanged before the tinyMCE instance existed
* ![rev:76872] Using Translatable::set_default_lang() for the deprecated i18n::set_default_lang() - this should trigger lang->locale convertion, and fix issues with running a 2.2->2.3 database schema migration (see #4009) (Merged via: r76873)
* ![rev:76870] Fixed CMSMain->LangSelector() default language selection (Merged via: r76871)
* ![rev:76866] Added translation groups for existing entries the first time Translatable is switched on through Translatable->requireDefaultRecords() (see #4051) (Merged via: r76867)
* ![rev:76852] Fix issue with 'clear' button on CMS SiteTree search
* ![rev:76841] Fixed tab layout for add form of model admin (Merged via: r77326)
* ![rev:76765] typo by legacy: ViewersGroup -> ViewerGroups, EditorsGroup -> EditorGroups
* ![rev:76731] Removed obsolete CMSMain->EditingLang(), not used any longer (see #3997) (Merged via: r76733)
* ![rev:76730] Fixed selected image hilighting, when inserting images into WYSIWYG, on IE
* ![rev:76729] Fixed WidgetAreaEditor javascript in IE
* ![rev:76726] Don't show the upload tab on readonly folders.
* ![rev:76702] Made TableListField::export() more memory efficient for large exports.
* ![rev:76655] Limit "show deleted pages" in CMS tree to current language (see #3994) (Merged via: r76656)
* ![rev:76650] Made SideTabs and SideReports work with Translatable by explicitly passing a "locale" GET parameter (see #4014) (Merged via: r76653)
* ![rev:76613] Fixed "Translations" tab display in CMS - no more duplication of original language and translated tab - see #4020 (Merged via: r76614)
* ![rev:76611] Creating a translation of a new page in a new language fails - fixed by adding locale to /createtranslation ajax call (see #4021) (Merged via: r76612)
* ![rev:76608] Fix getsubtree command in CMS tree to work with Translatable (#3995) (Merged via: r76609)
* ![rev:76603] Return NULL in Versioned::get_latest_version() if no record was found (fixes #4015) (Merged via: r76605)
* ![rev:76508] Escaped SiteTree.ID in LinkTracking selection so that show deleted pages would work.
* ![rev:76457] fixed escaping of code in textarea fields
* ![rev:76435] fixed treedropdownfield cropping long names off
* ![rev:76374] Ensure that the return object of File::find() is an instance of Image in HtmlEditorField_readonly::HtmlEditorField_dataValue_processImage()
* ![rev:76268] Fix modeladmin scrollbars in ie7
* ![rev:76258] Fixed scenarios where the page is readonly and the expected ParentType elements don't exist causing a JS error (Merged via: r76260)
* ![rev:76172] Fixed calls to uninherited() that returned no static in some cases, replacing with faster Object::get_static() calls (Merged via: r76205)
* ![rev:75027] Fixed Locale duplication detection for queries in Translatable->augmentSQL() (Merged via: r76593)
* ![rev:70325] Altering parent getCMSFields() results in RedirectorPage instead of starting with an empty FieldSet, as this discards any tabs and fields which are not explicitly mentioned in the implementation like the ability to create a translation. (Merged via: r76515)
* ![rev:70306] Don't require a record to be written (through exists()) when checking Translatable->isTranslation() or Translatable->hasTranslation()
### Enhancement
* ![rev:77266] Added databse name to output of dev/build (merged from r77265)
* ![rev:77265] Added databse name to output of dev/build (Merged via: r77266)
* ![rev:77264] Added option for putting integers into SS_DATABASE_CHOOSE_NAME in _ss_environment.php, so that a parent/grandparent folder name can be used as the database name (merged from r77261).
* ![rev:77261] Added option for putting integers into SS_DATABASE_CHOOSE_NAME in _ss_environment.php, so that a parent/grandparent folder name can be used as the database name. (Merged via: r77264)
* ![rev:76944] Significant speed up for SiteTree Filter
* ![rev:76847] Add SSMacron plugin for inserting macron characters
* ![rev:76845] Use new HtmlEditorConfig API to specify options for CMS HtmlEditorField
* ![rev:76840] Using standard LanguageDropdownField in CMSMain->LangSelector() (Merged via: r76843)
* ![rev:76839] Added $instance parameter to LanguageDropdownField to call instance-specific canTranslate() on it (optionally) (Merged via: r76842)
* ![rev:76779] Correct issue with SiteTree filtering not persisting and add drop down for page type and clear button. Part of a re-work of the search system
* ![rev:76666] Added batch actions for unpublish and delete from published.
* ![rev:76594] Improved TranslatableTest->testCreateTranslationTranslatesUntranslatedParents() to translate two grandchildren - this used to be an issue in branches/2.3 (see #4016) (Merged via: r76597)
* ![rev:70306] Adding link back to original page in CMS editform for translations
### Other
* ![rev:77326] Merged from trunk
* ![rev:77071] the sort
* ![rev:77051] Fix a PHP segfault
* ![rev:76942] API: Allow specifying any callback to setMarkingFunction, not just a function name.
* ![rev:76844] API: Move the TinyMCE configuration from a javascript file to a php system, to allow for site specific and section specific html editor options.
* ![rev:76779] @todo: Tests, speed optimisation, proper connection of filtering with tree control checkboxes
* ![rev:76260] Merged from trunk
* ![rev:76205] Merged from trunk
* ![rev:71917] NOTFORMERGE: Added custom batch actions and a 'show generic/customised' checkbox to the oriwave CMS. When upgrading to 2.3 or 2.4, we should use this code as a use-case for a new API that lets us customise the CMS interface. The JavaScript refactoring work we do might want to bear this in mind, to make such customisations easier. (Merged via: r76666)
## Beta 1 - since 2.3.1
### New Features
* ![rev:75153] Allow Title and Navigation Label to be searched separately
* ![rev:74739] hooks into form field to allow custom error messages. Note does not currently apply to the behaviour / js. Just the PHP validation
* ![rev:74538] make PasswordField and ConfirmedPasswordField able to either readonly or disabled.
* ![rev:74503] make PasswordField and ConfirmedPasswordField able to either readonly or disabled.
* ![rev:74327] added $Var.UpperCase support to DBField
* ![rev:74326] allow you to disable ?m suffixing of requirements
* ![rev:74248] optionally allow sorting toDropdownMap() function. Patched from #3829
* ![rev:73670] added after uploading notify method
* ![rev:70327] Enabled specifying a language through a hidden field in SearchForm which limits the search to pages in this language (incl. unit tests) (Merged via: r74986)
### API Change
* ![rev:75913] Deprecated ModelAsController->get404Page() with using the URLSegment "404" on a normal page type - please use the ErrorPage class instead (Merged via: r75916)
* ![rev:75742] Deprecated Translatable::get_langs_by_id() - use getTranslations()
* ![rev:75328] Deprecated Translatable::get_homepage_urlsegment_by_language(), use get_homepage_urlsegment_by_locale() (Merged via: r75685)
* ![rev:74969] Deprecated DataObjectSet->toDropDownMap() and made it an alias of map(), copying the functionality of toDropDownMap() into map()
* ![rev:74901] add documentation to changeset r74858.
* ![rev:74858] BulkLoader::getImportSpec() call DataObject::fieldLables() with $includerelations as false, so that the relations is separated from column fields
* ![rev:74070] Deprecated Translatable::choose_site_lang(), use choose_site_locale() (Merged via: r74986)
* ![rev:73951] Removed Translatable::creating_from() - doesn't apply any longer
* ![rev:73900] Deprecated Object->extInstance(), use getExtensionInstance() instead
* ![rev:73468] Removed Translatable::get_original() - with the new "translation groups" concept there no longer is an original for a translation
* ![rev:73466] Deprecated Translatable::set_default_lang(), Translatable::default_lang() (Merged via: r74986)
* ![rev:73345] Removed CMSMain->switchlanguage() - createTranslation() is sufficient for new, ajax refreshing of CMS state got way too complicated for switching languages, we now just reload the entire CMS with a different ?lang GET parameter (Merged via: r74988)
* ![rev:73338] Translatable->findOriginalIDs(), Translatable->setOriginalPage(), Translatable->getOriginalPage()
* ![rev:70307] Removed CMSMain->switchlanguage() (Merged via: r74988)
* ![rev:70118] Removed obsolete Translatable::table_exists()
* ![rev:70072] Removed obsolete internal Translatable methods: hasOwnTranslatableFields(), allFieldsInTable()
* ![rev:69959] Removed Translatable::get_one(), Translatable::write()
### Bugfixes
* ![rev:76036] Fixed extraFilter argument for SiteTree::get_by_url() when translatable is enabled
* ![rev:76019] Unblock blocked requirements when opening a poppup - otherwise
* ![rev:75984] Removing ParentType and ParentID fields in Translatable->updateCMSFields() as they are causing js problems when set to readonly. These fields should only be set on the original record anyway (at least as long as we don't have a multi-language capable TreeMultiSelectField). (Merged via: r76035)
* ![rev:75983] Removed URLSegment detection from Translatable->onBeforeWrite() - it was always preceeded by SiteTree->onBeforeWrite() which already alters the URL, so the appending of locale values to disambiguate the URL was pointless (never triggered) (Merged via: r76035)
* ![rev:75936] Resetting default language in TranslatableTest - this was breaking VirtualPageTest before (Merged via: r75937)
* ![rev:75926] Fixed undefined var error in VirtualPage (Merged via: r75937)
* ![rev:75922] Resetting Translatable locale in SearchForm after querying - this was causing side-effects when running TranslatableSearchFormTest in combination with other Translatable tests (Merged via: r75937)
* ![rev:75920] Ensure that when template content is being parsed by Email::parseVariables(), template path comments don't show
* ![rev:75919] Ensure that template path comments don't make it into ViewArchivedEmail
* ![rev:75915] Fixed wrong parameter in ErrorPage::get_static_filepath() (Merged via: r75916)
* ![rev:75914] Fixing assets filepath in Debug::friendlyError() (Merged via: r75916)
* ![rev:75873] Automatically publish virtual pages when their source pages are published
* ![rev:75869] #3970: Make virtual page editing work.
* ![rev:75831] Checking for existing value on TreeDropdownField->performReadonlyTransformation() - this broke the ReadonlyTransformation on Translatable->updateCMSFields() for the new "ParentID" field in SiteTree->getCMSFields()
* ![rev:75826] Removing the appended querying for NULL or empty Locale values in Translatable->augmentSQL() - this should no longer be necessary as we set default locales to all records through Translatable->requireDefaultRecords() (Merged via: r75838)
* ![rev:75791] Fixed ErrorPage::get_filepath_for_errorcode() to work with locale values instead of short language subtags (Merged via: r75838)
* ![rev:75787] Fixed faulty regex that broke rewritten links to be relative to the base href
* ![rev:75785] set when ajax is disabled for commenting that we redirect manually down to the comment form
* ![rev:75782] Unified locale values between i18n::$all_locales and $common_locales - the common locales should be a subset of all locales, without any additional ones as this might cause side-effects with LanguageDropdownField (see #3958) (Merged via: r75783)
* ![rev:75745] Fixed DBLocaleTest (Merged via: r75746)
* ![rev:75743] #3959: Fixed auto-setting has many relations on CTF - works mostly like the many-many relation auto setting.
* ![rev:75733] Allow insertion of object tags (such as youtube vids) into WYSIWYG's HTML view
* ![rev:75705] Fixed right hand image add/edit form panel sizing
* ![rev:75675] Fixed i18n::get_locale_from_lang() to return original parameter if it detects a fully qualified locale that shouldn't be converted (Merged via: r75685)
* ![rev:75654] Fixed PageCommentInterface $this->class being NULL because parent::__construct() wasn't called
* ![rev:75614] Fixed refactoring of getRecord() so that it can handle currentPage() calls properly.
* ![rev:75611] Let CMS users open pages deleted from draft; bug introduced by translatable.
* ![rev:75585] Updated DataObjectSet::map() to use empty string, rather than 0, as the empty value
* ![rev:75328] Updated enabling mechanism in Translatable->alternateGetByUrl()
* ![rev:75270] #3740: Fixd duplicate tab highlight in ModelAdmin, by moving back to old tabstrip.js
* ![rev:75269] #3740: Make tabstrip.js less picky about the URL before the # link
* ![rev:75263] Fixed HTTPRequest::send_file() to actually output the response, whereas before it did nothing
* ![rev:75258] Fixed HTTPRequest::send_file() to send the file properly over SSL with Internet Explorer. Without the pragma header, it won't work
* ![rev:75249] Correctly showing the available languages dropdown in Translatable->getCMSFields() (Merged via: r75685)
* ![rev:75248] Only force DataObject->forceChange() on fields which aren't already marked as changed (Merged via: r75685)
* ![rev:75226] Let users open the root folder in Files and Images section
* ![rev:75223] Disable warning about PastMember cookie if contnet was sent too early.
* ![rev:75182] Make sure tabs resize correctly when they are loaded
* ![rev:75180] Make sure tabs are resized correctly on first load
* ![rev:75161] Disable Geoip if in CLI mode - this fixes the tests from breaking. The geoip command won't be available in CLI context
* ![rev:75156] Setting Classname and RecordClassname properties on internal $record map when constructing a DataObject without passing $record into it. This ensures that getChangedFields() works on ClassName as well, which is required for Translatable->onBeforeWrite() (Merged via: r75685)
* ![rev:75151] #3919: Fix DataObject::dbObject() for decorated fields (Merged from r75150)
* ![rev:75150] #3919: Fix DataObject::dbObject() for decorated fields (Merged via: r75151)
* ![rev:75126] Fixed incorrect spelling of "$this" variable
* ![rev:75125] Fixed CSVParser constructor not passing the arguments to the protected variables delimiter and enclosure
* ![rev:75121] #3681: Added dynamic width style to container div for TinyMCE-inserted images, so if the user resizes, the div width resizes too. Thanks to ajshort for the patch!
* ![rev:75119] Fix DropdownField to select the correct option when using a map with "0" as an array key - useful for boolean searching using DropdownField
* ![rev:75116] Fixed alternative database not being reset back to the normal one after TestRunner is finished
* ![rev:75113] Fixed image editing panel padding in CMS "Insert image" button being squashed
* ![rev:75096] Allow execution of actions (such as Page's search) on ErrorPage; limit the 404 display to the index() action
* ![rev:75095] Use rendered page for 404 pages
* ![rev:75049] Ensure that CheckboxField always returns 1 from the form request data instead of "on" - this was because the value attribute didn't exist on the `<input>` tag
* ![rev:75046] Make sure that CheckboxField sets it's value as either 1 or 0, so that saveInto() saves the proper boolean value
* ![rev:75045] Ensure that CheckboxField setValue() always sets it's value as either 1 or 0, even though the request data can come through as "on"
* ![rev:75039] Fixed case where logging in with a session member ID that didn't exist in the database stopped you from being able to "Log in as someone else"
* ![rev:75038] #3594: Made WYSIWYG editor 50% larger
* ![rev:75034] Select correct default data formatter in restfulserver when there's an apparently useful Accept header that doesn't actually match a data formatter{
* ![rev:75032] Fixed "Log in as someone else" action failure when submitting MemberLoginForm while logged in
* ![rev:75030] when load a new Page (or other type of form in DataAdmin or GenericAdmin), initTabstripe called additional time for every tabstrip on the page
* ![rev:75023] Fixed error if clicking the root of a sitetree in the CMS - affected the AssetAdmin and SecurityAdmin sections
* ![rev:74981] Member::inGroup() returns false instead of an error if group doesn't exist. Ticket #3813 - thanks bgribaudo!
* ![rev:74980] Fixed ajax deletion of Group records properly - the site tree items didn't disappear immediately after deleting
* ![rev:74978] Fixed spelling mistake of "getOrientation" method name on Image
* ![rev:74961] Fixed error if JS/CSS requirements have arguments. Ticket #3860. Thanks simon_w!
* ![rev:74951] Fixed CMSMainTest->testThatGetCMSFieldsWorksOnEveryPageType() - was comparing a string $class with instanceof() instead of comparing the actually created instance (Merged via: r74988)
* ![rev:74942] Fixed TranslatableSearchFormTest->setUp() method (Merged via: r74986)
* ![rev:74927] Clearing Requirements in ScaffoldingComplexTableField, and fixed constructor arguments
* ![rev:74924] Explicitly destroy TinyMCE instances when loading a new page, in an attempt to reduce memory leaks
* ![rev:74920] Moving Requirements for AssetTableField, CommentTableField and MemberTableField from __construct() into FieldHolder() and renderWith(), which means inclusion closer to render time, and less side-effects by a previous Requirements::clear(), e.g. in a CTF popup. See r74919
* ![rev:74919] Moving Requirements for TableField, TableListField, ComplexTableField, ScaffoldComplexTableField and HasManyComplexTableField from __construct() into FieldHolder() and renderWith(), which means inclusion closer to render time, and less side-effects by a previous Requirements::clear(), e.g. in a CTF popup
* ![rev:74904] Removed unnecessary requirements from ComplexTableField_Popup: LeftAndMain.js, LeftAndMain_right.js, TableField.js, ComplexTableField.js - they will be included by the fields if necessary
* ![rev:74902] Making sure all input fields inside a newly added TableField row have unique HTML ids. This was causing problems when javascript logic was acting on those (previously ambiguous fields), e.g. when trying to use a jQuery UI datepicker
* ![rev:74899] If validator doesn't exist on Form, don't attempt to call setForm() on it or you'll get a non-object error
* ![rev:74879] Removed additional $ sign that isn't supposed to be there that broke GroupTest
* ![rev:74725] Fixing CurrencyField serverside and javascript validation to accept numbers with leading or trailing spaces
* ![rev:74721] Fixing NumericField serverside validation to accept numbers with leading or trailing spaces by using trim()
* ![rev:74657] Fixed NumericField javascript validation to not fail on numbers with trailing or leading whitespace
* ![rev:74620] Added missing default english text for "No items found" in TableListField.ss
* ![rev:74489] add more condition before $this->form is used as Caller since $this->form can still not be set yet in a certain circumstance.
* ![rev:74487] A SoapServer will cache the wsdlFile when it is first initialized and never get updated if the constructor is not explicitly passed in 'cache_wsdl' as WSDL_CACHE_NONE.
* ![rev:74477] fixed typos in ResetFormAction
* ![rev:74397] Added missing "Created" and "LastEdited" fields to the MemberTableField export fields
* ![rev:74391] fixed overflow being hidden
* ![rev:74322] Allows DataObjectDecorators and other extensions to specify setters (setFoo) in the same manner as the already working Getters (getFoo).
* ![rev:74303] Allow testing of emails when Email::send_all_emails_to() is set
* ![rev:74272] fixed issue with greyscale GD - patch from camspiers
* ![rev:74098] Fixed javascript error in CommentTableField.js where input elements were not being correctly picked up, due to the form HTML change
* ![rev:74097] Search filter should retain the existing query instead of removing it after each search in MemberTableField and CommentTableField
* ![rev:74092] Fixed issue with StaticPublisher->onAfterWrite() failing because of incorrect arguments to Versioned::get_by_stage()
* ![rev:74071] Fixed Form_EditForm_Locale reference in LeftAndMain_right.js (used to be Form_EditForm_Lang) (Merged via: r74988)
* ![rev:74069] Fixed legacy handling of Translatable::enable(),Translatable::disable() and Translatable::is_enabled() - applying extension to SiteTree instead of Page to avoid datamodel clashes (Merged via: r74986)
* ![rev:74065] Re-added Translatable->isTranslation() for more friendly deprecation (originally removed in r73338) (Merged via: r74986)
* ![rev:73900] Unsetting all cached singletons in Object::remove_extension() to avoid outdated extension_instances
* ![rev:73883] Making $_SINGLETONS a global instead of a static in Core.php so it can be re-used in other places (Merged via: r74986)
* ![rev:73836] Removed version number from `<meta>` generator tag - opt for security by obscurity in this case (originally committed in r70422 and r71172) (Merged via: r73837)
* ![rev:73775] fixed cropping of TreeDropdownField popups and Date popups within complextablefield popups
* ![rev:73758] #3798 ajshort: Let searchcontext be used on sitetree
* ![rev:73608] fixed choppy gradient (or lack thereof) in the tinymce window
* ![rev:73603] updated FormTest with fullstop
* ![rev:73594] Fixed layout of cms rhs area buttons
* ![rev:73593] Simple toolbar alteration to make toolbar fit at 1024x768
* ![rev:73533] Fix call to undefined "_12Hour" function (merged from r73523)
* ![rev:73484] Get installer working with php_short_tags off (Merged r73481-3 from trunk)
* ![rev:73482] #3758: Fixed config-form.html for use with short_open_tag = off (Merged via: r73484)
* ![rev:73472] Fixed translatable test execution by making protected methods public (Merged via: r74986)
* ![rev:73468] Updated MigrateTranslatableTask to new Locale based datamodel (Merged via: r74986)
* ![rev:73465] Fixed Hierarchy->Children() testing in TranslatableTest - with the new datamodel you can't call Children() in a different language regardless of Translatable::set_reading_lang(), the Children() call has to be made from a parent in the same language (Merged via: r74986)
* ![rev:73344] Checking for existence of original before trying to get translation in LeftAndMain->currentPage() (Merged via: r74988)
* ![rev:73343] Changed CSS selector for TranslationTab javascript behaviour to be less specific (Merged via: r74988)
* ![rev:73342] Removed link to "original page" for a translation - no longer valid
* ![rev:73341] Disabled auto-excluding of default language from the "available languages" array in LanguageDropdownField - due to the new "translation groups" its possible to have a translation from another language into the default language (Merged via: r74986)
* ![rev:73339] Disabled "untranslated" CSS class for SiteTree elements - doesn't apply any longer with the new "translation groups" concept (Merged via: r74986)
* ![rev:73338] Removed bypass in Translatable->AllChildrenIncludingDeleted() (Merged via: r74986)
* ![rev:73059] Make object cache testing more robust (Merged via: r74986)
* ![rev:72054] Fixed finding a translated homepage without an explicit URLSegment (e.g. http://mysite.com/?lang=de) - see #3540
* ![rev:71340] Including Hierarchy->children in flushCache() and renamed to _cache_children. This caused problems in TranslatableTest when re-using the same SiteTree->Children() method with different languages on the same object (even with calling flushCache() inbetween the calls) (Merged via: r74986)
* ![rev:71297] Only show the LangSelector dropdown if there's multiple languages available on the site (Merged via: r74988)
* ![rev:71258] Fix translatable being enabled when it shouldn't be (Merged via: r74986)
* ![rev:70324] Making sure that LeftAndMain->CurrentPage() respects language settings - was returning pages in different language from session after switching between languages in cms (Merged via: r74988)
* ![rev:70323] Fixed expanded/unexpanded flags on new tree items - was showing expanded styling (plus icon) with newly created pages
* ![rev:70322] Ensuring that new pages can't be created when in translation mode by disabling the "create..." tree action (Merged via: r74988)
* ![rev:70318] Reverted special cases for Translatable in Versioned->canBeVersioned() (originally committed in r42119) - was checking for existence of underscores in table names as an indication of the "_lang" suffix, which is no longer needed. It was also a flawed assumption which tripped over classes like TranslatableTest_TestPage (Merged via: r74986)
* ![rev:70306] Don't require a record to be written (through exists()) when checking Translatable->isTranslation() or Translatable->hasTranslation()
* ![rev:70214] Falling back to Translatable::current_lang() if no $context object is given, in augmentAllChildrenIncludingDeleted() and AllChildrenIncludingDeleted()
* ![rev:70138] Disabled assumption that SQLQuery->filtersOnID() should only kick in when exactly one WHERE clause is given - this is very fragile and hard to test. It would return TRUE on $where = "SiteTree.ID = 5", but not on $where = array("Lang = 'de'", "SiteTree.ID = 5") (Merged via: r74986)
* ![rev:70080] Fix translatable migration not writing records to Live properly (Merged via: r74986)
* ![rev:69959] Temporarily disabled cookie/session selection in Translatable::choose_site_lang() until we have a good test suite for the side effects.
* ![rev:60171] Improved DataObject::get_one to avoid PHP segfaults (Merged via: r74986)
### Enhancement
* ![rev:75815] Added page location fields in the behaviour tab, as an alternative to drag and drop
* ![rev:75814] Added page location fields in the behaviour tab, as an alternative to drag and drop
* ![rev:75793] Running TestRunner tests suites alphabetically through natcasesort() instead of using the (relatively arbitrary) class ordering from ClassInfo::getSubclassesFor() (Merged via: r75838)
* ![rev:75759] Allow selecting a single field from ComponentSet::getExtraData()
* ![rev:75742] Added DBLocale class for Translatable extension
* ![rev:75737] Added 'show deleted pages' function to CMS, with a restore page option.
* ![rev:75736] Added 'show deleted pages' function to CMS, with a restore page option.
* ![rev:75678] Adapted MigrateTranslatableTask to new Locale datamodel and fixed some inconsistencies with translation groups, duplicate records etc (Merged via: r75685)
* ![rev:75677] Added override flag to Translatable::addTranslationGroups()
* ![rev:75421] Auto-update locale values in Translatable->requireDefaultRecords() with default language when Translatable is first enabled (Merged via: r75685)
* ![rev:75351] Added nl_NL javascript translations for sapphire, see #3896 - thanks Mad_Clog (Merged via: r75685)
* ![rev:75349] Added Translatable->MetaTags() to automatically insert `<link rel="alternate" hreflang="...>` tags into the page template (Merged via: r75685)
* ![rev:75228] #3920: Alllow searching within subfolders in Files and Images section
* ![rev:75226] #3920: Alllow searching within subfolders in Files and Images section
* ![rev:75119] Allow "Yes" and "No" english text to be translated
* ![rev:75037] Added fullscreen button to WYSIWYG toolbar
* ![rev:75036] #3687: Allow the insertion of iframes (such as google maps snippets) into TinyMCEa
* ![rev:74941] Using set_up_once() in TranslatableTest and TranslatableSearchFormTest for better test run performance (Merged via: r74986)
* ![rev:74919] Removed constructor overloading in ScaffoldingComplexTableField, was reconstrcuting its own Requirements (with lots of unnecessary jQuery plugins) which should really be done by the individual form fields and the parent popup class
* ![rev:74489] add the ability that a SimpleImageField could be disabled.
* ![rev:74017] Improved deprecated fallbacks in Translatable by auto-converting short language codes to long locales and vice versa through i18n::get_lang_from_locale()/i18n::get_locale_from_lang() (Merged via: r74986)
* ![rev:73951] Translatable extension is no longer hooked up to SiteTree by default, which should improve performance and memory usage for sites not using Translatable. Please use Object::add_extension('SiteTree','Translatable') in your _config.php instead. Adjusted several classes (Image, ErrorPage, RootURLController) to the new behaviour. (Merged via: r74986)
* ![rev:73900] Unsetting class caches when using Object::add_extension() to avoid problems with defineMethods etc.
* ![rev:73884] Added Extension::get_classname_without_arguments() (Merged via: r74986)
* ![rev:73882] Added DataObjectDecorator->setOwner() (Merged via: r74986)
* ![rev:73473] Added Object::combined_static(), which gets all values of a static property from each class in the hierarchy (Merged via: r74986)
* ![rev:73469] Adjusted CMSMain and LeftAndMain to use locales instead of short lang codes when reading and writing translations. See r73468 for details on the underlying Translatable datamodel change (Merged via: r74988)
* ![rev:73468] Adjusted SearchForm, Debug, ErrorPage, SiteTree to using locales instead of lang codes
* ![rev:73467] Supporting "Locale-English" and "Locale-Native" as listing arguments in LanguageDropdownField (Merged via: r74986)
* ![rev:73466] Added Translatable::get_locale_from_lang(), Translatable::get_common_locales(), $common_locales and $likely_subtags in preparation to switch Translatable from using short "lang" codes to proper long locales
* ![rev:73345] Added CMSMain->IsTranslatableEnabled
* ![rev:73338] Added check for an existing record in Translatable->createTranslation()
* ![rev:73059] Added Object::clearCache() to clear a cache
* ![rev:73036] #3032 ajshort: Use static methods for accessing static data (Merged via: r74986)
* ![rev:72367] Using IETF/HTTP compatible "long" language code in SiteTree->MetaTags(). This means the default `<meta type="content-language...">` value will be "en-US" instead of "en". The locale can be either set through the Translatable content language, or through i18n::set_locale() (Merged via: r74986)
* ![rev:72054] Added RootURLController::get_default_homepage_urlsegment() (Merged via: r74986)
* ![rev:71795] Strip tags before limiting characters when using LimitCharacters() on HTMLText field type
* ![rev:70326] Added ErrorPage::$static_filepath to flexibly set location of static error pages (defaults to /assets) (Merged via: r74986)
* ![rev:70319] Disabled Translatab-e>augmentWrite() - was only needed for the blacklist fields implementation which is inactive for the moment
* ![rev:70308] Removed "Translating mode" status message above edit form - should be clear by the language dropdown above the CMS tree now (Merged via: r74988)
* ![rev:70307] Simplifying creation logic of new languages in CMS by reloading complete interface, rather than refreshing partial interface, language dropdown etc.
* ![rev:70306] Adding link back to original page in CMS editform for translations
* ![rev:70305] Allowing non-default language URLs to be accessed without explicitly specifying the language in GET request (Merged via: r76035)
* ![rev:70118] Made Translatable constructor arguments optional, as by default all database fields are marked translatable
* ![rev:70073] Added basic unit tests to new Translatable API
* ![rev:70072] Added a note about saving a page before creating a translation
* ![rev:69959] Showing clickable links for Translations in Translatable->updateCMSFields()
### Other
* ![rev:76019] HTMLEditorFields won't work
* ![rev:75915] BUGIFX Changed ErrorPage->publish() to doPublish->doPublish() - the publication of static HTML into the /assets directory was lagging one version behind the actual published content
* ![rev:75816] Reverted r69824
* ![rev:75813] Reverted `<div>` being added to images - r69823, r69824
* ![rev:75812] Reverted r69828
* ![rev:75784] ENHANCHEMENT: added ability for a form author to set whether user should be redirected back down the the form rather then just back to the old page
* ![rev:75738] #3927 ENHANCEMENT Added support for many-many auto-setting relations with a standard ComplexTableField
* ![rev:75703] Merged r75696 from cms/trunk
* ![rev:75702] Merged r75697 from sapphire/trunk
* ![rev:75701] Merged r75691 from jsparty/trunk
* ![rev:75700] Merged r75690 from sapphire/trunk
* ![rev:75698] Merged r75689 from jsparty/trunk
* ![rev:75660] Merged from trunk
* ![rev:75267] Reverted r75263 and r75264
* ![rev:74988] Merging refactored Translatable from trunk, and related changes to CMSMain
* ![rev:74986] Merging in refactored Translatable architecture from trunk, including related/required changesets like enhancements to Object static handling (see details below)
* ![rev:74980]
* ![rev:74969]
* ![rev:74900] Reverted r74899
* ![rev:74714] Fix resize being called an additional time for every tabstrip on the page
* ![rev:74501] Undoing changeset committed in r74490
* ![rev:74416] fix the bug in Mingle (SC #234):Users reporting a parse error when trying to open grants. also HD(1571).
* ![rev:74304] Added SiteTree onAfterRevertToLive handler
* ![rev:74092]
* ![rev:73613] Merged r71795 from trunk
* ![rev:73481] Added a syntax checking test that will use short_tags on and off and asp_tags on (Merged via: r73484)
* ![rev:73452] Fixed issue with ModelAdmin tab CSS
* ![rev:71567] 'URLSegment' on line 484 and 494 now escaped (Merged via: r74986)
* ![rev:70033] Add translation migration task (Merged via: r74986)
* ![rev:69959] Merged, debugged and enhanced Translatable patches from branches/translatable at r64523, r64523, 64523, thanks wakeless!
* ![rev:68917] Merged Requirements fix from nestedurls branch (Merged via: r74986)
* ![rev:68915] Fixed bug in Requirements::disable() (Merged via: r74986)
* ![rev:68912] Bugfixes for recent staticpublisher imports (Merged via: r74986)
* ![rev:68911] Bugfix for staticpublisher updates in trunk (Merged via: r74986)
* ![rev:68900] Static caching merges from dnc branch (Merged via: r74986)
* ![rev:61495] Fixed bug that was causing phantom pages on DNC - no need to merge, because trunk already has this (Merged via: r74986)
* ![rev:61493] Fixed bugs with redirector page error message and static publishing - it created blank 'phantom' pages at the top level (Merged via: r74986)
* ![rev:60015] Set default cache behaviour to uncached. This is a good new default behaviour and can be merged. Pages that are cacheable should call HTTP::set_cache_age() in their controller init (Merged via: r74986)
* ![rev:60007] Fixed bug with calling DataObject::flush_and_destory_cache more than once (Merged via: r74986)

View File

@ -1,65 +0,0 @@
# 2.3.3 (2009-08-03)
## Upgrading
### DataObjectDecorator::extraStatics()
DataObjectDecorator::extraStatics() can no longer refer to $this because it's called statically
## Changelog
### API Change
* ![rev:79430] #4255 sharvey: DataObjectDecorator::extraStatics() can no longer refer to $this because it's called staticly (Merged via: r81698)
### Bugfixes
* ![rev:82094] applied patch from #4381. Observable doesnt play nice with jQuery
* ![rev:82035] Fixed double up of `<span>` highlight tags around keywords in Text::ContextSummary()
* ![rev:81942] Fixed bugs in content differencer, and improved styling. BUGFIX: fixed notice when getting title of member which didnt exist. Merged from trunk r77661.
* ![rev:81894] Convert::recursiveXMLToArray() did not always check if the passed in XML is an object before calling get_class() on it
* ![rev:81883] Merged in PHP 5.3 bugfixes from trunk
* ![rev:81822] Deleted duplicate call to curl_exec() in RestfulService (merge error from r69704) (Merged via: r81823)
* ![rev:81698] #4285: Fixed static application bug that appeared in 2.3.2
* ![rev:81693] Fix static application for translatable (Merged via: r81698)
* ![rev:81676] #4285: Fixed application of decorators when add_extension not used. (Merged via: r81698)
* ![rev:81544] Calling parent constructors in ModelViewer
* ![rev:81467] Fixed Hierarchy->markChildren() to only mark nodes as unexpanded if they actually have children. This avoids UI glitches with "plus"-icons beside unexpandable nodes, and prevents batch actions and TreeNode->open() to trigger ajaxExpansion on nodes without children (from r78339) (Merged via: r81971)
* ![rev:81461] Correct behaviour if CMSMain::tellBrowserAboutPublicationChange() isn't passed a status message (Merged via: r81965)
* ![rev:81460] Fixed FileSearch parameter in AssetTableField. Pagination of filtered search results and refresh of the tabular view after saving a popup wasn't working because the search parameter wasn't retained (Merged via: r81962)
* ![rev:81450] If referrer had spaces, they would be encoded as %20, which would cause problems when interpolated into an sprintf pattern. Inject instead.
* ![rev:81262] Relax type checking in RequestHandler::checkAccessAction()
* ![rev:81173] Fixed application of parameterised extensions with Object::add_extension() (Merged via: r81698)
* ![rev:81050] prevented cms from dying when a page has no published children. Added check before stepping into the loop
* ![rev:80863] Fixed invalid HTML in AssetAdmin_uploadiframe.ss which could have an effect on file uploads
* ![rev:80382] Fixed Image_iframe.ss to use X-UA-Compatible IE7 emulation meta tag
* ![rev:80380] Fixed "method is not a string" error in Form::httpSubmission()
* ![rev:80131] Fix behaviour of FILE_TO_URL_MAPPING on Windows. (Merged via: r81883)
* ![rev:79720] Added explicit DataObjectDecorator::load_extra_statics() calls as a workaround for issues with extensions defined directly in-object. (Merged via: r81698)
* ![rev:79599] Allow extraDBFields() on decorators for compatibility, throw a deprecated notice (Merged via: r81698)
* ![rev:79433] Object::add_extension() should only load statics for extensions of DataObject, since it is specific to DataObjectDecorator (Merged via: r81698)
* ![rev:79430] #4255 sharvey: Fix application of extra db fields by DataObjectDecorators.
* ![rev:78628] Added better support for newly created records in DataDifferencer (Merged via: r81475)
* ![rev:78392] Fixed FileSearch parameter in AssetTableField. Pagination of filtered search results and refresh of the tabular view after saving a popup wasn't working because the search parameter wasn't retained (Merged via: r81962)
### Enhancement
* ![rev:81933] Updated Versioned::compareVersions() to use DataDifferencer. Merged from trunk r77660
* ![rev:81544] Checking for GraphViz dependency in ModelViewer (Merged via: r81546)
* ![rev:81475] Improvements to DataDifferencer for cmsworkflow.
* ![rev:80863] Removed JS generated from PHP code in AssetAdmin::UploadForm() and placed it into AssetAdmin_uploadiframe.ss
* ![rev:80340] simpleXML() now catches the error if you try to call it on anything other then xml. MINOR: added test to RESTFul Service
* ![rev:79404] Added better support for using DataDifferencer to look at new records. (Merged via: r81475)
* ![rev:79400] Added better support for using DataDifferencer to look at new records. (Merged via: r81475)
* ![rev:78329] Added API docs and changedFieldNames() method to DataDifferencer (Merged via: r81475)
* ![rev:77787] Allow altering of DataObject:$api_access by decorators. (Merged via: r81698)
### Other
* ![rev:81993] e:
* ![rev:81965] Merged r81461 from trunk
* ![rev:81962] Merged r81460 from trunk

View File

@ -1,43 +0,0 @@
# 2.3.4 (2009-11-27)
## Changelog
### New Features
* [rev:84085] Allow different user groups to have different HtmlEditorConfigs
* [rev:83631] Allow file size/extension limits to apply to the admin user as
### API Change
* [rev:91610] BasicAuth::requireLogin() no longer has an option to automatically log you in. You can call logIn() on the object returned, instead. (from r91603)
* [rev:91130] move SubscribeSumission.ss from cms module to newsletter module, cos it is only used by newsletter module.
* [rev:91034] Added SapphireTest::logInWithPermission() (merged from r89209)
* [rev:88176] Added no-arg option to increase_memory_limit_to() (from r80241)
* [rev:84594] Template codes can no longer be used in emails except when using .ss files.
* [rev:84157] Make Object::uninherited_static() have a separate execution path to Object::get_static(), for more reliable operation. The intention is that for any given static, you either use Object::get_static() or you use Object::uninherited_static() - not both. (from r84151, r84155, r84156)
### Bugfixes
* [rev:93483] fix for multiple EmailField validation on one form. Merged via r78565
* [rev:91660] Made use of new BasicAuth::protect_entire_site() consistent. (from r91658)
* [rev:91611] Don't enable site-wide protection by default (from r91609)
* [rev:89612] Added rewriteHashlinks = 'php' option to SSViewer so that static publisher can handle internal hashlinks properly.
* [rev:89611] Added rewriteHashlinks = 'php' option to SSViewer so that static publisher can handle internal hashlinks properly.
* [rev:88281] Ensure ASSETS_PATH is respected
* [rev:87869] Pass locale rather than language to spellchecker_languages
* [rev:87867] Always choosing translatable default language in CMSMain->init() for TinyMCE spell checking. Always setting ->Locale in order to have it available for the spell checking (from r81716)
* [rev:87458] #4579: Translatable's call to new LanguageDropdownField() broked (from r87456)
* [rev:86573] fixed typo in pagecomment which meant commenter url was not saved. BUGFIX: updated protector to use new format
* [rev:86325] Fixed Links to Moderate Comments from the CMS and front end. MINOR: removed complextable functions which no longer get called, moved logic to the PageComment Class
* [rev:86202] was being passed to foreach without a check to see if it's an array or not.
* [rev:85779] Fixed Member::sendInfo() assumptions that broke with an API change in r84594
* [rev:85632] findByTagAndAttribute is unintentionally expanding any php found in the href/src components its regex extracts. Changed double quotes to single quotes to fix this.
* [rev:84957] Tied rollback action to edit, rather than publish, permission, since it only involves editing the draft site.
* [rev:84380] Fixing the comment's author website url being converted to lowercase: now case is not affected.
* [rev:84332] Added required javascript files (behaviour, prototype, prototype_improvements) to the Field() method of TreeDropdownField.php
* [rev:84320] Added required javascript files (behaviour, prototype, prototype_improvements) to the Field() method of TreeSelectorField.php
* [rev:83587] Object subclasses with a constructor that didn't already will now call parent to respect inheritance
* [rev:83586] CMSMenuItem constructor now calls parent to respect inheritance
* [rev:83579] Fixed FilesystemPublisher::__construct() not calling parent::__construct() and breaking DataObjectDecorator::load_extra_statics()

View File

@ -1,15 +0,0 @@
# 2.3.5 (2010-01-21)
## Changelog
### Bugfixes
* [rev:97221] BUGFIX: add if condition for window.ontabschanged() call
* [rev:97074] BUGFIX Attribute escaping in PageCommentInterface_singlecomment.ss
* [rev:96962] BUGFIX: fixed overlapping buttons in modeladmin.
* [rev:96959] BUGFIX: fixed layout issue when tinymce event handler was not removed before the load request. Removed back button display when no history existed
* [rev:96998] BUGFIX: fixed TaskRunner generating link with 2 slashes
### Minor
* [rev:97004] MINOR: fixed notice level error when ImageSource isnt set

View File

@ -1,40 +0,0 @@
# 2.3.6 (2010-02-08)
## Changelog
### Features and Enhancements
* [rev:98081] Removed dev/reset, instead encouraging the use of dev/tests/startsession for tests.
* [rev:98081] Let people use dev/tests/startsession without a fixture, instead calling requireDefaultRecords
### API Changes
* [rev:98375] HTTP::setGetVar() always returns absolute URLs. Use Director::makeRelative() to make them relative again. (merged from r98373)
* [rev:98375] HTTP::setGetVar() combines any GET parameters in PHP array notation (e.g. "foo[bar]=val") instead of replacing the whole array (merged from r98373)
### Bugfixes
* [rev:98405] #5044 Hierarchy::loadDescendantIDListInto() now uses Object::getExtensionInstance('Hierarchy') instead of going through call(), as PHP 5.3 has issues converting references to values
* [rev:98405] Fixed Hierarchy->loadDescendantIdList() to call setOwner() on the extension instance. This was necessary due to underlying Object/Extension changes in 2.4. (merged from r98403)
* [rev:98375] HTTP::setGetVar() uses parse_url() and http_build_query() to add query parameters to an existing URL, instead of doing its own regex-based parsing. This means existing GET parameters are correctly url encoded. (merged from r98373)
* [rev:98273] Don't force SSL when running from CLI
* [rev:98230] Disabled ?debug_profile=1 on live environment types (merged from r80057)
* [rev:98229] Limiting ?debug_memory parameter to development environments through using Debug::message() instead of a straight echo() (merged from r74067)
### Minor changes
* [rev:98410] Fixed HTTPTest->testSetGetVar() (merged from r98409)
* [rev:98408] Fixed HTTPTest->testSetGetVar() (merged from r98407)
* [rev:98405] Added test case for Hierarchy::getDescendantIDList() which also tests Hierarchy::loadDescendantIDListInto() (merged from r98369)
* [rev:98405] Testing of grand-children items in HierarchyTest::testLoadDescendantIDListIntoArray() and HierarchyTest::testNumChildren() (merged from r98376)
* [rev:98405] Fixed HierarchyTest assertions around including grand children counts (merged from r98403)
* [rev:98384] Fixed HTTPTest when invoked through dev/tests/all or with GET parameters (see r98373) (merged from r98383)
### Other
Created with:
<code>./sscreatechangelog --version 2.3.6 --branch branches/2.3 --stopbranch tags/2.3.5</code>

View File

@ -1,12 +0,0 @@
# 2.3.7 (2010-03-18)
## Changelog
### Bugfixes
* [rev:101229] Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.
* [rev:101229] Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing. (from r101227)
* [rev:100744] Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704) (from r100717)
Created with:
<code>./sscreatechangelog --version 2.3.7 --branch branches/2.3 --stopbranch tags/2.3.6</code>

View File

@ -1,55 +0,0 @@
# 2.3.8 (2010-07-23)
No overview noted.
## Upgrading Notes
See API Changes below
### Security: File->setName() and File->Filename handling
See [2.4.1](2.4.1#securityfile-_setname_and_file-_filename_handling)
### Security: Disallow direct execution of *.php files
See [2.4.1](2.4.1#securitydisallow_direct_execution_of_php_files)
## Changelog
### Features and Enhancements
* [rev:108062] Added File::$allowed_extensions (backport from 2.4 to enable File->validate() security fix)
* [rev:103684] Allowing !TestRunner? to skip certain tests through the ?!SkipTests?=... GET paramete (merged from branches/2.3-nzct) (from r80646)
* [rev:103659] do not show comments that need moderation in the comment rss feed
### API Changes
* [rev:108062] Don't reflect changes in File and Folder property setters on filesystem before write() is called, to ensure that validate() applies in all cases. This fixes a problem where File->setName() would circumvent restrictions in File::$allowed_extensions (fixes #5693)
* [rev:108062] Removed File->resetFilename(), use File->updateFilesystem() to update the filesystem, and File->getRelativePath() to just update the "Filename" property without any filesystem changes (emulating the old $renamePhysicalFile method argument in resetFilename())
* [rev:108062] Removed File->autosetFilename(), please set the "Filename" property via File->getRelativePath()
### Bugfixes
* [rev:108045] Don't allow direct access to PHP files in mysite module. (from r108029)
* [rev:108044] Don't allow direct access to PHP files in cms module. (from r108028)
* [rev:108043] Don't allow direct access to PHP files in sapphire module, except for main.php and static-main.php (from r108023)
### Minor changes
* [rev:108062] Added unit tests to !FileTest and !FolderTest (some of them copied from !FileTest, to test Folder behaviour separately)
* [rev:108046] Partially reverted r108045, mistakenly committed !RewriteBase change
* [rev:108040] Added .mergesources.yml
* [rev:103897] Added querystring option to Makefile (from r103884)
* [rev:103895] Added querystring option to Makefile (from r103746)
* [rev:103528] sort page comment table by Created field - show newest entries first
* [rev:103521] Fixed !FileTest execution if the assets/ directory doesn't exist. (from r88353) (from r98086)
* [rev:103447] Fixed js applying to non-tinymce textarea fields in !ModelAdmin.js (fixes #5453)
* [rev:103362] Fixed js applying to non-tinymce textarea fields in !ModelAdmin.js (fixes #5453)
* [rev:103348] added moderation message for non-ajax mode
* [rev:101258] Fixed missing closing `<div>` in !ContentController->successfullyinstalled() (from r101254)
`./sscreatechangelog --version 2.3.8 --branch branches/2.3 --stopbranch tags/2.3.7`

View File

@ -1,52 +0,0 @@
# 2.3.9 (2010-11-11)
## Overview
* Fixed a security issue where destructive controller actions are not correctly secured against Cross-Site Request Forgery (CSRF). This affects various CMS interfaces, as well as classes based on TableListField or ComplexTableField.
* Compatibility with PHPUnit 3.5
See [2.4.3](2.4.3)
## 2.3.9 Changelog
### Features and Enhancements
* [rev:113305] Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken() (from r113284)
* [rev:113293] Added !SecurityToken to wrap CSRF protection via "SecurityID" request parameter (from r113272)
* [rev:111834] refactored runTests, using the new phpunit wrapper classes.
* [rev:111832] Created a phpunit wrapper class to ensure that Sapphire's test framework is capable of running unit tests, coverage report and retrieve clover-statistics for PHPUnit 3.4 and PHPUnit 3.5
### API Changes
* [rev:113321] Using Controller::join_links() to construct links in !ComplexTableField and !TableListField (partially merged from r88495, r96775)
* [rev:113318] Fixed various controllers to enforce CSRF protection through Form_!SecurityToken on GET actions that are not routed through Form->httpSubmission(): !AssetAdmin, CMSBatchActionHandler, CMSMain, !CommentTableField, !LeftAndMain, !MemberTableField, !PageComment, !PageComment_Controller (from r113282)
* [rev:113297] Added security token to !TableListField->Link() in order to include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection (from r113275)
### Bugfixes
* [rev:113319] Fixed Controller::join_links() handling of fragment identifiers (merged from r104580)
* [rev:113302] Clear static marking caches on Hierarchy->flushCache() (from r113277)
* [rev:113301] Fixed !ComplexTableField and !TableListField GET actions against CSRF attacks (with Form_!SecurityToken->checkRequest()) (from r113276)
* [rev:113294] Using current controller for !MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group) (from r113273)
* [rev:113158] Add PHPUnit includes to !SapphireTest class (can be loaded outside of !TestRunner for static calls, in which case the PHPUnit autoloaders/includes aren't in place yet) (merged from r113156)
* [rev:111837] Using mock controller in !RestfulServiceTest to avoid problems with missing require() calls for PHPUnit/Framework.php (performed in recently merged PHPUnitWrapper::init() which is never called for "nested" true HTTP calls within unit tests). Mostly merged from branches/2.4.
* [rev:111836] Renamed PHPUnit wrappers not to use underscores in classnames, as this confuses !ManifestBuilder prior to the 2.4 release
### Minor changes
* [rev:113361] Fixed regression from r113282 for changed !SecurityToken API in CMSMain->publishall() (fixes #6159) (from r113360)
* [rev:113312] Using !SecurityToken in !ViewableData->getSecurityID() (from r113274)
* [rev:113308] Removed unused !SecurityAdmin->!MemberForm() and savemember() (see !MemberTableField) (from r113281)
* [rev:113307] Removed unused !SecurityAdmin->removememberfromgroup() (see !MemberTableField) (from r113279)
* [rev:113303] Reverted commented out code (regression from r113293)
* [rev:113298] Fixed HTTPRequest class usage (regression from r113293)
* [rev:111835] added phpdoc to the new PHPUnitWrapper classes.
### Other
* [rev:111833] API-CHANGE: remove include which is not required.
* [rev:111831] ENHACENEMENT: Change behaviour of the !MenufestBuilder to use spl_autoload_register instead of traditional __autoload.

View File

@ -1,861 +0,0 @@
# 2.4.0 (2010-05-05)
## Overview
* Support for hierarchical URLs
* Support for MSSQL server database abstraction (via a separate module)
* A "SiteConfig" record stores site-wide settings and default permissions and author groups for pages
* "Permission Roles" are a simple way to combine multiple permission codes and assign them to groups in the Security interface. This makes permissions easier to maintain and less repetitive to set up.
* The CMS searches for broken internal links to other pages and broken file references, and highlights them in the WYSIWYG editor
* Dramatically reduced memory usage in CMS tree on larger sites (10,000+)
* Performance improvements around Object and ViewableData property access.
* Improved Shortcode API to allow for custom tag parsing in CMS content
* More fine-grained permission control for translators
* Improved unit test execution speed, increased number of tests cases by 30%
* Better XSS security of the autologin token by using HTTPOnly cookies, more secure brute force login restrictions
* Decreased memory usage in "Files & Images" section
* Support for SQLite and PostgreSQL databases (via separate module)
* Partial caching in templates, to allow for faster load times of certain aspects in dynamic pages.
* Upload controls in the CMS no longer require the Adobe Flash plugin, and work again on Mac OSX.
* File and page dropdown selections support inline searching, to make handling larger tree structures easier.
* Fixed password hashing design flaw, which makes SilverStripe databases more portable between different server architectures.
* Improved reporting API to unify the CMS sidebar reports and full-page reports on their own section. Its easier to add custom filters to reports.
* Batch action handling handles larger tree structures, provides better visual feedback, and respects permissions on individual pages.
* Global site configuration is translatable, meaning titles for your website can be in different languages without any switching in your templates.
* Allow selection of themes through the site configuration interface (in addition to changing the theme via configuration code)
* More fine-grained translation permissions: A group can be limited to only edit a certain language in the CMS.
* Added dropdown to choose from existing anchor links when inserting a link from the CMS sidebar.
* Team members can get permissions to see the draft version of a page in preview mode without requiring CMS access.
* Pages of type "Virtual Page" have improved stability in regards to their permission control, translation and publication.
* Improved broken link detection (''talk to Andy for more info'')
* Removed the jsparty/ toplevel folder, and moved all its dependencies into sapphire/thirdparty and cms/thirdparty
* More than 350 bugfix and enhancement commits, and 200 minor changes.
## Upgrading
In preparation for the pending release of 2.4.0 the following page contains all the information you need to know about
the changes that have been undertaken.
This page **doesn't include new features of 2.4.0** as such, just functionality that has changed or been removed since
2.3.
Before you start upgrading you should always backup your site directory and the database. Once you have a backup made
remove the `cms/`, `sapphire/` and `jsparty/` folders then copy in the new `cms/` and `sapphire/` folders from
your 2.4 download.
### Removed jsparty
The rather unorganised top level `jsparty/` folder has been removed from the core distribution and files separated to `cms/thirdparty` and `sapphire/thirdparty`. If your custom code referred to files in `jsparty` you will have to
update the links to the new location (either `sapphire/thirdparty/` or `cms/thirdparty/`).
Thirdparty files which aren't used in any core features have also been removed such as jquery-validate. If you reference
any files at all from `jsparty` you should double check your paths.
### Removed Classes
As part of our effort to tidy the core product we have removed several classes which we believed didn't warrant
inclusion in the official release. They either were out of date functionality or superseded or just didn't justify
inclusion. Where needed we have moved the files to individual modules. Also note several field types which were due for
deprecating have been kept due to use within the CMS (''UniqueTextField'', `UniqueRestrictedTextField`). These however
are going to be removed for the next major release.
| Class name | | Comment |
| ---------- | | ------- |
| `AjaxFormAction` | | |
| `BankAccountField` | | moved to [formfields_nz](http://open.silverstripe.org/browser/modules/formfields_nz) module |
| `CalendarDateField` | | use `DateField` with ''setConfig('showcalendar', true)'', moved to [legacydatetimefields](http://open.silverstripe.org/browser/modules/legacydatetimefields/trunk) module |
| `CompositeDateField`, `DMYDateField` | | use `DateField` with ''setConfig('dmyfields', true)'', moved to [legacydatetimefields](http://open.silverstripe.org/browser/modules/legacydatetimefields/trunk) module |
| `ConfirmedFormAction` | | |
| `DMYDateField` | | |
| `DropdownTimeField` | | use `TimeField` with ''setConfig('showdropdown', true)'', moved to [legacydatetimefields](http://open.silverstripe.org/browser/modules/legacydatetimefields/trunk) module |
| `Email_Template` | | use `Email` instead |
| `GhostPage` | | |
| `GSTNumberField` | | moved to [formfields_nz](http://open.silverstripe.org/browser/modules/formfields_nz) module |
| `HiddenFieldGroup` | | |
| `PDODatabase` | | |
| `PermissionDropdownField` | | |
| `PopupDateTimeField` | | use `DatetimeField`, moved to [legacydatetimefields](http://open.silverstripe.org/browser/modules/legacydatetimefields/trunk) module |
| `ReportField` | | |
| `TypeDropdown` | | |
Some date/time field implementations were completely refactored, and their old implementations moved to the
[legacydatetimefields](http://open.silverstripe.org/browser/modules/legacydatetimefields/trunk) module:
| Class name | | Comment |
| ---------- | |------- |
| `LegacyDateField` | | old version of `DateField`, renamed to avoid conflicts with new `DateField` |
| `LegacyTimeField` | | old version of `TimeField`, renamed to avoid conflicts with new `TimeField` |
### Removed SWFUpload
SWFUpload has been removed from the core package due to ongoing issues with supporting it. The CMS Content Editors
upload has been rewritten to use jQuery so no 2.3 functionality has been lost but if your module made use of this
library, then you will need to bundle it within your module. Related files which have been removed as a side effect of
this - `Upload.js`, `TinyMCEImageEnhancements.js`, `SWF_Upload.js` and `CMSMain_Upload.js`.
### Renamed Classes
We undertook some major work to reduce classname conflicts. Some classes have been namespaced with 'SS' to reduce
conflicts with other code. A couple notes - even though the classes have been renamed to `SS_`<ClassName>` the class is
still contained within the `ClassName.php'' file (no `SS_` prefix)
| Original class name | | New class name |
| ------------------- | | -------------- |
| `Report` | | `SS_Report` |
| `HTTPRequest` | | `SS_HTTPRequest` |
| `HTTPResponse` | | `SS_HTTPResponse` |
| `HTTPResponse_Exception` | | `SS_HTTPResponse_Exception` |
| `Database` | | `SS_Database` |
| `Query` | | `SS_Query` |
| `SSDateTime` | | `SS_Datetime` |
| `Backtrace` | | `SS_Backtrace` |
| `Cli` | | `SS_Cli` |
| `Log` | | `SS_Log` |
| `LogEmailWriter` | | `SS_LogEmailWriter` |
| `LogErrorEmailFormatter` | | `SS_LogErrorEmailFormatter` |
| `LogErrorFileFormatter` | | `SS_LogErrorFileFormatter` |
| `LogFileWriter` | | `SS_LogFileWriter` |
| `ZendLog` | | `SS_ZendLog` |
| `HTMLValue` | | `SS_HTMLValue` |
### Nested URLs enabled by default
When using our installer, the "nested URLs" feature will be enabled by default by a setting in *mysite/_config.php* (see
[blog
post](http://www.silverstripe.org/preview-of-silverstripe-2-4-hierarchical-urls-a-developer-community-contribution/)).
You can enable it manually for existing websites. Existing URLs will automatically change to the nested format without
republication (your old URLs should redirect automatically).
:::php
SiteTree::enable_nested_urls();
### SiteTree->Link() instead of SiteTree->URLSegment
Relating to the "nested URLs" feature, all *SiteTree* URLs should be accessed via *SiteTree->Link()* instead of using
the property *SiteTree->URLSegment* directly.
### Removed SiteTree::$add_action
`$add_action` on Pages has been removed. If you want to define your own custom title for pages then you use
"`<myclassname>`.TITLE" in the i18n language tables instead or define your add action using `singular_name()`
:::php
// using the lang tables
$lang['en_US']['RedirectorPage']['TITLE'] = "Redirector Page";
// using singular_name()
function singular_name() { return "Redirector Page"; }
### Removed dev/reset
Use `dev/tests/startsession` to create a new temporary database, or custom database tools like phpMyAdmin to
completely drop a database.
### Registering reports through SS_Report::register()
Removed `ReportAdmin->getReportClassNames()` in favour of `SS_Report::register()` to add custom reports to the CMS
(see [r98175](http://open.silverstripe.org/changeset/98175), [r98215](http://open.silverstripe.org/changeset/98215))
:::php
// in your _config file
SS_Report::register("SideReport", "SideReport_NameOfReport");
### Fulltext Search and Indexes disabled by default
As of SilverStripe 2.4.0, no search engine is included by default. If you want to use a search engine, you should
enable it with this command in your _config.php:
:::php
FulltextSearchable::enable();
This will add a *SearchForm()* and *results()* method in your *Page_Controller*, as well as set up common fields
like SiteTree.Content to be indexed.
Note: Results may vary with database drivers other than *MySQLDatabase*.
### Object Extension Instances
When working with extension instances directly on the extended object, please use the new *getExtensionInstances()*
getter. You need to manually call *setOwner($this)* before using the instance.
Base setup:
:::php
class MyExtension extends Extension {
function myExtensionMethod() { // ... }
}
Object::add_extension('MyObject', 'MyExtension');
Wrong:
:::php
class MyObject extends DataObject {
function myExtensionMethod() {
$ext = $this->extension_instances['MyExtension'];
return $ext->myExtensionMethod();
}
}
Right:
:::php
class MyObject extends DataObject {
function myExtensionMethod() {
$ext = $this->getExtensionInstance('MyExtension');
$ext->setOwner($this);
$ext->myExtensionMethod();
}
}
### HTMLEditorField (TinyMCE) stores content as UTF8 instead of HTML Entities
Prior to 2.4.0, the TinyMCE JavaScript library would store a subset of special characters as HTML entities (see [TinyMCE
Configuration](http://wiki.moxiecode.com/index.php/TinyMCE:Configuration/entities)). SilverStripe expects UTF8 for user
input in the CMS, database storage as well as output. We have made this behaviour more consistent by converting the
TinyMCE entities back into UTF8 for database storage.
### MySQL character set to UTF8 on new installations
The MySQL character set for SilverStripe used to be the database default (often "latin1", sometimes "utf8"). While all
textual database columns created by SilverStripe have been storing their content as "utf8" already in earlier releases,
MySQL fulltext search might not return the desired results with special characters (see
[#3582](http://open.silverstripe.org/ticket/3582)).
For new installations with a MySQL database backend, this will be set automatically to "utf8" by the installer in
*mysite/_config.php*. For existing sites built with SilverStripe 2.3, add the following code to your
*mysite/_config.php*.
:::php
MySQLDatabase::set_connection_charset('utf8');
No conversion of existing database schemas or content should be necessary.
### MySQL 5.0+ or newer required
See [server-requirements](/getting_started/server_requirements).
### BASE_PATH constant
Use `BASE_PATH` and `BASE_URL` instead of data from `$_SERVER` to calculate the base script path.
### Interface Change: "Site Content" tab renamed to "Pages"
The headlines of the left-hand tree panels have been changed accordingly.
### Data Migration: Files and Images
Existing files and images inside the Assets folder may not be displayed when you visit the 'Files & Images' tab in the
CMS. If you get an error message when clicking through the folders in the site tree, this can be resolved by deleting
the content in the 'File' table in the database, and then clicking the 'Look for new files' button.
### Data Migration: User-defined forms
If you get errors in the User-define forms module, check that there is no column called 'CustomParameter' present in
either of the 'EditableFormField', 'EditableFormField_Live' or 'EditableFormField_versions' tables.
You need to login to your database management system (for example phpmyadmin) and delete the 'CustomParameter' column
from the EditableFormField table.
## Changelog
### Features and Enhancements
* [rev:104093] Add dev/build/defaults to call requireDefaultRecords
* [rev:103730] use FileSystem class to create cache directory to unsure the right permissions are set
* [rev:103710] MemberLoginForm::performLogin() now uses the authenticator_class variable set in subclasses of MemberLoginForm, without having to overload performLogin()
* [rev:103708] create cache directory when it does not exist before running the cache build test
* [rev:103581] Added i18n::set_default_locale() to set standard locale (which is different from "current locale" retrieved through i18n::get_locale())
* [rev:103466] make the getTree ajax call more generic so it get local from its containing form, rather than hard-coded "Form_EditForm_Locale" cos the field is not only used in "EditForm"
* [rev:103465] to make the FileIFrameField and TreeSelectionField easy to use in CMS with Translatable on.
* [rev:103328] Automatically checking all "CMS section" checkboxes in PermissionCheckboxSetField.js when "Access to all CMS interfaces" is selected. Saving these permissions individually also resolves certain edge cases like #5438.
* [rev:103250] added tests for checking the change password functionality, including the resulting redirection (from #5420)
* [rev:103229] allow ChangePasswordForm to redirect to BackURL (from #5420)
* [rev:103198] allow onAfterPublish and onBeforePublish handlers directly on Page classes (#5112)
* [rev:103047] allow to check for any changed fields on the DataObject, this is expected behaviour when isChanged function is called without parameters (#5421, patch by walec51)
* [rev:102899] added language (Ticket #5390)
* [rev:101871] Updated automatic regression tests (Salad)
* [rev:101670] RedirectorPage ExternalURL field now defaults to http:// to be consistent with the "Another website" option for HtmlEditorField LinkForm
* [rev:101661] tidied up installer process to streamline process. Moved requirements to top and button to bottom and added visual seperation of the individual steps
* [rev:101381] refactored requirements section to hide successful tests
* [rev:101378] Added links to installation introduction text for sources of help and suggested web hosts
* [rev:101246] Improved wording and styling in installer. Added links to server requirements, themes download, tutorial. Decreased vertical space before the "install" button to make it more obvious.
* [rev:101127] Added 'Dependent pages' tab to CMS, to show virtuals, redirectors, and backlinks that point to this page.
* [rev:101054] Allowing SQLite selection in installer
* [rev:101054] Moved all Javascript containedin install.php and config-form.html to install.js, and using jQuery to simplify logic
* [rev:101054] Allow installer to attach custom form fields based on the install driver (as defined in _register_database.php)
* [rev:100989] If no arguments specified for cli-script.php/sake, then provide a friendly message to the user on where to get help
* [rev:100966] MoneyField currency dropdown can be made from an associate array like array('NZD'=>'New Zealand Dollor', 'USD'=>"United States Dollor') as well
* [rev:100940] Added help text for "locale" setting in installer
* [rev:100937] Redirecting to translated page when original is requested with a 'locale' GET parameter (e.g. 'about-us/?locale=de_DE' will redirect to 'ueber-uns' with a 301 HTTP response). Implemented in ContentController->handleRequest(). (see #5001)
* [rev:100908] Added DatabaseAdapterRegistry::unregister() to remove a database from the registry
* [rev:100902] Added _register_database.php to sapphire which sets the SS provided databases for DatabaseAdapterRegistry
* [rev:100893] Added Hebrew (he_IL) language to sapphire (thanks Oren, Yotam, tzvika, Amir, ohad)
* [rev:100893] Added Lithuanian (lt_LT) language to sapphire (thanks Irmantas, Mindaugas, Donatas, Andrius)
* [rev:100892] Added Hebrew (he_IL) language to cms (thanks Oren, Yotam, tzvika, Amir, ohad)
* [rev:100892] Added Lithuanian (lt_LT) language to cms (thanks Irmantas, Mindaugas, Donatas, Andrius)
* [rev:100884] Using jquery.live instead of livequery for SelectionGroup.js
* [rev:100852] Updated jquery.ondemand.js to sapphire trunk version, to ensure compatibility with jQuery 1.4.2
* [rev:100849] Only defining document.getElementsByClassName() in prototype.js if no native implementation exists (which speeds up the CMS). Ported from 'jquery13' module, thanks Hamish
* [rev:100847] Updated jquery.livequery from v1.0.2 to v1.1.1 (located in sapphire/thirdparty/jquery-livequery/
* [rev:100846] Updated jquery.metadata from ~v.1.0 to v2.1 (located in sapphire/thirdparty/jquery-metadata
* [rev:100845] Updated jQuery.form library from v2.08 to v2.40 (located in sapphire/thirdparty/jquery-form
* [rev:100844] Updated jQuery library from v1.2.6 to v1.4.2 (located in sapphire/thirdparty/jquery/
* [rev:100799] Creating default "Content Authors" group with limited rights if no other groups exist.
* [rev:100776] Better editing of roles through SecurityAdmin instead of a new "Roles" tab. Removed (previously unreleased) PermissionRoleAdmin. (see #4757)
* [rev:100774] Allowing custom popup requirements in ComplexTableField without subclassing through $requirementsForPopupCallback
* [rev:100771] Respecting SecurityAdmin::$hidden_permissions in PermissionRole->getCMSFields()
* [rev:100769] you can now choose your site locale at install time
* [rev:100753] Added 'updateImageForm', 'updateFlashForm', 'updateLinkForm' hooks to HtmlEditorField (the imageform hook was necessary to make the 'pixlr' module work) (see #3938)
* [rev:100696] show all database systems we support, along with messages if the user cannot use them. Also allow 3rd parties to register their own database classes to appear in this list.
* [rev:100536] Stored combined files in assets/_combinedfiles by default
* [rev:100529] Combined files now live in assets/.combinedfiles by default
* [rev:100528] #3387 Requirements now has a new static function called Requirements::set_combined_files_folder() for setting where the combined files should belong
* [rev:100453] #4599 DataObjectSet now uses more array functions instead of performing equivalent tasks - thanks simon_w!
* [rev:100423] Convert JSON functions now use the Services_JSON library where appropriate instead of custom code, and if json_decode() or json_encode() are available these are used
* [rev:100400] #5072 RSSFeed_Entry::rssField() now respects custom getters on the data class
* [rev:100327] allow ordering of page commented to be configurabled
* [rev:100058] AssetAdmin now uses Upload_Validator instead of setting the rules directly on Upload
* [rev:99954] you can now do coverage tests of single/multiple tests, or entire modules
* [rev:99942] fixed forward button underneath result form
* [rev:99929] #4787 Widget now respects updateCMSFields on extension classes so additional fields can be add (or existing ones removed)
* [rev:99845] #4043 Allow setting the from address for debug information in SS_LogEmailWriter - thanks Hamish!
* [rev:99841] #5024 Installer now checks that the user has entered a username and password correctly for the default admin, an additional button for re-checking requirements is now found at the bottom of the admin configuration section
* [rev:99841] Error messages for database AND admin configuration are now in the same place at the top of the installer
* [rev:99737] Allow DataObjectSet to remove duplicates based on any field (#5094, thanks mobiusnz) (from r99736)
* [rev:99692] Disabling/checking permission checkboxes in admin/security when 'ADMIN' permission is selected
* [rev:99690] Saving group relations on SecurityAdmin->EditForm()/RootForm() through TreeMultiselectField instead of hidden 'Group'/'GroupID' values (from r99579)
* [rev:99688] Saving MemberTableField through new 'Groups' field added in Member->getCMSFields(). (from r98882)
* [rev:99679] added new PageCommnet to yml so we have different amounts of moderated/unmodereated
* [rev:99677] Making setting optional in MemberTableField. Field instances without will list all members unfiltered, and remove members from the database rather than the group relation.
* [rev:99677] Allow disabling of 'inline add' formfields in a MemberTableField through setPermissions(array('inlineadd')) (from r98825)
* [rev:99667] Only show 'HTML Editor Config' dropdown in Group->getCMSFields() if more than one option exists
* [rev:99666] Showing checkboxes as disabled for inherited roles in Group->getCMSFields() (from r99597)
* [rev:99664] Added OptionsetField->setDisabledItems() to allow specifically disabling certain checkboxes
* [rev:99664] Added CheckboxSetField->setDefaultItems() to tick specified checkboxes regardless of the value passed (from r99596)
* [rev:99662] Showing (readonly) permissions for a Member record in admin/security popup (from r99586)
* [rev:99660] PermissionCheckboxSetField_Readonly (with all checkboxes disabled)
* [rev:99660] Added 'assigned to...' label to group permissions in PermissionCheckboxSetField - used in Member->getCMSFields() readonly permission view (from r99585)
* [rev:99658] Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584)
* [rev:99648] View and select groups for a specific member via the member popup in admin/security (requires EDIT_PERMISSIONS) (from r98880)
* [rev:99361] Allow locale/dateformat specific reordering of day, month, year input fields in DateField
* [rev:99360] New DatetimeField class (form field wrapper composed of DateField andTimeField)
* [rev:99360] New DateField and TimeField form classes with more consistent API and easier localization
* [rev:99360] Using Zend_Date for DateField and TimeField, with more robust date handling, starting localization support. Set globally via i18n::set_locale(), or for a field instance through setLocale(). Note: Javascript validation is not localized yet.
* [rev:99302] SiteTree::batch_permission_check() populates its own cache (from r97900)
* [rev:99117] set file metadata on upload. (from r97780)
* [rev:99106] set file metadata on upload. (from r97780)
* [rev:99088] Add close link (from r97751)
* [rev:99080] Add Link to silverstripe navigator (from r97407)
* [rev:99069] added PageComment for CommentAdminTest
* [rev:99066] CommentAdmin unitest
* [rev:99047] Make navigator items more overloadable (from r97376)
* [rev:99046] Refactor links in $SilverStripeNavigator so modules can add extras (from r97299)
* [rev:98756] Added help texts for MemberImportForm and GroupImportForm (merged and rewritten from r98750)
* [rev:98737] Allow extension of LeftAndMain->getEditForm() (and subclasses) through a new updateEditForm() hook (see r98736 for additions to AssetAdmin and CMSMain)
* [rev:98736] Import groups from CSV in admin/security through the new GroupImportForm class (and GroupCsvBulkLoader) (merged and rewritten from r98711)
* [rev:98735] Allowing custom 'root forms' when id values '0' or 'root' are passed from the tree selection. (rewritten from r98710)
* [rev:98732] Import members and their group assignments from CSV in admin/security through the new MemberImportForm class (merged from r98708)
* [rev:98715] Added GroupCsvBulkLoader class to facilitate group imports with permission codes and hierarchy (merged from r94252)
* [rev:98714] MemberCsvBulkLoader for easy member import with group associations (merged from r94251)
* [rev:98713] Added BulkLoader->deleteExistingRecords(), removed unnecessary parameters from BulkLoader->load() (merged from r94250)
* [rev:98713] Decreased memory usage in BulkLoader->load() when deleting all records before importing (merged from r94250)
* [rev:98677] Added checkbox to switch off using the environment during install if it's available
* [rev:98659] #3903 Initial changes to installer to support selection of different database drivers
* [rev:98656] you can now pass arbitrary CURL options to the request() method of RestfulService.
* [rev:98469] Add HTMLCleaner abstract class, and Diff::cleanHTML()
* [rev:98428] Allow overriding TableListField_Item on TableListField by setting the property itemClass
* [rev:98268] Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4).
* [rev:98219] roll batch permissions in to a generic function (from r97748)
* [rev:98211] batchactions can now implement confirmationDialog() to provide a custom confirmation dialog to the front end.
* [rev:98180] Allow for custom generation of SSReport::ID() for parameterised reports.
* [rev:98179] Removed broken links reports from sidebar (in anticipation of adding them to the main reporting area) (from r95954)
* [rev:98173] Improved look and feel for report filtering
* [rev:98165] Performance improvement to CMS load time with many pages. (from r95490)
* [rev:98159] added canAddTopLevel permission to SiteConfig to determine which users/groups can add pages to the root of the sitetree. (from r87279)
* [rev:98156] audit trails
* [rev:98156] ability to parameterize SSReport's (from r85903)
* [rev:98132] Allow sort descending as well as ascending. (from r96054)
* [rev:98110] Allow user theme selection through SiteConfig, falling back to SSViewer::set_theme() as a default if there are none selected
* [rev:98104] Improved TableListField header styling. (from r96028)
* [rev:98102] Add a function to give link to Live site (from r95948)
* [rev:98091] ManifestBuilder::get_manifest_info() now uses ManifestBuilder::get_themes() instead of doing it's own retrieval of available themes
* [rev:98080] Removed dev/reset, instead encouraging the use of dev/tests/startsession for tests.
* [rev:98080] Let people use dev/tests/startsession without a fixture, instead calling requireDefaultRecords
* [rev:98041] added support for MySQL data type SET used in MultiEnum FEATURE: added datetime helper functions
* [rev:98025] add 'view site tree as' functionality.
* [rev:97896] 2.4 tickets (#4670) new permission code to view draft w/o CMS access
* [rev:97895] 2.4 tickets (#4670), new permission code to view draft stage w/o CMS access
* [rev:97819] Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch
* [rev:97793] removed the situation, when the user is left with empty search box and empty dropdown.
* [rev:97792] use Validator::get_javascript_validator_handler() to check if the handler is turned on before doing either js or php validation
* [rev:97765] Select the uploaded image after uploading by default. #4962
* [rev:97745] adapt the page dropdown based off the allowedChildren values
* [rev:97606] Added hover states to "Available widgets" boxes in the CMS for usability
* [rev:97602] Added visual elements to aid in the usability of the WidgetAreaEditor
* [rev:97601] CMS Editor Upload panel now loads the root files directly and allows the user to upload to the root assets dir
* [rev:97597] Changed menu title from "Site Content" to "Pages" to be consistent with other menu labels
* [rev:97597] Changed tree root node in CMS to get title from SiteConfig rather than defaulting to "Site Content"
* [rev:97597] Changed tree panel headline in CMS from "Site Content and Structure" to "Page Tree" to stay consistent with new CMS menu title
* [rev:97583] Don't set up the test db if database tests aren't being run. From: Sam Minnee
* [rev:97530] Adjusted "Available Widgets" column to be narrower than "Widgets currently used", allowing more space for configuring widgets
* [rev:97478] Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
* [rev:97436] Updated Member->getMemberFormFields() to use scaffolding and to be in line with Member->getCMSFields(). From: Andrew Short (from r97401)
* [rev:97391] Add partial caching support to SSViewer.
* [rev:97390] Add aggregate calculation to DataObject, allowing (cached) calculation of Max, Min, Count, Avg, etc
* [rev:97389] Add cache factory that provides nice API over top of Zend_Cache
* [rev:97370] Allowing translation of SiteConfig (including toplevel permission groups)
* [rev:97207] Added ContentController->ContentLocale() to allow XHTML/HTML specific lang= attribute settings in custom template code (see #4858). Removed `<meta http-equiv="Content-Language"...>` tag in SiteTree->MetaTags().
* [rev:97207] Updated blackcandy theme to use new $ContentLocale attribute to set the locale of the current page (in Page.ss)
* [rev:97192] Added RestfulService::set_default_proxy() and RestfulService->setProxy() (#4637, thanks hamish)
* [rev:97031] upgrading the search functionality of the TreeDropdownTree with pluggable search function
* [rev:97028] include menu title in default search. PATCH via lubzee #4508
* [rev:97024] added Session::clearAll() functionality. ENHANCEMENT: Added Unit Tests covering Session API. MINOR: Tided up formatting in session class and included doc comments for API level documentation
* [rev:97018] Use tidied HTML in DataDifferencer
* [rev:97017] Try to tidy HTML using external libraries if available
* [rev:97011] Added TabIndex to FormActions. Ticket: #4905. PATCH: via keeny
* [rev:96821] Added applicable pages checks to delete from live, delete from draft, and publish (from r94775)
* [rev:96820] Added 'greyed out' status of batch action checkboxes while applicable pages are being loaded via ajax. (from r94774)
* [rev:96819] Update the checkboxes available to batch-actions to show only the applicable pages for that particular action.
* [rev:96800] Let LeftAndMain subclass canView() methods optionally redirect. (from r90018)
* [rev:96793] Renamed Author column to User in the page version history to better reflect that they might not have been authors, and just iniators of workflow actions. (from r89015)
* [rev:96792] Added new onRenameLinkAsset() handler to static publishing for better link rewriting. (from r89014)
* [rev:96778] Files and images section warns if you are deleting a file that is linked to
* [rev:96752] Recognise HTTP_X_FORWARDED_HOST header and use that in place of HTTP_HOST (from r93148)
* [rev:96668] Change to TreeDropdownField, giving it filtering behaviour as described in ticket http://open.silverstripe.org/ticket/3007 . Its disabled by default for legacy compatibility, but enabled for HtmlEditorField so that link editor is filterable for local links, via an extra boolean parameter on TreeDowndownField.
* [rev:96440] Add onLoad callback handler CMSLoadFunctions
* [rev:96049] Added Date::Rfc3339() for returning an RFC 3339 valid date format (from r96010)
* [rev:95418] added delete all link to page comments. Patch via #4427. Thanks walec51
* [rev:95194] added translatable support to mathspamprotection. PATCH via noini (#4755)
* [rev:94887] added several tests for PermissionCheckboxSetField, PermissionRole and Group
* [rev:94515] Improved layout of altercation message when called via CLI. Patch via simon_w #4373
* [rev:94423] Allow passing in an Exception object to SS_Log::log() in addition to an array describing the error context (line number, file, trace etc)
* [rev:94381] Added FunctionalTest::findAttribute() as a helper for getting an attribute from a SimpleXMLElement object by it's name
* [rev:94297] Added DataObjectSet::emptyItems() to remove all the items from the set - this is useful for when you are augmenting CMS and front end fields via updateCMSFields() and updateFrontEndFields() on a DataObjectDecorator
* [rev:94063] Added MultipleOf and Modulus methods to ViewableData - useful for templating work
* [rev:94062] Loading of tinymce_ssbuttons plugin via relative paths in HtmlEditorConfig rather than using the plugin name as a path spec (see r94060)
* [rev:94060] Added support for loading external plugins (with relative paths) in HtmlEditorConfig. This means relative paths can be separate from the plugin name, and fixes a bug where paths containing dashes were ignored by TinyMCE.init().
* [rev:94060] Changed sapphire/thirdparty/tinymce-advcode to use the original plugin name, and specify its relative path through HtmlEditorConfig instead.
* [rev:93771] Added parameter to DBLocale->Nice()
* [rev:93771] Added DBLocale->getNativeName()
* [rev:92879] Allowing to hide certain permission from showing in SecurityAdmin? through add_hidden_permission() (refactored from r92428) (from r92866)
* [rev:91576] Pluggable password encryption through PasswordEncryptor class (#3665) (merged from r90949)
* [rev:91496] added ability to upload images from site content pane. Merged via r9130, r91347, r91350, r91480
* [rev:91044] Added Session::destroy() as a means to remove the current session using session_destroy()
* [rev:91044] Added optional $sid parameter to Session::start() to start the session using an existing session ID
### API Changes
* [rev:103792] changed the modulus offset to 1 to correctly order sets
* [rev:102012] Changed MySQLFulltextSearchable class to FulltextSearchable (applies to all databases)
* [rev:102003] Disallow methods/actions in RequestHandler->checkAccessAction() which are implemented on parent classes (e.g. ViewableData and Object), unless access is controlled through $allowed_actions. This limits information exposure from getters used in template contexts.
* [rev:101833] Allow cached blocks within control and if blocks, as long as that control or if block is contained within an uncached block, not a cached block
* [rev:101155] Add option for DataObjectDecorator::onAfterSkippedWrite()
* [rev:101137] Partial cache adjustments - now supports nested cache blocks (which are independant of their containing cache block), conditionals to control if a given cache block is active, and includes hash of template code in key (so template changes mean cache is invalidated). Changes template control for cache block to `<% cached %>`, to which the now deprecated `<% cacheblock %>` is aliased, and an additional template control `<% uncached %>` has been added.
* [rev:101127] Added SiteTree::VirtualPages() and SiteTree::DependentPages() accessors.
* [rev:101119] Allow on_db_reset() methods on DataObjects as well as DataObjectDecortators
* [rev:101093] Replaced eval based creation of extension and field objects with Object::create_from_string().
* [rev:101093] Introduced new function Object::create_from_string() to instantiate an object from a string like 'Int(50)'
* [rev:101044] Made MySQL fulltext search optional, activated with MySQLFulltextSearchable::enable()
* [rev:101043] Pass the full extension string as the 2nd argument to DataObjectDecorator::extraStatics()
* [rev:100842] Upgraded jQuery UI from v1.6rc1 (r687) to v1.8rc3. This release prefixes all *.js and *.css files with 'jquery', so ui.core.js is now called jquery.ui.core.js.
* [rev:100842] Upgraded jQuery UI themes from v1.6rc1 to v1.8rc3. Removed 'flora' and 'default' themes, replaced with the 'base' and 'smoothness' themes found in the default distribution
* [rev:100718] Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour (from r100705)
* [rev:100651] dbDataType function created
* [rev:100513] Refactored Requirements to use Requirements_Backend at all times - this makes testing far easier. Thanks tobych!
* [rev:100512] TreeDropdownField no longer requires your object to have the Hierarchy extension
* [rev:100503] Removed deprecated Email_Template class, please use Email instead!
* [rev:100498] Removed deprecated Image::loadUploaded() (deprecated from the parent::loadUploaded for which it called), please use Upload directly instead!
* [rev:100495] Removed deprecated File::loadUploaded(), please use Upload directly instead!
* [rev:100493] Removed deprecated function RootURLController::get_homepage_urlsegment(), please use RootURLController::get_homepage_link() instead!
* [rev:100492] Removed deprecated function SiteTree::get_by_url(), please use SiteTree::get_by_link() instead!
* [rev:100490] Removed deprecated methods DataObjectSet::filter_map() and DataObjectSet::map_multiple() - please use map() instead!
* [rev:100057] #5107 Upload now uses Upload_Validator to separate the validation rules from the File loading done in the Upload class
* [rev:99849] SiteTree::validURLSegment extendable (#5907)
* [rev:99360] Date/time parsing in DateField, TimeField and DatetimeField defaults to i18n::get_locale() ('en_US') instead of using en_NZ/en_GB specific parsing. Use i18n::set_locale('en_NZ') in mysite/_config.php to revert to old behaviour.
* [rev:99360] $timeformat constructor parameter in TimeField needs to be in ISO date notation (not PHP's date())
* [rev:99360] TimeField, DateField and related subclasses use Zend_Date for date parsing, meaning they're stricer than the previously used strtotime()
* [rev:99360] Removed DMYCalendarDateField and CalendarDateField, use DateField with setConfig('showcalendar')
* [rev:99360] Removed CompositeDateField, DMYDateField, use DateField with setConfig('dmyfields')
* [rev:99360] Removed DropdownTimeField, use TimeField with setConfig('showdropdown')
* [rev:99360] Removed PopupDateTimeField, use DatetimeField
* [rev:99360] Changed 'date', 'month' and 'year' HTML field names to lowercase in DMYDateField
* [rev:99360] Removed support for ambiguous date formats in DateField, e.g. '06/03/03'. Use DateField->setConfig('dateformat', `<format>`) to revert to this behaviour.
* [rev:99360] Removed $futureOnly flag from DateField, CalendarDateField etc., use DateField->setConfig('min') and DateField->setConfig('max')
* [rev:99119] Refactor Versioned so a single state is kept for stage, archived date, or any module specific reading modes (from r98161)
* [rev:99114] Use the same navigator items in the CMS that are used on the frontend (from r97395)
* [rev:99079] Use the same navigator items in the CMS that are used on the frontend (from r97395)
* [rev:99063] Let sitetree extensions prepopulate permisson cache for their own permissions. (from r98650)
* [rev:99051] Let any DataObjectDecorator define an on_db_reset() method that is called by tests, like in Versioned. (from r97734)
* [rev:98786] Installer now uses a database configuration helper class which isolates the logic of checking the database away from the installer, this interface can be used by other databases like MSSQL and PostgreSQL. The installer now looks for a specific file inside each database module, provided it's configured in install.php MySQL is provided by default, as it lives in sapphire
* [rev:98543] Made ComplexTableField not use Object::create() for item and popup classes to be consistent with TableListField. These can be overridden as itemClass and popupClass are public properties on ComplexTableField
* [rev:98373] HTTP::setGetVar() always returns absolute URLs. Use Director::makeRelative() to make them relative again.
* [rev:98373] HTTP::setGetVar() combines any GET parameters in PHP array notation (e.g. "foo[bar]=val") instead of replacing the whole array
* [rev:98224] Refactor Versioned so a single state is kept for stage, archived date, or any module specific reading modes (from r98161)
* [rev:98215] Introduced new API for SS_Report
* [rev:98191] Added SideReportWrapper to help you tailor report columns for the side reports.
* [rev:98191] Allow use of 'casting' option on side report columns.
* [rev:98191] Make 'title' optional on side report columns. (from r96272)
* [rev:98176] Removed SideReport class, use SSReport as the base-class for them instead.
* [rev:98176] Use SSReport::register(SideReport) to explicitly register reports on the LHS of the content view.
* [rev:98175] Added explicit registration of reports with SSReport::register() (from r95857)
* [rev:98159] Security::permissionFailure(); will no longer tell the client side JS to show the login box if the user is already logged in
* [rev:98101] Allow passing of an explicit map of dropdown items to a TreeDropdownField.
* [rev:98096] Refactored test for whether a SQLQuery can be sorted by a particular column into SQLQuery::canSortBy($fieldName) (from r95850)
* [rev:98056] Decimal now allows setting a default value properly
* [rev:97996] rename the class "Cache" to "SS_Cache" (ref ticket: #4997)
* [rev:97827] Added cancelSchemaUpdate() and doesSchemaNeedUpdating() to the Database class
* [rev:97819] Removed $blankItemText parameter from Permission::get_codes()
* [rev:97818] Removed Member::init_db_fields(), its no longer needed due to the Member.PasswordEncyrption property changing from an ENUM to Varchar.
* [rev:97797] Fixed i18n _t() calls without namespaces in template includes: They now default to setting the include filename as namespace, rather than the including template (#4915, #3400 - thanks Henk_Poley, jwalsoe, walec51)
* [rev:97731] Determine default BASE_PATH/BASE_URL from the __FILE__ content, so that the script that initiated the Sapphire process doesn't matter. This means that index.php doesn't need to manipulate those variables.
* [rev:97582] #4929: Add $class argument to DataObjectDecorator::extraStatics()
* [rev:97489] removed SWFUpload. Refactored Content Editors uploader to use standard uploader.
* [rev:97478] Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
* [rev:97478] Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
* [rev:97475] Moved GSTNumberField from sapphire/forms to new 'formfields_nz' module
* [rev:97474] Moved BankAccountField from sapphire/forms to new 'formfields_nz' module
* [rev:97270] Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email'
* [rev:97207] Deprecated ContentController->LangAttributes(). Use ContentLocale() instead and write attribute names suitable to XHTML/HTML templates directly in the template.
* [rev:96988] #3600 Inconsistency in File::getURL() which returns an absolute URL, when it should be relative - please use getAbsoluteURL() instead for old behaviour
* [rev:96988] #3600 Image no longer has an explicit getURL() method, instead it inherits getURL() from File which returns a relative URL
* [rev:96824] Added capability for batch actions to indicate failure through red checkboxes (from r94868)
* [rev:96823] Added canView() to CMSBatchAction so that you could hide certain batch actions from some users. (from r94846)
* [rev:96821] Added applicablePagesHelper to CMSBatchAction to ease the process of creating new applicable page methods.
* [rev:96819] Allow for an applicablePages($idArray) method to be defined on a CMSBatchAction class. (from r94761)
* [rev:96810] Added FilesystemPublisher::getExistingStaticCacheFiles(), to help build caching logic methods. (from r91354)
* [rev:96809] Added numChildrenMethod argument to LeftAndMain::getSiteTreeFor()
* [rev:96756] Added canDeleteFromLive permission to SiteTree, separate from canPublish (from r93315)
* [rev:96751] Define VirtualPage::isPublishable() so that people know not to even request publication if it's not allowed. (from r93098)
* [rev:96749] Added DataObjectDecorator::cacheKeyComponent() to ensure that the cached behind DataObject::get_one() is appropriately specific (from r93095)
* [rev:96739] Added Hierarchy::numHistoricalChildren() and Versioned::get_including_deleted_query()
* [rev:96739] Added numChildrenMethod arg to getChildrenAsUL, markPartialTree, markChildren, markingFinished
* [rev:96734] Don't generate TestOnly DataObjects in the database immediately; instead let test developers specify them in SapphireTest::$extraDataObjects.
* [rev:96734] Added SapphireTest::resetDBSchema() (from r90054)
* [rev:96727] Renamed SapphireTest::set_up_once/tear_down_once to setUpOnce/tearDownOnce, and made them instance methods.
* [rev:96727] Added SapphireTest::$illegalExtensions and SapphireTest::$requiredExtensions for making tests depending on particular extension sets (from r89958)
* [rev:96725] Moved popupdatetimefields to pop up below the text field instead of next to the icon. (from r89914)
* [rev:94430] Group::addByGroupName() now creates the group if one does not already exist (from r83010)
* [rev:94178] Renamed ViewableData->SecurityID() to getSecurityID() in order to get its value loading through Form->loadDataFrom()
* [rev:94062] Changed cms/javascript/tinymce_ssbuttons plugin name to "ssbuttons" (see r94060)
* [rev:94062] Changed cms/javascript/tinymce_ssmacron plugin name to "ssmacron" (see r94060)
* [rev:93785] removed Director::Link(). Use Controller::join_links() instead
* [rev:93693] removed deprecated RestrictedText fields
* [rev:93687] removed deprecated LeftAndMain::add_menu_item. Use CMSMenu::add_menu_item()
* [rev:93685] removed deprecated extend calls (r93632). API CHANGE: removed fieldExists(). Use hasField() (r93633). API CHANGE removed listOfFields() (r93647). API CHANGE: removed Tag() and URL() from Image. Use getTag() and getURL(). BUGFIX: updated Image.php to use getTag() (r93639, r93646). API CHANGE: removed val(). Use XML_val() (r93650). API CHANGE: removed $add_action. Use singlar_name or lang tables (r93658). API CHANGE: removed ConfirmedFormAction (r93674). API CHANGE: removed ajax_render on CTF (r93679).
* [rev:93660] Removed ComponentSet::removeByFilter() since it's not flexible enough and fixed calls to this from HtmlEditorField::saveInto() to use custom code instead
* [rev:93640] Removed deprecated static function ContentNegotiator::disable() - it's disabled by default
* [rev:92878] Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865)
* [rev:92428] add the ability to remove some permissions specified by their code in the rendered field html of PermissionChecksetBoxField and full-covered unit tests of this ability.
* [rev:91612] Replaced BasicAuth::enable() with BasicAuth::protect_entire_site()
* [rev:91612] BasicAuth::requireLogin() no longer has an option to automatically log you in. You can call logIn() on the object returned, instead. (from r91603)
* [rev:91576] Deprecated Security::encrypt_passwords() (merged from r90949)
* [rev:91576] Deprecated Security::$useSalt, use custom PasswordEncryptor implementation (merged from r90949)
* [rev:91576] Removed Security::get_encryption_algorithms() (merged from r90949)
* [rev:91576] MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
* [rev:91576] Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. (merged from r90949)
* [rev:91048] Added Lower and Upper methods to Varchar, Text, and Enum
* [rev:90963] Allow fieldList arguments to Form::loadDataFrom() and Form::saveInto(), for situations where the data passed only applies to a segment of the form. (from r90872)
* [rev:90962] Inserting $HiddenFields into a form template will show the input tags of all the hidden fields. (from r90871)
### Bugfixes
* [rev:104063] ViewableData->castingClass() cuts off last character of a casting definition if it has bracketed arguments (fixes #5536, thanks ajshort)
* [rev:104016] SecurityTest tests would fail on sites which had set a non-default unique identifier field for Members
* [rev:103961] Bypass static caching through static-main.php when GET or POST parameters are set (regression from 2.3 API, fixes #5519, thanks ktauber)
* [rev:103960] Fixed publication of homepage with '/' URL through StaticPublisher (fixes #5514, thanks ktauber)
* [rev:103957] Fixed Database->requireTable() for Mysql 4.1 (fixes #5517, thanks gw0)
* [rev:103936] Fixed double pragma after referer redirection on forms with Form->httpSubmission() (fixes #5509, thanks ktauber)
* [rev:103933] login BackURL wrong when using nested urls (fixes #5520, thanks ktauber)
* [rev:103932] Fixed SS_Report::unregister() parameter naming (fixes #5511, thanks ktauber)
* [rev:103912] Trimming expected output of WebserverRoutingTest (newlines before the "ok" string were causing failures on PHP 5.3)
* [rev:103910] Disabled MemoryLimitTest for environments where memory_limit can't be freely set (e.g. PHP with suhosin patch)
* [rev:103851] table and column names now quoted properly
* [rev:103803] Rebuilding test database for postgresql in SearchFormTest and TranslatableSearchFormTest to avoid stale index information in the database
* [rev:103745] static publisher for a site that resides in a subfolder of webroot
* [rev:103734] Fix linkCount .js in AssetAdmin deleteRecord (ticket #5486)
* [rev:103706] Use correct quoting for BrokenLinksReport (ticket #5474)
* [rev:103674] #5485 PermissionCheckboxSetField javascript would always uncheck all CMS_ACCESS_* permission checkboxes on initialize event
* [rev:103620] Fixed ordering by aggregate columns for DataObject::get() calls with joins.
* [rev:103613] Fixed unlimitedRowCount() for grouped queries
* [rev:103612] Ensure that group by of many-many queries with extraFields is set correctly.
* [rev:103591] ModelAsController test failed for projects which do not support nested urls. This fix stores the original configuration and enables 'nested-urls' at the beginning of the tests and reset the state in tearDown.
* [rev:103588] #5362: Fixed duplicate removal on DataObject:get() with join argument for all databases.
* [rev:103582] Choosing i18n::default_locale() in Member->populateDefaults() instead of "current locale". This fixes a bug where a new member created through admin/security automatically "inherits" the current locale settings of the admin creating it.
* [rev:103552] CSSContentParser now reports better errors by using simplexml_load_string() instead of SimpleXMLElement directly
* [rev:103519] Prevent duplicate HTML IDs in ModelAdmin
* [rev:103518] Fixed redirection in PageCommentInterface to use Link() instead of URLSegment (fixes 4200, thanks ktauber)
* [rev:103461] Renamed Nested URLs are automatically redirected to their new location with 301 HTTP status code in ModelAsController/ContentController (fixes #5393, thanks cbarberis)
* [rev:103451] Fixed CurrencyField->jsValidation() regex escaping (fixes #5462, thanks mobiusnz)
* [rev:103450] DateField with setConfig('dmyfields') now validates TRUE for empty values (fixes #5458)
* [rev:103448] Allow EDIT_SITECONFIG permission selection in admin/security (fixes #5459)
* [rev:103341] Don't show error when adding default SiteConfig records after upgrading a site.
* [rev:103336] Using try/catch in MemberTableField->saveComplexTableField() similiar to parent implementation, which means trying to save a Member duplicate doesn't end up in a fatal error (fixes #5444)
* [rev:103255] static publishing now uses the last non-null theme, OR the value defined in StaticPublisher::static_publisher_theme.
* [rev:103240] r101093 broke casting of values from the failover object. Add lookup to the failover for casting info, and add test
* [rev:103226] made the invalid password message translatable; disallow new blank password (as it makes it impossible to login); Member::checkPassword now returns ValidationResult - handle that properly (#5420, patch submitted by walec51)
* [rev:103214] the decorator was not completely removed, which caused trouble for tests running later in the same batch
* [rev:103183] default sort column now quoted
* [rev:103182] default sort column now quoted
* [rev:103127] realtime publishing now enabled by default
* [rev:103099] Only replace double slashes in SS_HTTPRequest->__construct() for relative- its a failsafe against wrongly formatted URLs like 'admin//assets' instead of 'admin/assets', but breaks absolute URLs with 'http://' prefix
* [rev:103092] disallow numeric actions - numeric array indexes are incorrectly picked up as allowed actions (#5331)
* [rev:103083] make the javascript-producing functions behave in the same way. Now they will return a javascript snippet and the caller is responsible for adding it to a FormResponse. Removes the duplication in AJAX response which happened when FormResponse::add has been used before the call to JS helper functions (#5359)
* [rev:103037] correct mollom field mapping
* [rev:103012] added optional separator for http_build_query in HTTP:setGetVar(). this fixes sorting columns in ModelAdmin (ticket #5325).
* [rev:102730] Fixing RquestHandler->checkAccessAction() on PHP 5.2 - ReflectionMethod->class returns inconsisent results in older PHP versions. (see r102003)
* [rev:102712] Fixed CTF sorting in ModelAdmin results (was failing because of missing 'ResultAssembly' GET parameters
* [rev:102686] Float should always be not null and default 0 in the database
* [rev:102545] Using i18n::get_locale() in ContentController->ContentLocale() to ensure the correct locale can be used in templates withouth Translatable enabled (broken in r97207, thanks DesignCity) (from r102544)
* [rev:102460] #5316 Float and Double should never try to save NULL as the "null" value
* [rev:102436] #5320 ManyManyComplexTableField::getQuery() now uses T-SQL compatible syntax CASE WHEN instead of IF THEN which works in multiple databases as well
* [rev:102386] delete from published site never calls canDeleteFromLive(). (via marcus #5364)
* [rev:102320] fixed invalid HTML output from page comments template
* [rev:102300] SSViewer now allows cli to do a flush on non-dev environments
* [rev:102265] Fix Salad tests
* [rev:102237] exchanged MySQL CONCAT function with ANSI compliant operator
* [rev:102160] allow HTMLEditorFields to save in SiteConfig, fixes #5246
* [rev:102156] fallback to the standard authenticator before throwing user_error as in some cases auth method is not passed back to the login form
* [rev:102094] Fixed bug with SiteTree::onBeforeWrite() that broke subsites.
* [rev:102084] #5343: Call DataObject::onBeforeWrite only once for SiteTree
* [rev:102081] #5337: Allow decoration of DataObject
* [rev:102074] Fixed SiteTree::page_type_classes() to exclude 'SiteTree' even if on array position 0 - slight difference in return values from Postgres to MySQL (fixes #5336)
* [rev:102072] Logging in with an invalid email returns no error message (fixes #5332, thanks ajshort)
* [rev:102038] #5255 LeftAndMain should include the correct editor.css file so typography from user selected theme in SiteConfig is shown in TinyMCE
* [rev:102026] Fixed SiteTree::page_type_classes() removal of base class (was broken if database driver returned classes in arbitrary order, e.g. in Postgres)
* [rev:102004] Prevent handling of controller actions which return $this avoid infinite loops in RequestHandler->handleRequest (thanks Hamish!)
* [rev:101975] Resetting image sidepanel fields when opening the panel instead of inserting an image, to avoid losing focus of TinyMCE in IE. Using getBookmark() in TinyMCE to save the original location. (fixes #5263)
* [rev:101969] Stop IE6/IE7 from redirecting in admin/assets after deleting multiple folders (fixes #5208)
* [rev:101958] Checking for existing redirections in FormResponse::respond (fixes #5208)
* [rev:101956] Fixed "object not found" javascript error in SecurityAdmin_right.js when changing group nodes (fixes #5179)
* [rev:101939] Ensure that DataObject IDs are numbers and no string equivalents of numbers - 3 not '3'
* [rev:101869] Update Salad tests to match behaviour
* [rev:101867] #4188 simon_w: Let require tags in templates be conditional
* [rev:101866] Recover if a manifestClassParse file doesn't have the necessary content.
* [rev:101812] Added allowed_actions to ContentControllerSearchExtension
* [rev:101810] #5295: Update CMS site name in LHS via Ajax after siteconfig save.
* [rev:101807] fixed undefined error in CTFs. BUGFIX: added action class to actions to allow the popup hook to open links
* [rev:101795] keep ModelAdmin from importing data twice
* [rev:101794] avoid call to non-object
* [rev:101793] preserve the port value if given in HTTP::setGetVar (#5280). BUGFIX: allow username only input rather than user:pass combo.
* [rev:101792] disable function re-enabled
* [rev:101791] deprecated split function replaced
* [rev:101758] fix #5320
* [rev:101747] Always including "Locale" field in Translatable->getCMSFields() regardless of "excluded" page types. Necessary to enable form state serialization for fields like TreeSelectorField on a VirtualPage (fixes #5269)
* [rev:101739] Versioned->publish() with $createNewVersion=TRUE now increases version number of in-memory object (fixes #5261)
* [rev:101737] RedirectorPage types shouldn't appear in "Pages with no content" side report in the CMS Pages tab
* [rev:101724] #5277 Sort of default SiteTree records is now explicitly set to avoid strange ordering set by SiteTree::onBeforeWrite for default records
* [rev:101719] Only show "Roles" tab in admin/security if user has APPLY_ROLES permissions (fixes #5258)
* [rev:101711] Don't replace "home/" URLSegment in SiteTree->RelativeLink() if Translatable is enabled and the homepage is not on the root level (nested URLs allows you to have homepages called "en/home" and "ru/home") (fixes #5244)
* [rev:101668] #5259 RedirectorPage and HtmlEditorField TinyMCE integration now prefixes http:// if no prefix is found
* [rev:101657] #5245 Sometimes page records will have a NULL ParentID value, it should be a number even if it's 0 (thanks wrossiter!)
* [rev:101638] #5243 Undefined Convert functions in ViewableData replaced with working versions. Thanks benediktb!
* [rev:101631] test that the class exists before running subclass tests
* [rev:101623] put back into the SSNavigator the archived site link (#5251)
* [rev:101608] Explicitly specify the many_many's join table name in the join's ON match statement in ManyManyComplexTableField
* [rev:101604] remove the unnecessary DOM manipulation, this is legacy code due to SilverStripeNavigator changes (open #5250)
* [rev:101603] the function makes an assumption we are working on Draft site, and breaks if we are not. Rewritten to be stage-independent, as get_version (open #5231)
* [rev:101602] IE does not accept TD element without a table, repacking into DIV (open #5228)
* [rev:101592] get a object inside transaction block will alway exist
* [rev:101554] tables and column quoted properly
* [rev:101493] tables and column quoted properly
* [rev:101492] results sorted alphabetically for consistency
* [rev:101491] results sorted alphabetically for consistency
* [rev:101392] HTTP::setGetVar() returns a relative URL if a relative URL is passed, to make behaviour closer to 2.3
* [rev:101380] disabling unused file list as feature is still buggy.
* [rev:101375] Fixed closing `</div>` which should have been a `</td>` for dragfile in AssetTableField
* [rev:101302] Fixed SiteTree->Content link shortcode parsing introduced in r101093 (#5227)
* [rev:101267] #5222 Fixed TreeDropdownField not working on FileIFrameField/ImageField
* [rev:101266] Fixed Folder writing by overloading validate() (was inheriting File->validate() which does extension checks)
* [rev:101266] Fixed Folder::findOrMake() not to create "new-folder" through File->setName() if using a trailing slash in the path (which causes an empty name). Added FolderTest to verify this.
* [rev:101264] Checking for existence of "ShowInMenus" property in Folder->liveChildren() and stageChildren() (#5190)
* [rev:101227] Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.
* [rev:101227] Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing.
* [rev:101220] TeamComment table added to dataobjects list
* [rev:101189] Make SS_ReportWrapper::sourceRecords()' arguments optional
* [rev:101175] Fixed quotes around Folder::hasChildFolders() ParentID column
* [rev:101173] Don't run click() on all inputs, but input:radio only
* [rev:101171] Pass correct class to allowPrimaryKeyEditing in yaml fixture
* [rev:101170] Don't recreate a missing draft page when calling SiteTree::doUnpublish()
* [rev:101167] #5216 Installer has issues with click handlers applied to the entire li, be more specific and apply it to the label and input instead
* [rev:101165] Fixed versioning of pages
* [rev:101155] Prevent failed migrateVersion writes from breaking versioning system in future writes.
* [rev:101155] MAke site tree pages go green when you save a new draft.
* [rev:101154] #5214 ViewableData::obj() was creating a DBField without a fieldname argument and caused problems, one example is the version panel of the CMS
* [rev:101153] Ensure that Versioned works on classes with underscores in the names. (from r100905)
* [rev:101138] Fixed issues with broekn link tracking
* [rev:101131] Allow classes to be referred to with casing that differs from their definition.
* [rev:101129] Fixed FileLinkTrackingTest to cope with the empty alt="" and title="" attributes that are created
* [rev:101127] Improved reliabilty of broken link tracking.
* [rev:101127] Don't mark a page as changed on stage if the only thing that has changed is broken link metadata
* [rev:101116] Flush cache after deleting an item.
* [rev:101116] Fixed databaseFieldsOnly version of DataObject::getChangedFields()
* [rev:101112] Fixed bugs with copying custom fields into Virtual pages, generally made virtual pages more robust and performant.
* [rev:101110] Fixed link rewriting to work on other HTMLText fields (from r99517)
* [rev:101109] Return true if SiteTree:doUnpublish() succeeds. (from r99515)
* [rev:101105] Update Object::parse_class_spec() to handle arrays.
* [rev:101099] call_user_func_array changed to PHP 5.1 compatible notation
* [rev:101087] #5202 Installer now properly populates database configuration inputs from request after user clicks "Re-check requirements"
* [rev:101080] Fixed TableListField->print() - was unsetting $cachedSourceItems instead of null'ing it, which breaks later access to the property
* [rev:101068] #5199 Duplicate file uploads have odd numbering attached to end of file
* [rev:101061] Fixed Upload and checking for size with files that don't have any extension
* [rev:101051] Allow files with no extensions by setting File::$allowed_extensions with an empty string
* [rev:101050] #5188 Upload and Folder don't handle the duplicate naming of files that have no extension
* [rev:101046] Cookies set to a value other than NULL (effectively unsetting the cookie) will now use the httpOnly parameter by default for better XSS protection (from r101045)
* [rev:101034] Fix static caching file lookup to match file generation.
* [rev:101005] Image should pass through the title to Image_Cached so that Image::getTag() can produce a more useful alt attribute instead of just the filename (from r101003)
* [rev:100998] column and table names now quoted properly
* [rev:100986] Disable javascript date validation via DateField->jsValidation() if locale is not 'en_NZ" (which is the only format it validates for).
* [rev:100985] HTMLEditorField->saveInto() can now find images with urlencoded information for resample (e.g. spaces in filenames)
* [rev:100982] Fixed file-write testing issues in requirements combined file generation
* [rev:100980] Remove cache for Hierarchy::AllChildren() and Hierarchy::AllChildrenIncludingDeleted(), since they increase memory usage unnecessarily.
* [rev:100979] Don't make CMS loading slow if the combined javascript files can't be written.
* [rev:100932] SiteTree::getSiteConfig() should always fall back to using a default if an alternate config wasn't found
* [rev:100924] Allow DatabaseAdmin to run dev/build in live mode when not Security::is_database_ready(), and avoid broken login due to broken db queries (selecting unknown columns before dev/build) (see #4957)
* [rev:100921] DataObject::hasValue() is now compatible with parent ViewableData::hasValue() (this also fixes E_STRICT standards in PHP)
* [rev:100919] RequestHandler::handleRequest is now compatible with Controller::handleRequest in that SS_HTTPRequest is the type hint for the $request parameter
* [rev:100918] ManifestBuilder::up_children() should be declared as static as it's called statically
* [rev:100904] Produce XHTML compliant URLs in HTTP::setGetVar() by default (regression from r98373, see #5101)
* [rev:100896] #5138: DataObjectSet::removeDuplicates() removes objects of different classes with the same ID
* [rev:100866] #5176 Javascript error in IE for the installer - use "this" instead of e.target which doesn't work
* [rev:100862] Use "wb" argument in ManifestBuilder fopen() calls for better cross-platform compatibility
* [rev:100861] #5157 If paths are longer than 255 characters, fopen() produces an "Invalid argument" error, shorten the paths by using basename() instead of realpath() on the manifest filename when producing the cache path in ManifestBuilder
* [rev:100858] Fixed notice level error with folder ID
* [rev:100854] fixed file uploading not uploading any files at all
* [rev:100853] Fixed jQuery.ondemand.js script to work with prototype.js (will probably need to be merged back to trunk for legacy purposes)
* [rev:100848] Fixed variable declaration order in tabstrip.js (necessary due to changed jquery.livequery behaviour
* [rev:100825] Added single quote as a valid local-part of an email address as per RFC5322. Other symbols still excluded although in the spec
* [rev:100795] #5157 strftime() %F format parameter does not work on Windows - use %Y-%m-%d instead
* [rev:100767] Date::now() supplies wrong string - it misses leading zeroes on hours
* [rev:100763] added uniqueness id, to prevet multiple VirtuaLage reloads on publish
* [rev:100755] TreeSelectorField doubles up on concating base_url, doesn't include the security ID (#5164, thanks marcus)
* [rev:100747] #5099 FileIFrameField fails when using it with a locale different to the default
* [rev:100727] allow selection of database adpater
* [rev:100726] misspelled variable
* [rev:100724] some sections dont have a tree at all, but they still use LeftAndMain as their base class (eg report admin). Added a guard.
* [rev:100723] Fixed SapphireTest->loginWithPermission() and MemberAuthenticatorTest to use existing Members based on their unique_identifier_field (if existing) to accommodate recent Member->onBeforeWrite() changes (see r100705)
* [rev:100722] reload page if broken link tracking values changed during a save. Ticket #1363
* [rev:100721] Unsetting 'ID' parameter in MemberTableField->addtogroup() to avoid confusion between Group and Member records (regression from r100716) (from r100720)
* [rev:100719] Fixed MemberTableField->addtogroup() to fetch existing Member records by ID or $unique_identifier_field instead of relying on the (now removed) "auto-merging" in Member->onBeforeWrite() (see r100705) (from r100716)
* [rev:100717] Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704)
* [rev:100701] moving the ajaxupdatesort JS response code from php to js to get rid of eval. Also disable the "loading" on the moved element when we are done, in case we are repositioning other than the selected item - otherwise the progress indicator is displayed indefinitely.
* [rev:100699] column names quoted properly
* [rev:100693] column names quoted properly
* [rev:100692] column names quoted properly
* [rev:100691] column names quoted properly
* [rev:100690] column names quoted properly
* [rev:100689] column name capitalised
* [rev:100688] column names quoted properly
* [rev:100687] column names quoted properly
* [rev:100686] the default value for decimals are now cast as (doubles)
* [rev:100657] tables and columns now quoted properly
* [rev:100632] Fixed SiteTree->MetaTags() to either use `<meta name=>` or `<meta http-equiv=>`, and only using the "http-equiv" attribute for valid HTTP headers (see http://www.w3.org/TR/html4/struct/global.html#edef-META) (from r100631)
* [rev:100627] DB::getConnect() should be properly declared as a static function
* [rev:100616] Fixed filemtime() check in Requirements_Backend::process_combined_files() not getting the right path
* [rev:100614] Proper check for combined file path in Requirements_Backend::process_combined_files()
* [rev:100560] #4572 Fixed Windows failure on SS_Cli::supports_colour() because posix functions are not supported
* [rev:100548] If fixture file is NULL don't cause the test framework to break down because of it
* [rev:100527] Set Member default Locale
* [rev:100525] get TreeMultiselectField working with an array of items, rather than a relation.
* [rev:100519] add 'var' to local variable 'constructor' inside of function definition which break IE8 (8.0.6001.18702 +)
* [rev:100508] wrong constructor function name
* [rev:100496] replacing calls to deprecated Upload functions - using validator instead (related to r100057)
* [rev:100466] #5012 BasicAuth should check if there's already a current member logged in before asking for a login/password
* [rev:100438] GD::setQuality() persistence issue because the GD instance is re-created instead of being cloned - thanks Tjofras!
* [rev:100417] #5121 Fixed cache flushing for FieldSet when removing fields - thanks paradigmincarnate!
* [rev:100415] #5136 Ensure $coverage argument to TestRunner::runTests() has a strict check before running coverage tests, as sometimes an SS_HTTPRequest object can be passed into this argument
* [rev:100407] FormAction input tag attributes were being doubly-escaped.
* [rev:100406] Fix mismatch with $all_locales and $common_locales (#5096)
* [rev:100394] #5135 LeftAndMain extra requirements loading for "themedcss" should use Requirements::themedCSS() not Requirements::css() - thanks Hamish!
* [rev:100393] YamlFixture::writeDataObject() - some databases need special allowance to edit the primary key column - do so by using DB::getConn()->allowPrimaryKeyEditing()
* [rev:100375] Sam's fix for "Unknown column Group.SubsiteID" with new subsites
* [rev:100370] use localized prefix to compare group codes rather than hard coded english string. MINOR: updated lang file
* [rev:100367] PHP 5.1 requires an array rather than a string for call_user_func()
* [rev:100359] Show Language dropdown in English (#5098)
* [rev:100335] #5023 AssetAdmin::sync() is now used to sync tasks, as it works when the user only has access to the AssetAdmin controller instead of going to dev/tasks/FilesystemSyncTask which can only be run by administrators or if the site is in dev mode
* [rev:100116] Fix TestRunner coverage pattern to work as documented (Fixes QA scripts too)
* [rev:100053] SQL Error is a member is not part of any groups
* [rev:99993] Setting default $groups in MemberTableField::AddForm() in addition to MemberTableField_Popup::__construct() - this was broken by r99777
* [rev:99960] #2022: Fixed CMS dropdowns in Opera.
* [rev:99952] Fix #2138, allow modification of existing images
* [rev:99951] Fix #2138, notify Image Toolbar on TinyMCE node selection change
* [rev:99942] action buttons always visible (not need to scroll) ticket 5051
* [rev:99942] got rid of double scroll
* [rev:99942] do not show action buttons (delete/save) when showing result list
* [rev:99887] Use underscores in names of combined .js (#3581)
* [rev:99854] Quoting keys in JSONDataFormatter to ensure valid JSON (#5119) (from r99853)
* [rev:99850] Fix #5097, Translatable uses augmentValidURLSegment to check that URLSegment is valid
* [rev:99843] Respect SilverStripe's cache folder
* [rev:99818] Handle filename deduping when uploading of double-barrelled extensions and files ending in numbers better.
* [rev:99816] Fixed the code for the unused file list, although the feature is still disabled.
* [rev:99789] #5073: Fixed CMS version indicator for alpha and beta versions.
* [rev:99779] make siteconfig work again
* [rev:99777] #5087: Show default values in CTF 'add' popups.
* [rev:99745] #3458: Don't show javascript:mctmp(0) URLs in URL editor
* [rev:99739] tree selector base URL calculation wrong when field is nested
* [rev:99738] #4974: Improve accuracy of ManifestBuilder::parse_file() cache, to remove a source of upgrade bugs.
* [rev:99713] Fixed MemberTableField limiting of , wasnt taking children groups into account (regression from r99684) (from r99706)
* [rev:99711] Setting ID explicitly in MemberTableField-> to ensure getCsvQuery() correctly filters (the custom group filter was only implemented in sourceItems() before) (from r99684)
* [rev:99693] Changed sitetree default selection in LeftAndMain.Tree.js to fire on window.load instead of document.ready() through entwine. We need to ensure behaviour.js bindings are available before
* [rev:99693] Automatically selecting root node in CMS trees (necessary because now we actually have forms on the root node, and its a valid click target) (from r99605)
* [rev:99679] really testing deletemarked now.
* [rev:99667] Fixed bogus HTMLEditorConfig instance when get() is called without a valid identifier (due to NULL database columns) (from r99599)
* [rev:99655] Fixed TreeMultiselectField/TreeDropdownField saving with 'unchanged' default values from constructor (from r99581)
* [rev:99647] Fixed TreeMultiselectField->Field() to respect settings, and give them priority over existing relations through getItems(). This is used in MemberTableField to set default groups for 'add member' popups. (from r98879)
* [rev:99640] Fixed DataObject->fieldLabels() to respect flag (from r98748)
* [rev:99638] Folder::findOrMake() will create the assets/ folder if it's missing
* [rev:99613] Fixed bug in r99552
* [rev:99595] Fixed Access tab on SiteConfig
* [rev:99594] Debugged and simplified Access tab javascript
* [rev:99587] Show 'Inherit' option for edit and view all the time (since we now have SiteConfig)
* [rev:99572] Pages that you can't edit should always be grey, even if there are unpublished changes.
* [rev:99553] Remove buttons from display if you load a CMS page that should have no buttons - reverts bug caused by r96551 and fixes the issue it was trying to solve.
* [rev:99552] Fixed behaviour's ID selector matching when the ID is inside another context - eg 'body.className #ID'
* [rev:99522] Image::onBeforeDelete() now calls deleteFormattedImages() so resampled images in the filesystem are cleaned up
* [rev:99506] use the correct method for retrieving the report ID
* [rev:99490] tablename and columns quoted properly
* [rev:99479] Setting ID = -1 on Security/lostpassword to avoid showing toplevel navigation (see #5086)
* [rev:99465] Correct StaticPublisher filenames, now works with nested URLS
* [rev:99443] batch_permission_check returns null rather than empty array when user has no permissions
* [rev:99394] Fixed variable existence checks in setValue() in FormField::__construct() by checking for !== NULL (changed from isset($value) to $value in r99360)
* [rev:99391] Fixed MoneyField constructor - parent (FormField) constructor calls setValue() already, which needs to happen *after* setting certain field instances
* [rev:99342] Enforcing creation of temp database in SapphireTest->setUp() to avoid writing to production databases. This check should only kick in for single test case runs, as the temp database connection should be set in a dev/tests/all run after the first db-related test anyway. (see #5034)
* [rev:99303] Disable some permission caching for now, as it was breaking unit tests (from r98504)
* [rev:99302] SiteTree::batch_permission_check() doesn't recurse with ID=0 calls
* [rev:99128] Fix not being able to print/export reports (from r98684)
* [rev:99125] Fixed cache prepopulation on sitetree load. (from r98651)
* [rev:99124] Make sure navigation links update when urlsegment is changed (from r98649)
* [rev:99116] Fix navigator links not opening in new windows. (from r97510)
* [rev:99115] Fixed bug in r97395 (from r97508)
* [rev:99101] Take into account tablename with custom columns in get_title_sql (from r97003)
* [rev:99100] use proper quotes for sep (from r96401)
* [rev:99089] Only show live link when page has been published (from r97839)
* [rev:99087] Make sure draft/published links go to the right subsite (from r97747)
* [rev:99086] Fix navigator links not opening in new windows. (from r97510)
* [rev:99085] Show a hand icon and better title for the 'share link' piece of the navigator toolbar. (from r97439)
* [rev:99067] Ensure that ModelAsController::init() can trigger redirections. (from r98702)
* [rev:99065] Fixed SiteTree_versions version numbers for published virtual pages. (from r98675)
* [rev:99060] fixed query to get number of unmoderated comments
* [rev:99052] Generate SiteTree_version records for VirtualPages more reliably. (from r98309)
* [rev:99050] fix incorrect link in CMS (from r97408)
* [rev:99049] Make sure CMS link knows when its currently in the CMS (from r97403)
* [rev:99031] Don't show FailedLoginCount field unless Member::$lock_out_after_incorrect_logins is enabled
* [rev:99005] Development server list should be retained when user submits installer form and gets redirected back
* [rev:98957] fix for #5076
* [rev:98946] the ID should be that of untranslated child (it's the middle segment that's from translated version, not the last one)
* [rev:98944] testing framework needs to be reset to a clean state after each test: now also nested urls and redirection state will be reverted
* [rev:98897] Fixed strpos() check in BASE_URL check
* [rev:98895] Installer now opens if mod_rewrite is disabled. Using index.php instead of rewriting the URL didn't quite work with the new BASE_URL, so we need to take this case into account as well
* [rev:98869]

View File

@ -1,497 +0,0 @@
# 2.4.1 (2010-07-23)
## Overview
* Fixed a security issue where logged-in CMS authors were allowed to rename files with harmful extensions in the "Files & Images" section
* Improved installer security by disallowing re-installation when a configuration file is already present.
* Installing in "live mode" instead of "dev mode" by default, and avoid setting certain domains as "dev mode" by default. This fixes an issue where attackers were able to force a site into "dev mode" by spoofing the domain name on certain server configurations.
* Fixed password encryption when saving members through the "Add Member" dialog in the "Security" admin. The saving process was disregarding password encyrption and saving them as plaintext (issue was introduced in 2.4.0)
* Fixed potential information disclosure on misconfigured servers by disallowing direct execution of *.php files in "sapphire", "cms" and "mysite" folders. If PHP was configured to show errors on screen (development setting), attackers could find out server paths and other environment information.
* Allow CMS authors to set their own localized date and time formats, independently from the defaults set through their interface language.
* More useable date picker (jQuery UI) for date form fields (both in the CMS and in website forms)
* Better URL "transliteration" of special characters like Umlauts or Macrons (Example title: "Brötchen für alle!", URL in 2.4.0: "brtchen-fr-alle", URL in 2.4.1: "broetchen-fuer-alle")
* Better batch editing of comments in the admin interface (e.g. marking multiple comments as "spam")
* More sophisticated access control for decorators on page types (tri-state permissions checks: allow, deny, ignore).
## Upgrading
See [API Changes](http://open.silverstripe.org/wiki/ChangeLog/2.4.1-rc1?version=2#APIChanges).
### Security: File->setName() and File->Filename handling
Setting properties on *File* and *Image* are not reflected on the filesystem until *write()* is called. This was a
necessary change to fix a security vulnerability around File->setName() and file extension validation. This
vulnerability requires a user to be logged-in to the CMS (see [#5693](http://open.silverstripe.org/ticket/5693)).
This means that CMS users with access to "Files & Images" can no longer rename uploaded files to invalid extensions in
2.4.1. In SilverStripe 2.3.8, this restriction only applies when *AssetAdmin::$apply_restrictions_to_admin* is set to
TRUE.
### Security: Installation in "live mode" by default
SilverStripe used to allow setting the [environment type](/getting_started/environment_management) ("dev mode", "test mode" or "live
mode") from within the installer, through *Director::set_dev_servers()*, *Director::set_test_servers()* and
*Director::set_live_servers()*.
On webservers with direct IP to domain mapping (e.g. no *VirtualHost* directives in Apache), it is possible to spoof
domain information in HTTP requests. This can lead to "live" environments being set to "dev" mode, allowing
administrative actions like *dev/build* without access control.
Note: The CMS is still secured through login in "dev mode".
We recommend setting environment types through a [_ss_environment.php](/getting_started/environment_management) file instead:
:::php
<?php
define('SS_ENVIRONMENT_TYPE', 'dev');
// ...
To put a "live" or "test" environment into "dev mode" temporarily (when logged in as an administrator),
you can append *?isDev=1* to any SilverStripe URL. This should give you more information than the common
"Website Error" that is shown when the website is in "live mode".
IMPORTANT: If you have an existing installation, we advise to remove any *Director::set_dev_servers()* directives from
your *mysite/_config.php*.
### Security: Disallow direct execution of *.php files
The only PHP file that should be executable through the webserver
is *sapphire/main.php*, our main bootstrapper which kicks of URL routing.
All other PHP files in SilverStripe core and modules are included
by this bootstrapper, and don't need direct access through a URL.
On misconfigured webservers, accessing these files directly through URL can lead to
information disclosure through PHP error messages. The production configuration
recommended by [php.net](http://www.php.net/manual/en/errorfunc.configuration.php#ini.display-errors)
will fix this issue:
:::php
display_errors = 0
For additional protection, we now include *.htaccess* files in all SilverStripe core folders
disallowing access to **.php* files. Note: This only applies to webservers that understand
the *.htaccess* format, mainly Apache.
''Important'': Consider copying *mysite/.htaccess* to any other SilverStripe
modules and folders you might have created in your own project.
### Security: New members might be saved without password encryption
Fixed password encryption when saving members through the "Add Member" dialog in the "Security" admin. The saving
process was disregarding password encyrption and saving them as plaintext
([#5772](http://open.silverstripe.org/ticket/5772)). The issue was introduced in 2.4.0 - if you have created any new
members through "Add Member" since then (not the inline member table), please re-encrypt all existing passwords using
this task:
http://localhost/dev/tasks/EncryptAllPasswordsTask
### Date/Time format handling in CMS
Classes like DateField, TimeField and DatetimeField are now aware of member-specific formats which can be set in
*admin/myprofile* (linked on the lower right footer in the CMS interface). See [i18n](/developer_guides/i18n) for more details.
Example: Setting German date formats in *mysite/_config.php*:
:::php
i18n::set_locale('de_DE');
i18n::set_date_format('dd.MM.YYYY');
i18n::set_time_format('HH:mm');
Please note that these form fields use [ISO date
format](http://framework.zend.com/manual/en/zend.date.constants.html#zend.date.constants.selfdefinedformats), not PHP's
built-in [date()](http://nz.php.net/manual/en/function.date.php).
To set the locale and date/time formats for all existing members, use the following SQL (adjust to your preferred
formats):
UPDATE `Member` SET `Locale` = 'de_DE', `DateFormat` = 'dd.MM.YYYY', `TimeFormat` = 'HH:mm';
### Changed permission checks for decorators on DataObject->can*()
Access checks in the SiteTree class can have their access checks extended, for example to influence SiteTree->canEdit().
In 2.4.0, it was only possible to explicitly deny an action by returning FALSE, returning TRUE wouldn't have any effect.
The new behaviour has three states:
* FALSE: Disallow this permission, regardless of what other decorators say
* TRUE: Allow this permission, as long as no other decorators return false
* NULL: Don't affect the outcome
To clarify: Leaving existing decorators unchanged might mean that you allow actions that were previously denied (See
[r104669](http://open.silverstripe.org/changeset/104669)).
// In mysite/_config.php
:::php
Object::add_extension('SiteTree', 'MyDecorator');
// 2.4.0
:::php
class MyDecorator extends DataObjectDecorator {
function canEdit($member) {
if(Permission::checkMember($member, 'MYPERMISSION')) {
return true;
} else {
return false;
}
}
}
// 2.4.1
:::php
class MyDecorator extends DataObjectDecorator {
function canEdit($member) {
if(Permission::checkMember($member, 'MYPERMISSION')) {
return null; // Means the permission check will be ignored, instead of forced to TRUE
} else {
return false;
}
}
}
### Removed image editor sourcecode
This feature was disabled for a while, and has now been removed from the source tree as well. Please please use
thirdparty modules instead, e.g. "[silverstripe-pixlr](http://github.com/nyeholt/silverstripe-pixlr)"
([r104987](http://open.silverstripe.org/changeset/104987)).
### URL Transliteration
Non-ASCII characters like [macrons](http://en.wikipedia.org/wiki/Macron) or
[umlauts](http://en.wikipedia.org/wiki/Germanic_umlaut) URLs are now transliterated. This means that special characters
are replaced with their ASCII equivalents rather than just removed. This does not affect existing URLs, but will impact
existing pages when their title is changed.
Title: "Brötchen für alle!"
URL in 2.4.0: "brtchen-fr-alle"
URL in 2.4.1: "broetchen-fuer-alle"
### Removed Classes
* AutocompleteTextField
## Changelog
### Features and Enhancements
* [rev:108024] Show a warning inside the the CMS if you've neglected to delete install.php
* [rev:108012] added getter to get array back out of an !ArrayData instance. MINOR: updated docblocks in !ArrayData
* [rev:107877] Added Latvian (Latvia) translation to sapphire (thanks Kristaps and Andris!)
* [rev:107875] Added Latvian (Latvia) translation to cms (thanks Kristaps and Andris!)
* [rev:107867] Allowing custom messages and permission codes in !BasicAuth::protect_entire_site()
* [rev:107867] Making $permissionCode argument optional for !BasicAuth::requireLogin(). If not set the logic only checks for a valid account (but no group memberships)
* [rev:107867] Using SS_HTTPResponse_Exception instead of header()/die() in !BasicAuth::requireLogin() to make it more testable
* [rev:107810] Added class to time icon in !TimeField so it can be styled
* [rev:107443] html2raw now properly replace strong tag with asterix #5494
* [rev:107438] Using jQuery UI datepicker in !DateField and !DatetimeField instead of outdated DHTML calendar.js (fixes #5397)
* [rev:107438] Abstracted optional !DateField->setConfig('showcalendar') logic to !DateField_View_JQuery
* [rev:107434] allow adding a new a field to !ArrayData
* [rev:107429] Added documentation and changed static names
* [rev:107426] Added static to set regeneration of default pages (ticket #5633)
* [rev:107415] Added Security::$force_database_is_ready to mock database_is_ready() state
* [rev:107415] Added permission check exception in !TaskRunner and !DatabaseAdmin if !SapphireTest::is_running_test() returns TRUE (necessary for !DevelopmentAdminTest)
* [rev:107380] Use array_combine() instead of custom logic for !ArrayLib::valuekey() (thanks paradigmincarnate!)
* [rev:107365] Member_!DatetimeOptionsetField toggle text is now translatable
* [rev:107334] #5352 Translatable entities for help text in Member_!DatetimeOptionsetField::getFormattingHelpText()
* [rev:107327] #5352 CMS now uses the user's preferred date and time formatting in !DateField and !TimeField
* [rev:107326] #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_!DatetimeOptionsetField field
* [rev:107094] abstracted protocol detection out to Director::protocol() #5450
* [rev:107091] in referencing a file in combine_files() it should fall back to standard requirement tags if combining has been disabled eg dev mode
* [rev:107088] throw user error when not passing correctly formatted array rather than simply passing
* [rev:107086] added setDisabled() to set !DropdownField::$disabled
* [rev:106877] Added !TestRunner::$coverage_filter_dirs to exclude certain directories from PHPUnit test coverage reports
* [rev:106705] Calling Image->deleteFormattedImages() in Image->onBeforeWrite() (#5423)
* [rev:106200] added prefix and suffix support to !ContextSummary
* [rev:106194] Prevent image search queries all images in the site initially when the page is loaded
* [rev:106178] Enable switch between legacy image search and new version
* [rev:106118] added setRows() and setColumns() to customise the size of the textarea field outside of the controller
* [rev:105890] Added method for $this->request->latestParam() backwards compatibility with Director::urlParam()
* [rev:105732] Ability to hide form by className or for the whole !ModelAdmin
* [rev:105712] Added !MySQLDatabaseConfigurationHelper::getDatabaseVersion() which abstracts the version number away from the version check the installer requires
* [rev:105275] Preserve sort options in pagination links in !TableListField
* [rev:105271] 'Select all' and 'Select none' checkboxes for !CommentTableField for easier batch handling of comments, improved its styling in !CommentAdmin
* [rev:105269] Showing 20 comments in tabular view for !CommentAdmin (and making the setting configurable via !CommentAdmin::set_comments_per_page())
* [rev:105268] Abbreviating comment text display in !CommentAdmin to first 150 characters
* [rev:105266] Allowing batch checkbox selection of !TableListField rows with !TableListField->Markable and !TableListField->addSelectOptions()
* [rev:105126] Added CSSContentParser->getByXpath()
* [rev:105028] Added variable for the server configuration file so the config-form can display it for the installation
* [rev:104968] Added !PageComment->canView()/canEdit()/canDelete(), and using these permissions in !PageCommentInterface. Caution: canCreate() actions are still determined by !PageCommentInterface::$comments_require_login/$comments_require_permission
* [rev:104935] added Month function for consistency
* [rev:104827] added plugins to i18n to support modules that provide custom translations.
* [rev:104707] Installer now supports requireDatabaseVersion() on each database configuration helper implementation, e.g. !MySQLDatabaseConfigurationHelper. If it's not defined, the test is skipped.
* [rev:104706] Added !MySQLDatabaseConfigurationHelper::requireDatabaseVersion() to check whether the connected instance is using version 5.0+
* [rev:104671] Macrons, umlauts, etc, are now transliterated when inserted into URLS. API CHANGE: Added Transliterator class, which uses iconv() or strtr() to convert characters with diacritical marks to their ASCII equivalents. API CHANGE: Added Extension hook updateURLSegment for !SiteeTree.
* [rev:104515] initial commit
* [rev:104232] Add 'Given I load the fixture file "app/tests/xyz.yml"' step to salad
* [rev:104231] Add dev/tests/sessionloadyml to load a yml fixture into an existing test session
* [rev:104162] Added cs_CZ javascript translations (#5540, thanks Pike)
### API Changes
* [rev:107439] Using !FieldHolder() instead of Field() for subfields in !DatetimeField->!FieldHolder(), in order to get configuraton settings for javascript !DateField
* [rev:107273] Don't reflect changes in File and Folder property setters on filesystem before write() is called, to ensure that validate() applies in all cases. This fixes a problem where File->setName() would circumvent restrictions in File::$allowed_extensions (fixes #5693)
* [rev:107273] Removed File->resetFilename(), use File->updateFilesystem() to update the filesystem, and File->getRelativePath() to just update the "Filename" property without any filesystem changes (emulating the old $renamePhysicalFile method argument in resetFilename())
* [rev:107273] Removed File->autosetFilename(), please set the "Filename" property via File->getRelativePath()
* [rev:107268] Deprecated File->getLinkedURL()
* [rev:107054] Deprecated !AutocompleteTextField, use third-party solutions
* [rev:106217] moved Group::addToGroupByName to $member->addToGroupByCode.
* [rev:105756] refactored methods in session to use coding conventions
* [rev:104987] Removed !ImageEditor functionality, please use thirdparty modules, e.g. "silverstripe-pixlr" (http://github.com/nyeholt/silverstripe-pixlr)
* [rev:104923] Added interface method !DatabaseConfigurationHelper::requireDatabaseVersion(), all database helpers that implement !DatabaseConfigurationHelper must now have this method, which as of now is MySQL, PostgreSQL, SQL Server and SQLite
* [rev:104673] Added !RsyncMultiHostPublisher::set_excluded_folders().
* [rev:104669] Moved site tree permission extension to a 3-state system (true, false, null, where null means "no effect")
### Bugfixes
* [rev:108207] Re-allowing direct execution in sapphire/thirdparty/tinymce/plugins/spellchecker/rpc.php (necessary for cms spellchecker, was disabled by global .htaccess rule)
* [rev:108195] #5837 cache_dir not writable by Zend when accessing the CMS, because of Windows default which should be the sapphire TEMP_FOLDER
* [rev:108193] Bypass !BasicAuth when in CLI mode so unit tests can run (regression from r104962)
* [rev:108099] Fixing default group selection in 'add member' dialog (in !MemberTableField) (fixes #5836)
* [rev:108096] AssetAdmin->doUpload() shows JS alert *before* triggering a page reload, as this seems to mess up TinyMCE in Firefox on subsequent page loads (fixes #5838)
* [rev:108032] Fixed CLI installation.
* [rev:108031] Don't set any dev servers by default, host-based dev-server selection is unreliable.
* [rev:108030] Don't allow reinstalling without first making the user manually delete mysite/_config.php
* [rev:108029] Don't allow direct access to PHP files in mysite module.
* [rev:108028] Don't allow direct access to PHP files in cms module.
* [rev:108027] Don't have any host-based dev servers set by default.
* [rev:108026] Don't allow reinstalling without first making the user manually delete mysite/_config.php
* [rev:108023] Don't allow direct access to PHP files in sapphire module, except for main.php and static-main.php
* [rev:108001] #5833 Duplicate IDs when two similar date formats in Member_!DatetimeOptionsetField containing different delimiters (e.g / and .) replaced to an empty string
* [rev:107940] tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file
* [rev:107831] dev/build always reporting index change because of a whitespace in the index column names
* [rev:107812] Styling fixes for !DateField/!TimeField/!DatetimeField in the CMS
* [rev:107811] Added a clearing div after the date and time fields, not the best way of doing it but the only way as the overflow css trick for clearing fields doesn't work with the time dropdown
* [rev:107789] Fixed !DateField->validate() with keyed, but empty array values
* [rev:107786] Using actual date format settings in !DateField/!TimeField->validate() messages
* [rev:107785] Limit 'showcalendar' javascript option to !DateField instances (rather than applying to all available)
* [rev:107585] fixed inclusion of environment file when document root is the web root
* [rev:107539] Case insensitive extension checks in File::validate() (fixes #5781, thanks simon_w)
* [rev:107537] Remove dummy entry created by Versioned if record is first written to Live stage (fixes #5596, thanks muzdowski)
* [rev:107532] Fixed Member->!PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with !MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772)
* [rev:107441] Allowing !DatetimeField->saveInto() to save a partial array notation with missing 'time' value
* [rev:107428] Added quotes for postgres
* [rev:107423] Only highlight strings more than 2 characters long. #4949
* [rev:107417] Reverted 107414, wrong patch
* [rev:107415] Allowing dev/build in "live" mode when Security::database_is_ready() returns FALSE (typically happens when an existing !SilverStripe project is upgraded and database columns in Member/Permission/Group have been added) (fixes #4957)
* [rev:107414] TableListField headings i18n translation (ticket #5742)
* [rev:107390] Added Locale hidden field to HTMLEditorField->!LinkForm() in order to show correct context in "page on the site" dropdown (fixes #5743)
* [rev:107369] Fixed spelling error of $databaseConfig in cli-script.php causing database configuration to not load (thanks aimcom!)
* [rev:107116] Undo commit to wrong place
* [rev:107115] Undo incorrect commit
* [rev:107095] check the $removeAll var before removing cache files. PATCH via ajshort (#5672)
* [rev:107090] prevented HTTPRequest->shift() throwing notices when shifting multiple elements. APICHANGE: SS_HTTPRequest->shift($multiple) no longer returns an array of size $multiple spaced with nulls, it returns an array up to the size of $multiple.
* [rev:107089] fixed notice level errors getting through
* [rev:106867] Making status description in Debug::friendlyError() compatible to HTTP 1.1 spec (removing any markup and newlines)
* [rev:106777] Re-enabling theme in !ErrorPage->doPublish() (it's usually disabled in the publication context through !LeftAndMain->init())
* [rev:106755] Stricter checking that a relation exists on !ComplexTableField::saveComplexTableField()
* [rev:106671] Fixed !ImageField->!EditFileForm() to list subclasses of Image in tree dropdown (fixes #5708, thanks keeny)
* [rev:106666] Prevent !DateField->performReadonlyTransformation() from segfaulting on PHP 5.2 due to broken __toString() casting (fixes #5713, thanks charden)
* [rev:106360] re-enable broken link notification using !BackLinkTracking() (this was broken since r101127
* [rev:106351] Apply AJShort's patch to fix !SiteConfig (trac 5671)
* [rev:106225] Checking for the same combined filename in Requirements::combine_files() to avoid irrelevant error messages
* [rev:106205] updated tests for Text
* [rev:106183] fix query error when image search doesn't use legacy search
* [rev:106154] if running in cli do not output html tags when rebuilding the db
* [rev:106122] Fixed caching of homepage.
* [rev:106121] Open help in a new tab.
* [rev:106120] Replaced Versioned's unique index definition with an array syntax.
* [rev:106096] Setting 'ID' field on CMSMain->!RootForm() so it can work with formfields that require it (fixes #5671, thanks ajshort)
* [rev:106086] image search was not honouring the selected folder, so could only search in root folder
* [rev:106082] Fixed !SiteTree::!IsModifiedOnStage() for an edge-case that was identified when deleteFromStage() stopped manipulating the current record.
* [rev:106080] Don't let deleteFromStage() kill the ID of the original record.
* [rev:106079] Add a unique index to !SiteTree_versions.RecordID+Version. Fix saving methods to support this.
* [rev:106078] Throw an exception if you try an delete an unsaved or already-deleted record
* [rev:106071] MySQLDatabaseConfigurationHelper::getVersion() will fallback to trying to get the version using a query if mysql_get_server_info() returns nothing
* [rev:105907] fixed phpunit directive
* [rev:105903] reverted revision 105890 to fix build
* [rev:105889] invalid use of @covers annotation
* [rev:105876] TableListField_Item::!SelectOptionClasses() can not use it parent protected variable.
* [rev:105875] rollback r105858 which introducesa bug
* [rev:105872] updated select options classes to work with the dataobjectset returned by selectoptions rather than the array previously
* [rev:105868] fixed select all link using incorrect function
* [rev:105858] TableListField_Item::!SelectOptionClasses() can use it parent protected variable.
* [rev:105833] fixed incorrect include path
* [rev:105732] validate file in import from CSV form
* [rev:105726] If database version can't be determined, just use the database adapter class
* [rev:105711] Install now supports sending database version if available from the helper
* [rev:105705] ss2stat URL not generated correctly (has NULL values)
* [rev:105668] Moved !SiteTree->ParentID property to Hierarchy extension (fixes #5638)
* [rev:105667] More specific regex in Requirements->includeInHTML() to avoid duplicating information by matching HTML5-style <header> tags instead of <head> (fixes #5640)
* [rev:105665] Can't set width or height on !MemberTableField popup (fixes #5625, thanks smurkas)
* [rev:105514] if moderation on comments is enabled then redirect the user back down to the comment section to view the message rather than trying to direct to selector which doesnt exist
* [rev:105505] avoid adding loading class to TinyMCE add link, image, flash buttons
* [rev:105468] #5349: Use TEMP_FOLDER for Zend's cache temp dir.
* [rev:105337] get_title_sql has string concat hardcoded as ||, fixed for MSSQL which uses +, fix for #5613
* [rev:105278] Stricter object type checks in !ViewableData->hasValue() and !ViewableData->XMLval(). Broke in cases when SS_HTTPResponse is returned which doesn't extend from Object, hence doesn't have an exist() method (fixes #5524, thanks hamish)
* [rev:105264] addFieldToTab segfaulting under PHP 5.2
* [rev:105225] force dateformat to en_NZ if showcalendar is enabled as calendar is compatibile with en_NZ only
* [rev:105030] Fixed correct input ID in install.js due to change in r105029
* [rev:105029] Fixed inconsistent styling of reinstall actions at the bottom of the installer, and if using IIS, warn that this will overwrite the web.config file, not .htaccess
* [rev:104995] Fixed i18nTextCollector when used with i18nEntityProvider - class manifest is now stored lowercase, which means i18n::get_owner_module() didnt work reliably
* [rev:104972] TestSession::submitForm throws proper error if form not found
* [rev:104968] Requiring CMS_ACCESS_!CommentAdmin instead of ADMIN permissions in !PageCommentInterface and !CommentAdmin administrative actions
* [rev:104962] Fixed bug in basicauth failover to session member.
* [rev:104962] Don't use session member for test site protection feature.
* [rev:104847] catch case of plugin not returning translations for the locale
* [rev:104793] Installer now checks the database version AFTER it has determined a connection can be established, which some databases require first
* [rev:104793] Database version check failures are now a warning, so a user can install at their own risk
* [rev:104745] after reset password, the site redirect to non-exisit page (SC #1)
* [rev:104720] Fixed installation problem where version error didn't show
* [rev:104679] Make URLs lowercase
* [rev:104678] Fixed Translatable::canEdit() to suit new permission customisation scheme
* [rev:104675] Prevent !DataDifferencer from creating empty `<ins />` and `<del />` takes that confuse the browser.
* [rev:104672] Make !RsyncMultiHostPublisher protected; give default value.
* [rev:104670] Director::test() shouldn't break if $_SESSION isn't set.
* [rev:104666] Removed references to php5 binary in Makefile
* [rev:104608] check if a request is present before using it to prevent undefined errors
* [rev:104581] Generate stage/live links using Controller::join_links() instead of string concatenation.
* [rev:104580] Fixed Controller::join_links() handling of fragment identifiers
* [rev:104552] when using custom Member title, the join was failing - it had wrong parameters. Now changed to correctly handle the ansi sql join for all Member columns.
* [rev:104533] Fix !ModelAdmin Import hang (ticket 5569)
* [rev:104468] When finding an old page in the 404 handler, favour existing subpages over historical ones.
* [rev:104463] Fix legacy URL redirection for pre-nestedurls URLs, after it has been enabled.
* [rev:104436] Removed erroneous default config for unused templates module.
* [rev:104403] Wrong HTML syntax in !LeftAndMain.ss (fixes #5552, thanks simon_w)
### Minor changes
* [rev:108246] Removed unncessary end PHP tag from cms/_config.php
* [rev:108208] Disallowing more potentially active file extensions in mysite/.htaccess
* [rev:108207] Disallowing more potentially active file extensions in cms/.htaccess
* [rev:108206] Disallowing more potentially active file extensions in cms/.htaccess
* [rev:108196] Removed debug
* [rev:108049] Added warning about Director::set_dev_servers()
* [rev:108048] Documentation in CSVBulkLoader
* [rev:108025] Added test for #5662 (calling delete twice)
* [rev:108002] Fixed incorrect word "colon" with "dot"
* [rev:107878] Updated translations
* [rev:107876] Updated translations
* [rev:107838] Reverted r107831
* [rev:107789] Fixed !DateField/!TimeField validation message translation (wrong sprintf() nesting)
* [rev:107787] Fixed !TimeField validation _t() entity name
* [rev:107784] Disabled 'showcalendar' option on CMSMain->!SiteTreeFilterDateField() - it causes the CMS to load jQuery UI javascript just for this (rarely used field). To be re-enabled once we work with jQuery UI on a broader scale.
* [rev:107726] Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc
* [rev:107725] Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc
* [rev:107586] removed whitespace
* [rev:107525] Removed debug code in !MemberTableField
* [rev:107442] Fixed !DatetimeField display in cms
* [rev:107442] Removed obsolete .calendardate styles from cms_right.css
* [rev:107440] Using Google CDN for jQuery dependencies in !FileIFrameField
* [rev:107437] Better error handling in i18n::get_language_name()
* [rev:107430] Fixed Documentation
* [rev:107415] Using Object::create() in !DevelopmentAdmin to make objects mockable
* [rev:107400] Documentation in !DataObjectSet
* [rev:107394] Changed "no_NO" locale for Norwegian into the more commonly used "nb_NO" in i18n class, meaning translations from translate.silverstripe.com can actually be selected now (fixes #5746)
* [rev:107366] Tweaking of installer text to avoid misleading information about "exists" when there's actually an error
* [rev:107307] Reverted r107305
* [rev:107305] Code formatting fix for setting Member locale in !LeftAndMain::init()
* [rev:107276] Checking that Folder::findOrMake() can create an assets/assets/ folder
* [rev:107275] Using Filesystem::makeFolder() instead of mkdir() in Folder for file operations
* [rev:107274] Better presentation of extension error message in File and !UploadValidator
* [rev:107273] Added unit tests to !FileTest and !FolderTest (some of them copied from !FileTest, to test Folder behaviour separately)
* [rev:107272] Changed !ImageTest to use fixture files located in assets/ folder, the filesystem API doesn't support Folder objects with "sapphire/..." paths, which leads to inconsistent results
* [rev:107271] Making !FileTest->setUp()/tearDown() more resilient against in-test file/folder renames
* [rev:107270] More identifiable file naming in !FileTest
* [rev:107269] Using File::get_file_extension() instead of substr() magic in File->setName()
* [rev:107269] Using exceptions instead of user_error() in File->setName()
* [rev:107268] Avoiding duplication by using existing getFullPath() in File->getAbsoluteURL()
* [rev:107267] Made File::get_file_extension() more readable, and added unit test
* [rev:107266] Removed File->setField(), doesn't have any overloaded functionality
* [rev:107265] Documentation in File and Folder class
* [rev:107214] updated generator tag URL
* [rev:107175] force exclusive connection
* [rev:107104] Added initial docs
* [rev:107030] return false rather than error out in case SS_Query:: is not a resource
* [rev:106938] mysql_fetch_row() expects resource, this will fatal if query was e.g. UPDATE when iterating a result because !MySQLQuery::nextRecord() is used by Iterator::valid() and !MySQLQuery:: is bool in this case
* [rev:106876] Making $Email available in Security_passwordsent.ss template (fixes #5737)
* [rev:106805] Added !FileTest->testValidateExtension() (related to #5693)
* [rev:106804] Documentation
* [rev:106777] Reverted r88633, it breaks <base> tag in static HTML for !ErrorPage->doPublish()
* [rev:106694] Removed trailing slash in BackURL, fixed error message sentence structure in !PageCommentInterface.ss (fixes #5520)
* [rev:106687] Fixed hardcoded error message in !PasswordValidator (fixes #5734)
* [rev:106687] Added !PasswordValidatorTest
* [rev:106568] Provide a default message for FIELDISREQUIRED
* [rev:106313] Correct typo in comments
* [rev:106248] Made CMSMainTest more resilient against database ID changes (Postgres doesn't have auto-increment resets across tests at the moment)
* [rev:106190] Fixed memory limit setting in !SapphireTest (regression from r106128)
* [rev:106187] Better checking of safe_mode in !MemoryLimitTest
* [rev:106180] Add comments for !ThumbnailStripField
* [rev:106156] Don't run memory limit tests in safe mode,
* [rev:106128] Preserve memory_limit between tests (for better PHP5.1 behaviour)
* [rev:106119] Added test for Database::hasTable().
* [rev:106090] Fixed test that required a separate Page table.
* [rev:106083] Removed db/build legacy wording in !DevelopmentAdmin (fixes #5676)
* [rev:106081] Added test for #5657
* [rev:105985] add text/plain to the list of accepted mime types
* [rev:105912] Better error handling in Form::__construct() (fixes #5649)
* [rev:105732] Clear DB checkbox unchecked by default
* [rev:105517] Installer should not repeat "Could not determine your database version" twice in slightly varied words
* [rev:105516] Show better message if couldn't find MySQL version in !MySQLDatabaseConfigurationHelper
* [rev:105305] More solid markup testing in !TableListFieldTest through xpath
* [rev:105297] Fixed !TableListFieldTest->testSelectOptionsRendering()
* [rev:105282] Using ASSETS_DIR and THEMES_DIR constant in Image, !ManifestBuilder, Requirements, File (fixes #5619)
* [rev:105281] Using ASSETS_DIR constant in !StaticPublisher (fixes #5619)
* [rev:105277] Translations
* [rev:105276] Translations
* [rev:105274] Reverted r105264, breaks !CompositeFieldTest, !FieldSetTest, !TranslatableTest
* [rev:105273] Updated !TableListField sublcass template to work with new !TableListField->!SelectOptions() setting
* [rev:105272] Fixed _t() call in !PageCommentInterface.ss
* [rev:105270] missing slash / from Requirements::css() parameter
* [rev:105267] Removed jquery.livequery as a Requirement from !LeftAndMain.php, its only necessary in !SecurityAdmin for !MemberImportForm.js now.
* [rev:105198] Fixed fixture location for !DbDatetimeTest
* [rev:105196] Added !DbDatetimeTest cases to sapphire (these were previously in the sqlite3 module, but they actually test core Database functionality)
* [rev:105188] Documentation
* [rev:105139] increased height of the todo text field in the cms
* [rev:105027] Checking for headers_sent() before setting cookies in Versioned::choose_site_stage() to avoid problems with URL parameters like showqueries=1 and !ContentController calling choose_site_stage() (fixes #5557)
* [rev:105011] Documentation
* [rev:105009] Documentation
* [rev:105005] Documentation
* [rev:104996] Documentation
* [rev:104993] Language master file
* [rev:104992] Removed duplicated code in i18nTextCollector, more defensive checks for get_owner_module()
* [rev:104980] Added translations for !BrokenLinksReport, !ReportAdminForm.ss, !AssetTableField.ss (fixes #5527, thanks Martimiz)
* [rev:104978] Allowing translation of "save" button in !SiteConfig->getCMSActions()
* [rev:104970] Translations in !PageCommentInterface.ss (fixes #5598, thanks Pike)
* [rev:104924] Reverted r104923, as current database releases of mssql and sqlite3 modules don't support this yet
* [rev:104883] Fixed hidden mbstring reliance in !SiteTree->generateURLSegment() (broken in r104679)
* [rev:104835] Save and restore lang state in test
* [rev:104798] Fixed !SiteTreeTest and !SiteTreePermissionsTest to work alongside subsites module (!SiteTreeSubsites changes the canEdit() behaviour)
* [rev:104796] Fixed !SiteConfigTest to work alongsite subsites module (!SiteTreeSubsites changes the canEdit() behaviour)
* [rev:104795] Documentation
* [rev:104769] Documentation
* [rev:104767] Documentation
* [rev:104733] fixed umlauts
* [rev:104711] Added !DirectorTest->testURLParam() and !DirectorTest->testURLParams()
* [rev:104710] Installing screen now has a page title called "Installing !SilverStripe..." instead of "PHP 5 is required"
* [rev:104709] Removed double returns in installer (redundant code)
* [rev:104708] Renamed checkdatabase method to checkDatabase to be consistent
* [rev:104705] Show install MySQL version at 5.0+ as 4.1 does not work properly with !SilverStripe
* [rev:104704] Tweaks to positioning of help text in installer
* [rev:104682] fixed api doc
* [rev:104636] added illustrator formats to the allowed extensions.
* [rev:104610] Documentation
* [rev:104598] Fixed wrong _t() notation in !ChangePasswordForm (broken in r103226 and r104596)
* [rev:104596] Making strings in !ContentControllerSearchExtension translatable
* [rev:104594] Defensive coding in !MigrateSiteTreeLinkingTask
* [rev:104490] Removed !ForumAdmin.js which shouldn't belong in the CMS module
* [rev:104483] Documentation
* [rev:104404] Documentation
* [rev:104402] Documentation
* [rev:104158] Documentation migrated from doc.ss.org
* [rev:104157] Migrated various API-style documentation from doc.ss.org
### Other
* [rev:105057] MINOT Translation in !SiteTree (#5603, thanks Pike)
* [rev:104674] ENHANCMENT: !RsyncMultiHostPublisher also rsyncs sapphire/static-main.php.
* [rev:104668] Sake fix: look for php binary before php5, to prevent errors on CentOS and Cygwin.
* [rev:104667] Added explicit bash handler to sake
* [rev:104442] Multi-use redemption page created
<code>./sscreatechangelog --version 2.4.1 --branch branches/2.4 --stopbranch tags/2.4.0</code>

View File

@ -1,42 +0,0 @@
# 2.4.10 (2013-02-19)
## Overview
* Security: Undefined `$allowed_actions` overrides parent definitions
* API: More restrictive `$allowed_actions` checks for `Controller` when used with `Extension`
## Details
### Security: Undefined `$allowed_actions` overrides parent definitions
Severity: Important
Description: `Controller` (and subclasses) failed to enforce `$allowed_action` restrictions
on parent classes if a child class didn't have it explicitly defined.
Impact: Depends on the used controller code. For any method with public visibility,
the flaw can expose the return value of the method (unless it fails due to wrong arguments).
It can also lead to unauthorized or unintended execution of logic, e.g. modifying the
state of a database record.
Fix: Apply the 2.4.10 update. In addition, we strongly recommend to define `$allowed_actions`
on all controller classes to ensure the intentions are clearly communicated.
### API: More restrictive `$allowed_actions` checks for `Controller` when used with `Extension`
Controllers which are extended with `$allowed_actions` (through an `Extension`)
now deny access to methods defined on the controller, unless this class also has them in its own
`$allowed_actions` definition.
## Changelog
### API Changes
* 2013-02-15 [2352317](https://github.com/silverstripe/silverstripe-installer/commit/2352317) Filter composer files in IIS and Apache rules (fixes #8011) (Ingo Schommer)
* 2013-02-12 [45c68d6] Require ADMIN for ?showtemplate=1 (Ingo Schommer)
### Bugfixes
* 2013-02-17 [c7b0666](https://github.com/silverstripe/silverstripe-cms/commit/c7b0666) Escape page titles in CommentAdmin table listing (Ingo Schommer)
* 2013-01-15 [50995fb] Undefined `$allowed_actions` overrides parent definitions, stricter handling of $allowed_actions on Extension (Ingo Schommer)
* 2013-01-06 [eecd348] Keep Member.PasswordEncryption setting on empty passwords (Ingo Schommer)

View File

@ -1,159 +0,0 @@
# 2.4.2 (2010-09-22)
* Fixed a security issue where pages in draft mode might be visible to unauthenticated users
* Fixed a security issue where users with access to admin/security (but limited privileges) can take over a known administrator account by changing its password
* Allow Apache webserver to customised error pages in HTML, rather than Apache default styling
* Testing harness improvements: More verbose testing output, fixed coverage report generation
* Fixed installer logic for SQLite database drivers
* All unit tests pass on Windows OS/SQL Server
* Over 100 other improvements and bugfixes
## Changelogs
### Features and Enhancements
* [110757] added the ability to toggle the use draft site setting
* [110467] #5977 Added optional argument to !ClassInfo::getValidSubClasses() and removed harcoded !SiteTree
* [110211] disable basic auth by default, tests run on the assumption it is disabled.
* [109104] Added -v / --verbose option to dev/tests/*, to make it output every single test name before it starts that test.
* [109101] Session::set_cookie_path() and Session::set_cookie_domain() are now possible. This is useful for sharing cookies across all subdomains, for example.
* [108942] make !RestfulService support PUT method.
* [108663] ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages
* [108644] #3828 500 server error page is created by default on dev/build
* [108499] New Member records are populated with the currently set default through i18n::set_locale()
* [108437] Restful service returns cached response on http and curl errors
* [108428] #2856 Limiting of relative URLs for Director::forceSSL() using a map of PCRE regular expressions
* [108418] Added argument to SQLQuery->leftJoin()/innerJoin() (#5802, thanks stojg)
* [108417] Full-text search with double quotes returns too many results. ticket #5733. Thanks ktauber.
### API Changes
* [110856] Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_!SecurityAdmin permissions tries to edit an ADMIN (fixes #5651)
* [109156] #5873 !DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use !DataObjectSet::unshift($item) if unshifting was intended!
* [109156] Added !DataObjectSet::pop()
* [109103] Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site
### Bugfixes
* [110944] Fixed column names that were not quoted that broke PostgreSQL
* [110914] Fixed double quotes around column names in Versioned::augmentDatabase()
* [110901] delete orphaned records from versioned tables when updating. #5936
* [110894] Protect !MemberTest from side effects caused by auth_openid and forum modules
* [110889] Respecting field specific locale settings in !DatetimeField and !DateField when validating and saving values (fixes #5931, thanks Tjofras)
* [110859] Disallow addition of members to groups with !MemberTableField->addtogroup() when the editing member doesn't have permissions on the added member
* [110858] Don't suggest members in !SecurityAdmin->autocomplete() that the current user doesn't have rights to edit (fixes #5651)
* [110857] Enforcing canEdit() checks in !ComplexTableField_Popup - making form readonly if the current user can't edit
* [110838] Case insensitive !DateField value navigation (fixes #5990, thanks gw0(
* [110835] Passing $name in !MoneyField->!FieldCurrency() (fixes #5982, thanks andersw)
* [110809] Removing "typography" class from HTMLEditorField container (should just apply to the contained `<iframe>`) (fixes #5949)
* [110808] Allowing $extraClass on !CheckboxField !FieldHolder (fixes #5939, thanks mobiusnz)
* [110759] ensure that pages can only be requested from staging and live
* [110463] Fixed boundary PHP notice case in !RequiredFields::php() where a field name may not be defined in the $data array when a Form is submitted
* [110439] #5811 Fixed default selection of root node when CMS first opened (no currentPage set in session)
* [110262] fix !TranslatableSearchFormText by supporting fulltext search for MSSQL and using extendedSQL function call that augments queries properly (previously it was using DB::query which does not augment). Added wait to !TranslatableSearchFormText so the test actually passes.
* [110197] MigrateSiteTreeLinkingTask now takes a direct map when querying the page tracked links instead of looping through the direct result set. This fixes SQL Server failing when MARS (Multiple Active Result Sets) is disabled
* [110165] Fixed missing "Save" action input label on !ComplexTableField popup form
* [110130] force the test to wait until indexing completes. Do not use stop words ('me')
* [109834] BasicAuthTests fail when Member's unique_identifier_field is anything except the default of Email
* [109714] disable basic auth for the restful controller test
* [109712] makeRelative would return "false" for the root path, empty string is expected - fix that
* [109712] change the check in forceSSL to work on Windows - it sets the $_SERVER['https'] to off, instead of null
* [109591] getItem didn't consider the PostgreSQL SQL syntax. Columns with Capital letters must be quoted. Added quotes to the where clause in getItem. I didn't added quotes to the baseTable because it causes PostgreSQL errors (tables can not be double quoted, just single quoted).
* [109168] $val is now cast as an int to prevent strings always returning true (YES)
* [109155] Validator::requiredField() should check the required field submitted value is an array before check strlen(). Some fields submitted as an array, e.g. !MoneyField
* [109128] Remove () that was breaking coverage report
* [109106] sort order of widgets is now fixed.
* [109102] Themed permissionFailure messages
* [109083] Group::getCMSFields() should use Tab instances with a fixed name instead of translated one, leaving the translation for the tab title instead
* [109082] SiteTree decorated canView() checks not being passed through to !SiteTree::canView()
* [109081] StringField::setNullifyEmpty() should assign the given value boolean, not evaluate whether it's true or not
* [109079] Count() call on a non-object in File::!BackLinkTrackingCount()
* [109063] Fixed File::getAbsoluteURL() absolute generation
* [109062] File::getAbsoluteURL() should return a URL, not a filesystem path
* [108887] CSVBulkLoader import method now no longer requires files to end in '.csv'. Some projects want to import files in CSV format, but not of csv file type.
* [108811] Added specific border case for array form data in !RequiredFields::php()
* [108792] Fixed validation to accept arrays (!FileField case)
* [108633] NumericField javascript does not accept negatives, make use of isNaN built-in javascript function instead of custom regex
* [108515] #5627 Clear session on logout
* [108513] EMAIL_BOUNCEHANDLER_KEY cannot be defined
* [108512] Validator/!RequiredFields should not regard "0" as an empty value
* [108509] SapphireTest::create_temp_db() should restore the SS error handler from the PHPUnit one temporarily in case there's any errors building
* [108492] Undefined variable destURL in Director::forceWWW() (regression from r107094)
* [108436] Checking for existence of $('!SwitchView') (fixes #5282)
* [108432] Database password input in installer should be password, so that the password is obfuscated when input
* [108427] Take note of output format when building Location header for !RestfulServer
* [108422] CurrencyField doesn't accept negative value (#5769, thanks simon_w)
* [108421] Fixed !ContentNegotiator to handle HTML and XHTML base tags properly when converting, regression from r108413
* [108413] #5855 SSViewer::get_base_tag() should produce a properly closed base tag for XHTML (thanks smorris!)
* [108409] #5862 JSON output of JSONDataFormatter now uses quotes for keys to be safer
* [108408] Member_!ProfileForm should fallback to english text for save button if no translation defined for current language
* [108407] #5852 Missing translation for !SecurityAdmin save button causes it to have no text, should default to english "Save"
* [108400] Undefined variable when calling !DataObject::many_many_extraFields() and relation name couldn't be found for the component
* [108399] DataObjects without the Versioned decorator cannot have a "Version" field. ticket #5775. Thanks ajshort
* [108397] Added condition to avoid error creating "!PastMember" cookie on dev/build (ticket #5780) Thanks simon_w
* [108396] Applied/edited paradigmincarnate's patch to quote plaintext email with htmlEmail (#5120)
### Minor changes
* [110847] Documentation
* [110837] Check in !TableListField->!HighlightClasses() (fixes #5993, thanks lx)
* [110836] Avoid using ASP-style tags in SSViewer comments, it confuses PHP with asp_tags=ON (fixes #5976, thanks ezero)
* [110440] Warning about install.php existing for root site tree node as well (!SiteConfig form)
* [110435] German translations for cms javascript (#5921, thanks bartlomiej)
* [110243] added missing closing tag
* [110205] Make dev/build not constantly show a changed index because of whitespace between VersionID and Version in the index spec
* [110200] Removed removeDuplicates() call on linked pages !DataObjectSet in !MigrateSiteTreeLinkingTask which is no longer required, as the duplicate results were fixed in !DataObject directly
* [110190] only call next() in iterator validation on initialisation or after reset NOT if current value is invalid
* [109788] repair installer for sqlite
* [109787] repair installer for sqlite
* [109405] neatly quote identifiers
* [109382] return a fail instead of an error
* [109334] Remove whitespace if Surname field set on Member, but not !FirstName
* [109333] Tests for Member::getName() and Member::setName()
* [109330] trim space off end of firstname if surname is not set. #5925
* [109274] CSSContentParser::__construct() now gives a better error if the content could not be parsed. This will mostly happen if tidy isn't present.
* [109165] phpDoc updates for SS_!LogFileWriter and SS_!LogEmailWriter
* [109156] Unit tests for !DataObjectSet::shift(), !DataObjectSet::unshift() and !DataObjectSet::pop()
* [109152] Doc update for Director::forceSSL()
* [109127] Applied patch from walec51 for <% control %> on empty set (#5579) Also added unit tests by ischommer
* [109105] Fix links etc, and remove www. from SS urls
* [109100] Clear out the test database in between each salad scenario.
* [109066] Added tests for File::getURL() and File::getAbsoluteURL()
* [108961] remove SQL table alias keyword AS
* [108666] Fixed tests not working on the web side as redirection to https would occur
* [108665] Fixed !DirectorTest to restore it's REQUEST_URI state to the original one after each test method is run
* [108640] allow $icon to be overridden on !ErrorPages. PATCH via martljn (#5875).
* [108571] Changed unknown web server text
* [108570] Allow checking for a specific IIS version (parameter to !InstallRequirements::isIIS())
* [108569] Removed double up of similar logic in !InstallRequirements
* [108568] Simplified discovery of webserver during install
* [108561] Removed unncessary isset() check
* [108559] Add some documentation to !LeftAndMain_right.js
* [108546] Removed command line functionality from installer which is no longer used
* [108518] Fixed failing test as session being set before logging out and losing BackURL
* [108500] Fixed failing tests because of locale not being set to the default in !SapphireTest::setUp()
* [108442] Translations in CMSMain_left.ss
* [108441] Making "todo" tab title translatable
* [108435] Fixed Director::forceSSL() breaking unit tests because headers were already sent
* [108434] Reverted r108433
* [108433] DirectorTest should not extend from !FunctionalTest (regression from r108428)
* [108376] Add trailing slash to image tag (thanks to mattclegg)
* [108375] Cross-referencing some documentation
### Other
* [110241] #5870 Block web requests to silverstripe-cache directory via htaccess !RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x
* [109177] Revert "MINOR: Applied patch from walec51 for <% control %> on empty set (#5579) Also added unit tests by ischommer"
* [109177] This was not supposed to be pushed out yet.
* [109177]
* [109177] This reverts commit 9c2aafa414948314236674e31fd756797d695139.
* [109163] Revert "BUGFIX: sort order of widgets is now fixed."
* [109163]
* [109163] This reverts commit 1e7781ba2b8ac30333a20d9a1b0bcb9b4ba5b0b0.
* [109099] Added dev/tests/emptydb to clear out test session databases.
* [108417] Using htmlentities($keywords,ENT_NOQUOTES) instead of proposed solution

View File

@ -1,350 +0,0 @@
# 2.4.3 (2010-11-11)
## Overview
* Fixed a security issue where destructive controller actions are not correctly secured against Cross-Site Request Forgery (CSRF). This affects various CMS interfaces, as well as classes based on TableListField or ComplexTableField.
* Enhance the protection of the assets/ directory in both IIS and Apache by including a file type whitelist.
* Compatibility with PHPUnit 3.5
* Allow direct test execution through the "phpunit" binary, in addition to the existing "sake" executable and TestRunner class.
* Misc. fixes to validation in date-based form fields, as well as better formatting of dates in non-default locales.
## Upgrading Notes
### Important: If you are running PHP as FastCGI with Apache
Your development environment, or production web host may be running PHP as FastCGI with Apache. If this is the case,
there is a regression in 2.4.3 which will break your site. There are two ways to resolve this problem:
- Don't upgrade to 2.4.3 for now, until 2.4.4 is released
- Patch the assets/.htaccess file like this: http://open.silverstripe.org/changeset/113809
This does **NOT** affect IIS, or other web servers that don't understand .htaccess files.
If you're not sure whether PHP is running as FastCGI in your server environment, please check the output of phpinfo().
The easiest way to do this is to open mysite/_config.php and add phpinfo() to the bottom of the file, then browse to
your site to see the environment information.
Forum references of where the community have had issues:
* http://silverstripe.org/installing-silverstripe/show/14878
* http://www.silverstripe.org/general-questions/show/14861
### Important: Add manual request forgery protection to destructive controller actions
Cross Site Request Forgery (CSRF) allows an attacker to initiate unauthorized actions against a victim with a valid
login to a target site in the same browser session, e.g. a login to SilverStripe CMS ([read more about
CSRF](http://shiflett.org/articles/cross-site-request-forgeries)).
While SilverStripe protects form submissions from CSRF automatically, destructive GET and POST actions in subclasses of
*Controller* are vulnerable without manual checks.
**You will need to review any custom subclasses of *RequestHandler* and *Controller* (including subclasses of
*FormField*), and add manual checks.** Best practice is to return a "400 Bad Request" HTTP error when the CSRF check
fails.
Also review the method signatures of any form actions - these are only protected automatically with the correct count of
parameters (//$data, $form// instead of *$request*).
:::php
// Form field actions
class MyFormField extends FormField {
// Form fields always have a reference to their form.
// Use the form-specific token instance.
function delete($request) {
$token = $this->getForm()->getSecurityToken();
if(!$token->checkRequest($request)) return $this->httpError(400);
// valid form field delete action
}
}
// Controller actions (GET and POST) without form
class MyController extends Controller {
// Manually adds token to link
function DeleteLink() {
$token = SecurityToken::inst();
$link = Controller::join_links($this->Link(), 'delete');
// will add "?SecurityID=`<random value>`"
$link = $token->addToUrl($link);
return $link;
}
// Controller actions pass through the request object,
// not called through a form.
// Use a global token instance.
function delete(SS_HTTPRequest $request) {
$token = SecurityToken::inst();
if(!$token->checkRequest($request)) return $this->httpError(400);
// valid controller delete action
}
}
// Controller actions (GET and POST) with form
class MyController extends Controller {
// Forms have CSRF protection turned on by default,
// will add a HiddenField instance called "SecurityID"
function Form() {
return new Form(
$this, 'Form', new FieldSet(), new FieldSet(new FormAction('submit'))
);
}
// Form->httpSubmission() checks for CSRF automatically,
// but you need to include both parameters in the method signature.
function submit($data, Form $form) {
// valid submit action
}
}
Note: It is regarded as good practice in HTTP to only have destructive actions in POST submissions rather than GET
links.
If you have overwritten any CMS templates (based on LeftAndMain), you will need to update them to include "SecurityID"
parameter in all manually created forms.
Affected classes and methods:
* AssetAdmin->addfolder()
* AssetAdmin->deletefolder()
* AssetAdmin->deleteunusedthumbnails()
* AssetAdmin->removefile()
* AssetTableField
* CMSMain->addpage()
* CMSMain->buildbrokenlinks()
* CMSMain->createtranslation()
* CMSMain->duplicate()
* CMSMain->duplicatewithchildren()
* CMSMain->publishall()
* CMSMain->restore()
* CMSMain->rollback()
* CMSMain->unpublish()
* CommentTableField
* ComplexTableField
* LeftAndMain->ajaxupdateparent()
* LeftAndMain->ajaxupdatesort()
* LeftAndMain->deleteitems()
* MemberTableField
* MemberTableField->addtogroup()
* MemberTableField->delete()
* MemberTableField_ItemRequest->delete()
* PageComment
* PageComment_Controller
* SecurityAdmin->addgroup()
* SecurityAdmin->addmember()
* SecurityAdmin->MemberForm()
* SecurityAdmin->removememberfromgroup()
* SecurityAdmin->savemember()
* TableListField
### Usage of Controller::join_links() to concatenate links now mandatory
The `[api:Controller::join_links()]` method
to create links within SilverStripe controllers is now mandatory. This method ensures that links with existing GET
parameters don't break through string concatenation.
:::php
// bad
$link = $this->Link() . 'export?csv=1';
// good
$link = Controller::join_links($this->Link(), 'export', '?csv=1');
Full controller example:
:::php
class MyController extends Controller {
function export($request) {
// ...
}
function Link($action = null) {
return Controller::join_links('MyController', $action);
}
function ExportLink() {
return Controller::join_links($this->Link('export'), '?csv=1');
}
}
Using this method is particularly important for any custom
`[api:TableListField]` or
`[api:ComplexTableField]` subclasses and any
`[api:LeftAndMain]` subclass for the CMS UI. These classes in
particular were refactored to secure destructive links against Cross Site Request Forgery (CSRF). This is achieved via a
mandatory "SecurityID" GET parameter appended to the base link.
### Auto-disabled "SecurityID" field in FunctionalTest
"SecurityID" tokens are now disabled by default in unit tests, to make form submissions easier.
You can manually enable security tokens, either globally or for a specific form.
:::php
class MyTest extends SapphireTest {
// option 1: enable for all forms created through this test
function setUp() {
parent::setUp();
SecurityToken::enable();
}
// option 2: enable for one specific form
function testMyForm() {
$form = new MyForm();
$form->enableSecurityToken();
}
}
## 2.4.3 Changelog
### Features and Enhancements
* [rev:113420] Validation for uploaded files
* [rev:113284] Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken()
* [rev:113272] Added !SecurityToken to wrap CSRF protection via "SecurityID" request parameter
* [rev:112272] MySQLDatabase::renameField() no longer checks that the field exists in fieldList(). alterField() does no such check, so it should be consistent. Removing this should provide a small performance improvement as well
* [rev:111915] Added localisation for batch actions in javascript + translations
* [rev:111891] #4903 !MemberLoginForm field for "You are logged in as %s" message customisation (thanks walec51!)
* [rev:111887] #3775 Added getter to GD so you can retrieve the internal GD resource being used. Made setGD public so you can override the GD yourself as well
* [rev:111873] Show "Database Configuration" section of installer requirements for reference (collapsed by default)
* [rev:111868] MySQLDatabase::getVersion() now uses mysql_get_server_info() which has been supported since PHP 4. This gives us a better version than say "5.1", instead we now get something like "5.1.51"
* [rev:111850] Make use of mysql_get_server_info() when calling MSSQLDatabase::getVersion(), if there's a problem getting info this way, falls back to using query for VERSION() details
* [rev:111828] 6017 - Configurable help link
* [rev:111495] Making "sake" script more portable by using "/usr/bin/env" shebang instead of "/bin/bash" (fixes #6045, thanks sychan)
* [rev:111489] Added "module=" argument to !FullTestSuite (to support comma-separated module lists)
* [rev:111449] allow !PageCommentForm to store all users data, rather than hardcoding the fields
* [rev:111443] simple extend hook for !PageCommentForms. Temporary measure till #6053 is implemented
* [rev:111086] #6023 Shorten SSViewer cached template path for readability of the filenames, and also so Windows doesn't break on long paths
* [rev:111050] Added custom test listener for PHPUnit in order to call setUpOnce() and tearDownOnce() on !SapphireTest
* [rev:111048] Allowing to run single tests via phpunit through new test bootstrap XML file (e.g. "phpunit sapphire/tests/api/!RestfulServerTest.php" or "phpunit sapphire/tests/api")
* [rev:111045] Added !FullTestSuite.php, so that you can test by running "phpunit sapphire/tests/!FullTestSuite".
* [rev:111041] refactored runTests, using the new phpunit wrapper classes.
* [rev:111039] Created a phpunit wrapper class to ensure that Sapphire's test framework is capable of running unit tests, coverage report and retrieve clover-statistics for PHPUnit 3.4 and PHPUnit 3.5
### API Changes
* [rev:113282] Fixed various controllers to enforce CSRF protection through Form_!SecurityToken on GET actions that are not routed through Form->httpSubmission(): !AssetAdmin, CMSBatchActionHandler, CMSMain, !CommentTableField, !LeftAndMain, !MemberTableField, !PageComment, !PageComment_Controller
* [rev:113275] Added security token to !TableListField->Link() in order to include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection
### Bugfixes
* [rev:113590] ErrorPage::requireDefaultRecords() case where no assets directory causes an fopen() error. Ensure assets directory is created before attempting to write error page files
* [rev:113419] Better checking of file validity (#6093) Thanks Pigeon
* [rev:113295] Ensure that !SearchForm searchEngine() call properly escapes the Relevance field for ANSI compliance
* [rev:113277] Clear static marking caches on Hierarchy->flushCache()
* [rev:113276] Fixed !ComplexTableField and !TableListField GET actions against CSRF attacks (with Form_!SecurityToken->checkRequest())
* [rev:113273] Using current controller for !MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group)
* [rev:113249] ModelViewer doesn't work due to minor bug introduced by making $_CLASS_MANIFEST keys lowercase (fixes #6144, thanks daniel.lindkvist)
* [rev:113247] Fixed month conversion in !DateField_View_JQuery::convert_iso_to_jquery_format() (fixes #6124, thanks mbren and natmchugh)
* [rev:113193] removed taiwans province of china
* [rev:113157] Add PHPUnit includes to !SapphireTest? class (can be loaded outside of !TestRunner? for static calls, in which case the PHPUnit autoloaders/includes aren't in place yet) (merged from r113156)
* [rev:113107] Use correct language code for jquery-ui date picker for en_US
* [rev:112961] Don't include web.config in the assets tracked in the File table.
* [rev:112288] Renamed !MySQLQuery::__destroy() renamed to __destruct() so that it is called properly after the object is destroyed
* [rev:112258] one more requirement switched to SSL
* [rev:111949] Ensure that \r carriage return characters get stripped out before setting content in HTMLValue::setContent(). DOMDocument will transform these into &#13 entities, which is apparently XML spec, but not necessary for us as we're using HTML
* [rev:111932] #6089 Avoid javascript error when "Allow drag & drop reordering" enabled, and attempt to drag a file from one folder to another is performed
* [rev:111914] #6096 RSSFeed::feedContent() restores previous state of SSViewer::get_source_file_comments() after temporarily disabling it (thanks paradigmincarnate!)
* [rev:111898] Filesystem::removeFolder() did not remove files that ended with a "." when this is a valid file. Remove the regex and replace with specific case for "." and ".."
* [rev:111890] #6066 Form::__construct() should respect hasMethod on passed in Controller instance if it's available (thanks paradigmincarnate!)
* [rev:111889] #3910 Setting timezone parameter to !MySQLDatabase::__construct() should use $this->query() to be consistent
* [rev:111878] Ensure that windows-style newlines ("\r\n") don't get converted to their XML entity representation through DOMDocument in SS_HTMLValue->setContent()
* [rev:111843] More common defaults for en_US.xml used by Zend_!DateFormat (and !DateField/!DatetimeField), with less error prone numerical format replacing the Zend default of shortened month names (fixes #6071, thanks dalesaurus)
* [rev:111843] Correct locale mapping in !DateField_View_JQuery for "en_US" and "en_NZ"
* [rev:111842] #6055 !ErrorPage should always create static error page files when dev/build is called if they don't exist
* [rev:111841] RFC 2822 compliant validation of email adresses in !EmailField->jsValidation() and !EmailField->validate() (fixes #6067, thanks paradigmincarnate)
* [rev:111772] DB::connect() should not rely on $_SESSION existing, so we check isset() to supress any warnings of undefined indexes
* [rev:111494] Changing File->Filename property from arbitrary limitation on VARCHAR (255 characters) to TEXT (65k characters) to ensure the framework can handle deeply nested filesystem trees (fixes #6015, thanks muzdowski)
* [rev:111493] Moving folder after executing Folder::findOrMake will not set the Filenames properly. Invoking updateFilesystem() in File->onAfterWrite() instead of onBeforeWrite(), and avoid caching in FIle->getRelativePath() (fixes #5994 and #5937, thanks muzdowski)
* [rev:111492] Removing overloaded !TableField->sourceItems() method, which enables features of the underlying !TableListField implementation, such as pagination and source item caching (fixed #5965, thanks martijn)
* [rev:111464] Search didn't respect searchableClasses passed to !FulltextSearchable::enable()
* [rev:111452] added validation to the page comment form
* [rev:111255] ContentController::!SiteConfig() should look to the !SiteTree record so an alternate !SiteConfig is considered, if this method doesn't exist on the data record then fall back to the default !SiteConfig
* [rev:111202] Fixed quoting and GROUP BY statement in !ManyManyComplexTableField->getQuery() for Postgres compatibility
* [rev:111176] Force tidy to avoid wrapping long lines in CSSContentParser, it breaks our !FunctionalTest string assertions
* [rev:111126] TarballArchive::extractTo() uses an incorrectly spelled argument
* [rev:111097] Fixed !PhpSyntaxTest not to rely on relative folder references (broken due to chdir() changes in cli-script.php and bootstrap.php)
* [rev:111092] Fixed regression where coverage report request did not get passed through to runTests() in !TestRunner::all()
* [rev:111091] Fixed regression of dev/tests/all running a coverage report instead of just unit tests
* [rev:111049] Unset $default_session when using Session::clear_all()
* [rev:111044] Allow execution of a test without a current controller.
* [rev:111043] Don't require a current controller for Session::get/set/etc to work.
### Minor changes
* [rev:113450] Fixed output spelling mistake and formatting in !SapphireTest::delete_all_temp_dbs()
* [rev:113430] Fixed RSSFeedTest which should put test configuration code into setUp() and tearDown() methods. If the test fails halfway through, these will get called to clean up the state
* [rev:113360] Fixed regression from r113282 for changed !SecurityToken API in CMSMain->publishall() (fixes #6159)
* [rev:113281] Removed unused !SecurityAdmin->!MemberForm() and savemember() (see !MemberTableField)
* [rev:113280] Removed unused Security->addmember() (see !MemberTableField and !SecurityAdmin->addtogroup())
* [rev:113279] Removed unused !SecurityAdmin->removememberfromgroup() (see !MemberTableField)
* [rev:113278] Removed unused !MemberList templates (see !MemberTableField)
* [rev:113274] Using !SecurityToken in !ViewableData->getSecurityID()
* [rev:113248] Javascript translations in CMSMain_right.js (fixes #6142)
* [rev:113241] Documentation
* [rev:112982] updated typo in comment for Cache.
* [rev:112962] Fix to !SapphireInfo for git-svn checkouts.
* [rev:112961] Add documentation to File::$allowed_extensions explaining that there are config files to edit in assets/
* [rev:112321] Removed "In line of " text in CLI test reporter which did not work. Details are in the backtrace below anyway, so it's not required
* [rev:112278] Reverted regression in r112272
* [rev:112254] change the requirement's link to use current protocol (we don't want messages from browsers saying the page has unsecured content, when accessing the CMS over SSL)
* [rev:111950] Comment about HTMLValue::setContent() stripping out of carriage returns
* [rev:111903] #6083 !FileTest doesn't remove test folders and files created during test
* [rev:111899] Use Filesystem::removeFolder() in !FilesystemPublisherTest::tearDown() instead of specific code to handle this
* [rev:111898] Code syntax formatting of Filesystem::removeFolder()
* [rev:111888] Moved GD::set_default_quality() function to the top of the file to align with conventions
* [rev:111883] #6090 !FilesystemPublisherTest now stores temporary files in assets, which is writable, instead of the webroot which almost never has write permissions
* [rev:111875] Enable non-default language for tinyMCE, setting language in _config.php didn't work. Thanks for @christian
* [rev:111852] Revert r111850 to !MySQLDatabase::getVersion as version comparisons need to happen, and this will strip out non-numeric characters e.g. "ubuntu1" or "lenny4" which are prefixed on some Linux distros
* [rev:111851] dev/build now shows database name and version next to "Building database ..." text
* [rev:111844] Fixed regression from r111843 (i18nText, !MemberDatetimeFieldTest, !MemberTest)
* [rev:111843] Fixed form validation message in !DateField to include actual date format, rather than a hardcoded value
* [rev:111821] Change matchesRoughly threshold slightly in !DbDatetimeTest to allow for slower database server connections
* [rev:111789] Added !FulltextSearchable::get_searchable_classes() in order to introspect currently searchable classes, added !FulltextSearchableTest, added documentation
* [rev:111788] Fixed documentation in !CheckboxSetField (fixes #6068, thanks paradigmincarnate)
* [rev:111787] Fixed documentation in Datetime (fixes #6062, thanks nicolaas)
* [rev:111786] Fixed SS_Datetime references in !BrokenLinksReport and !CommentAdmin (fixes #6063, thanks nicolaas)
* [rev:111772] Code formatting tidy of DB::connect() function
* [rev:111748] CoreTest::testGetTempPathInProject() will try to create a temp dirs when running. !CoreTest::tearDown() will now remove these temp dirs when the test finishes
* [rev:111676] #5943 Debug::text() boolean values are amended with (bool) so they don't get confused with "true" or "false" which could be strings (thanks Pigeon!)
* [rev:111669] Unit test breaks if another module or project extends Folder
* [rev:111597] Updated language master file
* [rev:111497] Fixed indentation in !PageCommentInterface.js
* [rev:111496] Fixed SQL quoting bug in !FolderTest (caused by r111493)
* [rev:111454] removed debug
* [rev:111450] removed debug
* [rev:111262] Add translation correction for Czech and add Slovakian translation in cms and sapphire (js). Thanks to @Pike
* [rev:111224] Ensuring !SiteTreeAccess.js is properly minified in live mode
* [rev:111133] Code formatting in !FullTestSuite
* [rev:111123] Spelling corrections to Director comments
* [rev:111116] PHPUnit annotations for !PhpSyntaxTest
* [rev:111053] Removing !MemberImportFormTest, breaks PHPUnit test run, and doesnt have any assertions
* [rev:111052] Documentation for constants in Core.php
* [rev:111051] Don't use chdir(), it confuses the hell out of phpunit (e.g. directory_exists() and realpath() no longer work as expected)
* [rev:111047] Fixed SSViewerTest to initialize controller properly
* [rev:111046] Remove all session data in !TestSession that might've been set by the test harness (necessary for test runs through the phpunit binary)
* [rev:111042] added phpdoc to the new PHPUnitWrapper classes.
### Other
* [rev:111880] #4029 On the fly form validation works in Opera as well
* [rev:111879] Added doc for static help_link
* [rev:111452] Fixes #2782
* [rev:111040] API-CHANGE: remove include which is not required.
* [rev:111038] ENHACENEMENT: Change behaviour of the !MenufestBuilder to use spl_autoload_register instead of traditional __autoload.
<code>sscreatechangelog --version 2.4.3 --branch branches/2.4 --stopbranch tags/2.4.2</code>

View File

@ -1,364 +0,0 @@
# 2.4.4 (2010-12-21)
## Overview
* Security: SQL information disclosure in MySQLDatabase
* Security: XSS in controller handling for missing actions
* Security: SQL injection with Translatable extension enabled
* Security: Version number information disclosure
* Security: Weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts
* Security: HTTP referer leakage on Security/changepassword
* Security: CSRF protection bypassed when handling form action requests through controller
* Improved security of PHPSESSID and byPassStaticCache cookies (setting them to 'httpOnly')
## Upgrading Notes
### If you're using open_basedir in PHP:
There is a bug in 2.4.4 which breaks open_basedir restriction.
The issue has been fixed in the development 2.4 branch, but you'll need to patch your existing copy of SilverStripe
2.4.4 if this affects you. The error usually occurs when you try logging into the CMS.
It can be fixed by patching your working copy with this change: http://open.silverstripe.org/changeset/115314
### Security: SQL information disclosure in MySQLDatabase
#### Description
The 'showqueries' GET parameter shows all performed SQL queries in the page output.
This is intended functionality, but should be limited websites not being in "live mode"
(set through Director::set_environment_type(), checked through Director::isLive()).
By adding an 'ajax' GET parameter you can circumvent this live check.
See Secunia Advisory: http://secunia.com/advisories/42346/
#### Solution
Don't circumvent Director::isLive() check in MySQLDatabase
#### Impact
Information disclosure of potentially sensitive information through SQL query strings.
#### Reported by
Andrew Lord, Nathaniel McHugh
#### Patches
* trunk: http://open.silverstripe.org/changeset/114782
* 2.4: http://open.silverstripe.org/changeset/114783
### Security: XSS in controller handling for missing actions
#### Description
Controller routing in SilverStripe core doesn't encode
error messages for missing URL actions before returning
them to the user (see Controller->handleAction()).
This can be reproduced with any URL that doesn't
have custom error handling defined through RequestHandler::$url_handlers,
which includes all core controllers.
Reproduce with the following URL:
`http://`<your-host>`/Security/%3Cvideo%20src=1%20onerror=%22alert%281%29%22%3E;;`
See Secunia Advisory: http://secunia.com/advisories/42346/
#### Solution
Force Content-Type: text/plain upon output.
#### Impact
Attackers can craft URLs to change the displayed website behaviour
as well as gain access to authenticated cookie information.
In case the victim has a permanent login cookie ("Remember me" checkbox),
this can lead to CMS access for attackers.
#### Reported by
Tim Suter, Andrew Horton (http://security-assessment.com)
#### Patches
* trunk: http://open.silverstripe.org/changeset/114444
* 2.4: http://open.silverstripe.org/changeset/114751
### Security: SQL injection with Translatable extension enabled
#### Description
Locale setter methods on i18n and Translatable classes are not sanitizing or whitelisting input,
which can lead to SQL injection based on "locale" GET parameters. This behaviour
is limited to websites having the (built-in) Translatable extension activated.
#### Solution
Sanitize locale values in Translatable->augmentSQL() and whitelist
locale values in i18n setters.
#### Impact
High
#### Affected Versions
* SilverStripe trunk
* SilverStripe 2.4.3 or older
* SilverStripe 2.3.9 or older
#### Provided by
Pavol Ondras
#### Patches
* trunk: http://open.silverstripe.org/changeset/114515
* 2.4: http://open.silverstripe.org/changeset/114516
* 2.3: http://open.silverstripe.org/changeset/114517
### Security: Version number information disclosure
SilverStripe exposes version information through
static files located in the webroot. As these files
have no extension, they are served without processing
by most webserver default configurations.
The files are:
sapphire/silverstripe_version
cms/silverstripe_version
See http://open.silverstripe.org/ticket/5031
See http://secunia.com/advisories/42346/
#### Solution
Reject web requests to version information through .htaccess for Apache, and web.config for IIS.
#### Impact
Version Information about the product can be used to craft attacks more specifically.
#### Reported by
Robert Mac Neil
#### Patches
* trunk: http://open.silverstripe.org/changeset/114774 http://open.silverstripe.org/changeset/114770
* 2.4: http://open.silverstripe.org/changeset/114774 http://open.silverstripe.org/changeset/114771
* 2.3: http://open.silverstripe.org/changeset/114776 http://open.silverstripe.org/changeset/114772
### Security: Weak entropy in tokens for CSRF protection, autologin, "forgot password" emails and password salts
SilverStripe uses rand(), mt_rand() in combination with
uniqid(), substr() and time() to create pseudo-random tokens.
Due to the nature of these implementations, the entropy
of tokens is low, potentially exposing them to brute force attacks.
Affected functionality:
* CSRF form protection
* Member Autologin
* "Forgot Password" emails
* Autogenerated salt values for hashed passwords in the Member table
#### Solution
Use the best available PRNG implementation on the current platform
and PHP version (favouring MCRYPT_DEV_URANDOM and openssl_random_pseudo_bytes()).
#### Impact
Weak entropy can be used for more successful brute force attacks.
#### Reported by
Andrew Horton (http://security-assessment.com)
#### Patches
* trunk: http://open.silverstripe.org/changeset/114497 http://open.silverstripe.org/changeset/114498
http://open.silverstripe.org/changeset/114503 http://open.silverstripe.org/changeset/114504
http://open.silverstripe.org/changeset/114505
* 2.4: http://open.silverstripe.org/changeset/114499 http://open.silverstripe.org/changeset/114500
http://open.silverstripe.org/changeset/114506 http://open.silverstripe.org/changeset/114507
* 2.3: http://open.silverstripe.org/changeset/114501 http://open.silverstripe.org/changeset/114502
http://open.silverstripe.org/changeset/114509
### Security: HTTP referer leakage on Security/changepassword
#### Description
The Security/changepassword URL action can be invoked with a temporary
token stored against the member record ("AutoLoginHash"). This token is set
when a member requests a new password by email through Security/lostpassword,
and cleared upon successful password change.
The token is passed as a GET parameter, which can expose it to HTTP referer
leakage, in case the member decides to navigate away from the "change password" form
before submitting the form (which would invalidate the token).
If the clicked link is an external page, the (still valid) GET parameter will appear
in the external site's HTTP referer logs, enabling third parties to take over
user accounts.
Note: This is only a problem when Security/changepassword is used without being logged-in.
#### Solution
Redirect from Security/changepassword/?h=XXX to Security/changepassword
and store the token in session instead.
#### Impact
Takeover of user accounts by third parties with access to HTTP referer logs.
#### Provided By
Andrew Lord
#### Patches
* trunk: http://open.silverstripe.org/changeset/114758
* 2.4: http://open.silverstripe.org/changeset/114760
* 2.3: http://open.silverstripe.org/changeset/114763
### Security: CSRF protection bypassed when handling form action requests through controller
#### Description
The built-in CSRF protection on forms in SilverStripe can be bypassed
by routing the action through the controller instead of the form.
Protected: mycontroller/MyForm/?action_doSubmit=1
Unprotected: mycontroller/action_doSubmit
Note: Does not apply to manual CSRF protection in controller actions
through SecurityToken->check().
#### Solution
Developers are encouraged to use Controller::$allowed_actions to limit the
actions accessible through URL routing. Methods that need automatic CSRF
protection (most form actions) should NOT be included in $allowed_actions,
their protection is handled through request handling in the form class itself.
See [security](/developer_guides/controllers/access_control/#allowed-actions) documentation for more details.
#### Impact
Exposes various administrative actions (creating a new page, reverting to draft)
to CSRF attacks, in case attackers know the URL a victim has a valid CMS login for.
#### Provided By
Ingo Schommer
#### Patches
* trunk: http://open.silverstripe.org/changeset/115182 http://open.silverstripe.org/changeset/115185
* 2.4: http://open.silverstripe.org/changeset/115189 http://open.silverstripe.org/changeset/115188
* 2.3: http://open.silverstripe.org/changeset/115200 http://open.silverstripe.org/changeset/115191
## Changelog
### Features and Enhancements
* [rev:114901] Allow setting secure session cookies when using SSL. Recent change r114567 made this impossible. (thanks simon_w!) (from r114900)
* [rev:114572] 'bypassStaticCache' cookie set in Versioned is limited to httpOnly flag (no access by JS) to improve clientside security (from r114568)
* [rev:114571] Session::start() forces PHPSESSID cookies to be httpOnly (no access by JS) to improve clientside security (from r114567)
* [rev:114499] Added !RandomGenerator for more secure CRSF tokens etc. (from r114497)
* [rev:114467] PHP requirements in installer now check for date.timezone correctly being set for PHP 5.3.0+. This option is *required* to be set starting with 5.3.0 and will cause an error during installation if not
* [rev:114083] Added SS_HTTPResponse->setStatusDescription() as equivalent to setStatusCode(). Added documentation.
* [rev:113963] Split temp directory check and writability into two checks
* [rev:113961] #6206 Installer additional checks for module existence by checking _config.php exists, in addition to the directory
* [rev:113919] Allowing i18nTextCollector to discover entities in templates stored in themes/ directory (thanks nlou) (from r113918)
* [rev:113871] Update Asset's left and right panels with filders and files after 'Look for new files' was triggered (open #5543)
### API Changes
* [rev:114474] Using i18n::validate_locale() in various Translatable methods to ensure the locale exists (as defined through i18n::$allowed_locales) (from r114470)
### Bugfixes
* [rev:115189] Removing form actions from $allowed_actions in !AssetAdmin, CMSMain, !LeftAndMain - handled through Form->httpSubmission() (from r115185)
* [rev:115188] Checking for existence of !FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form
* [rev:115188] Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)
* [rev:115169] Fixed conflicting check of mysite directory with recommendation of removal of _config.php in installer
* [rev:114941] #6162 CMSMain::publishall() fails when over 30 pages (thanks natmchugh!) (from r114940)
* [rev:114922] #6219 Director::direct() validation fails for doubly nested file fields (thanks ajshort!) (from r114921)
* [rev:114823] Installer should check asp_tags is disabled, as it can cause issues with !SilverStripe
* [rev:114783] Removed switch in !MySQLDatabase->query() to directly echo queries with 'showqueries' parameter when request is called via ajax (from r114782)
* [rev:114774] Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)
* [rev:114771] Disallow web access to cms/silverstripe_version to avoid information leakage (from r114770)
* [rev:114760] Avoid potential referer leaking in Security->changepassword() form by storing Member->!AutoLoginHash in session instead of 'h' GET parameter (from r114758)
* [rev:114719] Fallback text for "Password" in !ConfirmedPasswordField when no translation found
* [rev:114683] Populates the page with fake data in order to pass subsequent unit tests
* [rev:114654] Test if form is the right class (if a class decorates the content controller, this test would break ie sphinx)
* [rev:114516] Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation (from r114515)
* [rev:114512] Limiting usage of mcrypt_create_iv() in !RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510)
* [rev:114507] Using !RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of '!RememberLoginToken' and '!AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504)
* [rev:114506] Using !RandomGenerator class in !PasswordEncryptor->salt() (from r114503)
* [rev:114500] Using !RandomGenerator class in !SecurityToken->generate() for more random tokens
* [rev:114473] Check for valid locale in i18n::set_locale()/set_default_locale()/include_locale_file()/include_by_locale() (as defined in i18n::$allowed_locales). Implicitly sanitizes the data for usage in controllers. (from r114469)
* [rev:114445] Don't allow HTML formatting in !RequestHandler->httpError() by sending "Content-Type: text/plain" response headers. (from r114444)
* [rev:114208] Including template /lang folders in i18n::include_by_locale() (implementation started in r113919)
* [rev:114195] Added !SecurityToken to !PageCommentInterface->!DeleteAllLink() (fixes #6223, thanks Pigeon)
* [rev:114083] Strip newlines and carriage returns from SS_HTTPResponse->getStatusDescription() (fixes #6222, thanks mattclegg) (from r114082)
* [rev:114081] Removed double quoting of $where parameter in Translatable::get_existing_content_languages() (fixes #6203, thanks cloph) (from r114080)
* [rev:114036] Fixed case where !AssetAdmin would throw an error if $links was not an object in !AssetAdmin::getCustomFieldsFor()
* [rev:113976] #6201 Use of set_include_path() did not always include sapphire paths in some environments
* [rev:113962] Installer now checks temporary directory is writable, in addition to it being available.
* [rev:113809] #6197 simon_w: Fixed Internal Server Error when accessing assets on Apache without mod_php.
* [rev:113692] Avoid reloading CMS form twice after certain saving actions (fixes #5451, thanks muzdowski)
### Minor changes
* [rev:114916] Ensure php5-required.html template shows correct minimum and recommended PHP versions (thanks mattcleg!) (from r114915)
* [rev:114751] Setting Content-Type to text/plain in various error responses for !RestfulServer (from r114750)
* [rev:114749] Reverting Member "!AutoLoginHash", "!RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length (from r114748)
* [rev:114745] Partially reverted r114744
* [rev:114744] Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by !RandomGenerator. 1024 bytes caused problems with index lengths on MySQL (from r114743)
* [rev:114720] Code formatting change in !ConfirmedPasswordField::__construct()
* [rev:114454] Added exception handling if !ClassName is null in search results
* [rev:114334] Checking for class_exists() before !SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists (from r114332)
* [rev:114079] Reverted r108515
* [rev:114078] Documentation for Aggregate caching (from r114077)
* [rev:114062] fixed visual glitch in CMS access tab for IE
* [rev:114036] Defined $backlinks as an array before adding entries to it
* [rev:114016] Fixed php tag in !SecurityTokenTest, should be "<?php" not "<?"
* [rev:113984] Installer now writes "!SetEnv HTTP_MOD_REWRITE On" in .htaccess to be consistent with the original .htaccess file that comes with the phpinstaller project
* [rev:113968] Fixed PHP strict standard where non-variables cannot be passed by reference
* [rev:113967] Fixed undefined variable $groupList
* [rev:113964] Re-use variable instead of check temp folder again
* [rev:113956] Make sure that Translatable creates a translated parent of !SiteTree only when the parent is not translated (from r113955)
* [rev:113937] don't trigger notice but Debug::show it
* [rev:113936] don't trigger notice but Debug::show it
* [rev:113933] test doesn't fail anymore due to time differences between db and php. The test now issues notices, warnings and errors depending on the severity of the offset
* [rev:113924] Fixed spaces with tabs in Core
* [rev:113923] Fixed spaces with tabs for Core::getTempFolder()
* [rev:113696] call jquery-ui from thirdparty folder instead google api (see ticket 5915) (from r113656)
* [rev:113695] Typo in !AssetAdmin (fixes #6191, thanks Juanitou)
* [rev:113690] Updated cs_CZ and sk_SK translations in sapphire/javascript (fixes #6085, thanks Pike)
* [rev:113689] Making some !JavaScript strings in cms/javascript translatable, and updated their cs_CZ and sk_SK translations (fixes #6085, thanks Pike)
### Other
* [rev:114464] FIX: Revert last commit
* [rev:114463] FIX: Revert last commit

View File

@ -1,41 +0,0 @@
# 2.4.5 (2011-02-02)
## Overview
* Enhancement: File->canEdit() and File->canCreate() now use extendedCan()
* Enhancement: Installer check for magic_quotes_gpc (PHP option) and issues a warning if enabled
* Bugfix: CMSMain->rollback() fails because of CSRF protection
* Bugfix: Valid file uploads with uppercase extensions blocked from being web accessible
* Bugfix: Page comments saving onto wrong page
* Bugfix: Incorrect call to weekday function in Date class
* Bugfix: SilverStripeNavigator error in case where page is not published, viewing archived site
## Changelog
### Features and Enhancements
* [rev:115416] Changed canEdit and canCreate extend to extendedCan
* [rev:115265] Installer now checks for magic_quotes_gpc being turned off. This option turned on can cause issues with serialized data in cookies when unserializing (from r115264)
### Bugfixes
* [rev:115816] #6321 Whitelisted file extensions with uppercase extensions blocked by case sensitive FilesMatch directive in assets/.htaccess (does not affect IIS 7.x which uses web.config)
* [rev:115720] transaction function names fixed
* [rev:115460] DateField wrong datepicker-%s.js path (fixes #6296, thanks martijn)
* [rev:115443] Incorrect call to weekday function in Date class (thanks webbower!)
* [rev:115442] Checking for existence of draft and live records in SilverStripeNavigatorItem_ArchiveLink->getHTML() (from r115130)
* [rev:115440] #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer
* [rev:115437] Fixed edge case bug where SilverStripeNavigatorItem would fail if a page was not published, and the navigator archive link was generated
* [rev:115399] #6304 PageCommentInterface::PostCommentForm() loads inappropriate data from cookie, including wrong values for ParentID
* [rev:115379] #6299 TableListField::Link() includes $action value twice (thanks ajshort!)
* [rev:115314] #6287 open_basedir restriction breaks RandomGenerator when trying to read dev/urandom
* [rev:115313] Allowing CMSMain->rollback() outside of form contexts, temporariliy disabling CSRF protection. Necessary in order to get rollback actions working from admin/getversion (regression from 2.4.4 release, see #6291)
### Minor changes
* [rev:115854] #6397 CoreTest should use test specific paths, otherwise conflicts can occur in certain environments
* [rev:115461] Fixed en_US spelling (fixes #6316, thanks sonetseo)
### Other
* [rev:115723] Reverted to revision 101592

View File

@ -1,145 +0,0 @@
# 2.4.6 (2011-10-17)
## Overview
* Security: Cross-site scripting on anchor links
* Security: Possible SQL injection for MySQL when using far east character encodings
* Security: SQL injection in Folder::findOrMake() parameter (used mostly in author-only CMS through `Upload::load()`)
* Security: Privilege escalation from `EDIT_PERMISSIONS` to `ADMIN` for users access to the CMS (through `Member->getCMSFields()` and `TreeMultiselectField`)
* Security: Potential remote code execution through serialization of page comment user submissions
## Upgrading Notes ##
### Security: User-uploaded files searchable when using FulltextSearchable ###
The FulltextSearchable default configuration includes all file names in the `assets/` folder.
While this is desired in most cases, it can lead to unexpected public visibility of data,
e.g. when uploaded through users. For example, CVs uploaded to a recruiting site most likely shouldn't be searchable.
Option 1: Disable file search completely (through `mysite/_config.php`):
FulltextSearchable::enable(array('SiteTree'));
Option 2: Exclude file search from individual files by setting the `File.ShowInSearch` database property to `0`.
This property has been added in the 2.4.6 release. You can apply this retroactively to all files with this SQL statement:
UPDATE `File` SET `ShowInSearch` = 0;
Please note that all these files are still exposed through the webserver if the path is known,
regardless of the `ShowInSearch` setting. To fully secure uploaded files,
you can apply protection on a webserver level (e.g. `.htaccess`/`web.config` configuration).
Alternatively, you can proxy these files through your own permission control system
rather than exposing them directly through the webserver (e.g. with the ["securefiles" module](http://www.silverstripe.org/secure-files/)).
One common way to allow user-uploaded files is the ["userforms" module](http://www.silverstripe.org/user-forms-module/). This module has been altered to mark all uploaded files with `ShowInSearch`=0 by default.
### Security: Cross-site scripting (XSS) on anchor links
Anchor links (`<a href="#">`) are automatically rewritten by the SilverStripe
template parser to work with the `<base>` tag, which is a prerequisite for the framework.
This applies to all links passed through `SSViewer::process()` with the 'rewriteHashlinks' option enabled,
which is the framework default. Most commonly, these links will be created through the "Content"
field in the CMS, but any links inserted through template placeholders are vulnerable.
Modern browsers automatically fix basic XSS attacks through built-in XSS filters,
the vulnerability has only been confirmed in Internet Explorer 6 and 7 so far.
When upgrading to this SilverStripe version, please ensure to flush all template caches
by using the `dev/build/?flush=all` URL.
Thanks to Michael Best and Stefan Schurtz for reporting.
### Security: Possible SQL injection for MySQL when using far east character encodings
MySQL databases with a client set to certain far east encodings (SJIS, BIG5, GBK, GB18030, and UHC)
can be vulnerable to SQL injections through usage of the
deprecated `[addslashes()](http://php.net/addslashes)` method.
These character sets are not supported by SilverStripe,
and not a default setting for MySQL - so its unlikely that you're affected.
By default, any 2.4.x installation sets the connection character set
to UTF-8, which doesn't have this vulnerability. Please check that
you have the following command in your `_config.php`:
`MySQLDatabase::set_connection_charset('utf8')`.
If this value isn't set, the default encoding in MySQL will apply
(which is usually "latin-1" or "ISO 8859-1", so not a vulnerable multibyte character set).
See [shiflett.org](http://shiflett.org/blog/2006/jan/addslashes-versus-mysql-real-escape-string)
for further details on the exploit. Thanks to Tim Spencer for reporting.
### Security: Page comments cookie possible vulnerability through unserialize()
Only applicable if any page allows comments (through the `SiteTree.ProvideComments` attribute),
and SilverStripe is of version 2.4.x (the feature wasn't present in 2.3, and has been extracted from trunk).
The `PageCommentInterface_Form->postcomment()` method stores user data for re-submission
through cookies (in case the first submission fails due to a validation error).
The data is stored via `serialize()`/`unserialize()`, making it potentially vulnerable
to improper method invocation or property injection. While we are not aware
of any active vulnerabilities, the serialization has been replaced with a more secure JSON format.
Thanks to Tim Klein for reporting.
Note: The commenting functionality has been moved to a new "[comments](https://github.com/silverstripe/silverstripe-comments)" module in trunk,
which has the same bugfixes applied.
## Changelog ##
### Features and Enhancements
* 2011-10-17 [6d6fdd2](https://github.com/silverstripe/sapphire/commit/6d6fdd2) Added SSViewer::getOption() as a logical counterpart to SSViewer::setOption() (Ingo Schommer)
* 2011-09-28 [ad13f80](https://github.com/silverstripe/sapphire/commit/ad13f80) Updated Windows installation documentation on using PHP Manager which takes out most of the PHP configuration effort. (Sean Harvey)
* 2011-09-15 [bb757d1](https://github.com/silverstripe/silverstripe-cms/commit/bb757d1) Allow editing of new File.ShowInSearch flag through AssetTableField (Ingo Schommer)
* 2011-09-15 [83ad8d4](https://github.com/silverstripe/sapphire/commit/83ad8d4) Added File.ShowInSearch flag to mirror the existing SiteTree.ShowInSearch flag - e.g. useful to limit visibility of user-uploaded files. Enforced in MySQLDatabase-&gt;searchEngine(). (Ingo Schommer)
* 2011-05-26 [9d344a0](https://github.com/silverstripe/sapphire/commit/9d344a0) Allowing filtered arguments on specific functions like mysql_connect() in SS_Backtrace (Ingo Schommer)
* 2011-02-11 [c6992f3](https://github.com/silverstripe/sapphire/commit/c6992f3) Adjusted from-source documentation to github and piston (Ingo Schommer)
* 2011-02-07 [8bd01d6](https://github.com/silverstripe/sapphire/commit/8bd01d6) Added sapphire/docs (migrated from https://github.com/chillu/silverstripe-doc-restructuring) (Ingo Schommer)
* 2011-02-02 [590dbb5](https://github.com/silverstripe/sapphire/commit/590dbb5) Made it possible to attach utility links to a ComplexTableField beyond just exporting (e.g. printing). (ajshort)
### Bugfixes
* 2011-10-17 [16c3235](https://github.com/silverstripe/sapphire/commit/16c3235) Escaping base URLs for anchor links rewritten by SSViewer::process() with the 'rewriteHashlinks' option enabled (which is a framework default, and necessary because of the use of a &lt;base&gt; tag). Also added escaping for base URLs rendered through the 'php' variation of 'rewriteHashlinks' (Ingo Schommer)
* 2011-09-28 [7805e3e](https://github.com/silverstripe/sapphire/commit/7805e3e) i18n::include_by_locale() assumes a themes directory always exists and causes error if that's not the case. Some projects don't require any themes, like pure applications. (Sean Harvey)
* 2011-09-15 [b5ea2f6](https://github.com/silverstripe/silverstripe-cms/commit/b5ea2f6) Consistently using Convert::raw2sql() instead of DB::getConn()-&gt;addslashes() or PHP's deprecated addslashes() for database escaping (Ingo Schommer)
* 2011-09-15 [73cca09](https://github.com/silverstripe/sapphire/commit/73cca09) Consistently using Convert::raw2sql() instead of DB::getConn()-&gt;addslashes() or PHP's deprecated addslashes() for database escaping (Ingo Schommer)
* 2011-08-31 [af0bf45](https://github.com/silverstripe/silverstripe-cms/commit/af0bf45) fixing random changing of access tab radio buttons when refreshing the CMS with a URL such as /admin#Root_Access in Firefox. (Julian Seidenberg)
* 2011-03-22 [01f5b3d](https://github.com/silverstripe/sapphire/commit/01f5b3d) Fixed MigrateSiteTreeLinkingTask not working correctly when CLRF newlines being used (Sean Harvey)
* 2011-03-21 [fef7c32](https://github.com/silverstripe/sapphire/commit/fef7c32) Fixed SQL injection in Folder::findOrMake() parameter. Exploitable through Upload::, although unlikely to be set via user input. (Ingo Schommer)
* 2011-03-09 [de1f070](https://github.com/silverstripe/sapphire/commit/de1f070) Avoid privilege escalation from EDIT_PERMISSIONS to ADMIN through TreeMultiselectField (in Member-&gt;getCMSFields()) by checking for admin groups in Member-&gt;onChangeGroups() (Ingo Schommer)
### Minor changes
* 2011-09-07 [01b08a5](https://github.com/silverstripe/sapphire/commit/01b08a5) removed incorrect getter/setter statements. (Will Rossiter)
* 2011-08-20 [0ef4161](https://github.com/silverstripe/sapphire/commit/0ef4161) fixed syntax error in FormAction example. (Will Rossiter)
* 2011-08-11 [62ed138](https://github.com/silverstripe/sapphire/commit/62ed138) documentation fixes from comments provided by the community. See below for a list of fixes: * fixed typo in Email documentation. * updated link for tutorial code to be relative now that bug #6408 is fixed * removed 2.3 related docs from 2.4 docs folder * fixed typo with Orientation documentation * updated old task url for images/flush (Will Rossiter)
* 2011-05-19 [1704e42](https://github.com/silverstripe/sapphire/commit/1704e42) Return empty string from SQLQuery-&gt;sql() if SELECT is the default value, and no FROM is set (moved logic from DB-specific implementations) (Ingo Schommer)
* 2011-03-21 [4c1866c](https://github.com/silverstripe/sapphire/commit/4c1866c) Updated contributing guidelines (Ingo Schommer)
* 2011-03-21 [551bc5d](https://github.com/silverstripe/sapphire/commit/551bc5d) Improved patch documentation (Ingo Schommer)
* 2011-03-08 [e9f20cf](https://github.com/silverstripe/sapphire/commit/e9f20cf) Documentation fixes (Ingo Schommer)
* 2011-03-08 [5d87f29](https://github.com/silverstripe/sapphire/commit/5d87f29) Added fix to test troubleshooting docs about PHPUnit 3.5 missing MockObject class (Sean Harvey)
* 2011-03-03 [cc0f62c](https://github.com/silverstripe/sapphire/commit/cc0f62c) Fixed title escaping in 'built in page controls' documentation (Ingo Schommer)
* 2011-02-25 [ff63ba9](https://github.com/silverstripe/sapphire/commit/ff63ba9) Fixed broken i18nTest on Windows because of newline character differences (Sean Harvey)
* 2011-02-25 [b559b9b](https://github.com/silverstripe/sapphire/commit/b559b9b) Fixed broken CSVParserTest on Windows because of newline character differences (Sean Harvey)
* 2011-02-23 [918d9cb](https://github.com/silverstripe/sapphire/commit/918d9cb) Added docs/ contributing notes (Ingo Schommer)
* 2011-02-22 [8ad630d](https://github.com/silverstripe/sapphire/commit/8ad630d) formatting changes and fixes to original document formatting (Michael Andrewartha)
* 2011-02-21 [201506e](https://github.com/silverstripe/sapphire/commit/201506e) Added deprecated SapphireTest-&gt;assertType() in order to support PHPUnit 3.5 or newer, but stay backwards compatible to PHPUnit 3.4 (Ingo Schommer)
* 2011-02-16 [f15f083](https://github.com/silverstripe/sapphire/commit/f15f083) Updated 'from source' docs (Ingo Schommer)
* 2011-02-14 [994f7a3](https://github.com/silverstripe/sapphire/commit/994f7a3) Fixed blackcandy github links in docs (Ingo Schommer)
* 2011-02-14 [629aa9b](https://github.com/silverstripe/sapphire/commit/629aa9b) Removed reference to additional CSS download in tutorial 4, moved to the silverstripe-installer project (Ingo Schommer)
* 2011-02-12 [753a454](https://github.com/silverstripe/sapphire/commit/753a454) Fixed spacing in docs (Ingo Schommer)
* 2011-02-12 [5bfc722](https://github.com/silverstripe/sapphire/commit/5bfc722) Removed duplicated 'additional requirements' from docs (Ingo Schommer)
* 2011-02-07 [d23aeb2](https://github.com/silverstripe/sapphire/commit/d23aeb2) Fixing image links in docs/en/tutorials/ (Ingo Schommer)
* 2011-02-04 [900b0a7](https://github.com/silverstripe/sapphire/commit/900b0a7) Fixed an empty utility container adding extra padding to the bottom of table fields. (ajshort)
* 2011-02-02 [9e49d04](https://github.com/silverstripe/sapphire/commit/9e49d04) Only show the CTF utility bar if there are utilities available. (ajshort)
### Other
* 2011-10-18 [96bee47](https://github.com/silverstripe/sapphire/commit/96bee47) MINO Switching 'rewriteHashlinks' sanitization from Convert::raw2att() to strip_tags() to make the resulting PHP more portable when mode is set to 'php' (Ingo Schommer)
* 2011-09-08 [d15e850](https://github.com/silverstripe/silverstripe-cms/commit/d15e850) SECURITY Using JSON instead of serialize() to stringify user data in PageCommentsInterface (Ingo Schommer)
* 2011-08-26 [0f91fb8](https://github.com/silverstripe/sapphire/commit/0f91fb8) Changes error reporting level to explicitly exclude E_DREPRECATED and E_STRICT, rather than xor. (simonwelsh)
* 2011-08-26 [9ffa903](https://github.com/silverstripe/sapphire/commit/9ffa903) Adds missing semicolon for PHP5.4 support. (simonwelsh)
* 2011-08-24 [8342f6b](https://github.com/silverstripe/sapphire/commit/8342f6b) Removed references to Language Chooser Widget until it can be updated to work with the new translation model. (simonwelsh)
* 2011-08-22 [d8c6bda](https://github.com/silverstripe/sapphire/commit/d8c6bda) Removed profanity (Adam Rice)
* 2011-06-09 [1f0277b](https://github.com/silverstripe/silverstripe-cms/commit/1f0277b) Add some missing CZ translations in cms javascript (Ladislav Kubes)
* 2011-06-09 [5d3ddaf](https://github.com/silverstripe/silverstripe-cms/commit/5d3ddaf) Add some translation in cms core (Ladislav Kubes)
* 2011-06-09 [46090cf](https://github.com/silverstripe/sapphire/commit/46090cf) fix language namespace (devel)
* 2011-06-09 [5f3dde5](https://github.com/silverstripe/sapphire/commit/5f3dde5) Add some CZ translations (devel)
* 2011-03-09 [f3ac573](https://github.com/silverstripe/sapphire/commit/f3ac573) Small text changes, added api links, cont. updating images for tutorials, fixed tutorials from member feedback (Michael Andrewartha)

View File

@ -1,55 +0,0 @@
# 2.4.7 (2012-02-01)
## Overview
* Security: Cross-site scripting (XSS) on text transformations in templates
* Security: Cross-site scripting (XSS) related to page titles in the CMS
## Upgrading Notes ##
### Security: Cross-site scripting (XSS) on text transformations in templates
The default casting for `Text` and `Varchar` database field classes usually auto-escapes
field values when they are inserted into a template. For some text transformations
on those fields, this wasn't correctly applied. The following methods are affected:
* `AbsoluteLinks()`,
* `BigSummary()`,
* `ContextSummary()`,
* `EscapeXML()`,
* `FirstParagraph()`,
* `FirstSentence()`,
* `Initial()`,
* `LimitCharacters()`,
* `LimitSentences()`,
* `LimitWordCount()`,
* `LimitWordCountXML()`,
* `Lower()`
* `LowerCase()`
* `NoHTML()`,
* `Summary()`,
* `Upper()`
* `UpperCase()`
* `URL()`
If you have used any of these transformations with untrusted values
(e.g. from a user-submitted form), please consider updating.
More info about SilverStripe's casting logic is available in the "[security](/developer_guides/security)" documentation.
### Security: Cross-site scripting (XSS) related to page titles in the CMS
The page title data wasn't escaped correctly in the `SilverStripeNavigator`
as well as the updated page title in the CMS tree after saving.
## Changelog ##
### Bugfixes
* 2012-01-31 [0085876](https://github.com/silverstripe/sapphire/commit/0085876) Casting return values on text helper methods in StringField, Text, Varchar (Ingo Schommer)
### Other
* 2012-01-31 [252e187](https://github.com/silverstripe/sapphire/commit/252e187) SECURITY Escape links for SilverStripeNavigatorItem (Ingo Schommer)
* 2012-01-31 [5fe7091](https://github.com/silverstripe/sapphire/commit/5fe7091) SECURITY Sanitize messages passed to generated JS calls in FormResponse::status_message(), e.g. to avoid XSS on 'Successfully published &lt;page title&gt;' messages (Ingo Schommer)
* 2011-09-24 [d0af084](https://github.com/silverstripe/sapphire/commit/d0af084) Fixes tag syntax (should end with %&gt;, not &gt;%) (simonwelsh)
* 2011-06-09 [aa74811](https://github.com/silverstripe/silverstripe-cms/commit/aa74811) CZ translation for tinymce_ssbuttons plugin (Ladislav Kubes)

View File

@ -1,42 +0,0 @@
# 2.4.8 (2012-10-30) #
## Overview ##
* Security (Moderate Severity): More solid relative/site URL checks (related to "BackURL" redirection).
* Security (Moderate Severity): Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed.
* Security (Low Severity): Fixed remote code execution vuln in install.php due to inserting unescaped user data into mysite/_config.php. Not critical because install.php is required to be removed on a SilverStripe installation anyway
## Details
### API Changes
* 2012-02-01 [bf4476a](https://github.com/silverstripe/sapphire/commit/bf4476a) silverstripe_version file now contains the plain version number, rather than an SVN path (Ingo Schommer)
* 2012-02-01 [4abe136](https://github.com/silverstripe/silverstripe-cms/commit/4abe136) silverstripe_version file now contains the plain version number, rather than an SVN path (Ingo Schommer)
### Features and Enhancements
* 2012-02-03 [921bf9a](https://github.com/silverstripe/sapphire/commit/921bf9a) Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. (Sam Minnee)
### Bugfixes
* 2012-09-14 [8ec6312](https://github.com/silverstripe/sapphire/commit/8ec6312) to prevent unintended results from getComponentsQuery(...) (stozze)
* 2012-07-09 [838ac97](https://github.com/silverstripe/silverstripe-cms/commit/838ac97) fixing an edge-case bug where a 404-page would get statically published and overwrite the homepage of the site (this would sometimes happen when a RedirectorPage was set to an external URL and still referenced an internal page ID) (Julian Seidenberg)
* 2012-05-04 [392543b](https://github.com/silverstripe/sapphire/commit/392543b) Don't' set 'Referer' header in FunctionalTest-&gt;get()/post() if its explicitly passed to the method (Ingo Schommer)
### Minor changes
* 2012-08-15 [7669871](https://github.com/silverstripe/sapphire/commit/7669871) fixed array to string conversion to avoid PHP 5.4 warnings (Adam Skrzypulec)
* 2012-05-29 [039a372](https://github.com/silverstripe/silverstripe-installer/commit/039a372) Fixed phpunit bootstrap relative path (Ingo Schommer)
* 2012-05-14 [b211c38](https://github.com/silverstripe/sapphire/commit/b211c38) Manually testing exceptions in SSViewerCacheBlockTest to avoid PHPUnit 3.6 warnings (Ingo Schommer)
* 2012-03-30 [c1d2cd1](https://github.com/silverstripe/sapphire/commit/c1d2cd1) Corrected Geoip entries for ex-Yugoslavia ... better late than never (Ingo Schommer)
* 2012-03-14 [44b9d05](https://github.com/silverstripe/sapphire/commit/44b9d05) Backported bootstrap.php changes from master and cstom TeamCity configuration (required to run tests through phpunit binary) (Ingo Schommer)
* 2011-12-17 [af22d07](https://github.com/silverstripe/sapphire/commit/af22d07) On PHPUnit 3.6, show the output of tests. (Sam Minnee)
* 2011-11-08 [5956ad8](https://github.com/silverstripe/sapphire/commit/5956ad8) Amended PHPUnit execution to work with PHPUnit 3.6 (Sam Minnee)
### Other
* 2012-10-05 [1c7b7d0](https://github.com/silverstripe/sapphire/commit/1c7b7d0) Fixed grammatical error for Form.FIELDISREQUIRED (Will Morgan)
* 2012-08-08 [f6c69d5](https://github.com/silverstripe/sapphire/commit/f6c69d5) Update widget documentation (fixes #706) (Will Rossiter)
* 2012-05-16 [b7c8737](https://github.com/silverstripe/silverstripe-installer/commit/b7c8737) SECURITY Fixed remote code execution vuln in install.php due to inserting unescaped user data into mysite/_config.php. Not critical because install.php is required to be removed on a SilverStripe installation anyway (fixes #7205) (Ingo Schommer)
* 2012-05-04 [46064f8](https://github.com/silverstripe/sapphire/commit/46064f8) SECURITY More solid relative/site URL checks (related to "BackURL" redirection) (Ingo Schommer)
* 2012-05-03 [9bf3ae9](https://github.com/silverstripe/sapphire/commit/9bf3ae9) SECURITY: Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed. (Andrew O'Neil)

View File

@ -1,385 +0,0 @@
# 2.4.0-alpha1 (2009-11-11)
## Changelog
### Overview
* Support for hierarchical URLs
* Support for MSSQL server database abstraction (via a separate module)
* A "SiteConfig" record stores site-wide settings and default permissions and author groups for pages
* "Permission Roles" are a simple way to combine multiple permission codes and assign them to groups in the Security interface. This makes permissions easier to maintain and less repetitive to set up.
* The CMS searches for broken internal links to other pages and broken file references, and highlights them in the WYSIWYG editor
* Dramatically reduced memory usage in CMS tree on larger sites (10,000+)
* Performance improvements around Object and ViewableData property access.
* Improved Shortcode API to allow for custom tag parsing in CMS content
* More fine-grained permission control for translators
* Improved unit test execution speed, increased number of tests cases by 30%
* Better XSS security of the autologin token by using HTTPOnly cookies, more secure brute force login restrictions
* Decreased memory usage in "Files & Images" section
### New Features
* [rev:91044] Added Session::destroy() as a means to remove the current session using session_destroy()
* [rev:90036] Allow Text/Varchar fields to be configured to differentiate between NULL and empty string. (#4178, petebd)
* [rev:89827] If there is no Name set, but there is an author, use the author's name (from r89650)
* [rev:89221] batch actions for setting/resetting embargo/expiry (from r85397)
* [rev:89194] SiteConfig (from r85339)
* [rev:89193] Add a simple interface for administrating permission roles. (from r85297)
* [rev:89190] SiteConfig (from r85339)
* [rev:89189] Add a simple interface for administrating permission roles. (from r85297)
* [rev:89176] Add another permission code that allows users to edit siteconfig without having admin priveleges (from r87261)
* [rev:89157] Virtual pages now copy allowed children from the page they are
* [rev:88992] Added MigrateSiteTreeLinkingTask to allow plain HTML links to be migrated into shortcode links. From: Andrew Short
* [rev:88516] Added a SideReport to display all pages with broken page or file links. From: Andrew Short
* [rev:88510] Re-instated broken link highlighting by manually checking all shortcodes in HtmlEditorField->Field(), and adding a class to broken ones. From: Andrew Short
* [rev:88508] Added RequestHandler->allowedActions() to return a unified representation (including extensions) of all allowed actions on a controller.
* [rev:88505] Added RequestHandler->hasAction() and Controller->hasAction() to check if a specific action is defined on a controller.
* [rev:88503] Updated SiteTree::get_by_link() to integrate with translatable, and allow it to work across languages by implementing Translatable->alternateGetByLink().
* [rev:88496] Refactored RootURLController to allow nested home pages.
* [rev:88492] Updated HtmlEditorField to use DOMDocument to more reliably parse image tracking and shortcode link tracking data. From: Andrew Short
* [rev:88484] Added SiteTree::get_by_link() to fetch the SiteTree object associated with a nested link.
* [rev:88483] Allow you to access nested pages by falling over to a child page in ContentController if one is available. From: Andrew Short
* [rev:88481] Allow you to link to SiteTree? objects in HTMLText or HTMLVarchar fields by using a "[sitetree_link id=n]" shortcode. From: Andrew Short
* [rev:88474] Refactored ViewableData. The main changes are:
* [rev:88472] Added the Shortcode API (ShortcodeParser) to allow you to replace simple BBCode-like tags in a string with the results of a callback. From: Andrew Short
* [rev:88468] Added utility methods to enable and disable nested URLs to SiteTree. From: Andrew Short
* [rev:88104] added extend() call to enable FieldHolder() html to be customised via extensions.
* [rev:85789] Added Widget_Controller class to enable nested forms within Wiget class.
### API Change
* [rev:91048] Added Lower and Upper methods to Varchar, Text, and Enum
* [rev:90963] Allow fieldList arguments to Form::loadDataFrom() and Form::saveInto(), for situations where the data passed only applies to a segment of the form. (from r90872)
* [rev:90962] Inserting $HiddenFields into a form template will show the input tags of all the hidden fields. (from r90871)
* [rev:90097] replaced Database::alteration_message() with DB::alteration_message()
* [rev:90076] Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog.
* [rev:90075] Renamed conflicting classes to have an "SS_" namespace, and renamed existing "SS" namespace to "SS_". The affected classes are: HTTPRequest, HTTPResponse, Query, Database, SSBacktrace, SSCli, SSDatetime, SSDatetimeTest, SSLog, SSLogTest, SSLogEmailWriter, SSLogErrorEmailFormatter, SSLogErrorFileFormatter, SSLogFileWriter and SSZendLog.
* [rev:90059] Added dev/tests/build, which runs everything, meaning that dev/tests/all doesn't need to run PhpSyntaxTes
* [rev:89988] Add extra classes to WidgetHolder (#3855, patch from jshipman)
* [rev:89841] Fixed change in r89716 to be more semantic with FileIFrameField
* [rev:89726] TableListField customQuery and customCsvQuery won't automatically include ID, ClassName, and RecordClassName fields (from r87354)
* [rev:89708] Change the way that Database::requireField() gets field type information from the underlying database driver. (from r82793)
* [rev:89209] Added SapphireTest::logInWithPermission() (from r89012)
* [rev:89205] Don't automatically set a default action on complex table fiels. It leads to too many accidental clicks when trying to click a non-default action. Still allow for people to explicitly select a default action. (from r88961)
* [rev:89187] Added PermissionRole and PermissionRoleCode, along with relevant tests for the permission system. (from r85173)
* [rev:88991] Updated Form->FormAction() to use Controller::join_links() rather than relying on the action parameter (to preserve b/c). From: Andrew Short
* [rev:88797] HTTPRequest and HTTPResponse no longer inherit from Object, since they should not be extended. From: Andrew Short
* [rev:88700] SSViewer and SQLQuery no longer inherit from Object, since they should not be extended. From: Andrew Short
* [rev:88632] Added Debug::$friendly_error_header and Debug::$friendly_error_detail for customising the friendly error message. (from r69855)
* [rev:88507] Decoupled ErrorPage::response_for() from the request and updated it so it will only return a response if an appropriate error page can be found.
* [rev:88503] Moved lang_filter enabling & disabling into static methods on Translatable, and renamed to locale_filter.
* [rev:88495] #3724: Unified the Link() method to accept an action parameter. From: Andrew Short
* [rev:88296] support for advanced database options now included
* [rev:88295] The advancedOptions variable now passed to the database connection
* [rev:88294] $database_extensions static variable now supported
* [rev:88293] The advancedOptions variable now passed to the database connection
* [rev:88123] Requiring TRANSLATE_ALL or TRANSLATE_`<locale>` permission for authors without administrative access to edit translations
* [rev:87894] array brackets removed for generation of field types
* [rev:87893] Transaction stubs created
* [rev:87568] array data type now supported
* [rev:87567] array data type now supported
* [rev:87566] array data type now supported
* [rev:87565] array data type now supported
* [rev:87564] array data type now supported
* [rev:87563] array data type now supported
* [rev:87562] array data type now supported
* [rev:87561] array data type now supported
* [rev:87560] array data type now supported
* [rev:87559] array data type now supported
* [rev:87558] array data type now supported
* [rev:87557] array data type now supported
* [rev:87555] array data types now supported by dev/build
* [rev:87087] Added name argument to DB::getConn() and DB::setConn(), so that you can store multiple named connections.
* [rev:86006] Removed Permission->listcodes(), use custom code
* [rev:86002] Don't exempt 'index' controller actions from $allowed_actions check - they might still contain sensitive information (for example ImageEditor). This action has to explicitly allowed on controllers with $allowed_actions defined now.
* [rev:85789] Removed unnecessary WidgetFormProxy class and Widget->FormObjectLink(), broken functionality since the RequestHandler restructuring in 2.3. Use Widget_Controller instead.
* [rev:85073] Added DataObjectSet assertions to SapphireTest
* [rev:85028] Added comparison argument to SSLog::add_writer()
* [rev:84828] Added SSLogFileWriter to replace Debug::log_errors_to() and Debug::log_error_if_necessary() - the existing formatting for the Debug deprecation functions is now wrapped into SSLogErrorFileFormatter
* [rev:84774] Debug::send_errors_to() and Debug::send_warnings_to() are deprecated in favour of SSLog. See class documentation for SSLog on configuration of error email notifications
* [rev:84570] added onAfterSave in LeftAndMain
* [rev:84523] Refactor CMSMenu internals to not generate the menu item list until its actually needed, rather than from a CMSMenu::populate_menu() call in cms/_config.php. This lets an app/_config.php file actually manipulate the menu.
* [rev:84521] If you can't create a given dataobject type, then don't show an import form in modeladmin
* [rev:84161] Deprecated DataObject::databaseFields() in favour of the static DataObject::database_fields()
* [rev:84160] Extension no longer inherits from Object.
* [rev:84151] Make Object::uninherited_static() have a separate execution path to Object::get_static(), for more reliable operation. The intention is that for any given static, you either use Object::get_static() or you use Object::uninherited_static() - not both.
* [rev:84061] Database and Query no longer inherit from Object, since they shouldn't be extended with Extensions.
### Bugfixes
* [rev:91209] Return correct error when 404 page doesn't exist and page is not found.
* [rev:91203] Fix concurrent editing message always being displayed on page version history.
* [rev:91156] Returning TRUE on Translatable->hasTranslation() if called on a record that is in the current locale (merged from r91032)
* [rev:91047] Don't failover to standard value in ViewableData_Customised if the customised value is defined but isn't set. $obj->customise(array('Content'=>'')) should set Content to ''
* [rev:91045] Session::destroy() should make use of setcookie() to remove the cookie from the user, unsetting the superglobal doesn't unset from the browser
* [rev:91036] Added setup/teardown methods to SiteTreeBrokenLinksTest? to make it work with Translatable enabled (merged from r91033)
* [rev:90964] use second argument only if its an array (from r90927)
* [rev:90936] Fixed pages not being manipulated properly in the CMS because of a PHP error in CMSBatchAction
* [rev:90934] MSSQL does not support double, using float instead (from r90928)
* [rev:90876] Added ContentController->successfullyinstalled() to $allowed_actions
* [rev:90857] applied patch from #4381. Observable doesnt play nice with jQuery (from r82094)
* [rev:90855] Added rewriteHashlinks = 'php' option to SSViewer so that static publisher can handle internal hashlinks properly. (from r89612)
* [rev:90854] Pass locale rather than language to spellchecker_languages (from r87869)
* [rev:90853] Fixed Links to Moderate Comments from the CMS and front end. MINOR: removed complextable functions which no longer get called, moved logic to the PageComment Class (from r86325)
* [rev:90852] Tied rollback action to edit, rather than publish, permission, since it only involves editing the draft site. (from r84957)
* [rev:90851] Fix Form.FieldMap, used when constructing forms that have the HTML explicitly specified.
* [rev:90850] Allow null default on MultiEnum fields
* [rev:90849] Fixing the comment's author website url being converted to lowercase: now case is not affected. (from r84380)
* [rev:90848] CMSMenuItem constructor now calls parent to respect inheritance (from r83586)
* [rev:90845] Fixed bugs in content differencer, and improved styling. BUGFIX: fixed notice when getting title of member which didnt exist. Merged from trunk r77661. (from r81942)
* [rev:90842] Added rewriteHashlinks = 'php' option to SSViewer so that static publisher can handle internal hashlinks properly. (from r89611)
* [rev:90834] was being passed to foreach without a check to see if it's an array or not. (from r86202)
* [rev:90833] Added required javascript files (behaviour, prototype, prototype_improvements) to the Field() method of TreeSelectorField.php (from r84320)
* [rev:90831] WidgetArea now works. Can have multiple areas on a page, and has unit tests
* [rev:90747] Fixed Text::scaffoldFormField() showing a "Is Null" checkbox, even if nullifyEmpty is true
* [rev:90644] Fixed "Class not found CMSBatchAction_Unpublish ..." in BatchActionHandler.php, since this class was removed in r90489
* [rev:90632] Make DataObject::dbObject('ClassName') work.
* [rev:90595] When deleting a WidgetArea, delete all the widgets it contains.
* [rev:90554] #4609: Fixed portoguese locales in common locales list.
* [rev:90553] #4617: Make delete formatted images case-insensitive.
* [rev:90552] #4642: Fixed creation of folders in non-english languages.
* [rev:90551] Fixed glitch in permission code formats.
* [rev:90550] Fixed glitch in permission code formats.
* [rev:90548] #2476: Rename lowercase tables to correct casing if they have been transferred from a windows box.
* [rev:90547] #4063: Corrected base tag for IE6
* [rev:90196] fixed typo
* [rev:90082] Don't skip flushCache() extension if $cache_get_one is empty on DataObject->flushCache()
* [rev:90056] UTF-8 byte order mark gets propagated from template files (#4357)
* [rev:90051] Remove blockquote from tinymce default plugin list - blockquote isnt a plugin in tinymce3.
* [rev:90047] Some places want tableList() to have lower case, some want native case - return both!
* [rev:90023] Security::$default_login_dest isn't used (#4179, simon_w)
* [rev:90020] Reenable setting size on HasManyComplexTableField popups (#3921, rjmackay)
* [rev:89911] Fixing regression in TranslatableTest due to outdated singleton caching.
* [rev:89893] Moved SINGLETON resetting for test runs from SiteTreeTest/ObjectTest into SapphireTest - there should be no caching between all test invocations to avoid side effects
* [rev:89881] Reset $_SINGLETONS cache in SiteTreeTest::tear_down() to avoid stale Translatable information. This broke SiteTreePermissionTest and SiteTreeTest when running in parallel with Translatable enabled.
* [rev:89864] Added setup/teardown methods to CMSMainTest to fix test breakages when used alongside cmsworkflow module (which unsets the public batch action)
* [rev:89863] Added setup/teardown methods to SiteTreeBacklinksTest to make it work with Translatable enabled
* [rev:89825] Fix comment feed on SQLServer (from r89641)
* [rev:89823] Made dragndropping possible for folders in ajax-expanded tree. Also fixed glitch in r82534 that made page drag and drop impossible (from r82571)
* [rev:89821] repaired dragndropping files into nested directories - now code refers to the updated object which is initially hidden and zero sized (from r82534)
* [rev:89812] If image does not exist in the file system, don't show a non-object error when viewing the Image/File record in AssetTableField (from r82390)
* [rev:89811] Paging of search results now works for AssetTableField by overloading the TableListField link methods (from r81190, r82188)
* [rev:89798] Removed double up of classes in TestRunner::coverage() (from r88463)
* [rev:89731] Fixed ModelAdmin_CollectionController->Link() return value
* [rev:89719] Folder::syncChildren() now uses far less memory - we do this by destroying the child object memory after use (from r82780)
* [rev:89718] Fixed array to string conversion error in Date::setValue() (from r82749)
* [rev:89716] disabling user ability to upload images into the CMS from their local computer (from r82573)
* [rev:89715] Ensure that FileIFrameField gets the proper class, this could be a subclass of File instead
* [rev:89714] Ensure that before creating default 404 error page, we don't have one already that exists with a record ID (from r81991)
* [rev:89460] Hard code the migration task to use Content instead of the no-longer-used FieldName. This should probably be improved to iterate over all HTMLText fields on the model.
* [rev:89444] Removed SiteTree::rewriteLink() method that is no longer necessary due to the use of shortcodes.
* [rev:89338] Respecting SiteTree->canDelete() in SiteTree->getCMSActions()
* [rev:89333] Removed 'name' attribute from HeaderField markup - its invalid HTML to put in `<h*>` elements (#4623)
* [rev:89328] Fixed CMSSiteTreeFilter
* [rev:89236] Fixed SiteTree->validURLSegment() to perform a DataObject::get_one() instead of raw SQL, in order for decorated filtering (e.g. by the subsites module) to apply correctly.
* [rev:89215] Detect a brokenh link on an incompletely specified redirector page. (from r89043)
* [rev:89213] Fixed link generation in CTF default action (from r89026)
* [rev:89208] Fixed image link rewriting and added a test. (from r89011)
* [rev:89206] Fixed diabled image references for edit and delete links in CTF (from r88967)
* [rev:89204] If a CTF without a show action is made readonly, don't add the show action back. (from r88960)
* [rev:89203] Fixed resolution of amibiguous has_many foreign keys in ComplexTableField to use the same logic as DataObject (from r88945)
* [rev:89200] Fixed inversion of condition created in r88869 (from r88905)
* [rev:89199] AuthorID field for page version history wasn't being set. (from r88894)
* [rev:89183] Fixed generation of static cache files in subdirectories. (from r88569)
* [rev:89177] Fix image tracking not working cross subsite (from r88008)
* [rev:89175] Fix broken link tracking of linked files (from r87252)
* [rev:89172] Fix error when adding roles tab (from r86997)
* [rev:89170] Fix image tracking to take resized images into account (from r86198)
* [rev:89169] Fix items not deleting on tablefields (from r86099)
* [rev:89163] Fixed RequestHandler->allowedActions() lowercasing of actions - was applying the logic, but not writing it back to the $actions array.
* [rev:89161] Don't return empty value from ViewableData->XML_val() if the actual value is an uncasted 0 integeter (or anything else evaluating to untyped boolean false)
* [rev:89003] Added PageComments to ContentController::$allowed_actions so commenting works. From: Andrew Short
* [rev:88989] Reset broken file & link flags in HtmlEditorField->saveInto() before determining if a record contains broken links. From: Andrew Short
* [rev:88957] Fixed missing default english text for "Clear" and "Search" buttons in template CMSMain_left.ss
* [rev:88956] #4605 DataObject::newClassInstance() should repopulate it's defaults after changing to an instance of a different class, otherwise databases will complain of NULL values being written to columns that don't accept NULL values.
* [rev:88799] Updated ModelAsController->findOldPage() query to be cross-database compatible. From: Andrew Short
* [rev:88774] Stopped HtmlEditorField->saveInto() from dying when encountering a link that cannot be made relative. From: Andrew Short
* [rev:88773] Suppressed errors in SS_HTMLValue->setContent() so it can handle malformed HTML.
* [rev:88752] error messages suppressed as a temporary fix
* [rev:88664] Fixed bugs in ViewableData casting system. From: Sam Minnee
* [rev:88639] Set publication base_url on every URL, just in case it gets re-set by some rogue script (from r73510)
* [rev:88523] Fix regression in r88521 that prevented the index action from being explictly disabled by setting the * key in allowed_actions
* [rev:88522] Improved reliability of PhpSyntaxTest on build slave.
* [rev:88521] Ensure that the index action works even if allowed_actions is set.
* [rev:88513] #3858: Updated StaticExporter to handle nested pages. From: Andrew Short
* [rev:88512] #3724: Updated Link() methods to accept an action parameter. From: Andrew Short
* [rev:88508] Updated Controller->hasAction() to use RequestHandler->allowedActions() so that extension actions are recognised. From: Andrew Short
* [rev:88503] Fixed viewing a translatable page by URL without explicitly setting a Locale in ContentController->handleRequest(). From: Andrew Short
* [rev:88494] Fixed Controller::join_links() to properly handle multiple consecutive slashes. From: Andrew Short
* [rev:88493] Use Link() on the controller to generate to form action path. From: Andrew Short
* [rev:88473] #3862: Explicitly defined browsing and viewing actions on CodeViewer. From: Andrew Short
* [rev:88471] #2133: Removed UniqueTextField JavaScript that was causing URLSegments to be incorrectly rewritten if they had a number at the end. From: Andrew Short
* [rev:88469] Updated HTTP::findByTagAndAttribute() to be more versatile, especially when dealing with attributes containing special characters. From: Andrew Short
* [rev:88218] #3685: Fixed setting of character set by default when no content negotiator is used.
* [rev:88145] Added setup/teardown routines to SiteTreeActionsTest to avoid breaking with Translatable enabled on recent canTranslate()/canEdit() extensions
* [rev:88143] Added setup/teardown routines to SiteTreeTest and SiteTreePermissionsTest to avoid breaking with Translatable enabled on recent canTranslate()/canEdit() extensions
* [rev:88139] Changed CMSMain->LangSelector() to always return a DropdownField, which ensures the 'Locale' parameter is always available to be passed along with ajax queries
* [rev:88138] Filter both 'available' and 'new' languages in LanguageDropdownField for canTranslate() permissions
* [rev:88124] Added required permissions to TranslatableSearchFormTest
* [rev:88003] Fixed CSVBulkLoaderTest not to assume ID ordering in the assertions, which breaks with databases not ordering by PK automatically (e.g. Postgres)
* [rev:88000] Fixed SearchContextTest capitalization of string assertions
* [rev:87926] Fixed SearchFilterApplyRelationTest not to assume ID ordering in the assertions, which breaks with databases not ordering by PK automatically (e.g. Postgres)
* [rev:87925] Fixed SoapModelAccessTest not to assume ID ordering in the assertions, which breaks with databases not ordering by PK automatically (e.g. Postgres)
* [rev:87922] Fixed RestfulServerTest not to assume ID ordering in the assertions, which breaks with databases not ordering by PK automatically (e.g. Postgres)
* [rev:87913] Fixed ID associations in TableListFieldTest (was assuming numerically ascending IDs, which isnt necessarily true in Postgres)
* [rev:87897] tests which aren't supported by Postgres temporarily disabled
* [rev:87456] #4579: Translatable's call to new LanguageDropdownField() broked
* [rev:87234] Fix MemoryLimitTest not to fail on machines with <1G of memory and later versions of PHP 5.2.x that check available memory before setting memory_limit setting.
* [rev:87228] Fixed bug in recent changes to Hierarchy::liveChildren() to do with Translatable
* [rev:87210] Fixed Hierarchy::liveChildren() to work on PostgreSQL
* [rev:87131] Don't throw a notice-level error in DB::getConn() if connection hasn't been set yet, to mimic previous behaviour.
* [rev:86876] Fixed content-type for SapphireSoapServer->wsdl() (#4570, thanks Cristian)
* [rev:86556] missplaced quotes were ruining unit tests
* [rev:86532] $params variable removed
* [rev:86414] Fixed SearchFilterApplyRelationTest to match new SearchContext->addFilter() API: Needs the full name including relation instead of the ambiguous stripped name. This matches DataObject->scaffoldSearchFields() and getDefaultSearchContext()
* [rev:86218] Initializing controllers through init() in WidgetArea->WidgetControllers()
* [rev:86217] Return FALSE in SapphireTest->assertDOSEquals() if no valid DataObjectSet is passed in
* [rev:86170] ID column in delete function now quoted properly
* [rev:86085] Don't lowercase permission codes contained in $allowed_actions in RequestHandler->checkAccessAction(). Permission checks are case sensitive.
* [rev:86060] Made SecurityAdminTest more resilient against changes to localized strings, by inspecting the CSV line-by-line instead
* [rev:86008] Consistently returning from a Security::permissionFailure() to avoid ambiguous situations when controllers are in ajax mode
* [rev:85817] Fixed WidgetControllerTest by adding missing url routing to ContentController (see r85789)
* [rev:85758] Detecting DataObjectSet for readonly transformations in CheckboxSetField (thanks martijn, #4527)
* [rev:85713] moved $versionAuthor variable invocation into a check for the existence of the $record variable on which it depends (Ticket #4458)
* [rev:85696] Ticket #4220 - Copying of uploaded files from temp to assets folder fails on IIS installs; simple patch fixes it
* [rev:85514] More robust URL handling in SecurityTest to avoid failing on custom /admin redirects
* [rev:85513] More robust URL handling in CMSMainTest to avoid failing on custom /admin redirects
* [rev:85336] Fixed SiteTree::can_edit_multiple() and canEdit() to collect permissions from different Versioned tables, which fixes querying a SiteTree record which has been deleted from stage for its permissions (e.g. in SiteTreeActionsTest)
* [rev:85330] Disabled PHPUnit backup of global variables, which caused i18n::_t() calls in subsequent test cases to fail because of a cached empty global
* [rev:85310] Limiting i18n::include_by_locale() to scan directories only
* [rev:85281] Implementing TestOnly interface in ModelAdminTest to avoid having it included automatically in CMSMenu and hence breaking other tests like LeftAndMainTest.
* [rev:85157] #4423: Don't allow page duplication if canCreate is false.
* [rev:85136] #3713 Escape HTTP request URL properly in DebugView::writeError() using htmlentities()
* [rev:85130] merge r 85079 from branches/iss to fix Payment Validation of php side when submit a OrderForm
* [rev:85120] Fix the bug in buildSQL() by trying to join an table with non-exsiting composite db field like "Money"
* [rev:85086] #4463: Set AuthorID and PublisherID correctly
* [rev:85085] Use default File classname in Folder::syncChildren()
* [rev:85076] #3228 Fixed undefined offset error in Text::BigSummary() if trying to summarise text that is smaller than the requested word limit
* [rev:85039] SelectionGroup.js typo, prevAl()l change to nextAll()
* [rev:84980] Fixed issues with recent CMSMenu refactoring.
* [rev:84976] SelectionGroup should include jQuery and jQuery livequery plugin when it's used or it will fail
* [rev:84971] Fixed code for regenerating cached test manifest.
* [rev:84843] #4486 Make use of DataObject::get_by_id() in File::getRelativePath() instead of building ID query manually in a get_one()
* [rev:84796] Fixed querying of composite fields (broken due to inappropriate optimisation of hasField)
* [rev:84789] Reverted some changes from r84163 because they broke cases where you have two fields of the same name on different subclasses.
* [rev:84167] Performance improvement to Member::currentUserID()
* [rev:84166] Performance imporvement to i18n::include_by_locale
* [rev:84164] Removed deprecated (and slower) eregi_replace
* [rev:84162] Removed some code that needed Extension to extend from Object.
* [rev:84156] Ameneded r84151 so that the application order of extensions is the same as it was previously.
* [rev:84155] Ameneded r84151 so that the application order of extensions is the same as it was previously.
* [rev:84147] Added static resetting methods for more reliable test execution.
* [rev:84093] Fixed SQLQuery::filtersOnID() for cases where a ClassName filter is inserted before the ID filter.
* [rev:84092] Fixed filtering by archive date
* [rev:84086] an time field input between 12:00pm to 12:59pm can't save back to database or always save as 00:00:00.
* [rev:84079] VirtualPages won't call SiteTree_Controller anymore.
* [rev:84068] Restored SiteTree::canView() functionality.
* [rev:84066] Fixed some bugs in the performance fixes on Permission
* [rev:84065] Fixed manifest builder tests to not have fake data, and to test that classes can be in files with different names
* [rev:84064] Removed Requirements::combine_files() reference to non-existent cms/javascript/FilterSiteTree.js
* [rev:84063] Don't make the Director completely fail if there was output prior to session_start() being called.
* [rev:84000] prevent a nasty permissions situation where no one but an admin can edit a new page
* [rev:83999] prevent a nasty permissions situation where no one but an admin can edit a new page
* [rev:83970] Using standard SQL and SSDatetime::now() in SideReport_RecentlyEdited (see #4052)
* [rev:83969] Fixed SiteTreeActionsTest to use unconditional class defintion - was failing due to recent changes in ClassInfo and class_exists()
### Enhancement
* [rev:91044] Added optional $sid parameter to Session::start() to start the session using an existing session ID
* [rev:90084] Changed Hierarchy->numChildren() caching to be instance specific and respect flushCache(). This increases the amount of queries on large sets, but decreases the time for a single instance call (implemented in r89999)
* [rev:89999] Only run a single query per class for Hierarchy::numChildren()
* [rev:89883] Improved CMSSiteTreeFilter API to make it easier to create custom filter.s (from r89071, from r88465)
* [rev:89820] Current search and current page of asset section are persistent. Fixes the open source ticket #4470 and also a part of #4256 (from r84091)
* [rev:89815] FilesystemSyncTask: If folderID GET parameter is available, only synchronise that folder ID - useful for only synchronising a specific folder and it's children (from r82841)
* [rev:89813] Return the results of the FilesystemSyncTask to the status message in the CMS instead of a generic success message (from r82618)
* [rev:89724] Filesystem::sync() now accepts a folderID argument, meaning you can specifically target a folder and it's children to sychronise, instead of everything (from r82840)
* [rev:89717] Filesystem::sync() will now return the number of added and deleted files and folders instead of null (from r82616, 82617 and 82724)
* [rev:89182] Fixed sapphire execution if you run the uninstalled sake from a foreigh directory. (from r88533)
* [rev:88635] Added Member::set_login_marker_cookie(), to let developers bypass static caching for logged-in users (from r73803)
* [rev:88633] Make base tag in 404 page dynamic (from r72282)
* [rev:88570] Improved performance of ViewableData casting by removing an object::get_static call From: Sam Minnee
* [rev:88518] #3729: Updated the link inserter to insert a shortcode rather than a plain HTML link. From: Andrew Short
* [rev:88505] Updated ContentController->handleRequest() to use Controller->hasAction() to check whether to fall over to a child page, rather than relying on an error response from Controller->handleRequest(). From: Andrew Short
* [rev:88504] Cached the value for RootURLController::get_homepage_link() between calls. From: ajshort
* [rev:88502] Updated the SiteTree URLSegment conflict resolver to work with nested URLs.
* [rev:88501] Updated SiteTree CMS fields to be in line with nested URL changes. From: Andrew Short
* [rev:88499] Refactored ModelAsController to only grab the first page of a request, then pass control on to it. From: Andrew Short
* [rev:88491] #3279: Updated the link inserter to insert a shortcode rather than a plain HTML link. From: Andrew Short
* [rev:88489] Updated the SiteTree link and section code to derive data from the current page, rather than relying on its own cache.
* [rev:88488] Added Hierarchy->getAncestors() to return all the parent objects of the class in a DataObjectSet. From: Andrew Short
* [rev:88487] Update ContentController to manually set the current Director page in handleRequest().
* [rev:88482] Refactored TreeDropdownField to generate and manage the tree using Hierarchy's ParentID data, rather than relying on the client. From: Andrew Short
* [rev:88480] Added ErrorPage::response_for() to get a response for a HTTP error code and request.
* [rev:88479] Added ModelAsController::controller_for() to link a SiteTree object to its controller. From: Andrew Short
* [rev:88478] Added HTTPRequest->isMedia() to check if a request is for a common media type. From: Andrew Short
* [rev:88477] Added Controller->hasActionTemplate() to check if a template exists for a specific action. From: Andrew Short
* [rev:88476] Updated SiteTree linking methods to generate nested URLs.
* [rev:88474] Added template and value methods to database fields.
* [rev:88139] Passing sitetree instance to CMSMain->LangSelector() in order to trigger canTranslate() filtering
* [rev:88125] Added Translatable->getAllowedLocalesForMember()
* [rev:88123] Added Translatable->providePermissions()
* [rev:87777] Added ComponentSet->getComponentInfo() (#4587, thanks rorschach)
* [rev:86506] Database specific version of RANDOM() created
* [rev:86402] Added SearchContext->getFullName() to preserve the original fieldname including the relationship
* [rev:86338] Added TableListField->paginationBaseLink
* [rev:86216] Supporting full parameter signature in Versioned->Versions(), allVersions()
* [rev:86027] Limiting "alc_enc" cookie (remember login token) to httpOnly to reduce risk of information exposure through XSS
* [rev:86026] Added full parameter signature of PHP's set_cookie() to Cookie::set(), including the new $httpOnly flag
* [rev:86021] Avoid information disclosure in Security/lostpassword form by returning the same message regardless wether a matching email address was found in the database.
* [rev:86017] Added Member->FailedLoginCount property to allow Member->registerFailedLogin() to persist across sessions by writing them to the database, and be less vulnerable to brute force attacks. This means failed logins will persist longer than before, but are still reset after a valid login.
* [rev:85823] Allowing Widget->Content() to render with any templates found in ancestry instead of requiring a template for the specific subclass
* [rev:85789] Added handleWidgets() to ContentController to support new Widget_Controller class
* [rev:85736] added tinymce valid element to allow style, ids and classes on any element to allow for styling hooks. Ticket: #4455
* [rev:85731] hide unmoderated page comments from the page comment RSS feed. Ticket #4477
* [rev:85716] Ticket #3910 - MySQL Time Zone support (alternative time zone to that of the website to which the server is set to)
* [rev:85709] added option to truncate (clear) database table before importing a new CSV file with CSVBulkerLoader and ModelAdmin.
* [rev:85700] Ticket #4297 - Use Director::baseFolder instead of relative links in sapphire/core/Image.php
* [rev:85281] Filtering out TestOnly classes in CMSMenu::get_cms_classes()
* [rev:84860] convert SelectionGroup.js from prototype version to jQuery version
* [rev:84816] Updated SSLogErrorEmailFormatter to support NOTICE priority level logging
* [rev:84774] Added SSLog, SSLogEmailWriter and SSLogErrorEmailFormatter for silverstripe message reporting
* [rev:84165] Improved performance of DataObject::hasField()
* [rev:84160] Object::__construct() performance improved slightly.
* [rev:84159] Improved performance of Object::uninherited_static()
* [rev:84158] Improved performance of Object::allMethodNames() and Object::addMethodsFrom()
* [rev:84149] add more assertion in SearchFilterAapplyRelationTest to test more cases for many_many relation.
* [rev:84117] add more assertion in SearchFilterAapplyRelationTest to test more cases for many_many relation.
* [rev:84113] add "InnerJoin" clause for an has_many component's ancestry classes for SearchFilter::applyRelation() so that an searchfliter could filter on that component's ancestry's field. add unit tests for this enhancement and r83500
* [rev:84073] added new permission, SITETREE_REORGANISE
* [rev:83798] #3638: There is no longer any need to have the class name match the PHP filename
* [rev:83789] Added ClassInfo::is_subclass_of() for better performance
* [rev:83674] sitetree filters now show up in a dropdown, and you can add your own by extending CMSSiteTreeFilter
### Other
* [rev:90071] Merge branch 'master' of :sminnee/sapphire From: Sam Minnee
* [rev:89715] (from r82175)
* [rev:89702] Merge branch 'master' of :sminnee/silverstripe-cms From: Sam Minnee
* [rev:89224] slightly later, so FormResponses can be overridden if necessary. (from r85614)
* [rev:89220] ENHANCMENT side reports can now have parameters (from r85329)
* [rev:89207] ENHANCMENT improved reporting around broken links/files (from r88993)
* [rev:89186] #108 - Subsite Virtual Page ordering (from r84848)
* [rev:89178] as they are confusing. (from r88019)
* [rev:89174] #148 - Stable against restructures (from r87251)
* [rev:89157] pointing at. (from r85197)
* [rev:89155] #63 - Stable against restructures (from r84861)
* [rev:88638] Add support for configuring multiple static publisher on a single site (from r70203)
* [rev:88637] Basic authentication now (back) in configurefromenv.php (from r82551)
* [rev:88527] Added readme for github From: Sam Minnee
* [rev:88525] Added readme for GitHub copy of SilverStripe. From: Sam Minnee
* [rev:88474] * Removed ViewableData_ObjectCustomised - now just uses ViewableData_Customised.
* [rev:87896] Transaction test created
* [rev:86684] Merged in Requirements::combine_files() fix from branches/2.3 - r83048
* [rev:86679] Merged in Member::sendInfo() bug fixes from branches/2.3 - r85779
* [rev:86678] Merged in Email template codes change from branches/2.3 - r84594
* [rev:86676] Merged in parent::__construct() additions from branches/2.3 - r83580 and r83587
* [rev:86669] Merged Text::ContextSummary() changes from branches/2.3 - r82035 and r82036
* [rev:86655] Patched to allow id|class|style|title attributes in all elements and allow empty td cells (will pad with non-breaking space) in line with #4332 and 4497 in 2.3.x changes to cms/LeftAndMain.php
* [rev:84981] Ensure that DataObject->ClassName is set on object instantiation
* [rev:84970] Made timing code for test runner more accurate (includes initial db build):
* [rev:84814] ENHANCMENT: get svn merged revision 84806:84808 from branches/iss
* [rev:84163] ENHANCMENT: Low-level performance improvements in database access.

View File

@ -1,732 +0,0 @@
# 2.4.0-beta1 (2010-01-29)
## Changelog
### Overview
* Support for SQLite and PostgreSQL databases (via separate module)
* Partial caching in templates, to allow for faster load times of certain aspects in dynamic pages.
* Upload controls in the CMS no longer require the Adobe Flash plugin, and work again on Mac OSX.
* File and page dropdown selections support inline searching, to make handling larger tree structures easier.
* Fixed password hashing design flaw, which makes SilverStripe databases more portable between different server architectures.
* Improved reporting API to unify the CMS sidebar reports and full-page reports on their own section. Its easier to add custom filters to reports.
* Batch action handling handles larger tree structures, provides better visual feedback, and respects permissions on individual pages.
* Global site configuration is translatable, meaning titles for your website can be in different languages without any switching in your templates.
* Allow selection of themes through the site configuration interface (in addition to changing the theme via configuration code)
* More fine-grained translation permissions: A group can be limited to only edit a certain language in the CMS.
* Added dropdown to choose from existing anchor links when inserting a link from the CMS sidebar.
* Team members can get permissions to see the draft version of a page in preview mode without requiring CMS access.
* Pages of type "Virtual Page" have improved stability in regards to their permission control, translation and publication.
* Improved broken link detection (''talk to Andy for more info'')
* Removed the jsparty/ toplevel folder, and moved all its dependencies into sapphire/thirdparty and cms/thirdparty
* More than 350 bugfix and enhancement commits, and 200 minor changes.
### Features and Enhancements
* [rev:98268] Moved the log-in validation process from individual authenticators into Member->checkPassword() and canLogIn(), to allow more extensibility and control (trunk, 2.4).
* [rev:98219] roll batch permissions in to a generic function (from r97748)
* [rev:98211] batchactions can now implement confirmationDialog() to provide a custom confirmation dialog to the front end.
* [rev:98180] Allow for custom generation of SSReport::ID() for parameterised reports.
* [rev:98179] Removed broken links reports from sidebar (in anticipation of adding them to the main reporting area) (from r95954)
* [rev:98173] Improved look and feel for report filtering
* [rev:98165] Performance improvement to CMS load time with many pages. (from r95490)
* [rev:98159] added canAddTopLevel permission to SiteConfig to determine which users/groups can add pages to the root of the sitetree. (from r87279)
* [rev:98156] audit trails
* [rev:98156] ability to parameterize SSReport's (from r85903)
* [rev:98132] Allow sort descending as well as ascending. (from r96054)
* [rev:98110] Allow user theme selection through SiteConfig, falling back to SSViewer::set_theme() as a default if there are none selected
* [rev:98104] Improved TableListField header styling. (from r96028)
* [rev:98102] Add a function to give link to Live site (from r95948)
* [rev:98091] ManifestBuilder::get_manifest_info() now uses ManifestBuilder::get_themes() instead of doing it's own retrieval of available themes
* [rev:98080] Removed dev/reset, instead encouraging the use of dev/tests/startsession for tests.
* [rev:98080] Let people use dev/tests/startsession without a fixture, instead calling requireDefaultRecords
* [rev:98041] added support for MySQL data type SET used in MultiEnum FEATURE: added datetime helper functions
* [rev:98025] add 'view site tree as' functionality.
* [rev:97896] 2.4 tickets (#4670) new permission code to view draft w/o CMS access
* [rev:97895] 2.4 tickets (#4670), new permission code to view draft stage w/o CMS access
* [rev:97819] Allow ungrouped retrieval of Permission::get_codes() through new $grouped switch
* [rev:97793] removed the situation, when the user is left with empty search box and empty dropdown.
* [rev:97792] use Validator::get_javascript_validator_handler() to check if the handler is turned on before doing either js or php validation
* [rev:97765] Select the uploaded image after uploading by default. #4962
* [rev:97745] adapt the page dropdown based off the allowedChildren values
* [rev:97606] Added hover states to "Available widgets" boxes in the CMS for usability
* [rev:97602] Added visual elements to aid in the usability of the WidgetAreaEditor
* [rev:97601] CMS Editor Upload panel now loads the root files directly and allows the user to upload to the root assets dir
* [rev:97597] Changed menu title from "Site Content" to "Pages" to be consistent with other menu labels
* [rev:97597] Changed tree root node in CMS to get title from SiteConfig rather than defaulting to "Site Content"
* [rev:97597] Changed tree panel headline in CMS from "Site Content and Structure" to "Page Tree" to stay consistent with new CMS menu title
* [rev:97583] Don't set up the test db if database tests aren't being run. From: Sam Minnee
* [rev:97530] Adjusted "Available Widgets" column to be narrower than "Widgets currently used", allowing more space for configuring widgets
* [rev:97478] Member->requireDefaultRecords() no longer creates a default administrator based on $_REQUEST data. Moved functionality into Installer->install()
* [rev:97436] Updated Member->getMemberFormFields() to use scaffolding and to be in line with Member->getCMSFields(). From: Andrew Short (from r97401)
* [rev:97391] Add partial caching support to SSViewer.
* [rev:97390] Add aggregate calculation to DataObject, allowing (cached) calculation of Max, Min, Count, Avg, etc
* [rev:97389] Add cache factory that provides nice API over top of Zend_Cache
* [rev:97370] Allowing translation of SiteConfig (including toplevel permission groups)
* [rev:97207] Added ContentController->ContentLocale() to allow XHTML/HTML specific lang= attribute settings in custom template code (see #4858). Removed `<meta http-equiv="Content-Language"...>` tag in SiteTree->MetaTags().
* [rev:97207] Updated blackcandy theme to use new $ContentLocale attribute to set the locale of the current page (in Page.ss)
* [rev:97192] Added RestfulService::set_default_proxy() and RestfulService->setProxy() (#4637, thanks hamish)
* [rev:97031] upgrading the search functionality of the TreeDropdownTree with pluggable search function
* [rev:97028] include menu title in default search. PATCH via lubzee #4508
* [rev:97024] added Session::clearAll() functionality. ENHANCEMENT: Added Unit Tests covering Session API. MINOR: Tided up formatting in session class and included doc comments for API level documentation
* [rev:97018] Use tidied HTML in DataDifferencer
* [rev:97017] Try to tidy HTML using external libraries if available
* [rev:97011] Added TabIndex to FormActions. Ticket: #4905. PATCH: via keeny
* [rev:96821] Added applicable pages checks to delete from live, delete from draft, and publish (from r94775)
* [rev:96820] Added 'greyed out' status of batch action checkboxes while applicable pages are being loaded via ajax. (from r94774)
* [rev:96819] Update the checkboxes available to batch-actions to show only the applicable pages for that particular action.
* [rev:96800] Let LeftAndMain subclass canView() methods optionally redirect. (from r90018)
* [rev:96793] Renamed Author column to User in the page version history to better reflect that they might not have been authors, and just iniators of workflow actions. (from r89015)
* [rev:96792] Added new onRenameLinkAsset() handler to static publishing for better link rewriting. (from r89014)
* [rev:96778] Files and images section warns if you are deleting a file that is linked to
* [rev:96752] Recognise HTTP_X_FORWARDED_HOST header and use that in place of HTTP_HOST (from r93148)
* [rev:96668] Change to TreeDropdownField, giving it filtering behaviour as described in ticket http://open.silverstripe.org/ticket/3007 . Its disabled by default for legacy compatibility, but enabled for HtmlEditorField so that link editor is filterable for local links, via an extra boolean parameter on TreeDowndownField.
* [rev:96440] Add onLoad callback handler CMSLoadFunctions
* [rev:96049] Added Date::Rfc3339() for returning an RFC 3339 valid date format (from r96010)
* [rev:95418] added delete all link to page comments. Patch via #4427. Thanks walec51
* [rev:95194] added translatable support to mathspamprotection. PATCH via noini (#4755)
* [rev:94887] added several tests for PermissionCheckboxSetField, PermissionRole and Group
* [rev:94515] Improved layout of altercation message when called via CLI. Patch via simon_w #4373
* [rev:94423] Allow passing in an Exception object to SS_Log::log() in addition to an array describing the error context (line number, file, trace etc)
* [rev:94381] Added FunctionalTest::findAttribute() as a helper for getting an attribute from a SimpleXMLElement object by it's name
* [rev:94297] Added DataObjectSet::emptyItems() to remove all the items from the set - this is useful for when you are augmenting CMS and front end fields via updateCMSFields() and updateFrontEndFields() on a DataObjectDecorator
* [rev:94063] Added MultipleOf and Modulus methods to ViewableData - useful for templating work
* [rev:94062] Loading of tinymce_ssbuttons plugin via relative paths in HtmlEditorConfig rather than using the plugin name as a path spec (see r94060)
* [rev:94060] Added support for loading external plugins (with relative paths) in HtmlEditorConfig. This means relative paths can be separate from the plugin name, and fixes a bug where paths containing dashes were ignored by TinyMCE.init().
* [rev:94060] Changed sapphire/thirdparty/tinymce-advcode to use the original plugin name, and specify its relative path through HtmlEditorConfig instead.
* [rev:93771] Added parameter to DBLocale->Nice()
* [rev:93771] Added DBLocale->getNativeName()
* [rev:92879] Allowing to hide certain permission from showing in SecurityAdmin? through add_hidden_permission() (refactored from r92428) (from r92866)
* [rev:91576] Pluggable password encryption through PasswordEncryptor class (#3665) (merged from r90949)
* [rev:91496] added ability to upload images from site content pane. Merged via r9130, r91347, r91350, r91480
### API Changes
* [rev:98373] HTTP::setGetVar() always returns absolute URLs. Use Director::makeRelative() to make them relative again.
* [rev:98373] HTTP::setGetVar() combines any GET parameters in PHP array notation (e.g. "foo[bar]=val") instead of replacing the whole array
* [rev:98224] Refactor Versioned so a single state is kept for stage, archived date, or any module specific reading modes (from r98161)
* [rev:98215] Introduced new API for SS_Report
* [rev:98191] Added SideReportWrapper to help you tailor report columns for the side reports.
* [rev:98191] Allow use of 'casting' option on side report columns.
* [rev:98191] Make 'title' optional on side report columns. (from r96272)
* [rev:98176] Removed SideReport class, use SSReport as the base-class for them instead.
* [rev:98176] Use SSReport::register(SideReport) to explicitly register reports on the LHS of the content view.
* [rev:98175] Added explicit registration of reports with SSReport::register() (from r95857)
* [rev:98159] Security::permissionFailure(); will no longer tell the client side JS to show the login box if the user is already logged in
* [rev:98101] Allow passing of an explicit map of dropdown items to a TreeDropdownField.
* [rev:98096] Refactored test for whether a SQLQuery can be sorted by a particular column into SQLQuery::canSortBy($fieldName) (from r95850)
* [rev:98056] Decimal now allows setting a default value properly
* [rev:97996] rename the class "Cache" to "SS_Cache" (ref ticket: #4997)
* [rev:97827] Added cancelSchemaUpdate() and doesSchemaNeedUpdating() to the Database class
* [rev:97819] Removed $blankItemText parameter from Permission::get_codes()
* [rev:97818] Removed Member::init_db_fields(), its no longer needed due to the Member.PasswordEncyrption property changing from an ENUM to Varchar.
* [rev:97797] Fixed i18n _t() calls without namespaces in template includes: They now default to setting the include filename as namespace, rather than the including template (#4915, #3400 - thanks Henk_Poley, jwalsoe, walec51)
* [rev:97731] Determine default BASE_PATH/BASE_URL from the __FILE__ content, so that the script that initiated the Sapphire process doesn't matter. This means that index.php doesn't need to manipulate those variables.
* [rev:97582] #4929: Add $class argument to DataObjectDecorator::extraStatics()
* [rev:97489] removed SWFUpload. Refactored Content Editors uploader to use standard uploader.
* [rev:97478] Security::setDefaultAdmin() no longer writes credentials to any Member database records (created through Security::findAnAdministrator(). This prevents outdated credentials when setDefaultAdmin() code changes after creating the database record (see #4271)
* [rev:97478] Security::findAnAdministrator() no longer sets 'Email' and 'Password' properties on newly created members. Removed the $username and $password argments from the method.
* [rev:97475] Moved GSTNumberField from sapphire/forms to new 'formfields_nz' module
* [rev:97474] Moved BankAccountField from sapphire/forms to new 'formfields_nz' module
* [rev:97270] Unique_identifier now accepted as the login requirement, allowing alternatives to 'Email'
* [rev:97207] Deprecated ContentController->LangAttributes(). Use ContentLocale() instead and write attribute names suitable to XHTML/HTML templates directly in the template.
* [rev:96988] #3600 Inconsistency in File::getURL() which returns an absolute URL, when it should be relative - please use getAbsoluteURL() instead for old behaviour
* [rev:96988] #3600 Image no longer has an explicit getURL() method, instead it inherits getURL() from File which returns a relative URL
* [rev:96824] Added capability for batch actions to indicate failure through red checkboxes (from r94868)
* [rev:96823] Added canView() to CMSBatchAction so that you could hide certain batch actions from some users. (from r94846)
* [rev:96821] Added applicablePagesHelper to CMSBatchAction to ease the process of creating new applicable page methods.
* [rev:96819] Allow for an applicablePages($idArray) method to be defined on a CMSBatchAction class. (from r94761)
* [rev:96810] Added FilesystemPublisher::getExistingStaticCacheFiles(), to help build caching logic methods. (from r91354)
* [rev:96809] Added numChildrenMethod argument to LeftAndMain::getSiteTreeFor()
* [rev:96756] Added canDeleteFromLive permission to SiteTree, separate from canPublish (from r93315)
* [rev:96751] Define VirtualPage::isPublishable() so that people know not to even request publication if it's not allowed. (from r93098)
* [rev:96749] Added DataObjectDecorator::cacheKeyComponent() to ensure that the cached behind DataObject::get_one() is appropriately specific (from r93095)
* [rev:96739] Added Hierarchy::numHistoricalChildren() and Versioned::get_including_deleted_query()
* [rev:96739] Added numChildrenMethod arg to getChildrenAsUL, markPartialTree, markChildren, markingFinished
* [rev:96734] Don't generate TestOnly DataObjects in the database immediately; instead let test developers specify them in SapphireTest::$extraDataObjects.
* [rev:96734] Added SapphireTest::resetDBSchema() (from r90054)
* [rev:96727] Renamed SapphireTest::set_up_once/tear_down_once to setUpOnce/tearDownOnce, and made them instance methods.
* [rev:96727] Added SapphireTest::$illegalExtensions and SapphireTest::$requiredExtensions for making tests depending on particular extension sets (from r89958)
* [rev:96725] Moved popupdatetimefields to pop up below the text field instead of next to the icon. (from r89914)
* [rev:94430] Group::addByGroupName() now creates the group if one does not already exist (from r83010)
* [rev:94178] Renamed ViewableData->SecurityID() to getSecurityID() in order to get its value loading through Form->loadDataFrom()
* [rev:94062] Changed cms/javascript/tinymce_ssbuttons plugin name to "ssbuttons" (see r94060)
* [rev:94062] Changed cms/javascript/tinymce_ssmacron plugin name to "ssmacron" (see r94060)
* [rev:93785] removed Director::Link(). Use Controller::join_links() instead
* [rev:93693] removed deprecated RestrictedText fields
* [rev:93687] removed deprecated LeftAndMain::add_menu_item. Use CMSMenu::add_menu_item()
* [rev:93685] removed deprecated extend calls (r93632). API CHANGE: removed fieldExists(). Use hasField() (r93633). API CHANGE removed listOfFields() (r93647). API CHANGE: removed Tag() and URL() from Image. Use getTag() and getURL(). BUGFIX: updated Image.php to use getTag() (r93639, r93646). API CHANGE: removed val(). Use XML_val() (r93650). API CHANGE: removed $add_action. Use singlar_name or lang tables (r93658). API CHANGE: removed ConfirmedFormAction (r93674). API CHANGE: removed ajax_render on CTF (r93679).
* [rev:93660] Removed ComponentSet::removeByFilter() since it's not flexible enough and fixed calls to this from HtmlEditorField::saveInto() to use custom code instead
* [rev:93640] Removed deprecated static function ContentNegotiator::disable() - it's disabled by default
* [rev:92878] Refactored hiding of Permissions added in r92428. Added PermissionCheckboxSetField?->setHiddenPermissions() (from r92865)
* [rev:92428] add the ability to remove some permissions specified by their code in the rendered field html of PermissionChecksetBoxField and full-covered unit tests of this ability.
* [rev:91612] Replaced BasicAuth::enable() with BasicAuth::protect_entire_site()
* [rev:91612] BasicAuth::requireLogin() no longer has an option to automatically log you in. You can call logIn() on the object returned, instead. (from r91603)
* [rev:91576] Deprecated Security::encrypt_passwords() (merged from r90949)
* [rev:91576] Deprecated Security::$useSalt, use custom PasswordEncryptor implementation (merged from r90949)
* [rev:91576] Removed Security::get_encryption_algorithms() (merged from r90949)
* [rev:91576] MySQL-specific encyrption types 'password' and 'old_password' are no longer included by default. Use PasswordEncryptor_MySQLPassword and PasswordEncryptor_MySQLOldPassword
* [rev:91576] Built-in number of hashing algorithms has been reduced to 'none', 'md5', 'sha1'. Use PasswordEncryptor::register() and PasswordEncryptor_PHPHash to re-add others. (merged from r90949)
### Bugfixes
* [rev:98403] Fixed Hierarchy->loadDescendantIdList() to call setOwner() on the extension instance. This was necessary due to underlying Object/Extension changes in 2.4.
* [rev:98382] #5044 Hierarchy::loadDescendantIDListInto() now uses Object::getExtensionInstance('Hierarchy') instead of going through __call(), as PHP 5.3 has issues converting references to values
* [rev:98373] HTTP::setGetVar() uses parse_url() and http_build_query() to add query parameters to an existing URL, instead of doing its own regex-based parsing. This means existing GET parameters are correctly url encoded.
* [rev:98324] Fixed ContentController->deleteinstallfiles (added to $allowed_actions, see #5040)
* [rev:98272] Don't force SSL when running from CLI
* [rev:98265] Don't register member IDs that don't exist in the DB as being logged in.
* [rev:98263] Updated SiteConfig-based theme selection to remove inappropriate coupling from SSViewer
* [rev:98257] Check for SubsiteReportWrapper class, not Subsite, so the CMS still works with older versions of Subsites
* [rev:98252] allow all characters in the anchor's name attributes
* [rev:98226] Fixed side report seelctor
* [rev:98221] Let ModelAsController::init() extensions trigger redirections. (from r97767)
* [rev:98218] More fixes renaming SSReport to SS_Report
* [rev:98217] Don't allow translations of VirtualPage (until we can reliably copy data between locales) (see #5000)
* [rev:98205] Better broken reason sorting (from r96989)
* [rev:98204] Allow changing direction in broken link type (from r96987)
* [rev:98203] Fix broken reasons sorting (from r96985)
* [rev:98202] Improvements to sorting of columns on broken links report (from r96979)
* [rev:98185] Add horizontal scrolling to reports when necessary. (from r96086)
* [rev:98184] Add horizontal scrolling to reports when necessary. (from r96085)
* [rev:98183] Add horizontal scrolling to reports when necessary. (from r96075)
* [rev:98182] Removed unnecessary '?' from report URLs when there are no search criteria (from r96052)
* [rev:98180] Don't throw an error if there are no report filters.
* [rev:98180] Don't randomise the order of reports with the same priority. (from r95955)
* [rev:98177] Only list reports in admin/reports that you can actually view (from r95885)
* [rev:98176] Updated all cms side reports to use SSReport as the base class. (from r95884)
* [rev:98170] Fixed bug with report search fields not showing the value that you just searched for. (from r95567)
* [rev:98168] Fixed report pagination, with or without search params (from r95555)
* [rev:98152] pagination was being applied (with a limit of NULL) to print and export actions. This was due to $_REQUEST['methodname'] not existing. (from r97114)
* [rev:98150] TreeMultiselectField_Readonly now posts the correct value to the server (from r97100)
* [rev:98136] still use the correct methods to get a value, even if we're generating a CSV ($xmlSafe = false) (from r96212)
* [rev:98134] Don't default to sorted descending if you already have a different column sorted ascending. (from r96061)
* [rev:98133] Don't make ManifestBuilder choke on empty files. (from r96058)
* [rev:98132] Make TableListField sort checking use SQLQuery::canSortBy() to let SSReprot_FakeQuery work.
* [rev:98131] Correct direction of sort arrows in TableListField (from r96051)
* [rev:98114] fixed test that was trying to do a assertContains between a DataObjectSet and a Member object. Changed it to an assertEquals between Member and the First item in the Set. Also added an inverse test to check that Set doesn't contain the wrong Member.
* [rev:98111] removing search&replace victim, using unpopulated cache. Reverted to AllChildren, which calls the cache itself.
* [rev:98103] Fixed readonly transformation of TreeMultiselectField in cases where $this->value is explicitly set. (from r95962)
* [rev:98101] Allow creation of TreeDropdownFields on forms with querystring URLs.
* [rev:98101] Make use of the $this->value setting of TreeMultiselectFields. (from r95910)
* [rev:98095] Let FieldMap access non-data fields too (from r95825)
* [rev:98094] Make TableListField rely on SQLQuery for its count-generation.
* [rev:98094] Make SQLQuery return an appropriate count if a HAVING clause is used. (from r95814)
* [rev:98083] reintroducing the forceValue url param, so the TreeDropdownField value can be set via JS (previously if the item was deep within the tree structure it would not be selected)
* [rev:98030] fixed member labels not appearing in cms popup. #5025
* [rev:98018] Fixed incorrect logic in CMSMain::generateTreeStylingJS() stopping different tree icons from working
* [rev:98001] Ticket #4805
* [rev:97984] FileIFrameField throws sub-URLs error when changing cms to a non default language (#4767)
* [rev:97980] #5009: Removed inappropriate field-detection change on multienums with no default
* [rev:97937] missing comma
* [rev:97935] can't upload swf file in admin/assets (open ticket #4999)
* [rev:97926] remove the possibility that Director::isDev() could be recursively called when putting isDev=1 in $_GET, addressed in ticket #4978 (http://open.silverstripe.org/ticket/4978)
* [rev:97912] Allowing translations of VirtualPage by not copying over original Locale property (see #5000)
* [rev:97911] If a Group doesn't have any specific TRANSLATE_`<locale>` edit rights, but has general CMS access (CMS_ACCESS_CMSMain, CMS_ACCESS_LeftAndMain, ADMIN), then assign TRANSLATE_ALL permissions as a default. Necessary to avoid locking out CMS editors from their default language (see #4940 and 4941)
* [rev:97909] Don't let a user's theme break the CMS.
* [rev:97881] Checking that URL controller in HTTPRequest->match() is a subclass of Controller, not RequestHandler (which would include nested controllers like Form or FormField subclasses that shouldn't be accessible on their own toplevel URL namespace)
* [rev:97878] Folder::findOrMake() will call mkdir if needed, even if object already exists in database.
* [rev:97833] remove serverside Validator::get_javascript_validator_handler() checking when trying to valid the field in serverside.
* [rev:97783] File don't have method URL(), instead, we use $image->URL, which will call $image->getURL()
* [rev:97775] removed unneccessary comma (it breaks the IE)
* [rev:97764] changed the stylesheet path to proper one - #4968
* [rev:97755] add custom search function, so the search catches also the Titles (search uses DataObject::get, which bypasses the getMenuTitle function)
* [rev:97746] allow only 2 and 4 digit years.
* [rev:97731] Use BASE_PATH and BASE_URL instead of data from $_SERVER.
* [rev:97730] fix front-end validation for DYMCalendarDateField, addressed in open ticket #4967(http://open.silverstripe.org/ticket/4967).
* [rev:97728] Don't rely on the current working directory for any file access; use BASE_PATH.
* [rev:97727] Don't rely on the current directory for any logic.
* [rev:97673] the anchor dropdown now works in IE. Also fixes other anchor-related problems as described in ticket #4961
* [rev:97653] Fixed Permission::get_members_by_permission() for DB abstractions
* [rev:97638] Fixed CMS Editor loading in AssetAdmin
* [rev:97603] Fixed bug when user selects no folder and uses the search box it incorrectly doesnt append the where statements
* [rev:97599] Use correct paths for requirements
* [rev:97594] Fixed potential data corruption issue when you are changing the class of a SiteTree subclass between two subclasses that share a fieldname.
* [rev:97593] Another bugfix for r97583
* [rev:97589] Fixed bug that was caused by r97583
* [rev:97586] #4929: Fixed Object::add_static_vars() for uninherited static.s
* [rev:97581] #4471: Fixed link insertion in Safari.
* [rev:97545] Fixed widgets not being clickable to use them in IE
* [rev:97541] Clicking available widgets now applies only to h3 elements
* [rev:97541] Widgets are now prepended to the available widget stack by use of Insertion.Top
* [rev:97522] When adding a new widget by clicking one of the available widgets, add it to the top of the currently used widgets instead of the bottom
* [rev:97507] Fixed incorrect lables "TOADD" etc in WidgetAreaEditor
* [rev:97482] Fixed NumericField->jsValidation(), now accepts negative numbers, making it more like the equivalent phpValidation(), which is using is_numeric() (see #4874, thanks Allisone)
* [rev:97480] Checking for presence of all columns in Security::database_is_ready(). This was necessitated by an earlier change to the sapphire ORM which now selects all columns explicitly in a SQL query (instead of SELECT *) (see #4027)
* [rev:97472] Setting 'Locale' as HiddenField in CMSMain->getEditForm() to support translatable SiteConfig records (see r97370, #4770)
* [rev:97437] Properly closed a tag in AssetTableField that was hiding content after the back link tracking tab. From: Andrew Short (from r95036)
* [rev:97433] Fixed nested URLs operation for pages more than 4 levels deep. From: Andrew Short (from r95902)
* [rev:97414] Was using custom_database_fields in Aggregate, not database_fields, and so aggregates for the common fields (LastEdited, Created, ClassName) would fail
* [rev:97370] Fixed SiteConfig->canView()/canEdit() to respect empty CanViewType/CanEditType assignments.
* [rev:97357] old 2.3 passwords now handled correctly and migrated accordingly
* [rev:97307] getByKey replaced with objectForKey
* [rev:97300] The 5.1 replacement array_fill_keys function now made available to the cron jobs
* [rev:97267] Let users without a specific TRANSLATE_ permission edit the default locale, so that things don't break when you install the Translatabe module.
* [rev:97260] Move TreeDropdownField requirements to Field() so requirements are loaded properly in popups
* [rev:97231] removing hardcoded reference to ModelAdmin_RecordController, also added getters for model controllers.
* [rev:97211] Fixed URLSegment access for translated homepages in SiteTree->RelativeLink (#4781, thanks martijn)
* [rev:97210] Language switcher dropdown javascript uses baseHref() to avoid invalid relative links in IE8 (#4891)
* [rev:97179] Fixed redirection destionation of the modeladmin delete button on the detail form.
* [rev:97168] now hiding the permissions via SecurityAdmin::add_hidden_permission works also for PermissionRoleAdmin
* [rev:97073] Attribute escaping in PageCommentInterface?_singlecomment.ss (merged from r97071)
* [rev:97051] Fixed bug in r97036
* [rev:97038] Fix display of exception backtrace in CLI view.
* [rev:97036] Use locally included Zend framework components in favour of those installed with PEAR
* [rev:97031] the search was only operating on the part of the tree (as returned by markPartialTree), now it searches globally
* [rev:97023] HTTPResponse has been replaced with SS_HTTPResponse
* [rev:97016] Comment URL field check is now case insenstive. Included tests for various protocols. PATCH via simon_w. Ticket #4776
* [rev:97013] removed name attribute from label fields since this is invalid html. Ticket: #4887. PATCH via tobych
* [rev:96997] Check for an empty list of keys before attempting to create an array with them
* [rev:96993] #4857 Fixed potential bug where a file would just be uploaded to a random folder, also files can now be uploaded to the assets root properly
* [rev:96977] reintroduced 96961, build failed for other reason.
* [rev:96961] loading a subtree was failing - couldn't call getSiteTreeFor reliably on LeftAndMain which is abstract class in its nature. Now using valid subclass instead.
* [rev:96941] Fixed bug in VirtualPage::isPublishable() when CopyContentFromID not set
* [rev:96884] Fixed add button overlapping image/flash popups in modeladmin. #4906
* [rev:96879] fixed onBeforeDuplicate calling before page existed
* [rev:96868] Fixed a PHP segfault bug with the WidgetAreaEditor
* [rev:96828] Adjust EncryptAllPasswordsTask test to match API for BuildTask
* [rev:96822] Removed XSS holes (from r94822)
* [rev:96818] Don't show obsolete page if you refresh the CMS after deleting a page (from r94242)
* [rev:96817] Use canDeleteFromLive instead of canPublish for checking delete from live action (from r93316)
* [rev:96812] Correct labels for "delete from draft" batch actions (from r91838)
* [rev:96811] Use doDeleteFromLive when deleting pages from live, so that onBeforeUnpublish and onAfterUnpublish are called. (from r91381)
* [rev:96809] Use the correct numChildrenMethod when showing the 'all children, including deleted' tree (from r91166)
* [rev:96806] Preserve selection of LHS multiselect tree when switching between filters. (from r90290)
* [rev:96805] Correct confirmation alert message when rolling back to a specific version. (from r90261)
* [rev:96799] Updated onAfterUnpublish to republish page from static cache as well as unpublish them. (from r90002)
* [rev:96798] Removed destroy() calls from static cache builder; with the garbage collection improvements it shouldn't be necessary. (from r89983)
* [rev:96797] Fixed width of time dropdown fields in the LHS CMS (from r89913)
* [rev:96796] Don't set the Owner by default on new records. (from r89910)
* [rev:96795] Fixed viewing of deleted pages. (from r89833)
* [rev:96790] Don't cut off document.body overflow in CTF popups in the admin, when on test mode. (from r88958)
* [rev:96785] Ignore elements without a name in change detection.
* [rev:96782] Fix image tracking not working cross subsite (from r88008)
* [rev:96781] Fix changing the URLSegment on a page making the Draft Site link
* [rev:96780] Fix deleting folders in Internet Explorer (from r87390)
* [rev:96779] Fix highlighting of incorrect page when loading a page in the
* [rev:96775] Use Controller::join_links() for all TableListField and ComplexTableField link building, to support form URLs with querystrings.
* [rev:96775] If ComplexTableField::getParentRecord() can't find a record, just return null rather than erroring. (from r96555) (from r96649)
* [rev:96774] Don't let Versioned archive tables clutter the global state when testing.
* [rev:96774] Don't let mocked datetimes clutter the global state when testing. (from r96640) (from r96648)
* [rev:96773] Removed XSS holes (from r94823)
* [rev:96770] Don't set the nodelete class on the CMS tree on load, since this is now handled by the batch-action system with an Ajax call. (from r94762)
* [rev:96767] Don't let users edit the location in the Behaviour tab if they don't have sitetree reorganise permission (from r94609)
* [rev:96765] Fixed readonly form of TreeDropdownField when field is made readonly before value is set (from r94608)
* [rev:96762] Allow opening of the detail pop-ups of a record on a ComplexTableField attached to a deleted page. (from r94593)
* [rev:96761] Apply file extension restrictions to extensions properly. (from r93531)
* [rev:96760] Don't publish virtual pages on regular page publish unless the page has already been published. (from r93529)
* [rev:96759] Changed default config to restrict file-upload types to ADMINs, since it's protecting against security holes. (from r93327)
* [rev:96758] Virtual pages can be deleted from the live site even when the're not publishable. (from r93319)
* [rev:96755] Fixed notice-level errors when checking permissions of pages that don't exist anywhere (from r93166)
* [rev:96754] Resized images which return null or false are now ignored
* [rev:96752] Add a default list of allowed extensions so that the CMS works reasonably out of the box.
* [rev:96752] Allow files that don't have an extension (most notably folders)
* [rev:96752] Ensure that file URL rewriting works if you rename a page twice without publishing.
* [rev:96752] Ensure that the page doesn't go green after URLs are rewritten
* [rev:96750] Fixed bug in r93095 (from r93097)
* [rev:96748] Update virtual pages semantics to grab content from the published version of the source page when you publish the virtual page, and to not allow publication before their source page is published. (from r92209)
* [rev:96746] Amended some references to HTTPResponse, replacing with SS_HTTPResponse
* [rev:96741] Use live permissions if the stage page has been deleted. (from r91761)
* [rev:96740] Make virtual page broken link detection work across subsites. (from r91311)
* [rev:96739] Clear the bypassStaticCache cookie when you return to the live site. (from r91165)
* [rev:96736] Include newly set fields in the differences shown by DataDifferencer (from r90264)
* [rev:96735] Use draft site permissions over published, if available. (from r90220)
* [rev:96733] Change EncryptAllPasswords to BuildTask instead of DailyTask
* [rev:96732] Call onBeforeUnpublish/onAfterUnpublish events in doDeleteFromLive, because they amount to the same thing. (from r90001)
* [rev:96731] Fixed broken link correction when a page is deleted. (from r89989)
* [rev:96729] Added better handling of rendering SiteTree objects, to prevent test errors. (from r89963)
* [rev:96726] Reset the methods applied to classes after adding/removing extensions. (from r89957)
* [rev:96724] Prevented notice-level error when publishing HTMLText fiels on tables other than SiteTree. (from r89908)
* [rev:96722] Update file link tracking as part of Filesystem::sync() (from r89907)
* [rev:96721] Fixed image link rewriting in virtual pages. (from r89904)
* [rev:96720] Fixed onchange handler for DropdownTimeField (from r89903)
* [rev:96719] Fixed layout glitch in TreeDropdownField in Firefox (from r89842)
* [rev:96718] Don't let non ADMINs with permission-editing rights assign themselves ADMIN permissions. (from r89805)
* [rev:96717] Fixed SiteTree::rewriteFileURL() (from r89804)
* [rev:96715] Version field weird'ed up rollback functionality (from r89464)
* [rev:96705] Make sure Linkto Dropdown works right with filter()
* [rev:96681] alternative function for versions of PHP prior to version 5.2
* [rev:96680] array_fill_keys function created for version prior to PHP 5.2
* [rev:96679] Ensure .js variable defined with var keyword
* [rev:96678] Ensure .js variable defined with var keyword
* [rev:96663] Allow set objects as properties if the property is not a database field
* [rev:96623] anchor, target, and title are not set on a link that's inserted without selection. Also when using createElement in that way firefox encodes the spaces within href parameter breaking the shortcodes. Switched to using the 'mctmp' placeholder now.
* [rev:96566] Fix IE bug with Files&Images (#4912)
* [rev:96551] getting rid of problem with disappearing buttons on the initial page load (not ajax). The initialization was called twice on the CMSForm, and on the second call the ajaxActionsAtTop was removing the buttons - now the buttons are removed only when there is something to be added.
* [rev:96443] Check for functions existence
* [rev:96441] Check for empty
* [rev:96427] Fixed reloading of TableFields after ajax save. (http://mingle.silverstripe.com/projects/air_nz_cms_enhancements/cards/154) (from r88921)
* [rev:96363] Fix multiselect tree selection, since changes in r91342
* [rev:96362] Readonly TreeMultiSelectField has form linked properly
* [rev:95973] #4140 When clicking a tree node that was just dragged, "Stack overflow" error would be given in IE. Firebug would report "Too much recursion"
* [rev:95972] when the JS files are combined, swfupload.js gets included in pages where there are no placeholder elements available, failing with exception and killing the javascript for the page. Now the exception is intercepted and ignored.
* [rev:95968] Fallback for arrays which do not contain 'alreadyLoggedIn' values
* [rev:95788] fixing CMS_ACCESS_LeftAndMain permission (=access all cms sections). Also added the test.
* [rev:95558] Show selected row in autocomplete dropdown
* [rev:95511] Prevent text-selection during drag operation, Firefox-specific
* [rev:95422] Fixed undefined $this->Parent in SiteTree::getCMSFields()
* [rev:95388] LessThanFilter uses SearchFilter::getDbFormattedValue, just like GreaterThanFilter
* [rev:95339] pass $allowHTML through to the parent class
* [rev:95169] If running a BuildTask via AJAX, e.g. Filesystem::sync() is run from AssetAdmin, don't show the message "Running [task] ..."
* [rev:95108] Fix fatal error when exporting a csv from a tablefield with a custom query
* [rev:95093] ComplexTableField - fixed sprintf() not enough arguments when the referrer has a % character in it, the referrer is now an argument instead of being hardcoded in the string
* [rev:95091] #4847 Fixed ComplexTableField undefined in IE8 when opening a CTF popup in the Security section of the CMS
* [rev:95088] #4848 Fixed ComplexTableField undefined error in IE8 when it is not available
* [rev:95084] #4848 FileIFrameField visual problem where the preview image is hidden if the TreeDropdownField gets too long for selecting a file
* [rev:94885] Fixed ModelAsController::findOldPage() failing on MSSQLDatabase using "sqlsrv" driver
* [rev:94859] adding onAfterDelete hooks to remove the no longer necessary permissions
* [rev:94835] orphaned permissions and subsite administrator groups were causing trouble - now with the JOIN the first global administrator group is picked up when ussing the override login.
* [rev:94810] removing permissions before re-applying them (previously it just removed the components on the relation which resulted in permissions having GroupID set to 0)
* [rev:94721] fixed typing error
* [rev:94571] fixed spam not being turned into ham if spamprotection isnt enabled. PATCH via simon_w #4813
* [rev:94568] check akismet is enabled before saving spam. PATCH via simon_w - #4812
* [rev:94461] Fix fileiframefields dying when an image is attached and a folder is expanded via ajax
* [rev:94443] fixed closing action on profiler popup
* [rev:94437] include customHeadScripts in clear rule.
* [rev:94416] Fixed undefined function error ip2country() in Geoip::ipcountry_check()
* [rev:94378] match returns null on not-found, querying raw.length resulted in an error. Now it's possible to add links to the page again.
* [rev:94369] Make sure findAnAdministrator gets a global administrator when subsites is installed.
* [rev:94358] #4686 Fixed $member non-object error, and decorated checks from not working in Member::canView(), Member::canEdit() and Member::canDelete()
* [rev:94353] #4566 Time::Nice() and Time::Nice24() return bad results if there is no value
* [rev:94350] Fix default inclusion of (theme|project)/css/editor.css into the WYSWIWYG editor.
* [rev:94349] Don't throw a notice-level error if you access a setting that hasn't been set yet.
* [rev:94332] convert ImageFormAction form prototype syntax to jQuery syntax, merged from r94304
* [rev:94319] Cleanup after aborted drag operation in Assets (#4735) (from r93071)
* [rev:94301] Fixed undefined calls to URL() in SimpleImageField, replacing them with getURL() instead
* [rev:94238] is tinyMCE is not loaded, we cannot call its function. This is specially important in a pop-up of ComplexTableField
* [rev:94170] Fixed IE bug in ReportAdmin_left.js
* [rev:94134] #4661 Fix SS temporary directory bug with Windows environments - the directory would always be "silverstripe-cache" instead of a namespaced one so that multiple SS sites don't conflict with eachother
* [rev:94100] if SecurityAdmin::add_hidden_permission() is called more than once, the later one is never added due two array operator "+"
* [rev:94073] Fixed inconsistent default to ViewableData::Modulus() - should be 0 as per ViewableData::MultipleOf()
* [rev:94071] Modulus and MultipleOf should start at index 0 to match the iterator position, by default
* [rev:94061] fixed reference to incorrect class
* [rev:94002] fix some missing langs/en.js loading.
* [rev:93984] add proper language link broken
* [rev:93965] Changed paths according to moved thirdparty dependencies. This bit change is merged from r92613.
* [rev:93955] fix bug that can't find tinymce_ssbuttons under sapphire/thirdpaty. this is a change merged from r92853 http://open.silverstripe.org/changeset/92853#file3
* [rev:93950] fix bug that can't find tinymce_ssbuttons under sapphire/thirdpaty. this is a change merged from r92853 http://open.silverstripe.org/changeset/92853#file3
* [rev:93935] merge r92502 from trunk for HtmlEditorConfig.php, merge r93934 from trunk for HtmlEditorField.js, merge r92500 from trunk for sapphire/thirdpart/tinymce-advcode/editor_plugin_src.js, aiming to solve the conflict of folder name tinymce-advcode.
* [rev:93860] Fixed incorrect hasDatabaseField() in SearchFilter::getDbName() - use hasOwnTableDatabaseField() instead
* [rev:93777] Fixed SearchContextTest failure
* [rev:93754] Fixed drag link event handling on ComplexTableField.js (#4737)
* [rev:93707] Removed code that relied on deprecated functions in MemberTableField
* [rev:93677] Removed calls to Translatable::is_enabled() since it's deprecated, replaced with Object::has_extension('SiteTree', 'Translatable') instead
* [rev:93676] Removed calls to Translatable::is_enabled() since it's deprecated, replaced with Object::has_extension('SiteTree', 'Translatable') instead
* [rev:93673] #4762 Replace Debug::log_errors_to() in ConfigureFromEnv to use SS_Log instead. Thanks simon_w!
* [rev:93620] Fixed reference to tree.css which doesn't exist because of files moving around
* [rev:93579] Adjusted YamlFixture to new Spyc API: loadFile() instead of load() (from r92566)
* [rev:93542] applied patch from #4381. Observable doesnt play nice with jQuery (manual jsparty merge from r90857) (from r92571)
* [rev:93514] Fix javascript error on IE8 by forcing IE7 compat mode.
* [rev:93259] Fixed dev/build not redirecting properly on first install of SS website on IIS
* [rev:93161] Fixed newlines for Windows when logging errors in LogErrorFileFormatter
* [rev:92411] Fix TreeDropdownFields throwing an exception.
* [rev:92220] Fixed newlines working properly across different platforms - Windows, for example, won't work properly with just \n so use PHP_EOL for a cross-platform solution
* [rev:92129] More robust checks on the current member in Member::canEdit() and Member::canDelete() if there is no logged in member
* [rev:92077] Fixed regexp in anchor link rewriting
* [rev:91958] FolderID was not present in post, so file would not be uploaded to the correct place.
* [rev:91775] Fixed Group::collateFamilyIDs() when working with MSSQL
* [rev:91746] Include salt in legacy password encryptor (from r91743)
* [rev:91659] Made use of new BasicAuth::protect_entire_site() consistent. (from r91658)
* [rev:91613] Don't enable site-wide protection by default (from r91609)
* [rev:91576] Fixed password hashing design flaw in Security::encrypt_password(). Removing base_convert() packing with unsafe precision, but retaining backwards compatibilty through pluggable encryptors: PasswordEncryptor_LegacyPHPHash (#3004) (merged from r90949)
* [rev:91572] Legacy password hash migration in MemberAuthenticator::authenticate() which fixes the precision problems mentioned in #3004 when a user logs in (from r90950)
* [rev:91549] changed condition to display uploaded File
* [rev:91542] fixed order inclusion of js
* [rev:91444] Fixed PageComment boolean operators in WHERE SQL clauses that break MSSQL
* [rev:91418] MigrateSiteTreeLinkingTask returns duplicate results from databases like MSSQL - remove any duplicates that may be around
### Minor changes
* [rev:98409] Fixed HTTPTest->testSetGetVar()
* [rev:98407] Fixed HTTPTest->testSetGetVar()
* [rev:98404] Partially reverted r98382 which added unnecessarily defensive checking to Hierarchy->allChildren()
* [rev:98403] Fixed HierarchyTest assertions around including grand children counts
* [rev:98390] Removed argument to getDescendantIDList() in ThumbnailStripField that doesn't exist on the method
* [rev:98383] Fixed HTTPTest when invoked through dev/tests/all or with GET parameters (see r98373)
* [rev:98376] Testing of grand-children items in HierarchyTest::testLoadDescendantIDListIntoArray() and HierarchyTest::testNumChildren()
* [rev:98372] Documentation
* [rev:98370] Fixed test case name in Hierarchy
* [rev:98369] Added test case for Hierarchy::getDescendantIDList() which also tests Hierarchy::loadDescendantIDListInto()
* [rev:98341] Removed arguments to Hierarchy::getDescendantIDList() calls, as the method does not have any
* [rev:98326] Make pass use a password field, dont require call by reference (merged from r72930)
* [rev:98321] Use 'b' mode for fopen() where possible for better portability
* [rev:98285] Fixed SS_HTTPResponse references in CMSBatchActionHandler
* [rev:98284] Documentation
* [rev:98282] fixed setName()
* [rev:98275] Removed message alteration from ValidationResult->error() to make it more predictable for string matching in unit tests like SecurityTest
* [rev:98274] Fixed unit tests after change Member->checkPassword() to return ValidationResult instead of boolean (see r98268)
* [rev:98268] Use a ValidationResult to log in a member so that custom errors can be generated. From: Andrew Short (from r98267)
* [rev:98264] Only clear theme in CMS if we're not redirecting to the login form (better for testing).
* [rev:98228] Adding SiteConfig as Translatable dependency in SiteTreeTest and TranslatableTest
* [rev:98223] make showing virtual pages tab conditional
* [rev:98223] made virtual page tracking sitetree tablelistfield subsite agnostic (from r98005)
* [rev:98222] removed redundant method call (from r97817)
* [rev:98211] added above confiration to batch setting expiry (from r97215)
* [rev:98210] add pretty warning colors to expiring content warning (from r97151)
* [rev:98208] set Print flag correctly on TLF
* [rev:98208] custom print template for SSReport TLF's that exposes the report title, and filters set (from r97138)
* [rev:98206] fix dropdown labels (from r97063)
* [rev:98201] fixed typos in the comments
* [rev:98200] Change page title heading to "Page name" for consistency in CSV export (from r96925)
* [rev:98199] added quotes
* [rev:98198] Fixed side report tests to suit new report system. (from r96646)
* [rev:98197] using better sorting api (from r96483)
* [rev:98196] fix sorting in this report. (from r96481)
* [rev:98195] make site checking clearer on broken links report (from r96456)
* [rev:98193] typo fixes, adding missing columns (from r96433)
* [rev:98192] remove sort direction when running canSortBy. Also added test coverage for this. (from r96428)
* [rev:98189] improved wording on reports (from r96258)
* [rev:98187] added broken links report (from r96139)
* [rev:98186] Correct sidebar report order. (from r96090)
* [rev:98180] Added SSReport::dataClass() accessor.
* [rev:98178] use DB doubles only in MySQL, fall back to float
* [rev:98174] Added missing template from r95815 (from r95822)
* [rev:98171] Nicer date formatting (from r95761)
* [rev:98164] added locking to static publisher to avoid two queues running at the same time. (from r87792)
* [rev:98163] fixed IE JS errors (from r87420)
* [rev:98162] apply a sitetree filter when changing subsites (from r87369)
* [rev:98160] updated detection for an empty report (from r87362)
* [rev:98158] when you delete a user from a group, they are also removed from any sub groups. (from r87119)
* [rev:98156] applied correct decorators
* [rev:98156] Page.ss now takes advantage of the SiteConfig
* [rev:98156] fixed JS error around concurrent editing
* [rev:98156] ability to disable sorting on tablelistfield
* [rev:98156] added default timezone to static-main.php to avoid PHP warnings
* [rev:98156] only display Roles tab on groups if there are roles in the system
* [rev:98156] publishing activity report
* [rev:98155] better error reporting for broken redirector & virtual pages (from r97185)
* [rev:98154] set Print flag correctly on TLF
* [rev:98154] custom print template for SSReport TLF's that exposes the report title, and filters set (from r97138)
* [rev:98153] Fixed TableListField tests that don't set $_REQUEST['url'] (from r97127)
* [rev:98143] Always position calendars below the entry field - this gives it consistency with PopupDateTimeFields, as well as ensure the popup button isnt hidden. (from r96916)
* [rev:98142] Fixed PermissionTest assertion (from r96642)
* [rev:98141] Fixed TableListField test to suit changed behaviour. (from r96639)
* [rev:98140] if the $fieldname to DOS->sort has a direction in it, split it out, and pass it. (from r96482)
* [rev:98139] redirector link tracking is more intelligent (from r96461)
* [rev:98138] remove sort direction when running canSortBy. Also added test coverage for this. (from r96428)
* [rev:98137] move sort column&direction into their own vars, otherwise, canSortBy(Date DESC) will always return false, since DESC is not part of the column name. (from r96411)
* [rev:98135] fix field escaping in CSV export of TableListField (from r96157)
* [rev:98128] Update en_US with SiteConfig.THEME and SiteConfig.DEFAULTTHEME translatable entities
* [rev:98127] Cleanup test folder after SiteConfigTest::testAvailableThemes() is run
* [rev:98115] added descriptive text to test assert.
* [rev:98110] Unit tests for SSViewer::current_theme() and SiteConfig::getAvailableThemes()
* [rev:98106] Fixed broken tests
* [rev:98098] Removed specific removal of temporary directory in ManifestBuilderTest::testThemeRetrieval() and replaced it with Filesystem::replaceFolder() which does the same thing
* [rev:98097] don't HTML-format queries from showqueries if this is an AJAX request. (from r95855)
* [rev:98092] Initialise variables to fix unit test (from r95754)
* [rev:98091] Added ManifestBuilderTest::testThemeRetrieval() to test ManifestBuilder::get_themes()
* [rev:98090] Edit-case checking of data in ViewableData::$failover for better error message. (from r95560)
* [rev:98089] Don't try and access the ORM from ComplexTableField in situations where it shouldn't. (from r95544)
* [rev:98088] Boundary condition check in TableListField for more helpful errors. (from r95543)
* [rev:98086] Fixed FileTest execution if the assets/ directory doesn't exist. (from r88353)
* [rev:98085] added direct links to items in the backlinks report (from r88277)
* [rev:98084] unit test for getting members by permission via roles (from r88276)
* [rev:98079] Partially reverted accidental commit from r97920 (unconditionally requiring ADMIN login via BasicAuth in DevelopmentAdmin)
* [rev:98059] Changed MySQLDatabase::now() block comment to be more useful
* [rev:98056] Unit tests for Decimal field type default value through new test class DecimalTest
* [rev:98055] Allow creating fixture records without any columns by checking the fields exist first before doing a foreach() in YamlFixture::writeDataObject()
* [rev:98043] niced the way MultiEnums call requireField to give alternative adapter access
* [rev:98042] use ENUM hack for dealing with SET legacy values
* [rev:98032] visual tweaks to the widgets area including widget titles can now be spread over multiple lines and padding between columns. #4965
* [rev:98025] fix permissions
* [rev:98017] permission code is case sensitive in some cases
* [rev:97991] Deleted reference to CalendarDateField.js
* [rev:97991] Year validation (accept just 4 digit, like the error message says).
* [rev:97985] groupby works for SQLite too
* [rev:97979] Better error message on bad Enum default
* [rev:97936] add flv (flash file) to File::$allowed_extensions
* [rev:97920] Preserve theme settings in tests
* [rev:97910] Removed debug code
* [rev:97875] fix call to undefined method when a virtual page picks up the wrong object.
* [rev:97838] PHP notice error
* [rev:97825] Removed debug code
* [rev:97705] replaced proprietary update query with one that is ANSI compliant in doPublish()
* [rev:97669] #4674 applied patch for special chars in folder titles
* [rev:97652] Make SecurityDefaultAdminTest when you run it by itself.
* [rev:97602] Added better help text underneath "Available Widgets" and "Widgets currently used"
* [rev:97596] fix file iframe upload width
* [rev:97592] Re-enabled SiteTreePermissionsTest tests
* [rev:97566] If CurrencyField->setValue() passed a null or empty value, default to 0.00 so number_format() has no issues converting the number
* [rev:97543] Tree selector expands by default to show selected nodes
* [rev:97540] Cursor is now a pointer for available widgets, as you need to click them to add to the available widget stack
* [rev:97532] Removed end php tag from WidgetAreaEditor
* [rev:97511] Changed wording for WidgetAreaEditor.TOADD advising users to "click" instead of drag widgets
* [rev:97509] Fixed default wording of WidgetAreaEditor.TOADD "drag them here from the left"
* [rev:97487] Updated master translation file
* [rev:97486] Updated master translation file
* [rev:97485] Backwards compat fix for sprintf() call in CMSMain->providePermissions() (#4764)
* [rev:97484] Using SiteTree::get_by_link() in SiteTree->requireDefaultRecords() (see #4590)
* [rev:97483] Fixed setForm() invocation in Form::__construct() (see #4558, thanks ajshort)
* [rev:97481] Use addExtraClass() in FormField::__construct() instead of direct assignment (see #4607, thanks Tjofras)
* [rev:97478] Security::findAnAdministrator() names any default administrators 'Default Admin' instead of 'Admin'
* [rev:97435] Don't include files and folders starting with an underscore in the asset system.
* [rev:97435] Automatically rename files and folders beginning with an underscore. From: Andrew Short (from r97400)
* [rev:97434] Fixed deep-nested-URLs test to work on sites in subfolders (from r96836)
* [rev:97432] Made ComplexTableField sub-forms testable by returning rather than echoing results. From: Andrew Short (from r95035)
* [rev:97431] Allow a validation error to be thrown when a DataObject is saved in ComplexTableField. From: Andrew Short (from r95034)
* [rev:97369] Fixed MemberAuthenticatorTest, was setting global state in r97357
* [rev:97182] Reverted 'single instance only' feature from r79868, delayed until later release (see #4277)
* [rev:97178] Removed 'print' button from CMSMain->getEditForm() for display of older versions (see #4745)
* [rev:97072] added comments
* [rev:97035] folders without children in trees now have the folder icon
* [rev:97031] renamed 'filter' to 'search'
* [rev:96942] Removed unnecessary illegalExtensions data from TranslatableTest
* [rev:96882] Ensure DropdownField option elements have escaped the title correctly
* [rev:96877] added hooks for extending duplicate page functionality
* [rev:96830] Added explicit listing of testonly dataobjects for widget tests.
* [rev:96829] Fixed bugs with test execution.
* [rev:96827] Fixed CMSMainTest to be more flexible about modules altering the buttons.
* [rev:96816] moved allowed_extensions and friends to the model layer (from r92046)
* [rev:96815] moved File validation to the model (from r92044)
* [rev:96814] implement the allowedExtensions functionality of AssetAdmin when you rename a file (from r92037)
* [rev:96813] Made delete from draft batch action text more consistent with published. (from r91839)
* [rev:96808] add a hidden field to attach the subsite ID, rather than relying on the session (from r91014)
* [rev:96807] no longer assume with batch actions that the child pages of a parent are to be ticked (from r90999)
* [rev:96804] Fixed notice-level error in rollback. (from r90260)
* [rev:96803] Updated ModelAdminTest to use extraDataObjects (from r90055)
* [rev:96802] Removed debugging statements (from r90052)
* [rev:96801] Fixed testing quirk of static publisher unpublishing. (from r90048)
* [rev:96794] Make CMSMainTest compatible with cmsworkflow module. (from r89030)
* [rev:96789] added batch deletion back for workflow (from r88916)
* [rev:96788] more fix around batch action parameters (from r88837)
* [rev:96787] fix issue where javascript popup calendar would not fire (from r88836)
* [rev:96786] rename deleted pages report (from r88333)
* [rev:96784] create the ability to have some roles only be able to be applied by admins (from r88090)
* [rev:96783] remove default form actions. Unit tests pass. (from r88065)
* [rev:96776] fix javscript syntax that can confuse ie (from r86395)
* [rev:96772] Ensure that cuke can work with --dry-run (from r94819)
* [rev:96771] when a parent page is unpublished, unpublish all related virtual pages, includes test coverage (from r94777)
* [rev:96768] track virtual pages that link to the current page (from r94700)
* [rev:96753] Removed debugging information: (from r93151)
* [rev:96747] Give all test ADMIN privileges by default (from r92208)
* [rev:96745] Fixed SiteTree::canEdit() for records not yet saved to DB (from r92193)
* [rev:96744] can_edit_multiple() should return false, not 0, for permission failure. (from r92192)
* [rev:96743] moved allowed_extensions and friends to the model layer (from r92046)
* [rev:96742] moved File validation to the model (from r92044)
* [rev:96738] if looking at a specific stage, set a cooking to bypass static cacheing (from r91006)
* [rev:96737] virtual pages are now marked as broken if their pointer page is deleted (from r90996)
* [rev:96730] Flush get_one cache after rebuilding database schema. (from r89966)
* [rev:96716] fix syntax error (from r89472)
* [rev:96714] update merge info, merged in r87119 (from r88839)
* [rev:96710] changed the method to get a page's siteconfig, it is now subsite aware. (from r89870)
* [rev:96230] Moved defined variables in AssetAdmin::doUpload() to the top of the method for consistency
* [rev:95971] Set url variable in TreeAPI.reload as local variable in LeftAndMain_left.js
* [rev:95966] Added unit test for ViewableData::MultipleOf() when using an offset of 1 (an alternative approach)
* [rev:95086] make widgetarea/editor more suitable for generic use
* [rev:95070] remove relic of concurrent editing
* [rev:95052] remove director rule for removed Image_Uploader in r77012
* [rev:94986] adding maori macron button back
* [rev:94856] added comment
* [rev:94829] fixed bug where widget area editor would not be activated
* [rev:94711] test support for superglobals in testrequest
* [rev:94710] test support for superglobals in testrequest
* [rev:94684] added cookies to Director::test()
* [rev:94531] Fixed a few glitches in the cuke tests
* [rev:94529] Added a first cut of some cucumber tests for the CMS
* [rev:94528] Added db-fixture creation for cucumber-based testing
* [rev:94438] removed duplicate writes for performance
* [rev:94432] Don't use test manifest for dev/startsession and dev/endsession (from r93528) (from r94431)
* [rev:94429] Added small fixture YML that just lets you log in, for bootstrapping browser automation tests.
* [rev:94420] Fixed misspelled acronym for "Cross-site request forgery"
* [rev:94418] Documentation updates to SS_Log
* [rev:94359] Added tests methods for Member::can*() methods to MemberTest
* [rev:94359] Added test Extension classes for testing decorated can*() methods
* [rev:94358] Added additional tests to MemberTest
* [rev:94352] #4973 Automatically generate URLSegment for default records on SiteTree and ErrorPage instead of explicitly setting them
* [rev:94336] Tweak to test name display on the test runner
* [rev:94198] fixed widget area
* [rev:94198] added select box listing anchors in text
* [rev:94136] Fixed error message for Folder::addUploadToFolder() to be accurate
* [rev:94135] Less obtrusive tests for testing the SS temp directory
* [rev:94065] Added a few missing pieces to DataObjectSetTest::testMultipleOf()
* [rev:93966] Use jquery instead of prototype for silverstripenavigator
* [rev:93859] Fixed tabs
* [rev:93762] Javascript variable declarations in CMSMain_left.js (#4741)
* [rev:93738] Fixed reference to fieldExists() on SearchFilter which was removed from DataObject
* [rev:93701] reverted r93693 due to the field being required for the CMS
* [rev:93682] Removed calls to ContentNegotiator::disable() since it's disabled by default
* [rev:93681] Removed ContentNegotiator::disable() since it's disabled by default (in AssetAdmin)
* [rev:93662] Removed MemberTableField deprecated methods for adding fields - this should be done by implementing summary fields on a Member decorator instead
* [rev:93659] Removed ContentNegoitator::disable() from FormResponse - it's disabled already
* [rev:93641] Moved static functions in ContentNegotiator above the instance methods
* [rev:93623] Fixed capitalization of JSMin.php include (from r92870)
* [rev:93622] Fixed path for spyc thirdparty library
* [rev:93612] Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and cms/javascript
* [rev:93611] Updated paths from jsparty to sapphire/thirdparty, cms/thirdparty and sapphire/javascript
* [rev:93610] Moved jsparty/tiny_mce to sapphire/thirdparty/tinymce
* [rev:93591] Moved jsparty/greybox to sapphire/thirdparty/greybox
* [rev:93589] Moved jsparty/jquery/jquery_improvements.js to sapphire/javascript/jquery_improvements.js
* [rev:93577] Moved jsparty/prototype_improvements.js to sapphire/javascript/prototype_improvements.js
* [rev:93576] Moved jsparty/prototype15.js to sapphire/thirdparty/prototype/prototype15.js
* [rev:93575] Moved jsparty/prototype-safe.js to sapphire/thirdparty/prototype/prototype-safe.js
* [rev:93574] Moved jsparty/prototype.js to sapphire/thirdparty/prototype/prototype.js
* [rev:93571] Moved jsparty/loader.js to sapphire/javascript/loader.js
* [rev:93570] Moved jsparty/layout_helpers.js to sapphire/javascript/layout_helpers.js
* [rev:93569] Moved jsparty/hover.js to cms/javascript/hover.js
* [rev:93568] Moved jsparty/highlight.js to cms/javascript/highlight.js
* [rev:93567] Moved jsparty/tiny_mce_improvements.js to sapphire/javascript/tiny_mce_improvements.js
* [rev:93565] Moved jsparty/tree to sapphire/javascript/tree
* [rev:93564] Moved jsparty/tinymce_ssmacron to cms/javascript/tinymce_ssmacron
* [rev:93563] Moved jsparty/tinymce_ssbuttons to cms/javascript/tinymce_ssbuttons
* [rev:93562] Moved jsparty/tinymce_advcode to sapphire/thirdparty/tinymce-advcode
* [rev:93560] Moved jsparty/tabstrip to sapphire/thirdparty/tabstrip
* [rev:93559] Moved jsparty/SWFUpload to cms/thirdparty/swfupload
* [rev:93557] Copied jsparty/multifile to cms/thirdparty/multifile
* [rev:93555] Moved jsparty/calendar to sapphire/thirdparty/calendar
* [rev:93554] Moved jsparty/scriptaculous to sapphire/thirdparty/scriptaculous
* [rev:93553] Moved jsparty/jquery/plugins/greybox to sapphire/thirdparty/greybox
* [rev:93552] Moved jsparty/jquery/plugins/livequery to sapphire/thirdparty/jquery-livequery
* [rev:93551] Moved jsparty/jquery/plugins/metadata to sapphire/thirdparty/jquery-metadata
* [rev:93550] Moved jsparty/jquery/plugins/form to sapphire/thirdparty/jquery-form
* [rev:93549] Moved jsparty/jquery/plugins/effen to sapphire/thirdparty/jquery-effen
* [rev:93548] Added jquery.cookie library to allow saving of last selected jQuery UI tab (from r92507)
* [rev:93547] Moved jsparty/jquery/themes to sapphire/thirdparty/jquery-ui-themes
* [rev:93546] Moved jsparty/jquery/ui to sapphire/thirdparty/jquery-ui
* [rev:93544] Moved jsparty/jquery/jquery.js to sapphire/thirdparty/jquery
* [rev:93543] Added sapphire/thirdparty/firebug-lite (from r92496)
* [rev:93541] Added sapphire/thirdparty/behaviour (from r92497)
* [rev:93532] Added Zend_Log thirdparty dependency (merge from r84322) (merged from r92549)
* [rev:93530] Replaced sapphire/thirdparty/Zend external with piston-managed version (merged from r92492)
* [rev:93527] Added simpletest thirdparty library (previously included as an external) (merged from r92857)
* [rev:93526] Re-added sapphire/thirdparty/spyc library
* [rev:93525] Re-added sapphire/thirdparty/simplepie library
* [rev:93524] Re-added sapphire/thirdparty/jsmin library
* [rev:93521] Re-added sapphire/thirdparty/json dependency
* [rev:93449] Update the main.php PHP version numbers at the top doc block
* [rev:92351] Increase size of URL length to be lowest common denominator of maximum length in modern browsers.
* [rev:92220] Fixed appropriate failing tests to use PHP_EOL
* [rev:92135] Removed MemberTableField::setController() - this is now redundant from r92134
* [rev:92134] Added ComplexTableField::setController() which makes testing useful for switching between controllers
* [rev:91850] added stubs to allow widgets to use treedropdown fields
* [rev:91564] Moved Security::encryptallpasswords() to EncryptAllPasswordsTask (merged from r90948)
* [rev:91543] removed debug statements
* [rev:91541] fixed typo with path
* [rev:91394] BUGFIX Disabling security token in HtmlEditorField?->FlashForm?(), its not passed in by the ajax request (merged from r91392)
* [rev:91307] merged in 91306 from trunk
* [rev:91261] Whitespace change
### Other
* [rev:98173] ENHANCEMNT: Added export and print buttons to reports (from r95815)
* [rev:98172] Nicer dates (from r95776)
* [rev:98147] Validation for calendardatefields (from r96958)
* [rev:98093] Add some nice date formats (from r95772)
* [rev:98001] added a canCreateTopLevel() if there is no parent object in CMSMain.php
* [rev:98001] added testCreationOfTopLevelPage toCMSMainTest.php
* [rev:98001] added the nessessary 'database entries' in the CMSMainTest.yml
* [rev:97991] Deleted javascript/CalendarDateField.js. The file is empty.
* [rev:97898] Added values for new permission code 'VIEW_DRAFT_CONTENT' test
* [rev:97897] Added test for new permission code.
* [rev:97878] This covers the corner case where DB is out of sync with filesystem.
* [rev:97384] REVERT: r97017 (Try to tidy HTML...) as causes inconsistent HTML
* [rev:96966] REVERTED: 96961 fails the test, reverted.
* [rev:96926] `<a ... />` tag which is not so nice
* [rev:96781] point to the wrong subsite (from r87776)
* [rev:96779] admin section via URL (from r87320)
* [rev:96777] javascript syntax fixes (from r86396)
* [rev:96712] MERGE merged back a whole bunch of defect fixes from trunk (from r87846)
*

View File

@ -1,555 +0,0 @@
# 2.4.0-beta2 (2010-05-17)
## Changelog
### Features and Enhancements
* [rev:101127] Added 'Dependent pages' tab to CMS, to show virtuals, redirectors, and backlinks that point to this page.
* [rev:101054] Allowing SQLite selection in installer
* [rev:101054] Moved all Javascript containedin install.php and config-form.html to install.js, and using jQuery to simplify logic
* [rev:101054] Allow installer to attach custom form fields based on the install driver (as defined in _register_database.php)
* [rev:100989] If no arguments specified for cli-script.php/sake, then provide a friendly message to the user on where to get help
* [rev:100966] MoneyField currency dropdown can be made from an associate array like array('NZD'=>'New Zealand Dollor', 'USD'=>"United States Dollor') as well
* [rev:100940] Added help text for "locale" setting in installer
* [rev:100937] Redirecting to translated page when original is requested with a 'locale' GET parameter (e.g. 'about-us/?locale=de_DE' will redirect to 'ueber-uns' with a 301 HTTP response). Implemented in ContentController->handleRequest(). (see #5001)
* [rev:100908] Added DatabaseAdapterRegistry::unregister() to remove a database from the registry
* [rev:100902] Added _register_database.php to sapphire which sets the SS provided databases for DatabaseAdapterRegistry
* [rev:100893] Added Hebrew (he_IL) language to sapphire (thanks Oren, Yotam, tzvika, Amir, ohad)
* [rev:100893] Added Lithuanian (lt_LT) language to sapphire (thanks Irmantas, Mindaugas, Donatas, Andrius)
* [rev:100892] Added Hebrew (he_IL) language to cms (thanks Oren, Yotam, tzvika, Amir, ohad)
* [rev:100892] Added Lithuanian (lt_LT) language to cms (thanks Irmantas, Mindaugas, Donatas, Andrius)
* [rev:100884] Using jquery.live instead of livequery for SelectionGroup.js
* [rev:100852] Updated jquery.ondemand.js to sapphire trunk version, to ensure compatibility with jQuery 1.4.2
* [rev:100849] Only defining document.getElementsByClassName() in prototype.js if no native implementation exists (which speeds up the CMS). Ported from 'jquery13' module, thanks Hamish
* [rev:100847] Updated jquery.livequery from v1.0.2 to v1.1.1 (located in sapphire/thirdparty/jquery-livequery/
* [rev:100846] Updated jquery.metadata from ~v.1.0 to v2.1 (located in sapphire/thirdparty/jquery-metadata
* [rev:100845] Updated jQuery.form library from v2.08 to v2.40 (located in sapphire/thirdparty/jquery-form
* [rev:100844] Updated jQuery library from v1.2.6 to v1.4.2 (located in sapphire/thirdparty/jquery/
* [rev:100799] Creating default "Content Authors" group with limited rights if no other groups exist.
* [rev:100776] Better editing of roles through SecurityAdmin instead of a new "Roles" tab. Removed (previously unreleased) PermissionRoleAdmin. (see #4757)
* [rev:100774] Allowing custom popup requirements in ComplexTableField without subclassing through $requirementsForPopupCallback
* [rev:100771] Respecting SecurityAdmin::$hidden_permissions in PermissionRole->getCMSFields()
* [rev:100769] you can now choose your site locale at install time
* [rev:100753] Added 'updateImageForm', 'updateFlashForm', 'updateLinkForm' hooks to HtmlEditorField (the imageform hook was necessary to make the 'pixlr' module work) (see #3938)
* [rev:100696] show all database systems we support, along with messages if the user cannot use them. Also allow 3rd parties to register their own database classes to appear in this list.
* [rev:100536] Stored combined files in assets/_combinedfiles by default
* [rev:100529] Combined files now live in assets/.combinedfiles by default
* [rev:100528] #3387 Requirements now has a new static function called Requirements::set_combined_files_folder() for setting where the combined files should belong
* [rev:100453] #4599 DataObjectSet now uses more array functions instead of performing equivalent tasks - thanks simon_w!
* [rev:100423] Convert JSON functions now use the Services_JSON library where appropriate instead of custom code, and if json_decode() or json_encode() are available these are used
* [rev:100400] #5072 RSSFeed_Entry::rssField() now respects custom getters on the data class
* [rev:100327] allow ordering of page commented to be configurabled
* [rev:100058] AssetAdmin now uses Upload_Validator instead of setting the rules directly on Upload
* [rev:99954] you can now do coverage tests of single/multiple tests, or entire modules
* [rev:99942] fixed forward button underneath result form
* [rev:99929] #4787 Widget now respects updateCMSFields on extension classes so additional fields can be add (or existing ones removed)
* [rev:99845] #4043 Allow setting the from address for debug information in SS_LogEmailWriter - thanks Hamish!
* [rev:99841] #5024 Installer now checks that the user has entered a username and password correctly for the default admin, an additional button for re-checking requirements is now found at the bottom of the admin configuration section
* [rev:99841] Error messages for database AND admin configuration are now in the same place at the top of the installer
* [rev:99737] Allow DataObjectSet to remove duplicates based on any field (#5094, thanks mobiusnz) (from r99736)
* [rev:99692] Disabling/checking permission checkboxes in admin/security when 'ADMIN' permission is selected
* [rev:99690] Saving group relations on SecurityAdmin->EditForm()/RootForm() through TreeMultiselectField instead of hidden 'Group'/'GroupID' values (from r99579)
* [rev:99688] Saving MemberTableField through new 'Groups' field added in Member->getCMSFields(). (from r98882)
* [rev:99679] added new PageCommnet to yml so we have different amounts of moderated/unmodereated
* [rev:99677] Making setting optional in MemberTableField. Field instances without will list all members unfiltered, and remove members from the database rather than the group relation.
* [rev:99677] Allow disabling of 'inline add' formfields in a MemberTableField through setPermissions(array('inlineadd')) (from r98825)
* [rev:99667] Only show 'HTML Editor Config' dropdown in Group->getCMSFields() if more than one option exists
* [rev:99666] Showing checkboxes as disabled for inherited roles in Group->getCMSFields() (from r99597)
* [rev:99664] Added OptionsetField->setDisabledItems() to allow specifically disabling certain checkboxes
* [rev:99664] Added CheckboxSetField->setDefaultItems() to tick specified checkboxes regardless of the value passed (from r99596)
* [rev:99662] Showing (readonly) permissions for a Member record in admin/security popup (from r99586)
* [rev:99660] PermissionCheckboxSetField_Readonly (with all checkboxes disabled)
* [rev:99660] Added 'assigned to...' label to group permissions in PermissionCheckboxSetField - used in Member->getCMSFields() readonly permission view (from r99585)
* [rev:99658] Allowing PermissionCheckboxSetField to inspect multiple group records for existing permissions (from r99584)
* [rev:99648] View and select groups for a specific member via the member popup in admin/security (requires EDIT_PERMISSIONS) (from r98880)
* [rev:99361] Allow locale/dateformat specific reordering of day, month, year input fields in DateField
* [rev:99360] New DatetimeField class (form field wrapper composed of DateField andTimeField)
* [rev:99360] New DateField and TimeField form classes with more consistent API and easier localization
* [rev:99360] Using Zend_Date for DateField and TimeField, with more robust date handling, starting localization support. Set globally via i18n::set_locale(), or for a field instance through setLocale(). Note: Javascript validation is not localized yet.
* [rev:99302] SiteTree::batch_permission_check() populates its own cache (from r97900)
* [rev:99117] set file metadata on upload. (from r97780)
* [rev:99106] set file metadata on upload. (from r97780)
* [rev:99088] Add close link (from r97751)
* [rev:99080] Add Link to silverstripe navigator (from r97407)
* [rev:99069] added PageComment for CommentAdminTest
* [rev:99066] CommentAdmin unitest
* [rev:99047] Make navigator items more overloadable (from r97376)
* [rev:99046] Refactor links in $SilverStripeNavigator so modules can add extras (from r97299)
* [rev:98756] Added help texts for MemberImportForm and GroupImportForm (merged and rewritten from r98750)
* [rev:98737] Allow extension of LeftAndMain->getEditForm() (and subclasses) through a new updateEditForm() hook (see r98736 for additions to AssetAdmin and CMSMain)
* [rev:98736] Import groups from CSV in admin/security through the new GroupImportForm class (and GroupCsvBulkLoader) (merged and rewritten from r98711)
* [rev:98735] Allowing custom 'root forms' when id values '0' or 'root' are passed from the tree selection. (rewritten from r98710)
* [rev:98732] Import members and their group assignments from CSV in admin/security through the new MemberImportForm class (merged from r98708)
* [rev:98715] Added GroupCsvBulkLoader class to facilitate group imports with permission codes and hierarchy (merged from r94252)
* [rev:98714] MemberCsvBulkLoader for easy member import with group associations (merged from r94251)
* [rev:98713] Added BulkLoader->deleteExistingRecords(), removed unnecessary parameters from BulkLoader->load() (merged from r94250)
* [rev:98713] Decreased memory usage in BulkLoader->load() when deleting all records before importing (merged from r94250)
* [rev:98677] Added checkbox to switch off using the environment during install if it's available
* [rev:98659] #3903 Initial changes to installer to support selection of different database drivers
* [rev:98656] you can now pass arbitrary CURL options to the request() method of RestfulService.
* [rev:98469] Add HTMLCleaner abstract class, and Diff::cleanHTML()
* [rev:98428] Allow overriding TableListField_Item on TableListField by setting the property itemClass
### API Changes
* [rev:101155] Add option for DataObjectDecorator::onAfterSkippedWrite()
* [rev:101137] Partial cache adjustments - now supports nested cache blocks (which are independant of their containing cache block), conditionals to control if a given cache block is active, and includes hash of template code in key (so template changes mean cache is invalidated). Changes template control for cache block to `<% cached %>`, to which the now deprecated `<% cacheblock %>` is aliased, and an additional template control `<% uncached %>` has been added.
* [rev:101127] Added SiteTree::VirtualPages() and SiteTree::DependentPages() accessors.
* [rev:101119] Allow on_db_reset() methods on DataObjects as well as DataObjectDecortators
* [rev:101093] Replaced eval based creation of extension and field objects with Object::create_from_string().
* [rev:101093] Introduced new function Object::create_from_string() to instantiate an object from a string like 'Int(50)'
* [rev:101044] Made MySQL fulltext search optional, activated with MySQLFulltextSearchable::enable()
* [rev:101043] Pass the full extension string as the 2nd argument to DataObjectDecorator::extraStatics()
* [rev:100842] Upgraded jQuery UI from v1.6rc1 (r687) to v1.8rc3. This release prefixes all *.js and *.css files with 'jquery', so ui.core.js is now called jquery.ui.core.js.
* [rev:100842] Upgraded jQuery UI themes from v1.6rc1 to v1.8rc3. Removed 'flora' and 'default' themes, replaced with the 'base' and 'smoothness' themes found in the default distribution
* [rev:100718] Removed "auto-merging" of member records from Member->onBeforeWrite() due to security reasons - please use DataObject->merge() explicitly if this is desired behaviour (from r100705)
* [rev:100651] dbDataType function created
* [rev:100513] Refactored Requirements to use Requirements_Backend at all times - this makes testing far easier. Thanks tobych!
* [rev:100512] TreeDropdownField no longer requires your object to have the Hierarchy extension
* [rev:100503] Removed deprecated Email_Template class, please use Email instead!
* [rev:100498] Removed deprecated Image::loadUploaded() (deprecated from the parent::loadUploaded for which it called), please use Upload directly instead!
* [rev:100495] Removed deprecated File::loadUploaded(), please use Upload directly instead!
* [rev:100493] Removed deprecated function RootURLController::get_homepage_urlsegment(), please use RootURLController::get_homepage_link() instead!
* [rev:100492] Removed deprecated function SiteTree::get_by_url(), please use SiteTree::get_by_link() instead!
* [rev:100490] Removed deprecated methods DataObjectSet::filter_map() and DataObjectSet::map_multiple() - please use map() instead!
* [rev:100057] #5107 Upload now uses Upload_Validator to separate the validation rules from the File loading done in the Upload class
* [rev:99849] SiteTree::validURLSegment extendable (#5907)
* [rev:99360] Date/time parsing in DateField, TimeField and DatetimeField defaults to i18n::get_locale() ('en_US') instead of using en_NZ/en_GB specific parsing. Use i18n::set_locale('en_NZ') in mysite/_config.php to revert to old behaviour.
* [rev:99360] $timeformat constructor parameter in TimeField needs to be in ISO date notation (not PHP's date())
* [rev:99360] TimeField, DateField and related subclasses use Zend_Date for date parsing, meaning they're stricer than the previously used strtotime()
* [rev:99360] Removed DMYCalendarDateField and CalendarDateField, use DateField with setConfig('showcalendar')
* [rev:99360] Removed CompositeDateField, DMYDateField, use DateField with setConfig('dmyfields')
* [rev:99360] Removed DropdownTimeField, use TimeField with setConfig('showdropdown')
* [rev:99360] Removed PopupDateTimeField, use DatetimeField
* [rev:99360] Changed 'date', 'month' and 'year' HTML field names to lowercase in DMYDateField
* [rev:99360] Removed support for ambiguous date formats in DateField, e.g. '06/03/03'. Use DateField->setConfig('dateformat', `<format>`) to revert to this behaviour.
* [rev:99360] Removed $futureOnly flag from DateField, CalendarDateField etc., use DateField->setConfig('min') and DateField->setConfig('max')
* [rev:99119] Refactor Versioned so a single state is kept for stage, archived date, or any module specific reading modes (from r98161)
* [rev:99114] Use the same navigator items in the CMS that are used on the frontend (from r97395)
* [rev:99079] Use the same navigator items in the CMS that are used on the frontend (from r97395)
* [rev:99063] Let sitetree extensions prepopulate permisson cache for their own permissions. (from r98650)
* [rev:99051] Let any DataObjectDecorator define an on_db_reset() method that is called by tests, like in Versioned. (from r97734)
* [rev:98786] Installer now uses a database configuration helper class which isolates the logic of checking the database away from the installer, this interface can be used by other databases like MSSQL and PostgreSQL. The installer now looks for a specific file inside each database module, provided it's configured in install.php MySQL is provided by default, as it lives in sapphire
* [rev:98543] Made ComplexTableField not use Object::create() for item and popup classes to be consistent with TableListField. These can be overridden as itemClass and popupClass are public properties on ComplexTableField
* [rev:98373] HTTP::setGetVar() always returns absolute URLs. Use Director::makeRelative() to make them relative again.
* [rev:98373] HTTP::setGetVar() combines any GET parameters in PHP array notation (e.g. "foo[bar]=val") instead of replacing the whole array
### Bugfixes
* [rev:101175] Fixed quotes around Folder::hasChildFolders() ParentID column
* [rev:101173] Don't run click() on all inputs, but input:radio only
* [rev:101171] Pass correct class to allowPrimaryKeyEditing in yaml fixture
* [rev:101170] Don't recreate a missing draft page when calling SiteTree::doUnpublish()
* [rev:101167] #5216 Installer has issues with click handlers applied to the entire li, be more specific and apply it to the label and input instead
* [rev:101165] Fixed versioning of pages
* [rev:101155] Prevent failed migrateVersion writes from breaking versioning system in future writes.
* [rev:101155] MAke site tree pages go green when you save a new draft.
* [rev:101154] #5214 ViewableData::obj() was creating a DBField without a fieldname argument and caused problems, one example is the version panel of the CMS
* [rev:101153] Ensure that Versioned works on classes with underscores in the names. (from r100905)
* [rev:101138] Fixed issues with broekn link tracking
* [rev:101131] Allow classes to be referred to with casing that differs from their definition.
* [rev:101129] Fixed FileLinkTrackingTest to cope with the empty alt="" and title="" attributes that are created
* [rev:101127] Improved reliabilty of broken link tracking.
* [rev:101127] Don't mark a page as changed on stage if the only thing that has changed is broken link metadata
* [rev:101116] Flush cache after deleting an item.
* [rev:101116] Fixed databaseFieldsOnly version of DataObject::getChangedFields()
* [rev:101112] Fixed bugs with copying custom fields into Virtual pages, generally made virtual pages more robust and performant.
* [rev:101110] Fixed link rewriting to work on other HTMLText fields (from r99517)
* [rev:101109] Return true if SiteTree:doUnpublish() succeeds. (from r99515)
* [rev:101105] Update Object::parse_class_spec() to handle arrays.
* [rev:101099] call_user_func_array changed to PHP 5.1 compatible notation
* [rev:101087] #5202 Installer now properly populates database configuration inputs from request after user clicks "Re-check requirements"
* [rev:101080] Fixed TableListField->print() - was unsetting $cachedSourceItems instead of null'ing it, which breaks later access to the property
* [rev:101068] #5199 Duplicate file uploads have odd numbering attached to end of file
* [rev:101061] Fixed Upload and checking for size with files that don't have any extension
* [rev:101051] Allow files with no extensions by setting File::$allowed_extensions with an empty string
* [rev:101050] #5188 Upload and Folder don't handle the duplicate naming of files that have no extension
* [rev:101046] Cookies set to a value other than NULL (effectively unsetting the cookie) will now use the httpOnly parameter by default for better XSS protection (from r101045)
* [rev:101034] Fix static caching file lookup to match file generation.
* [rev:101005] Image should pass through the title to Image_Cached so that Image::getTag() can produce a more useful alt attribute instead of just the filename (from r101003)
* [rev:100998] column and table names now quoted properly
* [rev:100986] Disable javascript date validation via DateField->jsValidation() if locale is not 'en_NZ" (which is the only format it validates for).
* [rev:100985] HTMLEditorField->saveInto() can now find images with urlencoded information for resample (e.g. spaces in filenames)
* [rev:100982] Fixed file-write testing issues in requirements combined file generation
* [rev:100980] Remove cache for Hierarchy::AllChildren() and Hierarchy::AllChildrenIncludingDeleted(), since they increase memory usage unnecessarily.
* [rev:100979] Don't make CMS loading slow if the combined javascript files can't be written.
* [rev:100932] SiteTree::getSiteConfig() should always fall back to using a default if an alternate config wasn't found
* [rev:100924] Allow DatabaseAdmin to run dev/build in live mode when not Security::is_database_ready(), and avoid broken login due to broken db queries (selecting unknown columns before dev/build) (see #4957)
* [rev:100921] DataObject::hasValue() is now compatible with parent ViewableData::hasValue() (this also fixes E_STRICT standards in PHP)
* [rev:100919] RequestHandler::handleRequest is now compatible with Controller::handleRequest in that SS_HTTPRequest is the type hint for the $request parameter
* [rev:100918] ManifestBuilder::up_children() should be declared as static as it's called statically
* [rev:100904] Produce XHTML compliant URLs in HTTP::setGetVar() by default (regression from r98373, see #5101)
* [rev:100896] #5138: DataObjectSet::removeDuplicates() removes objects of different classes with the same ID
* [rev:100866] #5176 Javascript error in IE for the installer - use "this" instead of e.target which doesn't work
* [rev:100862] Use "wb" argument in ManifestBuilder fopen() calls for better cross-platform compatibility
* [rev:100861] #5157 If paths are longer than 255 characters, fopen() produces an "Invalid argument" error, shorten the paths by using basename() instead of realpath() on the manifest filename when producing the cache path in ManifestBuilder
* [rev:100858] Fixed notice level error with folder ID
* [rev:100854] fixed file uploading not uploading any files at all
* [rev:100853] Fixed jQuery.ondemand.js script to work with prototype.js (will probably need to be merged back to trunk for legacy purposes)
* [rev:100848] Fixed variable declaration order in tabstrip.js (necessary due to changed jquery.livequery behaviour
* [rev:100825] Added single quote as a valid local-part of an email address as per RFC5322. Other symbols still excluded although in the spec
* [rev:100795] #5157 strftime() %F format parameter does not work on Windows - use %Y-%m-%d instead
* [rev:100767] Date::now() supplies wrong string - it misses leading zeroes on hours
* [rev:100763] added uniqueness id, to prevet multiple VirtuaLage reloads on publish
* [rev:100755] TreeSelectorField doubles up on concating base_url, doesn't include the security ID (#5164, thanks marcus)
* [rev:100747] #5099 FileIFrameField fails when using it with a locale different to the default
* [rev:100727] allow selection of database adpater
* [rev:100726] misspelled variable
* [rev:100724] some sections dont have a tree at all, but they still use LeftAndMain as their base class (eg report admin). Added a guard.
* [rev:100723] Fixed SapphireTest->loginWithPermission() and MemberAuthenticatorTest to use existing Members based on their unique_identifier_field (if existing) to accommodate recent Member->onBeforeWrite() changes (see r100705)
* [rev:100722] reload page if broken link tracking values changed during a save. Ticket #1363
* [rev:100721] Unsetting 'ID' parameter in MemberTableField->addtogroup() to avoid confusion between Group and Member records (regression from r100716) (from r100720)
* [rev:100719] Fixed MemberTableField->addtogroup() to fetch existing Member records by ID or $unique_identifier_field instead of relying on the (now removed) "auto-merging" in Member->onBeforeWrite() (see r100705) (from r100716)
* [rev:100717] Fixing Member_ProfileForm to validate for existing members via Member_Validator to avoid CMS users to switch to another existing user account by using their email address (from r100704)
* [rev:100701] moving the ajaxupdatesort JS response code from php to js to get rid of eval. Also disable the "loading" on the moved element when we are done, in case we are repositioning other than the selected item - otherwise the progress indicator is displayed indefinitely.
* [rev:100699] column names quoted properly
* [rev:100693] column names quoted properly
* [rev:100692] column names quoted properly
* [rev:100691] column names quoted properly
* [rev:100690] column names quoted properly
* [rev:100689] column name capitalised
* [rev:100688] column names quoted properly
* [rev:100687] column names quoted properly
* [rev:100686] the default value for decimals are now cast as (doubles)
* [rev:100657] tables and columns now quoted properly
* [rev:100632] Fixed SiteTree->MetaTags() to either use `<meta name=>` or `<meta http-equiv=>`, and only using the "http-equiv" attribute for valid HTTP headers (see http://www.w3.org/TR/html4/struct/global.html#edef-META) (from r100631)
* [rev:100627] DB::getConnect() should be properly declared as a static function
* [rev:100616] Fixed filemtime() check in Requirements_Backend::process_combined_files() not getting the right path
* [rev:100614] Proper check for combined file path in Requirements_Backend::process_combined_files()
* [rev:100560] #4572 Fixed Windows failure on SS_Cli::supports_colour() because posix functions are not supported
* [rev:100548] If fixture file is NULL don't cause the test framework to break down because of it
* [rev:100527] Set Member default Locale
* [rev:100525] get TreeMultiselectField working with an array of items, rather than a relation.
* [rev:100519] add 'var' to local variable 'constructor' inside of function definition which break IE8 (8.0.6001.18702 +)
* [rev:100508] wrong constructor function name
* [rev:100496] replacing calls to deprecated Upload functions - using validator instead (related to r100057)
* [rev:100466] #5012 BasicAuth should check if there's already a current member logged in before asking for a login/password
* [rev:100438] GD::setQuality() persistence issue because the GD instance is re-created instead of being cloned - thanks Tjofras!
* [rev:100417] #5121 Fixed cache flushing for FieldSet when removing fields - thanks paradigmincarnate!
* [rev:100415] #5136 Ensure $coverage argument to TestRunner::runTests() has a strict check before running coverage tests, as sometimes an SS_HTTPRequest object can be passed into this argument
* [rev:100407] FormAction input tag attributes were being doubly-escaped.
* [rev:100406] Fix mismatch with $all_locales and $common_locales (#5096)
* [rev:100394] #5135 LeftAndMain extra requirements loading for "themedcss" should use Requirements::themedCSS() not Requirements::css() - thanks Hamish!
* [rev:100393] YamlFixture::writeDataObject() - some databases need special allowance to edit the primary key column - do so by using DB::getConn()->allowPrimaryKeyEditing()
* [rev:100375] Sam's fix for "Unknown column Group.SubsiteID" with new subsites
* [rev:100370] use localized prefix to compare group codes rather than hard coded english string. MINOR: updated lang file
* [rev:100367] PHP 5.1 requires an array rather than a string for call_user_func()
* [rev:100359] Show Language dropdown in English (#5098)
* [rev:100335] #5023 AssetAdmin::sync() is now used to sync tasks, as it works when the user only has access to the AssetAdmin controller instead of going to dev/tasks/FilesystemSyncTask which can only be run by administrators or if the site is in dev mode
* [rev:100116] Fix TestRunner coverage pattern to work as documented (Fixes QA scripts too)
* [rev:100053] SQL Error is a member is not part of any groups
* [rev:99993] Setting default $groups in MemberTableField::AddForm() in addition to MemberTableField_Popup::__construct() - this was broken by r99777
* [rev:99960] #2022: Fixed CMS dropdowns in Opera.
* [rev:99952] Fix #2138, allow modification of existing images
* [rev:99951] Fix #2138, notify Image Toolbar on TinyMCE node selection change
* [rev:99942] action buttons always visible (not need to scroll) ticket 5051
* [rev:99942] got rid of double scroll
* [rev:99942] do not show action buttons (delete/save) when showing result list
* [rev:99887] Use underscores in names of combined .js (#3581)
* [rev:99854] Quoting keys in JSONDataFormatter to ensure valid JSON (#5119) (from r99853)
* [rev:99850] Fix #5097, Translatable uses augmentValidURLSegment to check that URLSegment is valid
* [rev:99843] Respect SilverStripe's cache folder
* [rev:99818] Handle filename deduping when uploading of double-barrelled extensions and files ending in numbers better.
* [rev:99816] Fixed the code for the unused file list, although the feature is still disabled.
* [rev:99789] #5073: Fixed CMS version indicator for alpha and beta versions.
* [rev:99779] make siteconfig work again
* [rev:99777] #5087: Show default values in CTF 'add' popups.
* [rev:99745] #3458: Don't show javascript:mctmp(0) URLs in URL editor
* [rev:99739] tree selector base URL calculation wrong when field is nested
* [rev:99738] #4974: Improve accuracy of ManifestBuilder::parse_file() cache, to remove a source of upgrade bugs.
* [rev:99713] Fixed MemberTableField limiting of , wasnt taking children groups into account (regression from r99684) (from r99706)
* [rev:99711] Setting ID explicitly in MemberTableField-> to ensure getCsvQuery() correctly filters (the custom group filter was only implemented in sourceItems() before) (from r99684)
* [rev:99693] Changed sitetree default selection in LeftAndMain.Tree.js to fire on window.load instead of document.ready() through entwine. We need to ensure behaviour.js bindings are available before
* [rev:99693] Automatically selecting root node in CMS trees (necessary because now we actually have forms on the root node, and its a valid click target) (from r99605)
* [rev:99679] really testing deletemarked now.
* [rev:99667] Fixed bogus HTMLEditorConfig instance when get() is called without a valid identifier (due to NULL database columns) (from r99599)
* [rev:99655] Fixed TreeMultiselectField/TreeDropdownField saving with 'unchanged' default values from constructor (from r99581)
* [rev:99647] Fixed TreeMultiselectField->Field() to respect settings, and give them priority over existing relations through getItems(). This is used in MemberTableField to set default groups for 'add member' popups. (from r98879)
* [rev:99640] Fixed DataObject->fieldLabels() to respect flag (from r98748)
* [rev:99638] Folder::findOrMake() will create the assets/ folder if it's missing
* [rev:99613] Fixed bug in r99552
* [rev:99595] Fixed Access tab on SiteConfig
* [rev:99594] Debugged and simplified Access tab javascript
* [rev:99587] Show 'Inherit' option for edit and view all the time (since we now have SiteConfig)
* [rev:99572] Pages that you can't edit should always be grey, even if there are unpublished changes.
* [rev:99553] Remove buttons from display if you load a CMS page that should have no buttons - reverts bug caused by r96551 and fixes the issue it was trying to solve.
* [rev:99552] Fixed behaviour's ID selector matching when the ID is inside another context - eg 'body.className #ID'
* [rev:99522] Image::onBeforeDelete() now calls deleteFormattedImages() so resampled images in the filesystem are cleaned up
* [rev:99506] use the correct method for retrieving the report ID
* [rev:99490] tablename and columns quoted properly
* [rev:99479] Setting ID = -1 on Security/lostpassword to avoid showing toplevel navigation (see #5086)
* [rev:99465] Correct StaticPublisher filenames, now works with nested URLS
* [rev:99443] batch_permission_check returns null rather than empty array when user has no permissions
* [rev:99394] Fixed variable existence checks in setValue() in FormField::__construct() by checking for !== NULL (changed from isset($value) to $value in r99360)
* [rev:99391] Fixed MoneyField constructor - parent (FormField) constructor calls setValue() already, which needs to happen *after* setting certain field instances
* [rev:99342] Enforcing creation of temp database in SapphireTest->setUp() to avoid writing to production databases. This check should only kick in for single test case runs, as the temp database connection should be set in a dev/tests/all run after the first db-related test anyway. (see #5034)
* [rev:99303] Disable some permission caching for now, as it was breaking unit tests (from r98504)
* [rev:99302] SiteTree::batch_permission_check() doesn't recurse with ID=0 calls
* [rev:99128] Fix not being able to print/export reports (from r98684)
* [rev:99125] Fixed cache prepopulation on sitetree load. (from r98651)
* [rev:99124] Make sure navigation links update when urlsegment is changed (from r98649)
* [rev:99116] Fix navigator links not opening in new windows. (from r97510)
* [rev:99115] Fixed bug in r97395 (from r97508)
* [rev:99101] Take into account tablename with custom columns in get_title_sql (from r97003)
* [rev:99100] use proper quotes for sep (from r96401)
* [rev:99089] Only show live link when page has been published (from r97839)
* [rev:99087] Make sure draft/published links go to the right subsite (from r97747)
* [rev:99086] Fix navigator links not opening in new windows. (from r97510)
* [rev:99085] Show a hand icon and better title for the 'share link' piece of the navigator toolbar. (from r97439)
* [rev:99067] Ensure that ModelAsController::init() can trigger redirections. (from r98702)
* [rev:99065] Fixed SiteTree_versions version numbers for published virtual pages. (from r98675)
* [rev:99060] fixed query to get number of unmoderated comments
* [rev:99052] Generate SiteTree_version records for VirtualPages more reliably. (from r98309)
* [rev:99050] fix incorrect link in CMS (from r97408)
* [rev:99049] Make sure CMS link knows when its currently in the CMS (from r97403)
* [rev:99031] Don't show FailedLoginCount field unless Member::$lock_out_after_incorrect_logins is enabled
* [rev:99005] Development server list should be retained when user submits installer form and gets redirected back
* [rev:98957] fix for #5076
* [rev:98946] the ID should be that of untranslated child (it's the middle segment that's from translated version, not the last one)
* [rev:98944] testing framework needs to be reset to a clean state after each test: now also nested urls and redirection state will be reverted
* [rev:98897] Fixed strpos() check in BASE_URL check
* [rev:98895] Installer now opens if mod_rewrite is disabled. Using index.php instead of rewriting the URL didn't quite work with the new BASE_URL, so we need to take this case into account as well
* [rev:98869] Fixed big problem on Windows when redirecting to install.php - because of SCRIPT_NAME backslashes caused a bit of havoc and need special treatment
* [rev:98860] restore the original nested_urls state after running the test, so we can enable and disable nested URLs within the tests safely.
* [rev:98853] Fixed URL generation in TreeSelectorField.js, was failing to detect relative URLs - prefixing with `<base>` URL as a workaround
* [rev:98852] Added missing Requirements to TreeDropdownField->Field() and TreeMultiSelect->Field()
* [rev:98847] modified float to have the same database table schema as int. Now defaults to zero and 'not null'
* [rev:98777] Fixed quoting on ContentController::successfullyinstaller() - this broke certain databases like PostgreSQL
* [rev:98776] #5053 Aggregate::query() should not set an orderby clause, otherwise databases will complain
* [rev:98694] columns quoted properly
* [rev:98693] Fixed ManifestBuilder::has_been_included()
* [rev:98690] Closing TinyMCE image, link or flash panel when loading form (ticket #4907)
* [rev:98688] Checkbox for overriding the install from environment now checks for the file existance properly
* [rev:98678] Fixed initial state of "use environment" checkbox in installer
* [rev:98671] fallback for changes in r98101, required if TreeDropdownField is used in a widgetarea, and does not know its field
* [rev:98537] Fixed ManifestBuilder::get_themes() not to assume an existing themes/ folder
* [rev:98536] Removed obsolete start argument from ComplexTableField_Item constructor.
* [rev:98534] Make Security/login page's ID give a different number for loggedin vs loggedout, to help with partial caching
* [rev:98520] Fix virtual pages not returning correct content
* [rev:98448] Fixed missing third argument to ComplexTableField_Item when the parent class instantiates it
* [rev:98434] Fixed infinite loop in FILE_TO_URL_MAPPING lookup when calling arbitrary scripts via CLI
* [rev:98432] Make login form work without any theme loaded.
* [rev:98403] Fixed Hierarchy->loadDescendantIdList() to call setOwner() on the extension instance. This was necessary due to underlying Object/Extension changes in 2.4.
* [rev:98382] #5044 Hierarchy::loadDescendantIDListInto() now uses Object::getExtensionInstance('Hierarchy') instead of going through __call(), as PHP 5.3 has issues converting references to values
* [rev:98373] HTTP::setGetVar() uses parse_url() and http_build_query() to add query parameters to an existing URL, instead of doing its own regex-based parsing. This means existing GET parameters are correctly url encoded.
* [rev:98324] Fixed ContentController->deleteinstallfiles (added to $allowed_actions, see #5040)
### Minor changes
* [rev:101172] Fix output format of buildbot test runs to not include colour control codes.
* [rev:101166] versioning test for SiteTree
* [rev:101135] Fixed multifile.js non-standard forEach() reference, using jQuery.each() instead
* [rev:101134] Localized "dependent pages" features in SiteTree->getCMSFields()
* [rev:101132] Fixed test that was relying on bug fixed in r101116
* [rev:101117] Fixed test that was relying on bug fixed in r101116
* [rev:101111] Fixed wrong default value for AssetAdmin (see r101106)
* [rev:101107] Documentation relating to r101106
* [rev:101106] Disabled metadata upload in AssetAdmin by default, configurable through AssetAdmin::$metadata_upload_enabled. Feature needs UI review.
* [rev:101091] Use castingHelper() rather than castingHelperPair() to look for a field presence.
* [rev:101076] Fixed merge error from r99117
* [rev:101071] Updated lang files
* [rev:101070] Fixed PermissionCheckboxSetField.js checkbox toggling when no previous values have been saved through jQuery.data()
* [rev:101062] Fixed permission language code regression
* [rev:101057] Improved wording of SQLite installer
* [rev:101055] No need for a ternary for in_array check in Upload::isValidExtension()
* [rev:101053] Update function doc for Upload::isValidExtension()
* [rev:101052] phpDoc change for Upload
* [rev:101025] tests can now require default records on classes
* [rev:100992] Removed unused variable in SiteTree::MetaTags()
* [rev:100991] UploadTest now cleans up after itself when it creates a custom folder relative to assets
* [rev:100990] Added tests for Upload_Validator/UploadTest_Validator for allowed extensions validation
* [rev:100988] Updated required version to 5.1 in php5-required template
* [rev:100978] Removed whitespace from "Development servers" textarea for installer
* [rev:100975] Updated r100966 to include spaces on ternary operator for readability and coding conventions
* [rev:100974] Adjusted CMSMain->getRootForm() to SiteConfig API changes
* [rev:100967] Renamed SiteTree->getEditFormFields() to getCMSFields() (including new decorator hook for 'updateCMSFields'). Renamed SiteTree->getEditFormActions() to getCMSActions() (including new decorator hook for 'updateCMSActions'). Old API was never released
* [rev:100965] Fixed "disabled" styling for database options in config-form.html (showed all as green when "use _ss_environment" was ticked
* [rev:100950] Correction on email address validator, and a unit test for EmailField php validation
* [rev:100946] Added jQuery requirement to TreeDropdownField (see #5139)
* [rev:100940] Changed `<div>` hierarchy in config-form.html to allow right-aligned help texts which horizontically align with their respective field sets on the left.
* [rev:100922] Fixed phpDoc argument in ViewableData::hasValue()
* [rev:100898] Changed the way DatabaseAdapterRegistry accepts databases
* [rev:100893] Updated languages in cms from translate.silverstripe.org
* [rev:100892] Updated languages in cms from translate.silverstripe.org
* [rev:100891] Updated sapphire/ lang files
* [rev:100890] Updated cms/ lang files
* [rev:100888] Using jquery.live instead of livequery in MemberImportForm.js
* [rev:100887] Using jquery.live and behaviour.js instead of livequery in ModelAdmin.js
* [rev:100886] Using jquery.live instead of livequery on ImageFormAction.js
* [rev:100885] Using Behaviour.register instead of jquery.livequery in TabSet.php/tabstrip.js (already replaced with jQuery.entwine in next release, we try to reduce the dependencies to jquery plugins)
* [rev:100883] SilverStripeNavigator.js used jquery.live instead of livequery, and doesn't include unnecessary behaviour.js
* [rev:100851] Fixed jquery-ui paths in FileIframeField
* [rev:100850] Fixed jQuery selector in TreeSelectorField.js to fit jQuery 1.4 syntax
* [rev:100843] Added jQuery UI license files
* [rev:100832] Supress notice if $_REQUEST['url'] doesn't exist in Debug::showError()
* [rev:100801] removed sqlite msg
* [rev:100799] Moved Permission->requireDefaultRecords() to Group->requireDefaultRecords() and Member->requireDefaultRecords().
* [rev:100799] Removed outdated checks for CanCMS and CanCMSAdmin from Permission->requireDefaultRecords()
* [rev:100791] Using PermissionCheckboxSetField.js instead of MemberTableField.js
* [rev:100790] Moved PermissionCheckboxSetField specific javascript logic from MemberTableField.js to new sapphire/javascript/PermissionCheckboxSetField.js file
* [rev:100789] Improved help texts around permissions
* [rev:100784] Improved help texts around permissions
* [rev:100783] Improved help texts around permissions
* [rev:100775] Fixed regression from r100774
* [rev:100774] Added getParentController() to TableListField_ItemRequest and ComplexTableField_Popup
* [rev:100774] Extending ComplexTableField_ItemRequest from TableListField_ItemRequest to avoid redundant code
* [rev:100772] dont copy embargo or expiry to virtual page
* [rev:100771] Setting PermissionRole $singular_name and $plural_name
* [rev:100770] Removed "only advanced users" notice in Group->getCMSFields() - this field is now sufficiently useable for all admins with access to admin/security without knowing about permission codes
* [rev:100740] Added more allowed extensions to File::$allowed_extensions
* [rev:100732] make cache header clearer
* [rev:100697] remove the sqlite databases from the installer list.
* [rev:100670] Director::currentPage() is deprecated but shouldn't throw a notice-level error until the next major release.
* [rev:100669] Added note about other databases
* [rev:100626] BasicAuth - removed unncessary extending of Object since this class only has a bunch of static functions
* [rev:100625] Cookie - removed unncessary extending of Object since this class only has a bunch of static functions
* [rev:100624] Convert - removed unncessary extending of Object since this class only has a bunch of static functions
* [rev:100623] ArrayLib - removed unncessary extending of Object since this class only has a bunch of static functions
* [rev:100622] When the installer is using the environment for configuration, disable the development servers textarea as it's automatically configured from environment
* [rev:100618] Removed double slashes from path in Requirements_Backend::process_combined_files()
* [rev:100615] Requirements_Backend::process_combined_files() only needs one location where the combined file is
* [rev:100552] Wording change in installer for database details not correct
* [rev:100550] Fixed undefined variable $error in MySQLDatabaseConfigurationHelper
* [rev:100537] Removed underscores from combined files in LeftAndMain, made redundant by r100536
* [rev:100534] Reverted default location for combined JS/CSS as you can't customise this easily
* [rev:100533] Removed Requirements:: static call and replace with instance
* [rev:100530] LeftAndMain combined files don't need to be prefixed with "assets" because default combined folder is set in sapphire/_config.php
* [rev:100517] Removed whitespace
* [rev:100514] Removed end php tag for Requirements and RequirementsTest
* [rev:100513] Updated RequirementsTest to test Requirements_Backend instead of global statics
* [rev:100511] can always create top level if admin
* [rev:100499] Made Upload::load() error more useful
* [rev:100491] Fixed tabbing in DataObjectSet
* [rev:100487] Changed places of Object::extInstance() to Object::getExtensionInstance() and added a notice if extInstance is used in future
* [rev:100486] Pushed @deprecated 2.3 items out to 2.5 since they're still in use for now
* [rev:100485] Reverted r100484 as it was causing too many problems
* [rev:100484] Replaced locations of Director::is_ajax() and Director::redirectBack() with instance method calls - the latter static function is deprecated
* [rev:100483] Changed @deprecated note for Director::redirectBack to 2.5 as it's still widely used
* [rev:100461] Fixed regression of Convert::json2obj() not working when json_decode() is being used
* [rev:100424] phpDoc bits for Convert Services_JSON functions
* [rev:100423] Added unit tests for Convert JSON functions
* [rev:100418] Use "email" instead of username for validation of admin account during install
* [rev:100409] Geoip class no longer extends Object, as it's not necessary
* [rev:100387] Updated installer to use "CMS / Framework" instead of just "CMS"
* [rev:100387] Updated copyright year to current year
* [rev:100372] added lang file for cs_CZ
* [rev:100360] add extendability to SecurityAdmin
* [rev:100323] correct order of OBW
* [rev:100032] added Rfc2822 method to SS_Datetime. Fixed bug where dates in DataObject would not set times.
* [rev:100008] LastEdited/Created dates are now mockable via SS_Datetime
* [rev:99957] Reverted r99843 - we're not modifying thirdparty dependencies
* [rev:99862] Reinstated UploadTest
* [rev:99823] Reverted r99522 as this will cause problems if File records are deleted when the resampled images are linked to in the content fields
* [rev:99801] Added Group->CMSTreeClasses() (required for GroupCsvBulkLoader refresh in SecurityAdmin)
* [rev:99753] Cleaned up tabbing and code formatting in automated task classes
* [rev:99750] More tests for array data
* [rev:99715] Fixed OptionsetField->disabledItems omission from r99596 (from r99708)
* [rev:99714] Fixed MemberTableField regression from r99706 (from r99710)
* [rev:99689] Fixed height of MemberTableField 'Groups' tab to allow enough room for TreeMultiSelectField expansion (from r98883)
* [rev:99687] Moved generic .TreeDropdownField styling from cms/css/cms_right.css to sapphire/css/TreeDropdownField.css (from r98881)
* [rev:99686] Moved ul.tree rules from cms/css/cms_left.css to sapphire/javascript/tree/tree.css (particularly around multiselect tickbox styling) (see r98854) (merged from r98855) (from r98865)
* [rev:99668] Placing 'ADMIN' permission in new 'Administrator' group at the top of the permissions list (from r99601)
* [rev:99663] Localized strings in PermissionCheckboxSetField (from r99590)
* [rev:99660] Re-adding support for Group and PermissionRole records in PermissionCheckboxSetField
* [rev:99657] Using localized titles for permission formfields in PermissionRole and Member (from r99583)
* [rev:99656] Using TreeMultiselectField instead of MemberTableField->relationAutoSetting in Group->getCMSFields() (from r99582)
* [rev:99654] Added ComponentSetTest (from r99580)
* [rev:99646] Moved generic .TreeDropdownField styling from cms/css/cms_right.css to sapphire/css/TreeDropdownField.css
* [rev:99646] Fixed .TreeDropdownField styling (borders and margins) in TreeDropdownField.css (was assumed to be inherited from LeftAndMain/CMS stylesheets) (from r98878)
* [rev:99645] Added MemberCsvBulkLoaderTest->testCleartextPasswordsAreHashedWithDefaultAlgo() (from r98841)
* [rev:99644] Allow custom TitleText on TableListField_Item.ss (e.g. to show a description of the 'delete' button) (from r98828)
* [rev:99641] Setting new 'inlineadd' permissions on MemberTableField instance in Group->getCMSFields() (from r98827)
* [rev:99497] add pass thru group and sort methods
* [rev:99492] Fixed SapphireTest->logInWithPermission() spelling
* [rev:99491] Fixed SapphireTest->logInWithPermission() spelling
* [rev:99363] Using DateField in CMSMain->SiteTreeFilterDateField(), as CalendarDateField is now deprecated
* [rev:99362] Moved cms specific styling in CalendarDateField.css to cms/css/cms_right.css
* [rev:99359] Moved cms specific styling in CalendarDateField.css to cms/css/cms_right.css
* [rev:99350] Temporarily disabled nested url specific cases inTranslatableTest->testAlternateGetByLink(), unclear functionality requirements
* [rev:99347] Fixed FilesystemPublisherTest to have self-contained extension settings, and not rely on static publishing being enable in mysite/_config.php already. Fixed login permissions for doPublish() calls in test case.
* [rev:99178] Moved timezone coupling in SS_Report labels into timezoneawareness module
* [rev:99137] Localized reports
* [rev:99130] Fixed merge error (see r99114)
* [rev:99127] Bugfix in previous commit (from r98660)
* [rev:99126] refactored setting/getting strict hierarchy setting. (from r98654)
* [rev:99123] don't load a report by default (from r98561)
* [rev:99122] don't remember what report you had selected in ReportAdmin (from r98560)
* [rev:99121] more unit tests around loose hierarchy (from r98509)
* [rev:99120] added LiveURLSegment to ignored field in change detection (from r98494)
* [rev:99118] fixed two reports with links that did not open in new windows (from r97816)
* [rev:99113] add the ability to link-check the live table too (from r89473) (from r95310)
* [rev:99112] pingStatus ping frequency reduced
* [rev:99112] updated lang file for SiteConfig
* [rev:99112] improved documentation in StaticPublisher
* [rev:99112] improved documentation in CMSMain surrounding reports and siteconfig
* [rev:99112] migrated headers in SiteConfig to i18n'd (from r86429)
* [rev:99111] Localized File->uploadMetadataFields()
* [rev:99110] Documentation
* [rev:99099] ability to customise the text that comes out of Member->Title
* [rev:99099] updated workflow reports (from r96352)
* [rev:99098] Added Requirements for SilverStripeNavigator (see r99080)
* [rev:99097] Added Requirements for SilverStripeNavigator (see r99080)
* [rev:99081] Partially reverted r99079 - SiteTree->getNavigatorItems() was refactored to SilverStripeNavigator::get_for_record()
* [rev:99076] make static caching smarter around cacheSubdirs
* [rev:99068] adjustments to ensure that the cached permissions were actually hit (from r98835)
* [rev:99064] refactored setting/getting strict hierarchy setting. (from r98654)
* [rev:99062] more unit tests around loose hierarchy (from r98509)
* [rev:99059] added enforce_strict_hierarchy option, and tests around not cascading deletions (from r98498)
* [rev:99057] reload the virtual page if you are looking at the current one on save. To prevent overwriting fields (from r98496)
* [rev:99009] force a specific cache subdirectory
* [rev:99008] disable real-time static publishing
* [rev:98980] fix typo
* [rev:98898] Added brackets around strpos() check just to be sure it works
* [rev:98872] Fixed clearing issue in installer that was recently removed
* [rev:98855] Moved ul.tree rules from cms/css/cms_left.css to sapphire/javascript/tree/tree.css (particularly around multiselect tickbox styling) (see r98854)
* [rev:98854] Moved ul.tree rules from cms/css/cms_left.css to sapphire/javascript/tree/tree.css (particularly around multiselect tickbox styling)
* [rev:98800] Removed return of connection and changed variables to conincide with r98795
* [rev:98792] Removed whitespace in textarea value that caused an empty string in the development servers list in installer (regression from recent change)
* [rev:98781] Styling on installer
* [rev:98733] Defensive scripting in LeftAndMain.Tree.js (merged from r98709)
* [rev:98713] Re-enabled CsvBulkloaderTest cases, were disabled by accident (merged from r94250)
* [rev:98679] Reverted broken variables in installer for checking environment
* [rev:98670] Install template cleanup
* [rev:98668] Styling for help text in the installer
* [rev:98667] Styling fixes for installer
* [rev:98666] Tidy up of install template
* [rev:98662] Changed config-form to HTML 4.01 and validated the page minus a few issues with the form field placement
* [rev:98643] disable form fields if they are set from _ss_environment. See #5054
* [rev:98544] Removed useless third argument to instantiation of itemClass in TableListField::generateExportFileData()
* [rev:98538] Fixed caching of login page for tests
* [rev:98519] Renamed manifest test temp dir as there was some kind of conflict
* [rev:98480] Removed double brackets from Diff::cleanHTML()
* [rev:98477] Fix documentation for Diff::cleanHTML
* [rev:98433] Speed up cache test (1s is as good a test expiry as 8s)
* [rev:98427] Fixed SiteTreeBacklinksTest on Windows
* [rev:98409] Fixed HTTPTest->testSetGetVar()
* [rev:98407] Fixed HTTPTest->testSetGetVar()
* [rev:98404] Partially reverted r98382 which added unnecessarily defensive checking to Hierarchy->allChildren()
* [rev:98403] Fixed HierarchyTest assertions around including grand children counts
* [rev:98390] Removed argument to getDescendantIDList() in ThumbnailStripField that doesn't exist on the method
* [rev:98383] Fixed HTTPTest when invoked through dev/tests/all or with GET parameters (see r98373)
* [rev:98376] Testing of grand-children items in HierarchyTest::testLoadDescendantIDListIntoArray() and HierarchyTest::testNumChildren()
* [rev:98372] Documentation
* [rev:98370] Fixed test case name in Hierarchy
* [rev:98369] Added test case for Hierarchy::getDescendantIDList() which also tests Hierarchy::loadDescendantIDListInto()
* [rev:98341] Removed arguments to Hierarchy::getDescendantIDList() calls, as the method does not have any
* [rev:98326] Make pass use a password field, dont require call by reference (merged from r72930)
* [rev:98321] Use 'b' mode for fopen() where possible for better portability
* [rev:98282] fixed setName()
### Other
* [rev:99952] via Image panel, and keep proportions when changing size
* [rev:99952] in text input boxes.
* [rev:99849] Uses $this->extend('augmentValidURLSegment')
* [rev:99849] so that (for instance) Translatable can hook this.
* [rev:99848] Revert "FEATURE: Use tidied HTML in DataDifferencer"
* [rev:99848]
* [rev:99848] This reverts commit a0d2f7b3e289d12dedcdbd02ae52eec3e6718340.
* [rev:99732] BUFGFIX: Prevent selection of self as parent (see #5106)
* [rev:99084] Add missing JS file (from r97410)
* [rev:98873] REVERT: reverse merging the change, it breaks some tests.

View File

@ -1,11 +0,0 @@
# 2.3.11-rc1 (2011-01-31)
## Overview
* Bugfix: CMSMain->rollback() fails because of CSRF protection
## Changelog
### Bugfixes
* [rev:115919] #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer

View File

@ -1,41 +0,0 @@
# 2.3.8-rc1 (2010-07-16)
## Changelog
### Features and Enhancements
* [rev:108062] Added File::$allowed_extensions (backport from 2.4 to enable File->validate() security fix)
* [rev:103684] Allowing TestRunner? to skip certain tests through the ?SkipTests?=... GET paramete (merged from branches/2.3-nzct) (from r80646)
* [rev:103659] do not show comments that need moderation in the comment rss feed
### API Changes
* [rev:108062] Don't reflect changes in File and Folder property setters on filesystem before write() is called, to ensure that validate() applies in all cases. This fixes a problem where File->setName() would circumvent restrictions in File::$allowed_extensions (fixes #5693)
* [rev:108062] Removed File->resetFilename(), use File->updateFilesystem() to update the filesystem, and File->getRelativePath() to just update the "Filename" property without any filesystem changes (emulating the old $renamePhysicalFile method argument in resetFilename())
* [rev:108062] Removed File->autosetFilename(), please set the "Filename" property via File->getRelativePath()
### Bugfixes
* [rev:108045] Don't allow direct access to PHP files in mysite module. (from r108029)
* [rev:108044] Don't allow direct access to PHP files in cms module. (from r108028)
* [rev:108043] Don't allow direct access to PHP files in sapphire module, except for main.php and static-main.php (from r108023)
### Minor changes
* [rev:108062] Added unit tests to FileTest and FolderTest (some of them copied from FileTest, to test Folder behaviour separately)
* [rev:108046] Partially reverted r108045, mistakenly committed RewriteBase change
* [rev:108040] Added .mergesources.yml
* [rev:103897] Added querystring option to Makefile (from r103884)
* [rev:103895] Added querystring option to Makefile (from r103746)
* [rev:103528] sort page comment table by Created field - show newest entries first
* [rev:103521] Fixed FileTest execution if the assets/ directory doesn't exist. (from r88353) (from r98086)
* [rev:103447] Fixed js applying to non-tinymce textarea fields in ModelAdmin.js (fixes #5453)
* [rev:103362] Fixed js applying to non-tinymce textarea fields in ModelAdmin.js (fixes #5453)
* [rev:103348] added moderation message for non-ajax mode
* [rev:101258] Fixed missing closing `<div>` in ContentController->successfullyinstalled() (from r101254)
`./sscreatechangelog --version 2.3.8-rc1 --branch branches/2.3 --stopbranch tags/2.3.7`

View File

@ -1,146 +0,0 @@
# 2.4.0-rc1 (2010-04-01)
## Changelog
### Features and Enhancements
* [rev:101871] Updated automatic regression tests (Salad)
* [rev:101670] RedirectorPage ExternalURL field now defaults to http:// to be consistent with the "Another website" option for HtmlEditorField LinkForm
* [rev:101661] tidied up installer process to streamline process. Moved requirements to top and button to bottom and added visual seperation of the individual steps
* [rev:101381] refactored requirements section to hide successful tests
* [rev:101378] Added links to installation introduction text for sources of help and suggested web hosts
* [rev:101246] Improved wording and styling in installer. Added links to server requirements, themes download, tutorial. Decreased vertical space before the "install" button to make it more obvious.
* [rev:101127] Added 'Dependent pages' tab to CMS, to show virtuals, redirectors, and backlinks that point to this page.
### API Changes
* [rev:102012] Changed MySQLFulltextSearchable class to FulltextSearchable (applies to all databases)
* [rev:102003] Disallow methods/actions in RequestHandler->checkAccessAction() which are implemented on parent classes (e.g. ViewableData and Object), unless access is controlled through $allowed_actions. This limits information exposure from getters used in template contexts.
* [rev:101833] Allow cached blocks within control and if blocks, as long as that control or if block is contained within an uncached block, not a cached block
* [rev:101155] Add option for DataObjectDecorator::onAfterSkippedWrite()
* [rev:101137] Partial cache adjustments - now supports nested cache blocks (which are independant of their containing cache block), conditionals to control if a given cache block is active, and includes hash of template code in key (so template changes mean cache is invalidated). Changes template control for cache block to `<% cached %>`, to which the now deprecated `<% cacheblock %>` is aliased, and an additional template control `<% uncached %>` has been added.
* [rev:101127] Added SiteTree::VirtualPages() and SiteTree::DependentPages() accessors.
### Bugfixes
* [rev:102038] #5255 LeftAndMain should include the correct editor.css file so typography from user selected theme in SiteConfig is shown in TinyMCE
* [rev:102026] Fixed SiteTree::page_type_classes() removal of base class (was broken if database driver returned classes in arbitrary order, e.g. in Postgres)
* [rev:102004] Prevent handling of controller actions which return $this avoid infinite loops in RequestHandler->handleRequest (thanks Hamish!)
* [rev:101975] Resetting image sidepanel fields when opening the panel instead of inserting an image, to avoid losing focus of TinyMCE in IE. Using getBookmark() in TinyMCE to save the original location. (fixes #5263)
* [rev:101969] Stop IE6/IE7 from redirecting in admin/assets after deleting multiple folders (fixes #5208)
* [rev:101958] Checking for existing redirections in FormResponse::respond (fixes #5208)
* [rev:101956] Fixed "object not found" javascript error in SecurityAdmin_right.js when changing group nodes (fixes #5179)
* [rev:101939] Ensure that DataObject IDs are numbers and no string equivalents of numbers - 3 not '3'
* [rev:101869] Update Salad tests to match behaviour
* [rev:101867] #4188 simon_w: Let require tags in templates be conditional
* [rev:101866] Recover if a manifestClassParse file doesn't have the necessary content.
* [rev:101812] Added allowed_actions to ContentControllerSearchExtension
* [rev:101810] #5295: Update CMS site name in LHS via Ajax after siteconfig save.
* [rev:101807] fixed undefined error in CTFs. BUGFIX: added action class to actions to allow the popup hook to open links
* [rev:101795] keep ModelAdmin from importing data twice
* [rev:101794] avoid call to non-object
* [rev:101793] preserve the port value if given in HTTP::setGetVar (#5280). BUGFIX: allow username only input rather than user:pass combo.
* [rev:101792] disable function re-enabled
* [rev:101791] deprecated split function replaced
* [rev:101758] fix #5320
* [rev:101747] Always including "Locale" field in Translatable->getCMSFields() regardless of "excluded" page types. Necessary to enable form state serialization for fields like TreeSelectorField on a VirtualPage (fixes #5269)
* [rev:101739] Versioned->publish() with $createNewVersion=TRUE now increases version number of in-memory object (fixes #5261)
* [rev:101737] RedirectorPage types shouldn't appear in "Pages with no content" side report in the CMS Pages tab
* [rev:101724] #5277 Sort of default SiteTree records is now explicitly set to avoid strange ordering set by SiteTree::onBeforeWrite for default records
* [rev:101719] Only show "Roles" tab in admin/security if user has APPLY_ROLES permissions (fixes #5258)
* [rev:101711] Don't replace "home/" URLSegment in SiteTree->RelativeLink() if Translatable is enabled and the homepage is not on the root level (nested URLs allows you to have homepages called "en/home" and "ru/home") (fixes #5244)
* [rev:101668] #5259 RedirectorPage and HtmlEditorField TinyMCE integration now prefixes http:// if no prefix is found
* [rev:101657] #5245 Sometimes page records will have a NULL ParentID value, it should be a number even if it's 0 (thanks wrossiter!)
* [rev:101638] #5243 Undefined Convert functions in ViewableData replaced with working versions. Thanks benediktb!
* [rev:101631] test that the class exists before running subclass tests
* [rev:101623] put back into the SSNavigator the archived site link (#5251)
* [rev:101608] Explicitly specify the many_many's join table name in the join's ON match statement in ManyManyComplexTableField
* [rev:101604] remove the unnecessary DOM manipulation, this is legacy code due to SilverStripeNavigator changes (open #5250)
* [rev:101603] the function makes an assumption we are working on Draft site, and breaks if we are not. Rewritten to be stage-independent, as get_version (open #5231)
* [rev:101602] IE does not accept TD element without a table, repacking into DIV (open #5228)
* [rev:101592] get a object inside transaction block will alway exist
* [rev:101554] tables and column quoted properly
* [rev:101493] tables and column quoted properly
* [rev:101492] results sorted alphabetically for consistency
* [rev:101491] results sorted alphabetically for consistency
* [rev:101392] HTTP::setGetVar() returns a relative URL if a relative URL is passed, to make behaviour closer to 2.3
* [rev:101380] disabling unused file list as feature is still buggy.
* [rev:101375] Fixed closing `</div>` which should have been a `</td>` for dragfile in AssetTableField
* [rev:101302] Fixed SiteTree->Content link shortcode parsing introduced in r101093 (#5227)
* [rev:101267] #5222 Fixed TreeDropdownField not working on FileIFrameField/ImageField
* [rev:101266] Fixed Folder writing by overloading validate() (was inheriting File->validate() which does extension checks)
* [rev:101266] Fixed Folder::findOrMake() not to create "new-folder" through File->setName() if using a trailing slash in the path (which causes an empty name). Added FolderTest to verify this.
* [rev:101264] Checking for existence of "ShowInMenus" property in Folder->liveChildren() and stageChildren() (#5190)
* [rev:101227] Don't delete index.php after successful installation - in ContentController->deleteinstallfiles(). URL routing might rely on it without mod_rewrite.
* [rev:101227] Require ADMIN permissions for ContentController->deleteinstallfiles() - together with retaining index.php this removed a vulnerability where unauthenticated users can disrupt mod_rewrite-less URL routing.
* [rev:101220] TeamComment table added to dataobjects list
* [rev:101189] Make SS_ReportWrapper::sourceRecords()' arguments optional
* [rev:101175] Fixed quotes around Folder::hasChildFolders() ParentID column
* [rev:101173] Don't run click() on all inputs, but input:radio only
* [rev:101171] Pass correct class to allowPrimaryKeyEditing in yaml fixture
* [rev:101170] Don't recreate a missing draft page when calling SiteTree::doUnpublish()
* [rev:101167] #5216 Installer has issues with click handlers applied to the entire li, be more specific and apply it to the label and input instead
* [rev:101165] Fixed versioning of pages
* [rev:101155] Prevent failed migrateVersion writes from breaking versioning system in future writes.
* [rev:101155] MAke site tree pages go green when you save a new draft.
* [rev:101154] #5214 ViewableData::obj() was creating a DBField without a fieldname argument and caused problems, one example is the version panel of the CMS
* [rev:101153] Ensure that Versioned works on classes with underscores in the names. (from r100905)
* [rev:101138] Fixed issues with broekn link tracking
* [rev:101131] Allow classes to be referred to with casing that differs from their definition.
* [rev:101129] Fixed FileLinkTrackingTest to cope with the empty alt="" and title="" attributes that are created
* [rev:101127] Improved reliabilty of broken link tracking.
* [rev:101127] Don't mark a page as changed on stage if the only thing that has changed is broken link metadata
### Minor changes
* [rev:102045] Fixed spelling mistake in ConfigureFromEnv class documentation
* [rev:102018] Fixed VersionedTest arguments in test case
* [rev:102010] Fixed regression from r101752 (adding permission roles button was missing)
* [rev:102009] Fixed indentation
* [rev:101974] Saving TinyMCE editor focus in tinymce_ssbuttons plugin when sidepanel is opened (see #5263)
* [rev:101971] Fixed indentation
* [rev:101970] Fix tests to cope with ID type cleanup changed recently
* [rev:101889] removed duplication of variable and conditional that would never pass
* [rev:101883] take advantage of an alternate path for error pages
* [rev:101882] TreeTitle really should return title, not name.
* [rev:101870] Make Salad accept "login" or "log in"
* [rev:101868] Added missing file for r101867
* [rev:101811] Fixed JSONDataFormatter excaping (fixes #5309, thanks briley)
* [rev:101782] Marked DataObject::has_own_table() as static
* [rev:101754] Removed unnecessary console.*() from cms javascript files
* [rev:101753] Removed unnecessary console.*() from sapphire javascript files
* [rev:101752] Removed unnecessary "show" icons in "Roles" and "Member" ComplexTableFields
* [rev:101751] Removed unnecessary "show" icons in "Roles" and "Member" ComplexTableFields
* [rev:101729] use red font instead of gray when displaying error
* [rev:101723] Fixed getElementsByClassName() usage in AssetTableField.js (fixes #5256)
* [rev:101718] Fixed tab naming in Group->getCMSFields()
* [rev:101698] Respecting folder sort order in admin/assets by adding Folder::$default_sort="Sort" (#5235)
* [rev:101688] Removed fullstop where it wasn't needed
* [rev:101687] Tidied up the layout of the Themes area of the installer slightly - now consistent helptext as other areas
* [rev:101686] Updated CMS Admin Account text to be more precise
* [rev:101683] Altered wording in installer for localised interface
* [rev:101671] Reverted r101670 as it broke assumptions made in RedirectorPageTest
* [rev:101638] Updated ViewableDataTest to verify ViewableData changes
* [rev:101619] Made the default database directory relative to assets ".db" which is more precise than ".sqlitedb"
* [rev:101618] Made SQLite path in installer use DIRECTORY_SEPARATOR so it shows as correct on Windows using backslashes instead of forwardslashes - this is more of a cosmetic thing, as slashes can be interchanged and still parsed correctly by PHP
* [rev:101600] fixed notice level error
* [rev:101353] Removed rewritest.php places in sapphire since it's no longer part of the phpinstaller/branches/2.4 package
* [rev:101341] Made reinstall message more precise by adding web.config to the files that will get overwritten
* [rev:101282] Moved "theme" section further down in the installer, its much less likely to be changed than the database connection and admin account fields.
* [rev:101254] Fixed missing closing `<div>` in ContentController->successfullyinstalled()
* [rev:101251] Fixed regression in install.js option selection (see r101173)
* [rev:101172] Fix output format of buildbot test runs to not include colour control codes.
* [rev:101166] versioning test for SiteTree
* [rev:101135] Fixed multifile.js non-standard forEach() reference, using jQuery.each() instead
* [rev:101134] Localized "dependent pages" features in SiteTree->getCMSFields()
* [rev:101132] Fixed test that was relying on bug fixed in r101116
### Other
* [rev:101314] ENHNACEMENT Installer no longer asks for firstname and surname for default CMS admin account, this can be changed later on and doesn't need to be entered for installation
`./sscreatechangelog --version 2.4.0-rc1 --branch branches/2.4 --stoprevision 101127`

View File

@ -1,127 +0,0 @@
# 2.4.0-rc2 (2010-04-30)
## Overview
* Improved permission handling in the "Security" section: "Access to all CMS sections" not automatically checks all inherited permissions
* Fixed usage of file, image and link selection in the CMS with multilingual sites (Translatable)
* Fixed core unit tests for PostgreSQL
* Fixed a core bug in PostgreSQL concerning the ordering and grouping of DataObjectSet results
* Allowing the new "SiteConfig" interface to save TinyMCE content, enabling easier usage of default content which doesn't belong to a single page
* Updated api.silverstripe.org to accurately reflect the current API in different releases, with a nightly rebuild to keep it that way
## Changelog
### Features and Enhancements
* [rev:103730] use FileSystem class to create cache directory to unsure the right permissions are set
* [rev:103710] MemberLoginForm::performLogin() now uses the authenticator_class variable set in subclasses of MemberLoginForm, without having to overload performLogin()
* [rev:103708] create cache directory when it does not exist before running the cache build test
* [rev:103581] Added i18n::set_default_locale() to set standard locale (which is different from "current locale" retrieved through i18n::get_locale())
* [rev:103466] make the getTree ajax call more generic so it get local from its containing form, rather than hard-coded "Form_EditForm_Locale" cos the field is not only used in "EditForm"
* [rev:103465] to make the FileIFrameField and TreeSelectionField easy to use in CMS with Translatable on.
* [rev:103328] Automatically checking all "CMS section" checkboxes in PermissionCheckboxSetField.js when "Access to all CMS interfaces" is selected. Saving these permissions individually also resolves certain edge cases like #5438.
* [rev:103250] added tests for checking the change password functionality, including the resulting redirection (from #5420)
* [rev:103229] allow ChangePasswordForm to redirect to BackURL (from #5420)
* [rev:103198] allow onAfterPublish and onBeforePublish handlers directly on Page classes (#5112)
* [rev:103047] allow to check for any changed fields on the DataObject, this is expected behaviour when isChanged function is called without parameters (#5421, patch by walec51)
* [rev:102899] added language (Ticket #5390)
### API Changes
* [rev:103792] changed the modulus offset to 1 to correctly order sets
### Bugfixes
* [rev:103803] Rebuilding test database for postgresql in SearchFormTest and TranslatableSearchFormTest to avoid stale index information in the database
* [rev:103745] static publisher for a site that resides in a subfolder of webroot
* [rev:103734] Fix linkCount .js in AssetAdmin deleteRecord (ticket #5486)
* [rev:103706] Use correct quoting for BrokenLinksReport (ticket #5474)
* [rev:103674] #5485 PermissionCheckboxSetField javascript would always uncheck all CMS_ACCESS_* permission checkboxes on initialize event
* [rev:103620] Fixed ordering by aggregate columns for DataObject::get() calls with joins.
* [rev:103613] Fixed unlimitedRowCount() for grouped queries
* [rev:103612] Ensure that group by of many-many queries with extraFields is set correctly.
* [rev:103591] ModelAsController test failed for projects which do not support nested urls. This fix stores the original configuration and enables 'nested-urls' at the beginning of the tests and reset the state in tearDown.
* [rev:103588] #5362: Fixed duplicate removal on DataObject:get() with join argument for all databases.
* [rev:103582] Choosing i18n::default_locale() in Member->populateDefaults() instead of "current locale". This fixes a bug where a new member created through admin/security automatically "inherits" the current locale settings of the admin creating it.
* [rev:103552] CSSContentParser now reports better errors by using simplexml_load_string() instead of SimpleXMLElement directly
* [rev:103519] Prevent duplicate HTML IDs in ModelAdmin
* [rev:103518] Fixed redirection in PageCommentInterface to use Link() instead of URLSegment (fixes 4200, thanks ktauber)
* [rev:103461] Renamed Nested URLs are automatically redirected to their new location with 301 HTTP status code in ModelAsController/ContentController (fixes #5393, thanks cbarberis)
* [rev:103451] Fixed CurrencyField->jsValidation() regex escaping (fixes #5462, thanks mobiusnz)
* [rev:103450] DateField with setConfig('dmyfields') now validates TRUE for empty values (fixes #5458)
* [rev:103448] Allow EDIT_SITECONFIG permission selection in admin/security (fixes #5459)
* [rev:103341] Don't show error when adding default SiteConfig records after upgrading a site.
* [rev:103336] Using try/catch in MemberTableField->saveComplexTableField() similiar to parent implementation, which means trying to save a Member duplicate doesn't end up in a fatal error (fixes #5444)
* [rev:103255] static publishing now uses the last non-null theme, OR the value defined in StaticPublisher::static_publisher_theme.
* [rev:103240] r101093 broke casting of values from the failover object. Add lookup to the failover for casting info, and add test
* [rev:103226] made the invalid password message translatable; disallow new blank password (as it makes it impossible to login); Member::checkPassword now returns ValidationResult - handle that properly (#5420, patch submitted by walec51)
* [rev:103214] the decorator was not completely removed, which caused trouble for tests running later in the same batch
* [rev:103183] default sort column now quoted
* [rev:103182] default sort column now quoted
* [rev:103127] realtime publishing now enabled by default
* [rev:103099] Only replace double slashes in SS_HTTPRequest->__construct() for relative- its a failsafe against wrongly formatted URLs like 'admin//assets' instead of 'admin/assets', but breaks absolute URLs with 'http://' prefix
* [rev:103092] disallow numeric actions - numeric array indexes are incorrectly picked up as allowed actions (#5331)
* [rev:103083] make the javascript-producing functions behave in the same way. Now they will return a javascript snippet and the caller is responsible for adding it to a FormResponse. Removes the duplication in AJAX response which happened when FormResponse::add has been used before the call to JS helper functions (#5359)
* [rev:103037] correct mollom field mapping
* [rev:103012] added optional separator for http_build_query in HTTP:setGetVar(). this fixes sorting columns in ModelAdmin (ticket #5325).
* [rev:102730] Fixing RquestHandler->checkAccessAction() on PHP 5.2 - ReflectionMethod->class returns inconsisent results in older PHP versions. (see r102003)
* [rev:102712] Fixed CTF sorting in ModelAdmin results (was failing because of missing 'ResultAssembly' GET parameters
* [rev:102686] Float should always be not null and default 0 in the database
* [rev:102545] Using i18n::get_locale() in ContentController->ContentLocale() to ensure the correct locale can be used in templates withouth Translatable enabled (broken in r97207, thanks DesignCity) (from r102544)
* [rev:102460] #5316 Float and Double should never try to save NULL as the "null" value
* [rev:102436] #5320 ManyManyComplexTableField::getQuery() now uses T-SQL compatible syntax CASE WHEN instead of IF THEN which works in multiple databases as well
* [rev:102386] delete from published site never calls canDeleteFromLive(). (via marcus #5364)
* [rev:102320] fixed invalid HTML output from page comments template
* [rev:102300] SSViewer now allows cli to do a flush on non-dev environments
* [rev:102265] Fix Salad tests
* [rev:102237] exchanged MySQL CONCAT function with ANSI compliant operator
* [rev:102160] allow HTMLEditorFields to save in SiteConfig, fixes #5246
* [rev:102156] fallback to the standard authenticator before throwing user_error as in some cases auth method is not passed back to the login form
* [rev:102094] Fixed bug with SiteTree::onBeforeWrite() that broke subsites.
* [rev:102084] #5343: Call DataObject::onBeforeWrite only once for SiteTree
* [rev:102081] #5337: Allow decoration of DataObject
* [rev:102074] Fixed SiteTree::page_type_classes() to exclude 'SiteTree' even if on array position 0 - slight difference in return values from Postgres to MySQL (fixes #5336)
* [rev:102072] Logging in with an invalid email returns no error message (fixes #5332, thanks ajshort)
### Minor changes
* [rev:103821] Fixed TranslatableSearchFormTest for postgresql (strict type assertions)
* [rev:103819] Fixed TranslatableTest for postgresql database driver (mostly ordering issues)
* [rev:103818] Fixed CMSMainTest for postgres by not hardcoding fixture IDs
* [rev:103799] Removed mysql specific functionality from DataObjectSchemaGenerationTest and moved it to a new MySQLDatabaseTest
* [rev:103798] Fixed TranslatableTest for postgresql database driver (mostly ordering issues)
* [rev:103787] update unit test for checking whether a DataObject has been changed or not without providing a field name
* [rev:103763] Unsetting state in FilesystemPublisherTest (regression from r103745)
* [rev:103744] Allowing querystring arguments in sapphire/Makefile
* [rev:103692] Restored docblock of SQLQuery::unlimitedRowCount()
* [rev:103640] Fixed AggregateTest for MSSQLDatabase (wrong date formatting)
* [rev:103606] recache tables if cache is empty
* [rev:103558] sort page comment table by Created field - show newest entries first
* [rev:103555] added moderation message for non-ajax mode
* [rev:103533] Fix to ModelAdmin, part of r103519
* [rev:103520] add more in-line documentation and fix the typo: should => should not
* [rev:103515] Database quoting in TreeDropdownField (fixes #5484)
* [rev:103485] Documentation
* [rev:103398] Fixed phpdoc documentation
* [rev:103397] Fixed phpdoc documentation
* [rev:103391] Fixed phpdoc documentation (from r103390)
* [rev:103388] Fixed phpdoc documentation (from r103385)
* [rev:103386] Fixed phpdoc documentation (from r103384)
* [rev:103345] Reverted accidental commit of date_default_timezone_set() to Pacific/Auckland (see r89164)
* [rev:103337] Returning ValidationResult from Member->onBeforeWrite() to ensure the ValidationException is compatible with MemberTableField (related to r103336)
* [rev:103322] Enum DBField class should default to ExactMatchFilter to avoid wrong results with overlapping Enum values in LIKE queries (see #5434)
* [rev:103226] typo
* [rev:103093] fixed the error message on class conflict (#5439, patch submitted by rorschach)
* [rev:102909] Using canView() instead of deprecated can('view') in ContentController
* [rev:102901] reverted wrong change
* [rev:102518] Fixed undefined variable in SiteTree::can_edit_multiple() (broken in r83442) (from r102516)
* [rev:102149] Fixed phpDoc @package and @subpackage for MySQLDatabaseConfigurationHelper
* [rev:102077] added abstract datetime helper functions
* [rev:102071] Removed unnecessary sapphire/thirdparty/.gitignore, as the directory doesnt contain svn:externals any longer (fixes #5334)
* [rev:102045] Fixed spelling mistake in ConfigureFromEnv class documentation
`./sscreatechangelog --version 2.4.0-rc2 --branch branches/2.4 --stoprevision 102039`

View File

@ -1,27 +0,0 @@
# 2.4.0-rc3 (2010-05-04)
## Overview
* Bugfix release for a minor MySQL 4 bug as well as some static publishing quirks
## Changelog
### Bugfixes
* [rev:103961] Bypass static caching through static-main.php when GET or POST parameters are set (regression from 2.3 API, fixes #5519, thanks ktauber)
* [rev:103960] Fixed publication of homepage with '/' URL through StaticPublisher (fixes #5514, thanks ktauber)
* [rev:103957] Fixed Database->requireTable() for Mysql 4.1 (fixes #5517, thanks gw0)
* [rev:103936] Fixed double pragma after referer redirection on forms with Form->httpSubmission() (fixes #5509, thanks ktauber)
* [rev:103933] login BackURL wrong when using nested urls (fixes #5520, thanks ktauber)
* [rev:103932] Fixed SS_Report::unregister() parameter naming (fixes #5511, thanks ktauber)
* [rev:103912] Trimming expected output of WebserverRoutingTest (newlines before the "ok" string were causing failures on PHP 5.3)
* [rev:103910] Disabled MemoryLimitTest for environments where memory_limit can't be freely set (e.g. PHP with suhosin patch)
* [rev:103851] table and column names now quoted properly
### Minor changes
* [rev:103975] Removed unnecessary $timeformat parameter from TimeField::__construct, and getting the default from Zend_Locale_Format in the same way that DateField behaves (unreleased API, so no api change).
* [rev:103975] Automatically choosing $locale in TimeField::__construct, to be consistent with DateField
`./sscreatechangelog --version 2.4.0-rc2 --branch branches/2.4 --stoprevision 103839`

View File

@ -1,328 +0,0 @@
# 2.4.1-rc1 (2010-07-16)
## Overview
* Fixed a security issue where logged-in CMS authors were allowed to rename files with harmful extensions in the "Files & Images" section
* Improved installer security by disallowing re-installation when a configuration file is already present.
* Installing in "live mode" instead of "dev mode" by default, and avoid setting certain domains as "dev mode" by default. This fixes an issue where attackers were able to force a site into "dev mode" by spoofing the domain name on certain server configurations.
* Fixed password encryption when saving members through the "Add Member" dialog in the "Security" admin. The saving process was disregarding password encyrption and saving them as plaintext (issue was introduced in 2.4.0)
* Fixed potential information disclosure on misconfigured servers by disallowing direct execution of *.php files in "sapphire", "cms" and "mysite" folders. If PHP was configured to show errors on screen (development setting), attackers could find out server paths and other environment information.
* Allow CMS authors to set their own localized date and time formats, independently from the defaults set through their interface language.
* More useable date picker (jQuery UI) for date form fields (both in the CMS and in website forms)
* Better URL "transliteration" of special characters like Umlauts or Macrons (Example title: "Brötchen für alle!", URL in 2.4.0: "brtchen-fr-alle", URL in 2.4.1: "broetchen-fuer-alle")
* Better batch editing of comments in the admin interface (e.g. marking multiple comments as "spam")
* More sophisticated access control for decorators on page types (tri-state permissions checks: allow, deny, ignore).
## Changelog
### Features and Enhancements
* [rev:108024] Show a warning inside the the CMS if you've neglected to delete install.php
* [rev:108012] added getter to get array back out of an ArrayData instance. MINOR: updated docblocks in ArrayData
* [rev:107877] Added Latvian (Latvia) translation to sapphire (thanks Kristaps and Andris!)
* [rev:107875] Added Latvian (Latvia) translation to cms (thanks Kristaps and Andris!)
* [rev:107867] Allowing custom messages and permission codes in BasicAuth::protect_entire_site()
* [rev:107867] Making $permissionCode argument optional for BasicAuth::requireLogin(). If not set the logic only checks for a valid account (but no group memberships)
* [rev:107867] Using SS_HTTPResponse_Exception instead of header()/die() in BasicAuth::requireLogin() to make it more testable
* [rev:107810] Added class to time icon in TimeField so it can be styled
* [rev:107443] html2raw now properly replace strong tag with asterix #5494
* [rev:107438] Using jQuery UI datepicker in DateField and DatetimeField instead of outdated DHTML calendar.js (fixes #5397)
* [rev:107438] Abstracted optional DateField->setConfig('showcalendar') logic to DateField_View_JQuery
* [rev:107434] allow adding a new a field to ArrayData
* [rev:107429] Added documentation and changed static names
* [rev:107426] Added static to set regeneration of default pages (ticket #5633)
* [rev:107415] Added Security::$force_database_is_ready to mock database_is_ready() state
* [rev:107415] Added permission check exception in TaskRunner and DatabaseAdmin if SapphireTest::is_running_test() returns TRUE (necessary for DevelopmentAdminTest)
* [rev:107380] Use array_combine() instead of custom logic for ArrayLib::valuekey() (thanks paradigmincarnate!)
* [rev:107365] Member_DatetimeOptionsetField toggle text is now translatable
* [rev:107334] #5352 Translatable entities for help text in Member_DatetimeOptionsetField::getFormattingHelpText()
* [rev:107327] #5352 CMS now uses the user's preferred date and time formatting in DateField and TimeField
* [rev:107326] #5352 Decouple date display from i18n locales, users now have access to change their date and time formats in Member::getCMSFields() using Member_DatetimeOptionsetField field
* [rev:107094] abstracted protocol detection out to Director::protocol() #5450
* [rev:107091] in referencing a file in combine_files() it should fall back to standard requirement tags if combining has been disabled eg dev mode
* [rev:107088] throw user error when not passing correctly formatted array rather than simply passing
* [rev:107086] added setDisabled() to set DropdownField::$disabled
* [rev:106877] Added TestRunner::$coverage_filter_dirs to exclude certain directories from PHPUnit test coverage reports
* [rev:106705] Calling Image->deleteFormattedImages() in Image->onBeforeWrite() (#5423)
* [rev:106200] added prefix and suffix support to ContextSummary
* [rev:106194] Prevent image search queries all images in the site initially when the page is loaded
* [rev:106178] Enable switch between legacy image search and new version
* [rev:106118] added setRows() and setColumns() to customise the size of the textarea field outside of the controller
* [rev:105890] Added method for $this->request->latestParam() backwards compatibility with Director::urlParam()
* [rev:105732] Ability to hide form by className or for the whole ModelAdmin
* [rev:105712] Added MySQLDatabaseConfigurationHelper::getDatabaseVersion() which abstracts the version number away from the version check the installer requires
* [rev:105275] Preserve sort options in pagination links in TableListField
* [rev:105271] 'Select all' and 'Select none' checkboxes for CommentTableField for easier batch handling of comments, improved its styling in CommentAdmin
* [rev:105269] Showing 20 comments in tabular view for CommentAdmin (and making the setting configurable via CommentAdmin::set_comments_per_page())
* [rev:105268] Abbreviating comment text display in CommentAdmin to first 150 characters
* [rev:105266] Allowing batch checkbox selection of TableListField rows with TableListField->Markable and TableListField->addSelectOptions()
* [rev:105126] Added CSSContentParser->getByXpath()
* [rev:105028] Added variable for the server configuration file so the config-form can display it for the installation
* [rev:104968] Added PageComment->canView()/canEdit()/canDelete(), and using these permissions in PageCommentInterface. Caution: canCreate() actions are still determined by PageCommentInterface::$comments_require_login/$comments_require_permission
* [rev:104935] added Month function for consistency
* [rev:104827] added plugins to i18n to support modules that provide custom translations.
* [rev:104707] Installer now supports requireDatabaseVersion() on each database configuration helper implementation, e.g. MySQLDatabaseConfigurationHelper. If it's not defined, the test is skipped.
* [rev:104706] Added MySQLDatabaseConfigurationHelper::requireDatabaseVersion() to check whether the connected instance is using version 5.0+
* [rev:104671] Macrons, umlauts, etc, are now transliterated when inserted into URLS. API CHANGE: Added Transliterator class, which uses iconv() or strtr() to convert characters with diacritical marks to their ASCII equivalents. API CHANGE: Added Extension hook updateURLSegment for SiteeTree.
* [rev:104515] initial commit
* [rev:104232] Add 'Given I load the fixture file "app/tests/xyz.yml"' step to salad
* [rev:104231] Add dev/tests/sessionloadyml to load a yml fixture into an existing test session
* [rev:104162] Added cs_CZ javascript translations (#5540, thanks Pike)
### API Changes
* [rev:107439] Using FieldHolder() instead of Field() for subfields in DatetimeField->FieldHolder(), in order to get configuraton settings for javascript DateField
* [rev:107273] Don't reflect changes in File and Folder property setters on filesystem before write() is called, to ensure that validate() applies in all cases. This fixes a problem where File->setName() would circumvent restrictions in File::$allowed_extensions (fixes #5693)
* [rev:107273] Removed File->resetFilename(), use File->updateFilesystem() to update the filesystem, and File->getRelativePath() to just update the "Filename" property without any filesystem changes (emulating the old $renamePhysicalFile method argument in resetFilename())
* [rev:107273] Removed File->autosetFilename(), please set the "Filename" property via File->getRelativePath()
* [rev:107268] Deprecated File->getLinkedURL()
* [rev:107054] Deprecated AutocompleteTextField, use third-party solutions
* [rev:106217] moved Group::addToGroupByName to $member->addToGroupByCode.
* [rev:105756] refactored methods in session to use coding conventions
* [rev:104987] Removed ImageEditor functionality, please use thirdparty modules, e.g. "silverstripe-pixlr" (http://github.com/nyeholt/silverstripe-pixlr)
* [rev:104923] Added interface method DatabaseConfigurationHelper::requireDatabaseVersion(), all database helpers that implement DatabaseConfigurationHelper must now have this method, which as of now is MySQL, PostgreSQL, SQL Server and SQLite
* [rev:104673] Added RsyncMultiHostPublisher::set_excluded_folders().
* [rev:104669] Moved site tree permission extension to a 3-state system (true, false, null, where null means "no effect")
### Bugfixes
* [rev:108032] Fixed CLI installation.
* [rev:108031] Don't set any dev servers by default, host-based dev-server selection is unreliable.
* [rev:108030] Don't allow reinstalling without first making the user manually delete mysite/_config.php
* [rev:108029] Don't allow direct access to PHP files in mysite module.
* [rev:108028] Don't allow direct access to PHP files in cms module.
* [rev:108027] Don't have any host-based dev servers set by default.
* [rev:108026] Don't allow reinstalling without first making the user manually delete mysite/_config.php
* [rev:108023] Don't allow direct access to PHP files in sapphire module, except for main.php and static-main.php
* [rev:108001] #5833 Duplicate IDs when two similar date formats in Member_DatetimeOptionsetField containing different delimiters (e.g / and .) replaced to an empty string
* [rev:107940] tests now pass when the locale is set to something other than 'en_US' in the mysite's _config.php file
* [rev:107831] dev/build always reporting index change because of a whitespace in the index column names
* [rev:107812] Styling fixes for DateField/TimeField/DatetimeField in the CMS
* [rev:107811] Added a clearing div after the date and time fields, not the best way of doing it but the only way as the overflow css trick for clearing fields doesn't work with the time dropdown
* [rev:107789] Fixed DateField->validate() with keyed, but empty array values
* [rev:107786] Using actual date format settings in DateField/TimeField->validate() messages
* [rev:107785] Limit 'showcalendar' javascript option to DateField instances (rather than applying to all available)
* [rev:107585] fixed inclusion of environment file when document root is the web root
* [rev:107539] Case insensitive extension checks in File::validate() (fixes #5781, thanks simon_w)
* [rev:107537] Remove dummy entry created by Versioned if record is first written to Live stage (fixes #5596, thanks muzdowski)
* [rev:107532] Fixed Member->PasswordEncryption defaults when writing new Member without setting a password. Fixes critical issue with MemberTableField saving in admin/security, where new members are stored with a cleartext password by default instead of using the default SHA1 (see #5772)
* [rev:107441] Allowing DatetimeField->saveInto() to save a partial array notation with missing 'time' value
* [rev:107428] Added quotes for postgres
* [rev:107423] Only highlight strings more than 2 characters long. #4949
* [rev:107417] Reverted 107414, wrong patch
* [rev:107415] Allowing dev/build in "live" mode when Security::database_is_ready() returns FALSE (typically happens when an existing SilverStripe project is upgraded and database columns in Member/Permission/Group have been added) (fixes #4957)
* [rev:107414] TableListField headings i18n translation (ticket #5742)
* [rev:107390] Added Locale hidden field to HTMLEditorField->LinkForm() in order to show correct context in "page on the site" dropdown (fixes #5743)
* [rev:107369] Fixed spelling error of $databaseConfig in cli-script.php causing database configuration to not load (thanks aimcom!)
* [rev:107116] Undo commit to wrong place
* [rev:107115] Undo incorrect commit
* [rev:107095] check the $removeAll var before removing cache files. PATCH via ajshort (#5672)
* [rev:107090] prevented HTTPRequest->shift() throwing notices when shifting multiple elements. APICHANGE: SS_HTTPRequest->shift($multiple) no longer returns an array of size $multiple spaced with nulls, it returns an array up to the size of $multiple.
* [rev:107089] fixed notice level errors getting through
* [rev:106867] Making status description in Debug::friendlyError() compatible to HTTP 1.1 spec (removing any markup and newlines)
* [rev:106777] Re-enabling theme in ErrorPage->doPublish() (it's usually disabled in the publication context through LeftAndMain->init())
* [rev:106755] Stricter checking that a relation exists on ComplexTableField::saveComplexTableField()
* [rev:106671] Fixed ImageField->EditFileForm() to list subclasses of Image in tree dropdown (fixes #5708, thanks keeny)
* [rev:106666] Prevent DateField->performReadonlyTransformation() from segfaulting on PHP 5.2 due to broken __toString() casting (fixes #5713, thanks charden)
* [rev:106360] re-enable broken link notification using BackLinkTracking() (this was broken since r101127
* [rev:106351] Apply AJShort's patch to fix SiteConfig (trac 5671)
* [rev:106225] Checking for the same combined filename in Requirements::combine_files() to avoid irrelevant error messages
* [rev:106205] updated tests for Text
* [rev:106183] fix query error when image search doesn't use legacy search
* [rev:106154] if running in cli do not output html tags when rebuilding the db
* [rev:106122] Fixed caching of homepage.
* [rev:106121] Open help in a new tab.
* [rev:106120] Replaced Versioned's unique index definition with an array syntax.
* [rev:106096] Setting 'ID' field on CMSMain->RootForm() so it can work with formfields that require it (fixes #5671, thanks ajshort)
* [rev:106086] image search was not honouring the selected folder, so could only search in root folder
* [rev:106082] Fixed SiteTree::IsModifiedOnStage() for an edge-case that was identified when deleteFromStage() stopped manipulating the current record.
* [rev:106080] Don't let deleteFromStage() kill the ID of the original record.
* [rev:106079] Add a unique index to SiteTree_versions.RecordID+Version. Fix saving methods to support this.
* [rev:106078] Throw an exception if you try an delete an unsaved or already-deleted record
* [rev:106071] MySQLDatabaseConfigurationHelper::getVersion() will fallback to trying to get the version using a query if mysql_get_server_info() returns nothing
* [rev:105907] fixed phpunit directive
* [rev:105903] reverted revision 105890 to fix build
* [rev:105889] invalid use of @covers annotation
* [rev:105876] TableListField_Item::SelectOptionClasses() can not use it parent protected variable.
* [rev:105875] rollback r105858 which introducesa bug
* [rev:105872] updated select options classes to work with the dataobjectset returned by selectoptions rather than the array previously
* [rev:105868] fixed select all link using incorrect function
* [rev:105858] TableListField_Item::SelectOptionClasses() can use it parent protected variable.
* [rev:105833] fixed incorrect include path
* [rev:105732] validate file in import from CSV form
* [rev:105726] If database version can't be determined, just use the database adapter class
* [rev:105711] Install now supports sending database version if available from the helper
* [rev:105705] ss2stat URL not generated correctly (has NULL values)
* [rev:105668] Moved SiteTree->ParentID property to Hierarchy extension (fixes #5638)
* [rev:105667] More specific regex in Requirements->includeInHTML() to avoid duplicating information by matching HTML5-style `<header>` tags instead of `<head>` (fixes #5640)
* [rev:105665] Can't set width or height on MemberTableField popup (fixes #5625, thanks smurkas)
* [rev:105514] if moderation on comments is enabled then redirect the user back down to the comment section to view the message rather than trying to direct to selector which doesnt exist
* [rev:105505] avoid adding loading class to TinyMCE add link, image, flash buttons
* [rev:105468] #5349: Use TEMP_FOLDER for Zend's cache temp dir.
* [rev:105337] get_title_sql has string concat hardcoded as ||, fixed for MSSQL which uses +, fix for #5613
* [rev:105278] Stricter object type checks in ViewableData->hasValue() and ViewableData->XMLval(). Broke in cases when SS_HTTPResponse is returned which doesn't extend from Object, hence doesn't have an exist() method (fixes #5524, thanks hamish)
* [rev:105264] addFieldToTab segfaulting under PHP 5.2
* [rev:105225] force dateformat to en_NZ if showcalendar is enabled as calendar is compatibile with en_NZ only
* [rev:105030] Fixed correct input ID in install.js due to change in r105029
* [rev:105029] Fixed inconsistent styling of reinstall actions at the bottom of the installer, and if using IIS, warn that this will overwrite the web.config file, not .htaccess
* [rev:104995] Fixed i18nTextCollector when used with i18nEntityProvider - class manifest is now stored lowercase, which means i18n::get_owner_module() didnt work reliably
* [rev:104972] TestSession::submitForm throws proper error if form not found
* [rev:104968] Requiring CMS_ACCESS_CommentAdmin instead of ADMIN permissions in PageCommentInterface and CommentAdmin administrative actions
* [rev:104962] Fixed bug in basicauth failover to session member.
* [rev:104962] Don't use session member for test site protection feature.
* [rev:104847] catch case of plugin not returning translations for the locale
* [rev:104793] Installer now checks the database version AFTER it has determined a connection can be established, which some databases require first
* [rev:104793] Database version check failures are now a warning, so a user can install at their own risk
* [rev:104745] after reset password, the site redirect to non-exisit page (SC #1)
* [rev:104720] Fixed installation problem where version error didn't show
* [rev:104679] Make URLs lowercase
* [rev:104678] Fixed Translatable::canEdit() to suit new permission customisation scheme
* [rev:104675] Prevent DataDifferencer from creating empty `<ins />` and `<del />` takes that confuse the browser.
* [rev:104672] Make RsyncMultiHostPublisher protected; give default value.
* [rev:104670] Director::test() shouldn't break if $_SESSION isn't set.
* [rev:104666] Removed references to php5 binary in Makefile
* [rev:104608] check if a request is present before using it to prevent undefined errors
* [rev:104581] Generate stage/live links using Controller::join_links() instead of string concatenation.
* [rev:104580] Fixed Controller::join_links() handling of fragment identifiers
* [rev:104552] when using custom Member title, the join was failing - it had wrong parameters. Now changed to correctly handle the ansi sql join for all Member columns.
* [rev:104533] Fix ModelAdmin Import hang (ticket 5569)
* [rev:104468] When finding an old page in the 404 handler, favour existing subpages over historical ones.
* [rev:104463] Fix legacy URL redirection for pre-nestedurls URLs, after it has been enabled.
* [rev:104436] Removed erroneous default config for unused templates module.
* [rev:104403] Wrong HTML syntax in LeftAndMain.ss (fixes #5552, thanks simon_w)
### Minor changes
* [rev:108049] Added warning about Director::set_dev_servers()
* [rev:108048] Documentation in CSVBulkLoader
* [rev:108025] Added test for #5662 (calling delete twice)
* [rev:108002] Fixed incorrect word "colon" with "dot"
* [rev:107878] Updated translations
* [rev:107876] Updated translations
* [rev:107838] Reverted r107831
* [rev:107789] Fixed DateField/TimeField validation message translation (wrong sprintf() nesting)
* [rev:107787] Fixed TimeField validation _t() entity name
* [rev:107784] Disabled 'showcalendar' option on CMSMain->SiteTreeFilterDateField() - it causes the CMS to load jQuery UI javascript just for this (rarely used field). To be re-enabled once we work with jQuery UI on a broader scale.
* [rev:107726] Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc
* [rev:107725] Moved class-specific documentation from doc.silverstripe.org back into class-level PHPDoc
* [rev:107586] removed whitespace
* [rev:107525] Removed debug code in MemberTableField
* [rev:107442] Fixed DatetimeField display in cms
* [rev:107442] Removed obsolete .calendardate styles from cms_right.css
* [rev:107440] Using Google CDN for jQuery dependencies in FileIFrameField
* [rev:107437] Better error handling in i18n::get_language_name()
* [rev:107430] Fixed Documentation
* [rev:107415] Using Object::create() in DevelopmentAdmin to make objects mockable
* [rev:107400] Documentation in DataObjectSet
* [rev:107394] Changed "no_NO" locale for Norwegian into the more commonly used "nb_NO" in i18n class, meaning translations from translate.silverstripe.com can actually be selected now (fixes #5746)
* [rev:107366] Tweaking of installer text to avoid misleading information about "exists" when there's actually an error
* [rev:107307] Reverted r107305
* [rev:107305] Code formatting fix for setting Member locale in LeftAndMain::init()
* [rev:107276] Checking that Folder::findOrMake() can create an assets/assets/ folder
* [rev:107275] Using Filesystem::makeFolder() instead of mkdir() in Folder for file operations
* [rev:107274] Better presentation of extension error message in File and UploadValidator
* [rev:107273] Added unit tests to FileTest and FolderTest (some of them copied from FileTest, to test Folder behaviour separately)
* [rev:107272] Changed ImageTest to use fixture files located in assets/ folder, the filesystem API doesn't support Folder objects with "sapphire/..." paths, which leads to inconsistent results
* [rev:107271] Making FileTest->setUp()/tearDown() more resilient against in-test file/folder renames
* [rev:107270] More identifiable file naming in FileTest
* [rev:107269] Using File::get_file_extension() instead of substr() magic in File->setName()
* [rev:107269] Using exceptions instead of user_error() in File->setName()
* [rev:107268] Avoiding duplication by using existing getFullPath() in File->getAbsoluteURL()
* [rev:107267] Made File::get_file_extension() more readable, and added unit test
* [rev:107266] Removed File->setField(), doesn't have any overloaded functionality
* [rev:107265] Documentation in File and Folder class
* [rev:107214] updated generator tag URL
* [rev:107175] force exclusive connection
* [rev:107104] Added initial docs
* [rev:107030] return false rather than error out in case SS_Query:: is not a resource
* [rev:106938] mysql_fetch_row() expects resource, this will fatal if query was e.g. UPDATE when iterating a result because MySQLQuery::nextRecord() is used by Iterator::valid() and MySQLQuery:: is bool in this case
* [rev:106876] Making $Email available in Security_passwordsent.ss template (fixes #5737)
* [rev:106805] Added FileTest->testValidateExtension() (related to #5693)
* [rev:106804] Documentation
* [rev:106777] Reverted r88633, it breaks `<base>` tag in static HTML for ErrorPage->doPublish()
* [rev:106694] Removed trailing slash in BackURL, fixed error message sentence structure in PageCommentInterface.ss (fixes #5520)
* [rev:106687] Fixed hardcoded error message in PasswordValidator (fixes #5734)
* [rev:106687] Added PasswordValidatorTest
* [rev:106568] Provide a default message for FIELDISREQUIRED
* [rev:106313] Correct typo in comments
* [rev:106248] Made CMSMainTest more resilient against database ID changes (Postgres doesn't have auto-increment resets across tests at the moment)
* [rev:106190] Fixed memory limit setting in SapphireTest (regression from r106128)
* [rev:106187] Better checking of safe_mode in MemoryLimitTest
* [rev:106180] Add comments for ThumbnailStripField
* [rev:106156] Don't run memory limit tests in safe mode,
* [rev:106128] Preserve memory_limit between tests (for better PHP5.1 behaviour)
* [rev:106119] Added test for Database::hasTable().
* [rev:106090] Fixed test that required a separate Page table.
* [rev:106083] Removed db/build legacy wording in DevelopmentAdmin (fixes #5676)
* [rev:106081] Added test for #5657
* [rev:105985] add text/plain to the list of accepted mime types
* [rev:105912] Better error handling in Form::__construct() (fixes #5649)
* [rev:105732] Clear DB checkbox unchecked by default
* [rev:105517] Installer should not repeat "Could not determine your database version" twice in slightly varied words
* [rev:105516] Show better message if couldn't find MySQL version in MySQLDatabaseConfigurationHelper
* [rev:105305] More solid markup testing in TableListFieldTest through xpath
* [rev:105297] Fixed TableListFieldTest->testSelectOptionsRendering()
* [rev:105282] Using ASSETS_DIR and THEMES_DIR constant in Image, ManifestBuilder, Requirements, File (fixes #5619)
* [rev:105281] Using ASSETS_DIR constant in StaticPublisher (fixes #5619)
* [rev:105277] Translations
* [rev:105276] Translations
* [rev:105274] Reverted r105264, breaks CompositeFieldTest, FieldSetTest, TranslatableTest
* [rev:105273] Updated TableListField sublcass template to work with new TableListField->SelectOptions() setting
* [rev:105272] Fixed _t() call in PageCommentInterface.ss
* [rev:105270] missing slash / from Requirements::css() parameter
* [rev:105267] Removed jquery.livequery as a Requirement from LeftAndMain.php, its only necessary in SecurityAdmin for MemberImportForm.js now.
* [rev:105198] Fixed fixture location for DbDatetimeTest
* [rev:105196] Added DbDatetimeTest cases to sapphire (these were previously in the sqlite3 module, but they actually test core Database functionality)
* [rev:105188] Documentation
* [rev:105139] increased height of the todo text field in the cms
* [rev:105027] Checking for headers_sent() before setting cookies in Versioned::choose_site_stage() to avoid problems with URL parameters like showqueries=1 and ContentController calling choose_site_stage() (fixes #5557)
* [rev:105011] Documentation
* [rev:105009] Documentation
* [rev:105005] Documentation
* [rev:104996] Documentation
* [rev:104993] Language master file
* [rev:104992] Removed duplicated code in i18nTextCollector, more defensive checks for get_owner_module()
* [rev:104980] Added translations for BrokenLinksReport, ReportAdminForm.ss, AssetTableField.ss (fixes #5527, thanks Martimiz)
* [rev:104978] Allowing translation of "save" button in SiteConfig->getCMSActions()
* [rev:104970] Translations in PageCommentInterface.ss (fixes #5598, thanks Pike)
* [rev:104924] Reverted r104923, as current database releases of mssql and sqlite3 modules don't support this yet
* [rev:104883] Fixed hidden mbstring reliance in SiteTree->generateURLSegment() (broken in r104679)
* [rev:104835] Save and restore lang state in test
* [rev:104798] Fixed SiteTreeTest and SiteTreePermissionsTest to work alongside subsites module (SiteTreeSubsites changes the canEdit() behaviour)
* [rev:104796] Fixed SiteConfigTest to work alongsite subsites module (SiteTreeSubsites changes the canEdit() behaviour)
* [rev:104795] Documentation
* [rev:104769] Documentation
* [rev:104767] Documentation
* [rev:104733] fixed umlauts
* [rev:104711] Added DirectorTest->testURLParam() and DirectorTest->testURLParams()
* [rev:104710] Installing screen now has a page title called "Installing SilverStripe..." instead of "PHP 5 is required"
* [rev:104709] Removed double returns in installer (redundant code)
* [rev:104708] Renamed checkdatabase method to checkDatabase to be consistent
* [rev:104705] Show install MySQL version at 5.0+ as 4.1 does not work properly with SilverStripe
* [rev:104704] Tweaks to positioning of help text in installer
* [rev:104682] fixed api doc
* [rev:104636] added illustrator formats to the allowed extensions.
* [rev:104610] Documentation
* [rev:104598] Fixed wrong _t() notation in ChangePasswordForm (broken in r103226 and r104596)
* [rev:104596] Making strings in ContentControllerSearchExtension translatable
* [rev:104594] Defensive coding in MigrateSiteTreeLinkingTask
* [rev:104490] Removed ForumAdmin.js which shouldn't belong in the CMS module
* [rev:104483] Documentation
* [rev:104404] Documentation
* [rev:104402] Documentation
* [rev:104158] Documentation migrated from doc.ss.org
* [rev:104157] Migrated various API-style documentation from doc.ss.org
### Other
* [rev:105057] MINOT Translation in SiteTree (#5603, thanks Pike)
* [rev:104674] ENHANCMENT: RsyncMultiHostPublisher also rsyncs sapphire/static-main.php.
* [rev:104668] Sake fix: look for php binary before php5, to prevent errors on CentOS and Cygwin.
* [rev:104667] Added explicit bash handler to sake
* [rev:104442] Multi-use redemption page created
`./sscreatechangelog --version 2.4.1-rc1 --branch branches/2.4 --stopbranch tags/2.4.0`

View File

@ -1,20 +0,0 @@
# 2.4.1-rc2
## Changelog
### Bugfixes
* [rev:108207] Re-allowing direct execution in sapphire/thirdparty/tinymce/plugins/spellchecker/rpc.php (necessary for cms spellchecker, was disabled by global .htaccess rule)
* [rev:108195] #5837 cache_dir not writable by Zend when accessing the CMS, because of Windows default which should be the sapphire TEMP_FOLDER
* [rev:108193] Bypass !BasicAuth when in CLI mode so unit tests can run (regression from r104962)
* [rev:108099] Fixing default group selection in 'add member' dialog (in !MemberTableField) (fixes #5836)
* [rev:108096] AssetAdmin->doUpload() shows JS alert *before* triggering a page reload, as this seems to mess up TinyMCE in Firefox on subsequent page loads (fixes #5838)
### Minor changes
* [rev:108208] Disallowing more potentially active file extensions in mysite/.htaccess
* [rev:108207] Disallowing more potentially active file extensions in cms/.htaccess
* [rev:108206] Disallowing more potentially active file extensions in cms/.htaccess
* [rev:108196] Removed debug
<code>./sscreatechangelog --version 2.4.1-rc2 --branch branches/2.4 --stopbranch tags/rc/2.4.1-rc1</code>

View File

@ -1,146 +0,0 @@
# 2.4.2-rc1
## Changelog
### Features and Enhancements
* [rev:110757] added the ability to toggle the use draft site setting
* [rev:110467] #5977 Added optional argument to !ClassInfo::getValidSubClasses() and removed harcoded !SiteTree
* [rev:110211] disable basic auth by default, tests run on the assumption it is disabled.
* [rev:109104] Added -v / --verbose option to dev/tests/*, to make it output every single test name before it starts that test.
* [rev:109101] Session::set_cookie_path() and Session::set_cookie_domain() are now possible. This is useful for sharing cookies across all subdomains, for example.
* [rev:108942] make !RestfulService support PUT method.
* [rev:108663] ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages
* [rev:108644] #3828 500 server error page is created by default on dev/build
* [rev:108499] New Member records are populated with the currently set default through i18n::set_locale()
* [rev:108437] Restful service returns cached response on http and curl errors
* [rev:108428] #2856 Limiting of relative URLs for Director::forceSSL() using a map of PCRE regular expressions
* [rev:108418] Added argument to SQLQuery->leftJoin()/innerJoin() (#5802, thanks stojg)
* [rev:108417] Full-text search with double quotes returns too many results. ticket #5733. Thanks ktauber.
### API Changes
* [rev:110856] Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_!SecurityAdmin permissions tries to edit an ADMIN (fixes #5651)
* [rev:109156] #5873 !DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use !DataObjectSet::unshift($item) if unshifting was intended!
* [rev:109156] Added !DataObjectSet::pop()
* [rev:109103] Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site
### Bugfixes
* [rev:110901] delete orphaned records from versioned tables when updating. #5936
* [rev:110894] Protect !MemberTest from side effects caused by auth_openid and forum modules
* [rev:110889] Respecting field specific locale settings in !DatetimeField and !DateField when validating and saving values (fixes #5931, thanks Tjofras)
* [rev:110859] Disallow addition of members to groups with !MemberTableField->addtogroup() when the editing member doesn't have permissions on the added member
* [rev:110858] Don't suggest members in !SecurityAdmin->autocomplete() that the current user doesn't have rights to edit (fixes #5651)
* [rev:110857] Enforcing canEdit() checks in !ComplexTableField_Popup - making form readonly if the current user can't edit
* [rev:110838] Case insensitive !DateField value navigation (fixes #5990, thanks gw0(
* [rev:110835] Passing $name in !MoneyField->!FieldCurrency() (fixes #5982, thanks andersw)
* [rev:110809] Removing "typography" class from HTMLEditorField container (should just apply to the contained `<iframe>`) (fixes #5949)
* [rev:110808] Allowing $extraClass on !CheckboxField !FieldHolder (fixes #5939, thanks mobiusnz)
* [rev:110759] ensure that pages can only be requested from staging and live
* [rev:110463] Fixed boundary PHP notice case in !RequiredFields::php() where a field name may not be defined in the $data array when a Form is submitted
* [rev:110439] #5811 Fixed default selection of root node when CMS first opened (no currentPage set in session)
* [rev:110262] fix !TranslatableSearchFormText by supporting fulltext search for MSSQL and using extendedSQL function call that augments queries properly (previously it was using DB::query which does not augment). Added wait to !TranslatableSearchFormText so the test actually passes.
* [rev:110197] MigrateSiteTreeLinkingTask now takes a direct map when querying the page tracked links instead of looping through the direct result set. This fixes SQL Server failing when MARS (Multiple Active Result Sets) is disabled
* [rev:110165] Fixed missing "Save" action input label on !ComplexTableField popup form
* [rev:110130] force the test to wait until indexing completes. Do not use stop words ('me')
* [rev:109834] BasicAuthTests fail when Member's unique_identifier_field is anything except the default of Email
* [rev:109714] disable basic auth for the restful controller test
* [rev:109712] makeRelative would return "false" for the root path, empty string is expected - fix that
* [rev:109712] change the check in forceSSL to work on Windows - it sets the $_SERVER['https'] to off, instead of null
* [rev:109591] getItem didn't consider the PostgreSQL SQL syntax. Columns with Capital letters must be quoted. Added quotes to the where clause in getItem. I didn't added quotes to the baseTable because it causes PostgreSQL errors (tables can not be double quoted, just single quoted).
* [rev:109168] $val is now cast as an int to prevent strings always returning true (YES)
* [rev:109155] Validator::requiredField() should check the required field submitted value is an array before check strlen(). Some fields submitted as an array, e.g. !MoneyField
* [rev:109128] Remove () that was breaking coverage report
* [rev:109106] sort order of widgets is now fixed.
* [rev:109102] Themed permissionFailure messages
* [rev:109083] Group::getCMSFields() should use Tab instances with a fixed name instead of translated one, leaving the translation for the tab title instead
* [rev:109082] SiteTree decorated canView() checks not being passed through to !SiteTree::canView()
* [rev:109081] StringField::setNullifyEmpty() should assign the given value boolean, not evaluate whether it's true or not
* [rev:109079] Count() call on a non-object in File::!BackLinkTrackingCount()
* [rev:109063] Fixed File::getAbsoluteURL() absolute generation
* [rev:109062] File::getAbsoluteURL() should return a URL, not a filesystem path
* [rev:108887] CSVBulkLoader import method now no longer requires files to end in '.csv'. Some projects want to import files in CSV format, but not of csv file type.
* [rev:108811] Added specific border case for array form data in !RequiredFields::php()
* [rev:108792] Fixed validation to accept arrays (!FileField case)
* [rev:108633] NumericField javascript does not accept negatives, make use of isNaN built-in javascript function instead of custom regex
* [rev:108515] #5627 Clear session on logout
* [rev:108513] EMAIL_BOUNCEHANDLER_KEY cannot be defined
* [rev:108512] Validator/!RequiredFields should not regard "0" as an empty value
* [rev:108509] SapphireTest::create_temp_db() should restore the SS error handler from the PHPUnit one temporarily in case there's any errors building
* [rev:108492] Undefined variable destURL in Director::forceWWW() (regression from r107094)
* [rev:108436] Checking for existence of $('!SwitchView') (fixes #5282)
* [rev:108432] Database password input in installer should be password, so that the password is obfuscated when input
* [rev:108427] Take note of output format when building Location header for !RestfulServer
* [rev:108422] CurrencyField doesn't accept negative value (#5769, thanks simon_w)
* [rev:108421] Fixed !ContentNegotiator to handle HTML and XHTML base tags properly when converting, regression from r108413
* [rev:108413] #5855 SSViewer::get_base_tag() should produce a properly closed base tag for XHTML (thanks smorris!)
* [rev:108409] #5862 JSON output of JSONDataFormatter now uses quotes for keys to be safer
* [rev:108408] Member_!ProfileForm should fallback to english text for save button if no translation defined for current language
* [rev:108407] #5852 Missing translation for !SecurityAdmin save button causes it to have no text, should default to english "Save"
* [rev:108400] Undefined variable when calling !DataObject::many_many_extraFields() and relation name couldn't be found for the component
* [rev:108399] DataObjects without the Versioned decorator cannot have a "Version" field. ticket #5775. Thanks ajshort
* [rev:108397] Added condition to avoid error creating "!PastMember" cookie on dev/build (ticket #5780) Thanks simon_w
* [rev:108396] Applied/edited paradigmincarnate's patch to quote plaintext email with htmlEmail (#5120)
### Minor changes
* [rev:110847] Documentation
* [rev:110837] Check in !TableListField->!HighlightClasses() (fixes #5993, thanks lx)
* [rev:110836] Avoid using ASP-style tags in SSViewer comments, it confuses PHP with asp_tags=ON (fixes #5976, thanks ezero)
* [rev:110440] Warning about install.php existing for root site tree node as well (!SiteConfig form)
* [rev:110435] German translations for cms javascript (#5921, thanks bartlomiej)
* [rev:110243] added missing closing tag
* [rev:110205] Make dev/build not constantly show a changed index because of whitespace between VersionID and Version in the index spec
* [rev:110200] Removed removeDuplicates() call on linked pages !DataObjectSet in !MigrateSiteTreeLinkingTask which is no longer required, as the duplicate results were fixed in !DataObject directly
* [rev:110190] only call next() in iterator validation on initialisation or after reset NOT if current value is invalid
* [rev:109788] repair installer for sqlite
* [rev:109787] repair installer for sqlite
* [rev:109405] neatly quote identifiers
* [rev:109382] return a fail instead of an error
* [rev:109334] Remove whitespace if Surname field set on Member, but not !FirstName
* [rev:109333] Tests for Member::getName() and Member::setName()
* [rev:109330] trim space off end of firstname if surname is not set. #5925
* [rev:109274] CSSContentParser::__construct() now gives a better error if the content could not be parsed. This will mostly happen if tidy isn't present.
* [rev:109165] phpDoc updates for SS_!LogFileWriter and SS_!LogEmailWriter
* [rev:109156] Unit tests for !DataObjectSet::shift(), !DataObjectSet::unshift() and !DataObjectSet::pop()
* [rev:109152] Doc update for Director::forceSSL()
* [rev:109127] Applied patch from walec51 for <% control %> on empty set (#5579) Also added unit tests by ischommer
* [rev:109105] Fix links etc, and remove www. from SS urls
* [rev:109100] Clear out the test database in between each salad scenario.
* [rev:109066] Added tests for File::getURL() and File::getAbsoluteURL()
* [rev:108961] remove SQL table alias keyword AS
* [rev:108666] Fixed tests not working on the web side as redirection to https would occur
* [rev:108665] Fixed !DirectorTest to restore it's REQUEST_URI state to the original one after each test method is run
* [rev:108640] allow $icon to be overridden on !ErrorPages. PATCH via martljn (#5875).
* [rev:108571] Changed unknown web server text
* [rev:108570] Allow checking for a specific IIS version (parameter to !InstallRequirements::isIIS())
* [rev:108569] Removed double up of similar logic in !InstallRequirements
* [rev:108568] Simplified discovery of webserver during install
* [rev:108561] Removed unncessary isset() check
* [rev:108559] Add some documentation to !LeftAndMain_right.js
* [rev:108546] Removed command line functionality from installer which is no longer used
* [rev:108518] Fixed failing test as session being set before logging out and losing BackURL
* [rev:108500] Fixed failing tests because of locale not being set to the default in !SapphireTest::setUp()
* [rev:108442] Translations in CMSMain_left.ss
* [rev:108441] Making "todo" tab title translatable
* [rev:108435] Fixed Director::forceSSL() breaking unit tests because headers were already sent
* [rev:108434] Reverted r108433
* [rev:108433] DirectorTest should not extend from !FunctionalTest (regression from r108428)
* [rev:108376] Add trailing slash to image tag (thanks to mattclegg)
* [rev:108375] Cross-referencing some documentation
### Other
* [rev:110241] #5870 Block web requests to silverstripe-cache directory via htaccess !RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x
* [rev:109177] Revert "MINOR: Applied patch from walec51 for <% control %> on empty set (#5579) Also added unit tests by ischommer"
* [rev:109177] This was not supposed to be pushed out yet.
* [rev:109177]
* [rev:109177] This reverts commit 9c2aafa414948314236674e31fd756797d695139.
* [rev:109163] Revert "BUGFIX: sort order of widgets is now fixed."
* [rev:109163]
* [rev:109163] This reverts commit 1e7781ba2b8ac30333a20d9a1b0bcb9b4ba5b0b0.
* [rev:109099] Added dev/tests/emptydb to clear out test session databases.
* [rev:108417] Using htmlentities($keywords,ENT_NOQUOTES) instead of proposed solution
<code>./sscreatechangelog --version 2.4.2-rc1 --branch branches/2.4 --stopbranch tags/2.4.1</code>

View File

@ -1,8 +0,0 @@
# 2.4.2-rc2
## Changelog
### Bugfixes
* [rev:110944] Fixed column names that were not quoted that broke PostgreSQL
* [rev:110914] Fixed double quotes around column names in Versioned::augmentDatabase()

View File

@ -1,148 +0,0 @@
# 2.4.3-rc1
## Changelog
### Features and Enhancements
* [rev:113284] Added Form->enableSecurityToken() as a counterpart to the existing disableSecurityToken()
* [rev:113272] Added !SecurityToken to wrap CSRF protection via "SecurityID" request parameter
* [rev:112973] Installer now has a fallback for mod_rewrite detection by setting an environment variable in .htaccess when "<!IfModule mod_rewrite.c>" directive is satisfied
* [rev:112272] MySQLDatabase::renameField() no longer checks that the field exists in fieldList(). alterField() does no such check, so it should be consistent. Removing this should provide a small performance improvement as well
* [rev:112247] Installer exposes database type in "Database support" configuration
* [rev:111915] Added localisation for batch actions in javascript + translations
* [rev:111891] #4903 !MemberLoginForm field for "You are logged in as %s" message customisation (thanks walec51!)
* [rev:111887] #3775 Added getter to GD so you can retrieve the internal GD resource being used. Made setGD public so you can override the GD yourself as well
* [rev:111874] "Database Configuration" section in installer shows database version and database type (without the "Database" suffix) for reference
* [rev:111873] Show "Database Configuration" section of installer requirements for reference (collapsed by default)
* [rev:111868] MySQLDatabase::getVersion() now uses mysql_get_server_info() which has been supported since PHP 4. This gives us a better version than say "5.1", instead we now get something like "5.1.51"
* [rev:111850] Make use of mysql_get_server_info() when calling MSSQLDatabase::getVersion(), if there's a problem getting info this way, falls back to using query for VERSION() details
* [rev:111828] 6017 - Configurable help link
* [rev:111495] Making "sake" script more portable by using "/usr/bin/env" shebang instead of "/bin/bash" (fixes #6045, thanks sychan)
* [rev:111489] Added "module=" argument to !FullTestSuite (to support comma-separated module lists)
* [rev:111449] allow !PageCommentForm to store all users data, rather than hardcoding the fields
* [rev:111443] simple extend hook for !PageCommentForms. Temporary measure till #6053 is implemented
* [rev:111086] #6023 Shorten SSViewer cached template path for readability of the filenames, and also so Windows doesn't break on long paths
* [rev:111055] Added phpunit.xml.dist to avoid setting bootstrap includes and other !SilverStripe specific configuration as CLI parameters and test-level includes
* [rev:111054] Created a phpunit wrapper class to ensure that Sapphire's test framework is capable of running unit tests, coverage report and retrieve clover-statistics for PHPUnit 3.4 and PHPUnit 3.5
* [rev:111050] Added custom test listener for PHPUnit in order to call setUpOnce() and tearDownOnce() on !SapphireTest
* [rev:111048] Allowing to run single tests via phpunit through new test bootstrap XML file (e.g. "phpunit sapphire/tests/api/!RestfulServerTest.php" or "phpunit sapphire/tests/api")
* [rev:111045] Added !FullTestSuite.php, so that you can test by running "phpunit sapphire/tests/!FullTestSuite".
* [rev:111041] refactored runTests, using the new phpunit wrapper classes.
* [rev:111039] Created a phpunit wrapper class to ensure that Sapphire's test framework is capable of running unit tests, coverage report and retrieve clover-statistics for PHPUnit 3.4 and PHPUnit 3.5
### API Changes
* [rev:113282] Fixed various controllers to enforce CSRF protection through Form_!SecurityToken on GET actions that are not routed through Form->httpSubmission(): !AssetAdmin, CMSBatchActionHandler, CMSMain, !CommentTableField, !LeftAndMain, !MemberTableField, !PageComment, !PageComment_Controller
* [rev:113275] Added security token to !TableListField->Link() in order to include it in all URL actions automatically. This ensures that field actions bypassing Form->httpSubmission() still get CSRF protection
### Bugfixes
* [rev:113295] Ensure that !SearchForm searchEngine() call properly escapes the Relevance field for ANSI compliance
* [rev:113277] Clear static marking caches on Hierarchy->flushCache()
* [rev:113276] Fixed !ComplexTableField and !TableListField GET actions against CSRF attacks (with Form_!SecurityToken->checkRequest())
* [rev:113273] Using current controller for !MemberTableField constructor in Group->getCMSFields() instead of passing in a wrong instance (Group)
* [rev:113249] ModelViewer doesn't work due to minor bug introduced by making $_CLASS_MANIFEST keys lowercase (fixes #6144, thanks daniel.lindkvist)
* [rev:113247] Fixed month conversion in !DateField_View_JQuery::convert_iso_to_jquery_format() (fixes #6124, thanks mbren and natmchugh)
* [rev:113193] removed taiwans province of china
* [rev:113157] Add PHPUnit includes to !SapphireTest? class (can be loaded outside of !TestRunner? for static calls, in which case the PHPUnit autoloaders/includes aren't in place yet) (merged from r113156)
* [rev:113107] Use correct language code for jquery-ui date picker for en_US
* [rev:113085] check !DisplaySignatures on the thread rather than post. #5409
* [rev:112963] Enhance the protection of the assets/ directory in both IIS and Apache by including a file type whitelist.
* [rev:112961] Don't include web.config in the assets tracked in the File table.
* [rev:112288] Renamed !MySQLQuery::__destroy() renamed to __destruct() so that it is called properly after the object is destroyed
* [rev:112258] one more requirement switched to SSL
* [rev:111949] Ensure that \r carriage return characters get stripped out before setting content in HTMLValue::setContent(). DOMDocument will transform these into &#13 entities, which is apparently XML spec, but not necessary for us as we're using HTML
* [rev:111932] #6089 Avoid javascript error when "Allow drag & drop reordering" enabled, and attempt to drag a file from one folder to another is performed
* [rev:111914] #6096 RSSFeed::feedContent() restores previous state of SSViewer::get_source_file_comments() after temporarily disabling it (thanks paradigmincarnate!)
* [rev:111898] Filesystem::removeFolder() did not remove files that ended with a "." when this is a valid file. Remove the regex and replace with specific case for "." and ".."
* [rev:111890] #6066 Form::__construct() should respect hasMethod on passed in Controller instance if it's available (thanks paradigmincarnate!)
* [rev:111889] #3910 Setting timezone parameter to !MySQLDatabase::__construct() should use $this->query() to be consistent
* [rev:111878] Ensure that windows-style newlines ("\r\n") don't get converted to their XML entity representation through DOMDocument in SS_HTMLValue->setContent()
* [rev:111843] More common defaults for en_US.xml used by Zend_!DateFormat (and !DateField/!DatetimeField), with less error prone numerical format replacing the Zend default of shortened month names (fixes #6071, thanks dalesaurus)
* [rev:111843] Correct locale mapping in !DateField_View_JQuery for "en_US" and "en_NZ"
* [rev:111842] #6055 !ErrorPage should always create static error page files when dev/build is called if they don't exist
* [rev:111841] RFC 2822 compliant validation of email adresses in !EmailField->jsValidation() and !EmailField->validate() (fixes #6067, thanks paradigmincarnate)
* [rev:111772] DB::connect() should not rely on $_SESSION existing, so we check isset() to supress any warnings of undefined indexes
* [rev:111494] Changing File->Filename property from arbitrary limitation on VARCHAR (255 characters) to TEXT (65k characters) to ensure the framework can handle deeply nested filesystem trees (fixes #6015, thanks muzdowski)
* [rev:111493] Moving folder after executing Folder::findOrMake will not set the Filenames properly. Invoking updateFilesystem() in File->onAfterWrite() instead of onBeforeWrite(), and avoid caching in FIle->getRelativePath() (fixes #5994 and #5937, thanks muzdowski)
* [rev:111492] Removing overloaded !TableField->sourceItems() method, which enables features of the underlying !TableListField implementation, such as pagination and source item caching (fixed #5965, thanks martijn)
* [rev:111464] Search didn't respect searchableClasses passed to !FulltextSearchable::enable()
* [rev:111452] added validation to the page comment form
* [rev:111369] Installer now checks for session_start() and hash() support
* [rev:111266] Installer now checks for iconv support, which is required for !DateField? (using Zend libraries) to function correctly
* [rev:111255] ContentController::!SiteConfig() should look to the !SiteTree record so an alternate !SiteConfig is considered, if this method doesn't exist on the data record then fall back to the default !SiteConfig
* [rev:111202] Fixed quoting and GROUP BY statement in !ManyManyComplexTableField->getQuery() for Postgres compatibility
* [rev:111176] Force tidy to avoid wrapping long lines in CSSContentParser, it breaks our !FunctionalTest string assertions
* [rev:111126] TarballArchive::extractTo() uses an incorrectly spelled argument
* [rev:111097] Fixed !PhpSyntaxTest not to rely on relative folder references (broken due to chdir() changes in cli-script.php and bootstrap.php)
* [rev:111092] Fixed regression where coverage report request did not get passed through to runTests() in !TestRunner::all()
* [rev:111091] Fixed regression of dev/tests/all running a coverage report instead of just unit tests
* [rev:111049] Unset $default_session when using Session::clear_all()
* [rev:111044] Allow execution of a test without a current controller.
* [rev:111043] Don't require a current controller for Session::get/set/etc to work.
### Minor changes
* [rev:113281] Removed unused !SecurityAdmin->!MemberForm() and savemember() (see !MemberTableField)
* [rev:113280] Removed unused Security->addmember() (see !MemberTableField and !SecurityAdmin->addtogroup())
* [rev:113279] Removed unused !SecurityAdmin->removememberfromgroup() (see !MemberTableField)
* [rev:113278] Removed unused !MemberList templates (see !MemberTableField)
* [rev:113274] Using !SecurityToken in !ViewableData->getSecurityID()
* [rev:113248] Javascript translations in CMSMain_right.js (fixes #6142)
* [rev:113241] Documentation
* [rev:113086] reverted previous commit. Note to self dont work on sunday nights, sigh
* [rev:112982] updated typo in comment for Cache.
* [rev:112972] Clearer message when rewrite doesn't work during installation
* [rev:112972] Fixed missing end to anchor tag
* [rev:112962] Fix to !SapphireInfo for git-svn checkouts.
* [rev:112961] Add documentation to File::$allowed_extensions explaining that there are config files to edit in assets/
* [rev:112321] Removed "In line of " text in CLI test reporter which did not work. Details are in the backtrace below anyway, so it's not required
* [rev:112278] Reverted regression in r112272
* [rev:112268] Remove whitespace from generated _config.php file in installer
* [rev:112254] change the requirement's link to use current protocol (we don't want messages from browsers saying the page has unsecured content, when accessing the CMS over SSL)
* [rev:111950] Comment about HTMLValue::setContent() stripping out of carriage returns
* [rev:111903] #6083 !FileTest doesn't remove test folders and files created during test
* [rev:111899] Use Filesystem::removeFolder() in !FilesystemPublisherTest::tearDown() instead of specific code to handle this
* [rev:111898] Code syntax formatting of Filesystem::removeFolder()
* [rev:111888] Moved GD::set_default_quality() function to the top of the file to align with conventions
* [rev:111883] #6090 !FilesystemPublisherTest now stores temporary files in assets, which is writable, instead of the webroot which almost never has write permissions
* [rev:111875] Enable non-default language for tinyMCE, setting language in _config.php didn't work. Thanks for @christian
* [rev:111852] Revert r111850 to !MySQLDatabase::getVersion as version comparisons need to happen, and this will strip out non-numeric characters e.g. "ubuntu1" or "lenny4" which are prefixed on some Linux distros
* [rev:111851] dev/build now shows database name and version next to "Building database ..." text
* [rev:111844] Fixed regression from r111843 (i18nText, !MemberDatetimeFieldTest, !MemberTest)
* [rev:111843] Fixed form validation message in !DateField to include actual date format, rather than a hardcoded value
* [rev:111821] Change matchesRoughly threshold slightly in !DbDatetimeTest to allow for slower database server connections
* [rev:111789] Added !FulltextSearchable::get_searchable_classes() in order to introspect currently searchable classes, added !FulltextSearchableTest, added documentation
* [rev:111788] Fixed documentation in !CheckboxSetField (fixes #6068, thanks paradigmincarnate)
* [rev:111787] Fixed documentation in Datetime (fixes #6062, thanks nicolaas)
* [rev:111786] Fixed SS_Datetime references in !BrokenLinksReport and !CommentAdmin (fixes #6063, thanks nicolaas)
* [rev:111772] Code formatting tidy of DB::connect() function
* [rev:111748] CoreTest::testGetTempPathInProject() will try to create a temp dirs when running. !CoreTest::tearDown() will now remove these temp dirs when the test finishes
* [rev:111676] #5943 Debug::text() boolean values are amended with (bool) so they don't get confused with "true" or "false" which could be strings (thanks Pigeon!)
* [rev:111669] Unit test breaks if another module or project extends Folder
* [rev:111597] Updated language master file
* [rev:111497] Fixed indentation in !PageCommentInterface.js
* [rev:111496] Fixed SQL quoting bug in !FolderTest (caused by r111493)
* [rev:111491] Documentation for phpunit.xml.dist
* [rev:111454] removed debug
* [rev:111450] removed debug
* [rev:111262] Add translation correction for Czech and add Slovakian translation in cms and sapphire (js). Thanks to @Pike
* [rev:111224] Ensuring !SiteTreeAccess.js is properly minified in live mode
* [rev:111133] Code formatting in !FullTestSuite
* [rev:111123] Spelling corrections to Director comments
* [rev:111117] Exclude "sanity check" type tests by default from PHPUnit runs (e.g. !PhpSyntaxTest)
* [rev:111116] PHPUnit annotations for !PhpSyntaxTest
* [rev:111053] Removing !MemberImportFormTest, breaks PHPUnit test run, and doesnt have any assertions
* [rev:111052] Documentation for constants in Core.php
* [rev:111051] Don't use chdir(), it confuses the hell out of phpunit (e.g. directory_exists() and realpath() no longer work as expected)
* [rev:111047] Fixed SSViewerTest to initialize controller properly
* [rev:111046] Remove all session data in !TestSession that might've been set by the test harness (necessary for test runs through the phpunit binary)
* [rev:111042] added phpdoc to the new PHPUnitWrapper classes.
### Other
* [rev:111880] #4029 On the fly form validation works in Opera as well
* [rev:111879] Added doc for static help_link
* [rev:111452] Fixes #2782
* [rev:111040] API-CHANGE: remove include which is not required.
* [rev:111038] ENHACENEMENT: Change behaviour of the !MenufestBuilder to use spl_autoload_register instead of traditional __autoload.

View File

@ -1,7 +0,0 @@
# 2.4.3-rc2
## Changelog
### Minor changes
* [rev:113360] Fixed regression from r113282 for changed !SecurityToken API in CMSMain->publishall() (fixes #6159)

View File

@ -1,80 +0,0 @@
# 2.4.4-rc1
## Changelog
### Features and Enhancements
* [rev:114572] 'bypassStaticCache' cookie set in Versioned is limited to httpOnly flag (no access by JS) to improve clientside security (from r114568)
* [rev:114571] Session::start() forces PHPSESSID cookies to be httpOnly (no access by JS) to improve clientside security (from r114567)
* [rev:114499] Added !RandomGenerator for more secure CRSF tokens etc. (from r114497)
* [rev:114467] PHP requirements in installer now check for date.timezone correctly being set for PHP 5.3.0+. This option is *required* to be set starting with 5.3.0 and will cause an error during installation if not
* [rev:114083] Added SS_HTTPResponse->setStatusDescription() as equivalent to setStatusCode(). Added documentation.
* [rev:113963] Split temp directory check and writability into two checks
* [rev:113961] #6206 Installer additional checks for module existence by checking _config.php exists, in addition to the directory
* [rev:113919] Allowing i18nTextCollector to discover entities in templates stored in themes/ directory (thanks nlou) (from r113918)
* [rev:113871] Update Asset's left and right panels with filders and files after 'Look for new files' was triggered (open #5543)
### API Changes
* [rev:114474] Using i18n::validate_locale() in various Translatable methods to ensure the locale exists (as defined through i18n::$allowed_locales) (from r114470)
### Bugfixes
* [rev:114783] Removed switch in !MySQLDatabase->query() to directly echo queries with 'showqueries' parameter when request is called via ajax (from r114782)
* [rev:114774] Disallow web access to sapphire/silverstripe_version to avoid information leakage (from r114773)
* [rev:114771] Disallow web access to cms/silverstripe_version to avoid information leakage (from r114770)
* [rev:114760] Avoid potential referer leaking in Security->changepassword() form by storing Member->!AutoLoginHash in session instead of 'h' GET parameter (from r114758)
* [rev:114719] Fallback text for "Password" in !ConfirmedPasswordField when no translation found
* [rev:114683] Populates the page with fake data in order to pass subsequent unit tests
* [rev:114654] Test if form is the right class (if a class decorates the content controller, this test would break ie sphinx)
* [rev:114516] Escaping $locale values in Translatable->augmentSQL() in addition to the i18n::validate_locale() input validation (from r114515)
* [rev:114512] Limiting usage of mcrypt_create_iv() in !RandomGenerator->generateEntropy() to *nix platforms to avoid fatal errors (specically in IIS) (from r114510)
* [rev:114507] Using !RandomGenerator class in Member->logIn(), Member->autoLogin() and Member->generateAutologinHash() for better randomization of tokens. Increased VARCHAR length of '!RememberLoginToken' and '!AutoLoginHash' fields to 1024 characters to support longer token strings. (from r114504)
* [rev:114506] Using !RandomGenerator class in !PasswordEncryptor->salt() (from r114503)
* [rev:114500] Using !RandomGenerator class in !SecurityToken->generate() for more random tokens
* [rev:114473] Check for valid locale in i18n::set_locale()/set_default_locale()/include_locale_file()/include_by_locale() (as defined in i18n::$allowed_locales). Implicitly sanitizes the data for usage in controllers. (from r114469)
* [rev:114445] Don't allow HTML formatting in !RequestHandler->httpError() by sending "Content-Type: text/plain" response headers. (from r114444)
* [rev:114208] Including template /lang folders in i18n::include_by_locale() (implementation started in r113919)
* [rev:114195] Added !SecurityToken to !PageCommentInterface->!DeleteAllLink() (fixes #6223, thanks Pigeon)
* [rev:114083] Strip newlines and carriage returns from SS_HTTPResponse->getStatusDescription() (fixes #6222, thanks mattclegg) (from r114082)
* [rev:114081] Removed double quoting of $where parameter in Translatable::get_existing_content_languages() (fixes #6203, thanks cloph) (from r114080)
* [rev:114036] Fixed case where !AssetAdmin would throw an error if $links was not an object in !AssetAdmin::getCustomFieldsFor()
* [rev:113976] #6201 Use of set_include_path() did not always include sapphire paths in some environments
* [rev:113962] Installer now checks temporary directory is writable, in addition to it being available.
* [rev:113809] #6197 simon_w: Fixed Internal Server Error when accessing assets on Apache without mod_php.
* [rev:113692] Avoid reloading CMS form twice after certain saving actions (fixes #5451, thanks muzdowski)
### Minor changes
* [rev:114751] Setting Content-Type to text/plain in various error responses for !RestfulServer (from r114750)
* [rev:114749] Reverting Member "!AutoLoginHash", "!RememberLoginToken" and "Salt" to their original VARCHAR length to avoid problems with invalidated hashes due to shorter field length (from r114748)
* [rev:114745] Partially reverted r114744
* [rev:114744] Reduced VARCHAR length from 1024 to 40 bytes, which fits the sha1 hashes created by !RandomGenerator. 1024 bytes caused problems with index lengths on MySQL (from r114743)
* [rev:114720] Code formatting change in !ConfirmedPasswordField::__construct()
* [rev:114454] Added exception handling if !ClassName is null in search results
* [rev:114334] Checking for class_exists() before !SapphireTest::is_running_tests() to avoid including the whole testing framework, and triggering PHPUnit to run a performance-intensive directory traversal for coverage file blacklists (from r114332)
* [rev:114079] Reverted r108515
* [rev:114078] Documentation for Aggregate caching (from r114077)
* [rev:114062] fixed visual glitch in CMS access tab for IE
* [rev:114036] Defined $backlinks as an array before adding entries to it
* [rev:114016] Fixed php tag in !SecurityTokenTest, should be "<?php" not "<?"
* [rev:113984] Installer now writes "!SetEnv HTTP_MOD_REWRITE On" in .htaccess to be consistent with the original .htaccess file that comes with the phpinstaller project
* [rev:113968] Fixed PHP strict standard where non-variables cannot be passed by reference
* [rev:113967] Fixed undefined variable $groupList
* [rev:113964] Re-use variable instead of check temp folder again
* [rev:113956] Make sure that Translatable creates a translated parent of !SiteTree only when the parent is not translated (from r113955)
* [rev:113937] don't trigger notice but Debug::show it
* [rev:113936] don't trigger notice but Debug::show it
* [rev:113933] test doesn't fail anymore due to time differences between db and php. The test now issues notices, warnings and errors depending on the severity of the offset
* [rev:113924] Fixed spaces with tabs in Core
* [rev:113923] Fixed spaces with tabs for Core::getTempFolder()
* [rev:113696] call jquery-ui from thirdparty folder instead google api (see ticket 5915) (from r113656)
* [rev:113695] Typo in !AssetAdmin (fixes #6191, thanks Juanitou)
* [rev:113690] Updated cs_CZ and sk_SK translations in sapphire/javascript (fixes #6085, thanks Pike)
* [rev:113689] Making some !JavaScript strings in cms/javascript translatable, and updated their cs_CZ and sk_SK translations (fixes #6085, thanks Pike)
### Other
* [rev:114464] FIX: Revert last commit
* [rev:114463] FIX: Revert last commit

View File

@ -1,23 +0,0 @@
# 2.4.4-rc2
## Changelog
### Features and Enhancements
* [rev:114901] Allow setting secure session cookies when using SSL. Recent change r114567 made this impossible. (thanks simon_w!) (from r114900)
### Bugfixes
* [rev:115189] Removing form actions from $allowed_actions in !AssetAdmin, CMSMain, !LeftAndMain - handled through Form->httpSubmission() (from r115185)
* [rev:115188] Checking for existence of !FormAction in Form->httpSubmission() to avoid bypassing $allowed_actions definitions in controllers containing this form
* [rev:115188] Checking for $allowed_actions in Form class, through Form->httpSubmission() (from r115182)
* [rev:115169] Fixed conflicting check of mysite directory with recommendation of removal of _config.php in installer
* [rev:114941] #6162 CMSMain::publishall() fails when over 30 pages (thanks natmchugh!) (from r114940)
* [rev:114922] #6219 Director::direct() validation fails for doubly nested file fields (thanks ajshort!) (from r114921)
* [rev:114823] Installer should check asp_tags is disabled, as it can cause issues with !SilverStripe
### Minor changes
* [rev:114916] Ensure php5-required.html template shows correct minimum and recommended PHP versions (thanks mattcleg!) (from r114915)
<code>./sscreatechangelog --version 2.4.4-rc2 --branch branches/2.4 --stopbranch tags/rc/2.4.4-rc1</code>

View File

@ -1,41 +0,0 @@
# 2.4.5-rc1 (2011-01-31)
## Overview
* Enhancement: File->canEdit() and File->canCreate() now use extendedCan()
* Enhancement: Installer check for magic_quotes_gpc (PHP option) and issues a warning if enabled
* Bugfix: CMSMain->rollback() fails because of CSRF protection
* Bugfix: Valid file uploads with uppercase extensions blocked from being web accessible
* Bugfix: Page comments saving onto wrong page
* Bugfix: Incorrect call to weekday function in Date class
* Bugfix: SilverStripeNavigator error in case where page is not published, viewing archived site
## Changelog
### Features and Enhancements
* [rev:115416] Changed canEdit and canCreate extend to extendedCan
* [rev:115265] Installer now checks for magic_quotes_gpc being turned off. This option turned on can cause issues with serialized data in cookies when unserializing (from r115264)
### Bugfixes
* [rev:115816] #6321 Whitelisted file extensions with uppercase extensions blocked by case sensitive FilesMatch directive in assets/.htaccess (does not affect IIS 7.x which uses web.config)
* [rev:115720] transaction function names fixed
* [rev:115460] DateField wrong datepicker-%s.js path (fixes #6296, thanks martijn)
* [rev:115443] Incorrect call to weekday function in Date class (thanks webbower!)
* [rev:115442] Checking for existence of draft and live records in SilverStripeNavigatorItem_ArchiveLink->getHTML() (from r115130)
* [rev:115440] #6291 Remove rollback action from CMSMain allowed_actions and rely on form action_rollback instead which is safer
* [rev:115437] Fixed edge case bug where SilverStripeNavigatorItem would fail if a page was not published, and the navigator archive link was generated
* [rev:115399] #6304 PageCommentInterface::PostCommentForm() loads inappropriate data from cookie, including wrong values for ParentID
* [rev:115379] #6299 TableListField::Link() includes $action value twice (thanks ajshort!)
* [rev:115314] #6287 open_basedir restriction breaks RandomGenerator when trying to read dev/urandom
* [rev:115313] Allowing CMSMain->rollback() outside of form contexts, temporariliy disabling CSRF protection. Necessary in order to get rollback actions working from admin/getversion (regression from 2.4.4 release, see #6291)
### Minor changes
* [rev:115854] #6397 CoreTest should use test specific paths, otherwise conflicts can occur in certain environments
* [rev:115461] Fixed en_US spelling (fixes #6316, thanks sonetseo)
### Other
* [rev:115723] Reverted to revision 101592

View File

@ -1,42 +0,0 @@
# 2.4.8-rc1 #
## Overview ##
* Security (Moderate Severity): More solid relative/site URL checks (related to "BackURL" redirection).
* Security (Moderate Severity): Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed.
* Security (Low Severity): Fixed remote code execution vuln in install.php due to inserting unescaped user data into mysite/_config.php. Not critical because install.php is required to be removed on a SilverStripe installation anyway
## Details
### API Changes
* 2012-02-01 [bf4476a](https://github.com/silverstripe/sapphire/commit/bf4476a) silverstripe_version file now contains the plain version number, rather than an SVN path (Ingo Schommer)
* 2012-02-01 [4abe136](https://github.com/silverstripe/silverstripe-cms/commit/4abe136) silverstripe_version file now contains the plain version number, rather than an SVN path (Ingo Schommer)
### Features and Enhancements
* 2012-02-03 [921bf9a](https://github.com/silverstripe/sapphire/commit/921bf9a) Ensure that forceSSL and protocol detection respects the X-Forwarded-Protocol header. (Sam Minnee)
### Bugfixes
* 2012-09-14 [8ec6312](https://github.com/silverstripe/sapphire/commit/8ec6312) to prevent unintended results from getComponentsQuery(...) (stozze)
* 2012-07-09 [838ac97](https://github.com/silverstripe/silverstripe-cms/commit/838ac97) fixing an edge-case bug where a 404-page would get statically published and overwrite the homepage of the site (this would sometimes happen when a RedirectorPage was set to an external URL and still referenced an internal page ID) (Julian Seidenberg)
* 2012-05-04 [392543b](https://github.com/silverstripe/sapphire/commit/392543b) Don't' set 'Referer' header in FunctionalTest-&gt;get()/post() if its explicitly passed to the method (Ingo Schommer)
### Minor changes
* 2012-08-15 [7669871](https://github.com/silverstripe/sapphire/commit/7669871) fixed array to string conversion to avoid PHP 5.4 warnings (Adam Skrzypulec)
* 2012-05-29 [039a372](https://github.com/silverstripe/silverstripe-installer/commit/039a372) Fixed phpunit bootstrap relative path (Ingo Schommer)
* 2012-05-14 [b211c38](https://github.com/silverstripe/sapphire/commit/b211c38) Manually testing exceptions in SSViewerCacheBlockTest to avoid PHPUnit 3.6 warnings (Ingo Schommer)
* 2012-03-30 [c1d2cd1](https://github.com/silverstripe/sapphire/commit/c1d2cd1) Corrected Geoip entries for ex-Yugoslavia ... better late than never (Ingo Schommer)
* 2012-03-14 [44b9d05](https://github.com/silverstripe/sapphire/commit/44b9d05) Backported bootstrap.php changes from master and cstom TeamCity configuration (required to run tests through phpunit binary) (Ingo Schommer)
* 2011-12-17 [af22d07](https://github.com/silverstripe/sapphire/commit/af22d07) On PHPUnit 3.6, show the output of tests. (Sam Minnee)
* 2011-11-08 [5956ad8](https://github.com/silverstripe/sapphire/commit/5956ad8) Amended PHPUnit execution to work with PHPUnit 3.6 (Sam Minnee)
### Other
* 2012-10-05 [1c7b7d0](https://github.com/silverstripe/sapphire/commit/1c7b7d0) Fixed grammatical error for Form.FIELDISREQUIRED (Will Morgan)
* 2012-08-08 [f6c69d5](https://github.com/silverstripe/sapphire/commit/f6c69d5) Update widget documentation (fixes #706) (Will Rossiter)
* 2012-05-16 [b7c8737](https://github.com/silverstripe/silverstripe-installer/commit/b7c8737) SECURITY Fixed remote code execution vuln in install.php due to inserting unescaped user data into mysite/_config.php. Not critical because install.php is required to be removed on a SilverStripe installation anyway (fixes #7205) (Ingo Schommer)
* 2012-05-04 [46064f8](https://github.com/silverstripe/sapphire/commit/46064f8) SECURITY More solid relative/site URL checks (related to "BackURL" redirection) (Ingo Schommer)
* 2012-05-03 [9bf3ae9](https://github.com/silverstripe/sapphire/commit/9bf3ae9) SECURITY: Ensure javascript content type is sent in form responses. If content type is html, and the javascript contains script tags within the content, this content will be executed. (Andrew O'Neil)