11 Commits

Author	SHA1	Message	Date
Ingo Schommer	4c30c9ac2f	Clarified cases in which forms prevent caching	2018-06-14 14:12:35 +12:00
Ingo Schommer	015b897d82	Link to caching docs from "form security" docs	2018-06-14 10:30:13 +12:00
Damian Mooyman	3ea98cdb13	Migrate documentation from 3.x	2018-06-13 14:50:02 +12:00
Damian Mooyman	cdfb413395	Code block whitespace / formatting cleanup	2017-10-27 15:38:27 +13:00
Aaron Carlino	e7274b0ee4	Add namespaces	2017-10-27 12:45:26 +13:00
Aaron Carlino	50c8a02bff	remove tabs	2017-08-07 15:11:17 +12:00
Aaron Carlino	2414eaeafd	Yay, clean arrays	2017-08-07 14:01:38 +12:00
Aaron Carlino	eb1695c03d	Replace all legacy ::: syntax with GFMD tags	2017-08-07 14:01:38 +12:00
Saophalkun Ponlu	63ba092765	FIX Add namespaces in markdown docs (#7088) ... * FIX Add namespaces in markdown docs * FIX Convert doc [link] to [link-text](link-uri)	2017-07-03 13:22:12 +12:00
Antony Thorpe	6348f2e3e8	Updated Form.php & 04_Form_Security.md ... Changed the `strictFormMethodCheck` protected property from false to true to step out on the front foot with this security setting. In the documentation under the title [Cross-Site Request Forgery](https://github.com/silverstripe/silverstripe-framework/blob/master/docs/en/02_Developer_Guides/09_Security/04_Secure_Coding.md#cross-site-request-forgery-csrf) it states, "it is also recommended to limit form submissions to the intended HTTP verb (mostly GET or POST) through [api:Form::setStrictFormMethodCheck()]." The same advice is noted in [Form Security](c2292a4cc1/docs/en/02_Developer_Guides/03_Forms/04_Form_Security.md (strict-form-submission)). Why not make this the default behaviour? Is there a scenario where this would cause a problem? Have manually tested in the CMS (alpha7) and is working fine. Note: Original commit that establised the API Form::setStrictFormMethodCheck is 14c59be8.	2017-06-06 21:10:49 +12:00
Will Rossiter	9fbbf6d88a	Rewrite, tidy and format of Forms documentation	2014-12-16 11:01:14 +13:00