API Refactor template layer into its own module

Includes the following large-scale changes:
- Impoved barrier between model and view layers
- Improved casting of scalar to relevant DBField types
- Improved capabilities for rendering arbitrary data in templates

_config/backtrace.yml

@@ -28,7 +28,8 @@ SilverStripe\Dev\Backtrace:
     - ['SilverStripe\Security\PasswordEncryptor_Blowfish', 'encryptA']
     - ['SilverStripe\Security\PasswordEncryptor_Blowfish', 'encryptX']
     - ['SilverStripe\Security\PasswordEncryptor_Blowfish', 'encryptY']
-    - ['SilverStripe\Security\PasswordValidator', 'validate']
+    - ['SilverStripe\Security\Validation\RulesPasswordValidator', 'validate']
+    - ['SilverStripe\Security\Validation\EntropyPasswordValidator', 'validate']
     - ['SilverStripe\Security\RememberLoginHash', 'setToken']
     - ['SilverStripe\Security\Security', 'encrypt_password']
     - ['*', 'checkPassword']

_config/passwords.yml

@@ -2,12 +2,5 @@
 Name: corepasswords
 ---
 SilverStripe\Core\Injector\Injector:
-  SilverStripe\Security\PasswordValidator:
-    properties:
-      MinLength: 8
-      HistoricCount: 6
-
-# In the case someone uses `new PasswordValidator` instead of Injector, provide some safe defaults through config.
-SilverStripe\Security\PasswordValidator:
-  min_length: 8
-  historic_count: 6
+  SilverStripe\Security\Validation\PasswordValidator:
+    class: 'SilverStripe\Security\Validation\EntropyPasswordValidator'

composer.json

@@ -50,7 +50,7 @@
         "symfony/mailer": "^7.0",
         "symfony/mime": "^7.0",
         "symfony/translation": "^7.0",
-        "symfony/validator": "^7.0",
+        "symfony/validator": "^7.1",
         "symfony/yaml": "^7.0",
         "ext-ctype": "*",
         "ext-dom": "*",

src/Cli/Command/NavigateCommand.php

@@ -27,7 +27,7 @@ class NavigateCommand extends Command
 
         // Handle request and output resonse body
         $response = $app->handle($request);
-        $output->writeln($response->getBody(), OutputInterface::OUTPUT_RAW);
+        $output->writeln($response->getBody() ?? '', OutputInterface::OUTPUT_RAW);
 
         // Transform HTTP status code into sensible exit code
         $responseCode = $response->getStatusCode();

src/Control/Email/Email.php

@@ -4,14 +4,13 @@ namespace SilverStripe\Control\Email;
 
 use Exception;
 use RuntimeException;
-use Egulias\EmailValidator\EmailValidator;
-use Egulias\EmailValidator\Validation\RFCValidation;
 use SilverStripe\Control\Director;
 use SilverStripe\Core\Config\Configurable;
 use SilverStripe\Core\Environment;
 use SilverStripe\Core\Extensible;
 use SilverStripe\Core\Injector\Injectable;
 use SilverStripe\Core\Injector\Injector;
+use SilverStripe\Core\Validation\ConstraintValidator;
 use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\Model\ArrayData;
 use SilverStripe\View\Requirements;
@@ -22,6 +21,8 @@ use Symfony\Component\Mailer\MailerInterface;
 use Symfony\Component\Mime\Address;
 use Symfony\Component\Mime\Email as SymfonyEmail;
 use Symfony\Component\Mime\Part\AbstractPart;
+use Symfony\Component\Validator\Constraints\Email as EmailConstraint;
+use Symfony\Component\Validator\Constraints\NotBlank;
 
 class Email extends SymfonyEmail
 {
@@ -63,16 +64,17 @@ class Email extends SymfonyEmail
     private bool $dataHasBeenSet = false;
 
     /**
-     * Checks for RFC822-valid email format.
-     *
-     * @copyright Cal Henderson <cal@iamcal.com>
-     *    This code is licensed under a Creative Commons Attribution-ShareAlike 2.5 License
-     *    http://creativecommons.org/licenses/by-sa/2.5/
+     * Checks for RFC valid email format.
      */
     public static function is_valid_address(string $address): bool
     {
-        $validator = new EmailValidator();
-        return $validator->isValid($address, new RFCValidation());
+        return ConstraintValidator::validate(
+            $address,
+            [
+                new EmailConstraint(mode: EmailConstraint::VALIDATION_MODE_STRICT),
+                new NotBlank()
+            ]
+        )->isValid();
     }
 
     public static function getSendAllEmailsTo(): array
@@ -117,7 +119,7 @@ class Email extends SymfonyEmail
         $addresses = [];
         if (is_array($config)) {
             foreach ($config as $key => $val) {
-                if (filter_var($key, FILTER_VALIDATE_EMAIL)) {
+                if (static::is_valid_address($key)) {
                     $addresses[] = new Address($key, $val);
                 } else {
                     $addresses[] = new Address($val);

src/Control/HTTPRequest.php

@@ -7,6 +7,8 @@ use BadMethodCallException;
 use InvalidArgumentException;
 use SilverStripe\Core\ClassInfo;
 use SilverStripe\Core\ArrayLib;
+use Symfony\Component\Validator\Constraints\Ip;
+use Symfony\Component\Validator\Constraints\IpValidator;
 
 /**
  * Represents a HTTP-request, including a URL that is tokenised for parsing, and a request method
@@ -810,7 +812,8 @@ class HTTPRequest implements ArrayAccess
      */
     public function setIP($ip)
     {
-        if (!filter_var($ip, FILTER_VALIDATE_IP)) {
+        // We can't use ConstraintValidator here because it relies on injector and the kernel may not have booted yet.
+        if (!IpValidator::checkIp($ip, Ip::ALL)) {
             throw new InvalidArgumentException("Invalid ip $ip");
         }
         $this->ip = $ip;

src/Control/Middleware/TrustedProxyMiddleware.php

@@ -3,7 +3,10 @@
 namespace SilverStripe\Control\Middleware;
 
 use SilverStripe\Control\HTTPRequest;
+use SilverStripe\Core\Validation\ConstraintValidator;
 use Symfony\Component\HttpFoundation\IpUtils;
+use Symfony\Component\Validator\Constraints\Ip;
+use Symfony\Component\Validator\Constraints\NotBlank;
 
 /**
  * This middleware will rewrite headers that provide IP and host details from an upstream proxy.
@@ -220,14 +223,14 @@ class TrustedProxyMiddleware implements HTTPMiddleware
 
         // Prioritise filters
         $filters = [
-            FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE,
-            FILTER_FLAG_NO_PRIV_RANGE,
-            null
+            Ip::ALL_ONLY_PUBLIC,
+            Ip::ALL_NO_PRIVATE,
+            Ip::ALL
         ];
         foreach ($filters as $filter) {
             // Find best IP
             foreach ($ips as $ip) {
-                if (filter_var($ip, FILTER_VALIDATE_IP, $filter ?? 0)) {
+                if (ConstraintValidator::validate($ip, [new Ip(version: $filter), new NotBlank()])->isValid()) {
                     return $ip;
                 }
             }

src/Control/RSS/RSSFeed_Entry.php

@@ -47,7 +47,7 @@ class RSSFeed_Entry extends ModelData
      */
     public function __construct($entry, $titleField, $descriptionField, $authorField)
     {
-        $this->failover = $entry;
+        $this->setFailover($entry);
         $this->titleField = $titleField;
         $this->descriptionField = $descriptionField;
         $this->authorField = $authorField;
@@ -58,7 +58,7 @@ class RSSFeed_Entry extends ModelData
     /**
      * Get the description of this entry
      *
-     * @return DBField Returns the description of the entry.
+     * @return DBField|null Returns the description of the entry.
      */
     public function Title()
     {
@@ -68,7 +68,7 @@ class RSSFeed_Entry extends ModelData
     /**
      * Get the description of this entry
      *
-     * @return DBField Returns the description of the entry.
+     * @return DBField|null Returns the description of the entry.
      */
     public function Description()
     {
@@ -85,7 +85,7 @@ class RSSFeed_Entry extends ModelData
     /**
      * Get the author of this entry
      *
-     * @return DBField Returns the author of the entry.
+     * @return DBField|null Returns the author of the entry.
      */
     public function Author()
     {
@@ -96,7 +96,7 @@ class RSSFeed_Entry extends ModelData
      * Return the safely casted field
      *
      * @param string $fieldName Name of field
-     * @return DBField
+     * @return DBField|null
      */
     public function rssField($fieldName)
     {

src/Core/Convert.php

@@ -2,9 +2,12 @@
 
 namespace SilverStripe\Core;
 
+use SilverStripe\Core\Validation\ConstraintValidator;
 use SimpleXMLElement;
 use SilverStripe\ORM\DB;
 use SilverStripe\View\Parsers\URLSegmentFilter;
+use Symfony\Component\Validator\Constraints\NotBlank;
+use Symfony\Component\Validator\Constraints\Url;
 
 /**
  * Library of conversion functions, implemented as static methods.
@@ -226,16 +229,14 @@ class Convert
 
     /**
      * Create a link if the string is a valid URL
-     *
-     * @param string $string The string to linkify
-     * @return string A link to the URL if string is a URL
      */
-    public static function linkIfMatch($string)
-    {
-        if (preg_match('/^[a-z+]+\:\/\/[a-zA-Z0-9$-_.+?&=!*\'()%]+$/', $string ?? '')) {
+    public static function linkIfMatch(
+        string $string,
+        array $protocols = ['file', 'ftp', 'http', 'https', 'imap', 'nntp']
+    ): string {
+        if (ConstraintValidator::validate($string, [new Url(protocols: $protocols), new NotBlank()])->isValid()) {
             return "<a style=\"white-space: nowrap\" href=\"$string\">$string</a>";
         }
-
         return $string;
     }
 

src/Dev/Backtrace.php

@@ -149,11 +149,11 @@ class Backtrace
         if ($showArgs && isset($item['args'])) {
             $args = [];
             foreach ($item['args'] as $arg) {
-                if (!is_object($arg) || method_exists($arg, '__toString')) {
+                if (is_object($arg)) {
+                    $args[] = get_class($arg);
+                } else {
                     $sarg = is_array($arg) ? 'Array' : strval($arg);
                     $args[] = (strlen($sarg ?? '') > $argCharLimit) ? substr($sarg, 0, $argCharLimit) . '...' : $sarg;
-                } else {
-                    $args[] = get_class($arg);
                 }
             }
 

src/Forms/ConfirmedPasswordField.php

@@ -10,6 +10,8 @@ use SilverStripe\Security\Authenticator;
 use SilverStripe\Security\Security;
 use SilverStripe\View\HTML;
 use Closure;
+use SilverStripe\Core\Validation\ConstraintValidator;
+use Symfony\Component\Validator\Constraints\PasswordStrength;
 
 /**
  * Two masked input fields, checks for matching passwords.
@@ -25,34 +27,33 @@ class ConfirmedPasswordField extends FormField
 
     /**
      * Minimum character length of the password.
-     *
-     * @var int
      */
-    public $minLength = null;
+    public int $minLength = 0;
 
     /**
      * Maximum character length of the password.
-     *
-     * @var int
+     * 0 means no maximum length.
      */
-    public $maxLength = null;
+    public int $maxLength = 0;
 
     /**
-     * Enforces at least one digit and one alphanumeric
-     * character (in addition to {$minLength} and {$maxLength}
-     *
-     * @var boolean
+     * Enforces password strength validation based on entropy.
+     * See setMinPasswordStrength()
      */
-    public $requireStrongPassword = false;
+    public bool $requireStrongPassword = false;
 
     /**
      * Allow empty fields when entering the password for the first time
      * If this is set to true then a random password may be generated if the field is empty
      * depending on the value of $ConfirmedPasswordField::generateRandomPasswordOnEmtpy
-     *
-     * @var boolean
      */
-    public $canBeEmpty = false;
+    public bool $canBeEmpty = false;
+
+    /**
+     * Minimum password strength if requireStrongPassword is true
+     * See https://symfony.com/doc/current/reference/constraints/PasswordStrength.html#minscore
+     */
+    private int $minPasswordStrength = PasswordStrength::STRENGTH_STRONG;
 
     /**
      * Callback used to generate a random password if $this->canBeEmpty is true and the field is left blank
@@ -72,79 +73,54 @@ class ConfirmedPasswordField extends FormField
      *
      * Caution: The form field does not include any JavaScript or CSS when used outside of the CMS context,
      * since the required frontend dependencies are included through CMS bundling.
-     *
-     * @param boolean $showOnClick
      */
-    protected $showOnClick = false;
+    protected bool $showOnClick = false;
 
     /**
      * Check if the existing password should be entered first
-     *
-     * @var bool
      */
-    protected $requireExistingPassword = false;
+    protected bool $requireExistingPassword = false;
 
 
     /**
      * A place to temporarily store the confirm password value
-     *
-     * @var string
      */
-    protected $confirmValue;
+    protected ?string $confirmValue = null;
 
     /**
      * Store value of "Current Password" field
-     *
-     * @var string
      */
-    protected $currentPasswordValue;
+    protected ?string $currentPasswordValue = null;
 
     /**
      * Title for the link that triggers the visibility of password fields.
-     *
-     * @var string
      */
-    public $showOnClickTitle;
+    public string $showOnClickTitle = '';
 
     /**
      * Child fields (_Password, _ConfirmPassword)
-     *
-     * @var FieldList
      */
-    public $children;
+    public FieldList $children;
 
     protected $schemaDataType = FormField::SCHEMA_DATA_TYPE_STRUCTURAL;
 
-    /**
-     * @var PasswordField
-     */
-    protected $passwordField = null;
+    protected ?PasswordField $passwordField;
+
+    protected ?PasswordField $confirmPasswordfield;
+
+    protected ?HiddenField $hiddenField = null;
 
     /**
-     * @var PasswordField
-     */
-    protected $confirmPasswordfield = null;
-
-    /**
-     * @var HiddenField
-     */
-    protected $hiddenField = null;
-
-    /**
-     * @param string $name
-     * @param string $title
-     * @param mixed $value
      * @param Form $form Ignored for ConfirmedPasswordField.
-     * @param boolean $showOnClick
      * @param string $titleConfirmField Alternate title (not localizeable)
      */
     public function __construct(
-        $name,
-        $title = null,
-        $value = "",
-        $form = null,
-        $showOnClick = false,
-        $titleConfirmField = null
+        string $name,
+        ?string $title = null,
+        mixed $value = "",
+        ?Form $form = null,
+        bool $showOnClick = false,
+        ?string $titleConfirmField = null
     ) {
 
         // Set field title
@@ -528,14 +504,18 @@ class ConfirmedPasswordField extends FormField
         }
 
         if ($this->getRequireStrongPassword()) {
-            if (!preg_match('/^(([a-zA-Z]+\d+)|(\d+[a-zA-Z]+))[a-zA-Z0-9]*$/', $value ?? '')) {
+            $strongEnough = ConstraintValidator::validate(
+                $value,
+                new PasswordStrength(minScore: $this->getMinPasswordStrength())
+            )->isValid();
+            if (!$strongEnough) {
                 $validator->validationError(
                     $name,
                     _t(
-                        'SilverStripe\\Forms\\Form.VALIDATIONSTRONGPASSWORD',
-                        'Passwords must have at least one digit and one alphanumeric character'
+                        __CLASS__ . '.VALIDATIONSTRONGPASSWORD',
+                        'The password strength is too low. Please use a stronger password.'
                     ),
-                    "validation"
+                    'validation'
                 );
 
                 return $this->extendValidationResult(false, $validator);
@@ -637,24 +617,21 @@ class ConfirmedPasswordField extends FormField
 
     /**
      * Check if existing password is required
-     *
-     * @return bool
+     * If true, an extra form field will be added to enter the existing password
      */
-    public function getRequireExistingPassword()
+    public function getRequireExistingPassword(): bool
     {
         return $this->requireExistingPassword;
     }
 
     /**
      * Set if the existing password should be required
-     *
-     * @param bool $show Flag to show or hide this field
-     * @return $this
+     * If true, an extra form field will be added to enter the existing password
      */
-    public function setRequireExistingPassword($show)
+    public function setRequireExistingPassword(bool $show): static
     {
         // Don't modify if already added / removed
-        if ((bool)$show === $this->requireExistingPassword) {
+        if ($show === $this->requireExistingPassword) {
             return $this;
         }
         $this->requireExistingPassword = $show;
@@ -670,79 +647,91 @@ class ConfirmedPasswordField extends FormField
     }
 
     /**
-     * @return PasswordField
+     * Get the FormField that represents the main password field
      */
-    public function getPasswordField()
+    public function getPasswordField(): PasswordField
     {
         return $this->passwordField;
     }
 
     /**
-     * @return PasswordField
+     * Get the FormField that represents the "confirm" password field
      */
-    public function getConfirmPasswordField()
+    public function getConfirmPasswordField(): PasswordField
     {
         return $this->confirmPasswordfield;
     }
 
     /**
      * Set the minimum length required for passwords
-     *
-     * @param int $minLength
-     * @return $this
      */
-    public function setMinLength($minLength)
+    public function setMinLength(int $minLength): static
     {
-        $this->minLength = (int) $minLength;
+        $this->minLength = $minLength;
         return $this;
     }
 
     /**
-     * @return int
+     * Get the minimum length required for passwords
      */
-    public function getMinLength()
+    public function getMinLength(): int
     {
         return $this->minLength;
     }
 
     /**
-     * Set the maximum length required for passwords
-     *
-     * @param int $maxLength
-     * @return $this
+     * Set the maximum length required for passwords.
+     * 0 means no max length.
      */
-    public function setMaxLength($maxLength)
+    public function setMaxLength(int $maxLength): static
     {
-        $this->maxLength = (int) $maxLength;
+        $this->maxLength = $maxLength;
         return $this;
     }
 
     /**
-     * @return int
+     * Get the maximum length required for passwords.
+     * 0 means no max length.
      */
-    public function getMaxLength()
+    public function getMaxLength(): int
     {
         return $this->maxLength;
     }
 
     /**
-     * @param bool $requireStrongPassword
-     * @return $this
+     * Set whether password strength validation is enforced.
+     * See setMinPasswordStrength()
      */
-    public function setRequireStrongPassword($requireStrongPassword)
+    public function setRequireStrongPassword($requireStrongPassword): static
     {
         $this->requireStrongPassword = (bool) $requireStrongPassword;
         return $this;
     }
 
     /**
-     * @return bool
+     * Get whether password strength validation is enforced.
+     * See setMinPasswordStrength()
      */
-    public function getRequireStrongPassword()
+    public function getRequireStrongPassword(): bool
     {
         return $this->requireStrongPassword;
     }
 
+    /**
+     * Set minimum password strength. Only applies if requireStrongPassword is true
+     * See https://symfony.com/doc/current/reference/constraints/PasswordStrength.html#minscore
+     */
+    public function setMinPasswordStrength(int $strength): static
+    {
+        $this->minPasswordStrength = $strength;
+        return $this;
+    }
+
+    public function getMinPasswordStrength(): int
+    {
+        return $this->minPasswordStrength;
+    }
+
     /**
      * Appends a warning to the right title, or removes that appended warning.
      */

src/Forms/DropdownField.php

@@ -68,7 +68,7 @@ use SilverStripe\Model\ArrayData;
  * DropdownField::create(
  *   'Country',
  *   'Country',
- *   singleton(MyObject::class)->dbObject('Country')->enumValues()
+ *   singleton(MyObject::class)->dbObject('Country')?->enumValues()
  * );
  * </code>
  *

src/Forms/EmailField.php

@@ -2,52 +2,40 @@
 
 namespace SilverStripe\Forms;
 
+use SilverStripe\Core\Validation\ConstraintValidator;
+use Symfony\Component\Validator\Constraints\Email as EmailConstraint;
+
 /**
- * Text input field with validation for correct email format according to RFC 2822.
+ * Text input field with validation for correct email format according to the relevant RFC.
  */
 class EmailField extends TextField
 {
-
     protected $inputType = 'email';
-    /**
-     * {@inheritdoc}
-     */
+
     public function Type()
     {
         return 'email text';
     }
 
     /**
-     * Validates for RFC 2822 compliant email addresses.
-     *
-     * @see http://www.regular-expressions.info/email.html
-     * @see http://www.ietf.org/rfc/rfc2822.txt
+     * Validates for RFC compliant email addresses.
      *
      * @param Validator $validator
-     *
-     * @return string
      */
     public function validate($validator)
     {
-        $result = true;
         $this->value = trim($this->value ?? '');
 
-        $pattern = '^[a-z0-9!#$%&\'*+/=?^_`{|}~-]+(?:\\.[a-z0-9!#$%&\'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?$';
+        $message = _t('SilverStripe\\Forms\\EmailField.VALIDATION', 'Please enter an email address');
+        $result = ConstraintValidator::validate(
+            $this->value,
+            new EmailConstraint(message: $message, mode: EmailConstraint::VALIDATION_MODE_STRICT),
+            $this->getName()
+        );
+        $validator->getResult()->combineAnd($result);
+        $isValid = $result->isValid();
 
-        // Escape delimiter characters.
-        $safePattern = str_replace('/', '\\/', $pattern ?? '');
-
-        if ($this->value && !preg_match('/' . $safePattern . '/i', $this->value ?? '')) {
-            $validator->validationError(
-                $this->name,
-                _t('SilverStripe\\Forms\\EmailField.VALIDATION', 'Please enter an email address'),
-                'validation'
-            );
-
-            $result = false;
-        }
-
-        return $this->extendValidationResult($result, $validator);
+        return $this->extendValidationResult($isValid, $validator);
     }
 
     public function getSchemaValidation()

src/Forms/FieldGroup.php

@@ -154,7 +154,7 @@ class FieldGroup extends CompositeField
         /** @var FormField $subfield */
         $messages = [];
         foreach ($dataFields as $subfield) {
-            $message = $subfield->obj('Message')->forTemplate();
+            $message = $subfield->obj('Message')?->forTemplate();
             if ($message) {
                 $messages[] = rtrim($message ?? '', ".");
             }

src/Forms/FormField.php

@@ -15,6 +15,7 @@ use SilverStripe\Core\Validation\ValidationResult;
 use SilverStripe\View\AttributesHTML;
 use SilverStripe\View\SSViewer;
 use SilverStripe\Model\ModelData;
+use SilverStripe\ORM\DataObject;
 
 /**
  * Represents a field in a form.
@@ -458,7 +459,7 @@ class FormField extends RequestHandler
      *
      * By default, makes use of $this->dataValue()
      *
-     * @param ModelData|DataObjectInterface $record Record to save data into
+     * @param DataObjectInterface $record Record to save data into
      */
     public function saveInto(DataObjectInterface $record)
     {
@@ -469,7 +470,9 @@ class FormField extends RequestHandler
         if (($pos = strrpos($this->name ?? '', '.')) !== false) {
             $relation = substr($this->name ?? '', 0, $pos);
             $fieldName = substr($this->name ?? '', $pos + 1);
-            $component = $record->relObject($relation);
+            if ($record instanceof DataObject) {
+                $component = $record->relObject($relation);
+            }
         }
 
         if ($fieldName && $component) {
@@ -1469,12 +1472,12 @@ class FormField extends RequestHandler
             'schemaType' => $this->getSchemaDataType(),
             'component' => $this->getSchemaComponent(),
             'holderId' => $this->HolderID(),
-            'title' => $this->obj('Title')->getSchemaValue(),
+            'title' => $this->obj('Title')?->getSchemaValue(),
             'source' => null,
             'extraClass' => $this->extraClass(),
-            'description' => $this->obj('Description')->getSchemaValue(),
-            'rightTitle' => $this->obj('RightTitle')->getSchemaValue(),
-            'leftTitle' => $this->obj('LeftTitle')->getSchemaValue(),
+            'description' => $this->obj('Description')?->getSchemaValue(),
+            'rightTitle' => $this->obj('RightTitle')?->getSchemaValue(),
+            'leftTitle' => $this->obj('LeftTitle')?->getSchemaValue(),
             'readOnly' => $this->isReadonly(),
             'disabled' => $this->isDisabled(),
             'customValidationMessage' => $this->getCustomValidationMessage(),

src/Forms/FormScaffolder.php

@@ -115,7 +115,7 @@ class FormScaffolder
                 $fieldObject = $this
                     ->obj
                     ->dbObject($fieldName)
-                    ->scaffoldFormField(null, $this->getParamsArray());
+                    ?->scaffoldFormField(null, $this->getParamsArray());
             }
             // Allow fields to opt-out of scaffolding
             if (!$fieldObject) {
@@ -145,7 +145,7 @@ class FormScaffolder
                     $fieldClass = $this->fieldClasses[$fieldName];
                     $hasOneField = new $fieldClass($fieldName);
                 } else {
-                    $hasOneField = $this->obj->dbObject($fieldName)->scaffoldFormField(null, $this->getParamsArray());
+                    $hasOneField = $this->obj->dbObject($fieldName)?->scaffoldFormField(null, $this->getParamsArray());
                 }
                 if (empty($hasOneField)) {
                     continue; // Allow fields to opt out of scaffolding

src/Forms/HTMLEditor/HTMLEditorField.php

@@ -5,9 +5,11 @@ namespace SilverStripe\Forms\HTMLEditor;
 use SilverStripe\Assets\Shortcodes\ImageShortcodeProvider;
 use SilverStripe\Forms\FormField;
 use SilverStripe\Forms\TextareaField;
-use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\DataObjectInterface;
 use Exception;
+use SilverStripe\Model\ModelData;
+use SilverStripe\ORM\FieldType\DBField;
+use SilverStripe\View\CastingService;
 use SilverStripe\View\Parsers\HTMLValue;
 
 /**
@@ -123,13 +125,9 @@ class HTMLEditorField extends TextareaField
         );
     }
 
-    /**
-     * @param DataObject|DataObjectInterface $record
-     * @throws Exception
-     */
     public function saveInto(DataObjectInterface $record)
     {
-        if ($record->hasField($this->name) && $record->escapeTypeForField($this->name) != 'xml') {
+        if (!$this->usesXmlFriendlyField($record)) {
             throw new Exception(
                 'HTMLEditorField->saveInto(): This field should save into a HTMLText or HTMLVarchar field.'
             );
@@ -225,4 +223,15 @@ class HTMLEditorField extends TextareaField
 
         return $config;
     }
+
+    private function usesXmlFriendlyField(DataObjectInterface $record): bool
+    {
+        if ($record instanceof ModelData && !$record->hasField($this->getName())) {
+            return true;
+        }
+
+        $castingService = CastingService::singleton();
+        $castValue = $castingService->cast($this->Value(), $record, $this->getName());
+        return $castValue instanceof DBField && $castValue::config()->get('escape_type') === 'xml';
+    }
 }

src/Forms/TreeDropdownField.php

@@ -870,14 +870,14 @@ class TreeDropdownField extends FormField implements HasOneRelationFieldInterfac
                 $ancestors = $record->getAncestors(true)->reverse();
 
                 foreach ($ancestors as $parent) {
-                    $title = $parent->obj($this->getTitleField())->getValue();
+                    $title = $parent->obj($this->getTitleField())?->getValue();
                     $titlePath .= $title . '/';
                 }
             }
             $data['data']['valueObject'] = [
-                'id' => $record->obj($this->getKeyField())->getValue(),
-                'title' => $record->obj($this->getTitleField())->getValue(),
-                'treetitle' => $record->obj($this->getLabelField())->getSchemaValue(),
+                'id' => $record->obj($this->getKeyField())?->getValue(),
+                'title' => $record->obj($this->getTitleField())?->getValue(),
+                'treetitle' => $record->obj($this->getLabelField())?->getSchemaValue(),
                 'titlePath' => $titlePath,
             ];
         }

src/Forms/TreeMultiselectField.php

@@ -92,10 +92,10 @@ class TreeMultiselectField extends TreeDropdownField
         foreach ($items as $item) {
             if ($item instanceof DataObject) {
                 $values[] = [
-                    'id' => $item->obj($this->getKeyField())->getValue(),
-                    'title' => $item->obj($this->getTitleField())->getValue(),
+                    'id' => $item->obj($this->getKeyField())?->getValue(),
+                    'title' => $item->obj($this->getTitleField())?->getValue(),
                     'parentid' => $item->ParentID,
-                    'treetitle' => $item->obj($this->getLabelField())->getSchemaValue(),
+                    'treetitle' => $item->obj($this->getLabelField())?->getSchemaValue(),
                 ];
             } else {
                 $values[] = $item;
@@ -212,7 +212,7 @@ class TreeMultiselectField extends TreeDropdownField
             foreach ($items as $item) {
                 $idArray[] = $item->ID;
                 $titleArray[] = ($item instanceof ModelData)
-                    ? $item->obj($this->getLabelField())->forTemplate()
+                    ? $item->obj($this->getLabelField())?->forTemplate()
                     : Convert::raw2xml($item->{$this->getLabelField()});
             }
 

src/Forms/UrlField.php

@@ -7,10 +7,24 @@ use Symfony\Component\Validator\Constraints\Url;
 
 /**
  * Text input field with validation for a url
- * Url must include a scheme, either http:// or https://
+ * Url must include a protocol (aka scheme) such as https:// or http://
  */
 class UrlField extends TextField
 {
+    /**
+     * The default set of protocols allowed for valid URLs
+     */
+    private static array $default_protocols = ['https', 'http'];
+
+    /**
+     * The default value for whether a relative protocol (// on its own) is allowed
+     */
+    private static bool $default_allow_relative_protocol = false;
+
+    private array $protocols = [];
+
+    private ?bool $allowRelativeProtocol = null;
+
     public function Type()
     {
         return 'text url';
@@ -18,15 +32,66 @@ class UrlField extends TextField
 
     public function validate($validator)
     {
-        $result = true;
-        if ($this->value && !ConstraintValidator::validate($this->value, new Url())->isValid()) {
-            $validator->validationError(
-                $this->name,
-                _t(__CLASS__ . '.INVALID', 'Please enter a valid URL'),
-                'validation'
-            );
-            $result = false;
+        $allowedProtocols = $this->getAllowedProtocols();
+        $message = _t(
+            __CLASS__ . '.INVALID_WITH_PROTOCOL',
+            'Please enter a valid URL including a protocol, e.g {protocol}://example.com',
+            ['protocol' => $allowedProtocols[0]]
+        );
+        $result = ConstraintValidator::validate(
+            $this->value,
+            new Url(
+                message: $message,
+                protocols: $allowedProtocols,
+                relativeProtocol: $this->getAllowRelativeProtocol()
+            ),
+            $this->getName()
+        );
+        $validator->getResult()->combineAnd($result);
+        $isValid = $result->isValid();
+        return $this->extendValidationResult($isValid, $validator);
+    }
+
+    /**
+     * Set which protocols valid URLs are allowed to have.
+     * Passing an empty array will result in using configured defaults.
+     */
+    public function setAllowedProtocols(array $protocols): static
+    {
+        $this->protocols = $protocols;
+        return $this;
+    }
+
+    /**
+     * Get which protocols valid URLs are allowed to have
+     */
+    public function getAllowedProtocols(): array
+    {
+        $protocols = $this->protocols;
+        if (empty($protocols)) {
+            $protocols = static::config()->get('default_protocols');
         }
-        return $this->extendValidationResult($result, $validator);
+        // Ensure the array isn't associative so we can use 0 index in validate().
+        return array_values($protocols);
+    }
+
+    /**
+     * Set whether a relative protocol (// on its own) is allowed
+     */
+    public function setAllowRelativeProtocol(?bool $allow): static
+    {
+        $this->allowRelativeProtocol = $allow;
+        return $this;
+    }
+
+    /**
+     * Get whether a relative protocol (// on its own) is allowed
+     */
+    public function getAllowRelativeProtocol(): bool
+    {
+        if ($this->allowRelativeProtocol === null) {
+            return static::config()->get('default_allow_relative_protocol');
+        }
+        return $this->allowRelativeProtocol;
     }
 }

src/Model/List/ListDecorator.php

@@ -56,7 +56,9 @@ abstract class ListDecorator extends ModelData implements SS_List, Sortable, Fil
     public function setList(SS_List&Sortable&Filterable&Limitable $list): ListDecorator
     {
         $this->list = $list;
-        $this->failover = $this->list;
+        if ($list instanceof ModelData) {
+            $this->setFailover($list);
+        }
         return $this;
     }
 

src/Model/ModelData.php

@@ -12,14 +12,14 @@ use SilverStripe\Core\Config\Configurable;
 use SilverStripe\Core\Convert;
 use SilverStripe\Core\Extensible;
 use SilverStripe\Core\Injector\Injectable;
-use SilverStripe\Core\Injector\Injector;
 use SilverStripe\Dev\Debug;
 use SilverStripe\Core\ArrayLib;
-use SilverStripe\Model\List\ArrayList;
 use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\FieldType\DBHTMLText;
 use SilverStripe\Model\ArrayData;
+use SilverStripe\View\CastingService;
 use SilverStripe\View\SSViewer;
+use Stringable;
 use UnexpectedValueException;
 
 /**
@@ -29,7 +29,7 @@ use UnexpectedValueException;
  * is provided and automatically escaped by ModelData. Any class that needs to be available to a view (controllers,
  * {@link DataObject}s, page controls) should inherit from this class.
  */
-class ModelData
+class ModelData implements Stringable
 {
     use Extensible {
         defineMethods as extensibleDefineMethods;
@@ -38,7 +38,7 @@ class ModelData
     use Configurable;
 
     /**
-     * An array of objects to cast certain fields to. This is set up as an array in the format:
+     * An array of DBField classes to cast certain fields to. This is set up as an array in the format:
      *
      * <code>
      * public static $casting = array (
@@ -47,16 +47,18 @@ class ModelData
      * </code>
      */
     private static array $casting = [
-        'CSSClasses' => 'Varchar'
+        'CSSClasses' => 'Varchar',
+        'forTemplate' => 'HTMLText',
     ];
 
     /**
-     * The default object to cast scalar fields to if casting information is not specified, and casting to an object
+     * The default class to cast scalar fields to if casting information is not specified, and casting to an object
      * is required.
+     * This can be any injectable service name but must resolve to a DBField subclass.
+     *
+     * If null, casting will be determined based on the type of value (e.g. integers will be cast to DBInt)
      */
-    private static string $default_cast = 'Text';
-
-    private static array $casting_cache = [];
+    private static ?string $default_cast = null;
 
     /**
      * Acts as a PHP 8.2+ compliant replacement for dynamic properties
@@ -251,8 +253,7 @@ class ModelData
     // -----------------------------------------------------------------------------------------------------------------
 
     /**
-     * Add methods from the {@link ModelData::$failover} object, as well as wrapping any methods prefixed with an
-     * underscore into a {@link ModelData::cachedCall()}.
+     * Add methods from the {@link ModelData::$failover} object
      *
      * @throws LogicException
      */
@@ -305,12 +306,18 @@ class ModelData
         return true;
     }
 
-    /**
-     * Return the class name (though subclasses may return something else)
-     */
     public function __toString(): string
     {
-        return static::class;
+        return $this->forTemplate();
+    }
+
+    /**
+     * Return the HTML markup that represents this model when it is directly injected into a template (e.g. using $Me).
+     * By default this attempts to render the model using templates based on the class hierarchy.
+     */
+    public function forTemplate(): string
+    {
+        return $this->renderWith($this->getViewerTemplates());
     }
 
     public function getCustomisedObj(): ?ModelData
@@ -326,14 +333,10 @@ class ModelData
     // CASTING ---------------------------------------------------------------------------------------------------------
 
     /**
-     * Return the "casting helper" (a piece of PHP code that when evaluated creates a casted value object)
+     * Return the "casting helper" (an injectable service name)
      * for a field on this object. This helper will be a subclass of DBField.
-     *
-     * @param bool $useFallback If true, fall back on the default casting helper if there isn't an explicit one.
-     * @return string|null Casting helper As a constructor pattern, and may include arguments.
-     * @throws Exception
      */
-    public function castingHelper(string $field, bool $useFallback = true): ?string
+    public function castingHelper(string $field): ?string
     {
         // Get casting if it has been configured.
         // DB fields and PHP methods are all case insensitive so we normalise casing before checking.
@@ -346,67 +349,15 @@ class ModelData
         // If no specific cast is declared, fall back to failover.
         $failover = $this->getFailover();
         if ($failover) {
-            $cast = $failover->castingHelper($field, $useFallback);
+            $cast = $failover->castingHelper($field);
             if ($cast) {
                 return $cast;
             }
         }
 
-        if ($useFallback) {
-            return $this->defaultCastingHelper($field);
-        }
-
         return null;
     }
 
-    /**
-     * Return the default "casting helper" for use when no explicit casting helper is defined.
-     * This helper will be a subclass of DBField. See castingHelper()
-     */
-    protected function defaultCastingHelper(string $field): string
-    {
-        // If there is a failover, the default_cast will always
-        // be drawn from this object instead of the top level object.
-        $failover = $this->getFailover();
-        if ($failover) {
-            $cast = $failover->defaultCastingHelper($field);
-            if ($cast) {
-                return $cast;
-            }
-        }
-
-        // Fall back to raw default_cast
-        $default = $this->config()->get('default_cast');
-        if (empty($default)) {
-            throw new Exception('No default_cast');
-        }
-        return $default;
-    }
-
-    /**
-     * Get the class name a field on this object will be casted to.
-     */
-    public function castingClass(string $field): string
-    {
-        // Strip arguments
-        $spec = $this->castingHelper($field);
-        return trim(strtok($spec ?? '', '(') ?? '');
-    }
-
-    /**
-     * Return the string-format type for the given field.
-     *
-     * @return string 'xml'|'raw'
-     */
-    public function escapeTypeForField(string $field): string
-    {
-        $class = $this->castingClass($field) ?: $this->config()->get('default_cast');
-
-        /** @var DBField $type */
-        $type = Injector::inst()->get($class, true);
-        return $type->config()->get('escape_type');
-    }
-
     // TEMPLATE ACCESS LAYER -------------------------------------------------------------------------------------------
 
     /**
@@ -440,27 +391,11 @@ class ModelData
     }
 
     /**
-     * Generate the cache name for a field
-     *
-     * @param string $fieldName Name of field
-     * @param array $arguments List of optional arguments given
-     * @return string
+     * Get a cached value from the field cache for a field
      */
-    protected function objCacheName($fieldName, $arguments)
-    {
-        return $arguments
-            ? $fieldName . ":" . var_export($arguments, true)
-            : $fieldName;
-    }
-
-    /**
-     * Get a cached value from the field cache
-     *
-     * @param string $key Cache key
-     * @return mixed
-     */
-    protected function objCacheGet($key)
+    public function objCacheGet(string $fieldName, array $arguments = []): mixed
     {
+        $key = $this->objCacheName($fieldName, $arguments);
         if (isset($this->objCache[$key])) {
             return $this->objCache[$key];
         }
@@ -468,14 +403,11 @@ class ModelData
     }
 
     /**
-     * Store a value in the field cache
-     *
-     * @param string $key Cache key
-     * @param mixed $value
-     * @return $this
+     * Store a value in the field cache for a field
      */
-    protected function objCacheSet($key, $value)
+    public function objCacheSet(string $fieldName, array $arguments, mixed $value): static
     {
+        $key = $this->objCacheName($fieldName, $arguments);
         $this->objCache[$key] = $value;
         return $this;
     }
@@ -485,7 +417,7 @@ class ModelData
      *
      * @return $this
      */
-    protected function objCacheClear()
+    public function objCacheClear()
     {
         $this->objCache = [];
         return $this;
@@ -497,82 +429,40 @@ class ModelData
      *
      * @return object|DBField|null The specific object representing the field, or null if there is no
      * property, method, or dynamic data available for that field.
-     * Note that if there is a property or method that returns null, a relevant DBField instance will
-     * be returned.
      */
     public function obj(
         string $fieldName,
         array $arguments = [],
-        bool $cache = false,
-        ?string $cacheName = null
+        bool $cache = false
     ): ?object {
-        $hasObj = false;
-        if (!$cacheName && $cache) {
-            $cacheName = $this->objCacheName($fieldName, $arguments);
-        }
-
         // Check pre-cached value
-        $value = $cache ? $this->objCacheGet($cacheName) : null;
-        if ($value !== null) {
-            return $value;
-        }
+        $value = $cache ? $this->objCacheGet($fieldName, $arguments) : null;
+        if ($value === null) {
+            $hasObj = false;
+            // Load value from record
+            if ($this->hasMethod($fieldName)) {
+                // Try methods first - there's a LOT of logic that assumes this will be checked first.
+                $hasObj = true;
+                $value = call_user_func_array([$this, $fieldName], $arguments ?: []);
+            } else {
+                // Try fields and getters if there was no method with that name.
+                $hasObj = $this->hasField($fieldName) || ($this->hasMethod("get{$fieldName}") && $this->isAccessibleMethod("get{$fieldName}"));
+                $value = $this->$fieldName;// @TODO may need _get() explicitly here
+            }
 
-        // Load value from record
-        if ($this->hasMethod($fieldName)) {
-            $hasObj = true;
-            $value = call_user_func_array([$this, $fieldName], $arguments ?: []);
-        } else {
-            $hasObj = $this->hasField($fieldName) || ($this->hasMethod("get{$fieldName}") && $this->isAccessibleMethod("get{$fieldName}"));
-            $value = $this->$fieldName;
-        }
+            // Record in cache
+            if ($value !== null && $cache) {
+                $this->objCacheSet($fieldName, $arguments, $value);
+            }
 
-        // Return null early if there's no backing for this field
-        // i.e. no poperty, no method, etc - it just doesn't exist on this model.
-        if (!$hasObj && $value === null) {
-            return null;
-        }
-
-        // Try to cast object if we have an explicit cast set
-        if (!is_object($value)) {
-            $castingHelper = $this->castingHelper($fieldName, false);
-            if ($castingHelper !== null) {
-                $valueObject = Injector::inst()->create($castingHelper, $fieldName);
-                $valueObject->setValue($value, $this);
-                $value = $valueObject;
+            // Return null early if there's no backing for this field
+            // i.e. no poperty, no method, etc - it just doesn't exist on this model.
+            if (!$hasObj && $value === null) {
+                return null;
             }
         }
 
-        // Wrap list arrays in ModelData so templates can handle them
-        if (is_array($value) && array_is_list($value)) {
-            $value = ArrayList::create($value);
-        }
-
-        // Fallback on default casting
-        if (!is_object($value)) {
-            // Force cast
-            $castingHelper = $this->defaultCastingHelper($fieldName);
-            $valueObject = Injector::inst()->create($castingHelper, $fieldName);
-            $valueObject->setValue($value, $this);
-            $value = $valueObject;
-        }
-
-        // Record in cache
-        if ($cache) {
-            $this->objCacheSet($cacheName, $value);
-        }
-
-        return $value;
-    }
-
-    /**
-     * A simple wrapper around {@link ModelData::obj()} that automatically caches the result so it can be used again
-     * without re-running the method.
-     *
-     * @return Object|DBField
-     */
-    public function cachedCall(string $fieldName, array $arguments = [], ?string $cacheName = null): object
-    {
-        return $this->obj($fieldName, $arguments, true, $cacheName);
+        return CastingService::singleton()->cast($value, $this, $fieldName, true);
     }
 
     /**
@@ -677,4 +567,14 @@ class ModelData
     {
         return ModelDataDebugger::create($this);
     }
+
+    /**
+     * Generate the cache name for a field
+     */
+    private function objCacheName(string $fieldName, array $arguments = []): string
+    {
+        return empty($arguments)
+            ? $fieldName
+            : $fieldName . ":" . var_export($arguments, true);
+    }
 }

src/Model/ModelDataCustomised.php

@@ -49,17 +49,22 @@ class ModelDataCustomised extends ModelData
         return isset($this->customised->$property) || isset($this->original->$property) || parent::__isset($property);
     }
 
+    public function forTemplate(): string
+    {
+        return $this->original->forTemplate();
+    }
+
     public function hasMethod($method)
     {
         return $this->customised->hasMethod($method) || $this->original->hasMethod($method);
     }
 
-    public function cachedCall(string $fieldName, array $arguments = [], ?string $cacheName = null): object
+    public function castingHelper(string $field): ?string
     {
-        if ($this->customisedHas($fieldName)) {
-            return $this->customised->cachedCall($fieldName, $arguments, $cacheName);
+        if ($this->customisedHas($field)) {
+            return $this->customised->castingHelper($field);
         }
-        return $this->original->cachedCall($fieldName, $arguments, $cacheName);
+        return $this->original->castingHelper($field);
     }
 
     public function obj(
@@ -74,10 +79,15 @@ class ModelDataCustomised extends ModelData
         return $this->original->obj($fieldName, $arguments, $cache, $cacheName);
     }
 
-    private function customisedHas(string $fieldName): bool
+    public function customisedHas(string $fieldName): bool
     {
         return property_exists($this->customised, $fieldName) ||
             $this->customised->hasField($fieldName) ||
             $this->customised->hasMethod($fieldName);
     }
+
+    public function getCustomisedModelData(): ?ModelData
+    {
+        return $this->customised;
+    }
 }

src/ORM/DataList.php

@@ -19,6 +19,7 @@ use SilverStripe\Model\List\Limitable;
 use SilverStripe\Model\List\Map;
 use SilverStripe\Model\List\Sortable;
 use SilverStripe\Model\List\SS_List;
+use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\Filters\SearchFilterable;
 
 /**
@@ -1852,7 +1853,7 @@ class DataList extends ModelData implements SS_List, Filterable, Sortable, Limit
         return $relation;
     }
 
-    public function dbObject($fieldName)
+    public function dbObject(string $fieldName): ?DBField
     {
         return singleton($this->dataClass)->dbObject($fieldName);
     }

src/ORM/DataObject.php

@@ -104,9 +104,6 @@ use stdClass;
  * }
  * </code>
  *
- * If any public method on this class is prefixed with an underscore,
- * the results are cached in memory through {@link cachedCall()}.
- *
  * @property int $ID ID of the DataObject, 0 if the DataObject doesn't exist in database.
  * @property int $OldID ID of object, if deleted
  * @property string $Title
@@ -3033,7 +3030,7 @@ class DataObject extends ModelData implements DataObjectInterface, i18nEntityPro
     /**
      * {@inheritdoc}
      */
-    public function castingHelper(string $field, bool $useFallback = true): ?string
+    public function castingHelper(string $field): ?string
     {
         $fieldSpec = static::getSchema()->fieldSpec(static::class, $field);
         if ($fieldSpec) {
@@ -3051,7 +3048,7 @@ class DataObject extends ModelData implements DataObjectInterface, i18nEntityPro
             }
         }
 
-        return parent::castingHelper($field, $useFallback);
+        return parent::castingHelper($field);
     }
 
     /**
@@ -3234,11 +3231,11 @@ class DataObject extends ModelData implements DataObjectInterface, i18nEntityPro
      *   - it still returns an object even when the field has no value.
      *   - it only matches fields and not methods
      *   - it matches foreign keys generated by has_one relationships, eg, "ParentID"
+     *   - if the field exists, the return value is ALWAYS a DBField instance
      *
-     * @param string $fieldName Name of the field
-     * @return DBField The field as a DBField object
+     * Returns null if the field doesn't exist
      */
-    public function dbObject($fieldName)
+    public function dbObject(string $fieldName): ?DBField
     {
         // Check for field in DB
         $schema = static::getSchema();
@@ -3306,7 +3303,7 @@ class DataObject extends ModelData implements DataObjectInterface, i18nEntityPro
             } elseif ($component instanceof Relation || $component instanceof DataList) {
                 // $relation could either be a field (aggregate), or another relation
                 $singleton = DataObject::singleton($component->dataClass());
-                $component = $singleton->dbObject($relation) ?: $component->relation($relation);
+                $component = $singleton->dbObject($relation) ?? $component->relation($relation);
             } elseif ($component instanceof DataObject && ($dbObject = $component->dbObject($relation))) {
                 $component = $dbObject;
             } elseif ($component instanceof ModelData && $component->hasField($relation)) {
@@ -4399,7 +4396,7 @@ class DataObject extends ModelData implements DataObjectInterface, i18nEntityPro
         // has_one fields should not use dbObject to check if a value is given
         $hasOne = static::getSchema()->hasOneComponent(static::class, $field);
         if (!$hasOne && ($obj = $this->dbObject($field))) {
-            return $obj->exists();
+            return $obj && $obj->exists();
         } else {
             return parent::hasValue($field, $arguments, $cache);
         }

src/ORM/EagerLoadedList.php

@@ -171,7 +171,7 @@ class EagerLoadedList extends ModelData implements Relation, SS_List, Filterable
         return $this->dataClass;
     }
 
-    public function dbObject($fieldName): ?DBField
+    public function dbObject(string $fieldName): ?DBField
     {
         return singleton($this->dataClass)->dbObject($fieldName);
     }

src/ORM/FieldType/DBComposite.php

@@ -73,7 +73,7 @@ abstract class DBComposite extends DBField
         foreach ($this->compositeDatabaseFields() as $field => $spec) {
             // Write sub-manipulation
             $fieldObject = $this->dbObject($field);
-            $fieldObject->writeToManipulation($manipulation);
+            $fieldObject?->writeToManipulation($manipulation);
         }
     }
 
@@ -137,7 +137,7 @@ abstract class DBComposite extends DBField
         // By default all fields
         foreach ($this->compositeDatabaseFields() as $field => $spec) {
             $fieldObject = $this->dbObject($field);
-            if (!$fieldObject->exists()) {
+            if (!$fieldObject?->exists()) {
                 return false;
             }
         }

src/ORM/FieldType/DBField.php

@@ -520,11 +520,6 @@ abstract class DBField extends ModelData implements DBIndexable
 DBG;
     }
 
-    public function __toString(): string
-    {
-        return (string)$this->forTemplate();
-    }
-
     public function getArrayValue()
     {
         return $this->arrayValue;

src/ORM/FieldType/DBVarchar.php

@@ -47,7 +47,7 @@ class DBVarchar extends DBString
      * can be useful if you want to have text fields with a length limit that
      * is dictated by the DB field.
      *
-     * TextField::create('Title')->setMaxLength(singleton('SiteTree')->dbObject('Title')->getSize())
+     * TextField::create('Title')->setMaxLength(singleton('SiteTree')->dbObject('Title')?->getSize())
      *
      * @return int The size of the field
      */

src/ORM/Filters/SearchFilter.php

@@ -339,7 +339,7 @@ abstract class SearchFilter
 
         /** @var DBField $dbField */
         $dbField = singleton($this->model)->dbObject($this->name);
-        $dbField->setValue($this->value);
+        $dbField?->setValue($this->value);
         return $dbField->RAW();
     }
 

src/ORM/Relation.php

@@ -45,9 +45,6 @@ interface Relation extends SS_List, Filterable, Sortable, Limitable
 
     /**
      * Return the DBField object that represents the given field on the related class.
-     *
-     * @param string $fieldName Name of the field
-     * @return DBField The field as a DBField object
      */
-    public function dbObject($fieldName);
+    public function dbObject(string $fieldName): ?DBField;
 }

src/ORM/UnsavedRelationList.php

@@ -307,11 +307,8 @@ class UnsavedRelationList extends ArrayList implements Relation
 
     /**
      * Return the DBField object that represents the given field on the related class.
-     *
-     * @param string $fieldName Name of the field
-     * @return DBField The field as a DBField object
      */
-    public function dbObject($fieldName)
+    public function dbObject(string $fieldName): ?DBField
     {
         return DataObject::singleton($this->dataClass)->dbObject($fieldName);
     }

src/PolyExecution/PolyOutput.php

@@ -226,9 +226,6 @@ class PolyOutput extends Output
     {
         $listInfo = $this->listTypeStack[array_key_last($this->listTypeStack)];
         $listType = $listInfo['type'];
-        if ($listType === PolyOutput::LIST_ORDERED) {
-            echo '';
-        }
         if ($options === null) {
             $options = $listInfo['options'];
         }

src/Security/Member.php

@@ -45,7 +45,8 @@ use SilverStripe\Forms\FormField;
 use SilverStripe\Forms\SearchableDropdownField;
 use SilverStripe\Forms\SearchableMultiDropdownField;
 use SilverStripe\ORM\FieldType\DBForeignKey;
-use SilverStripe\Dev\Deprecation;
+use SilverStripe\Security\Validation\PasswordValidator;
+use SilverStripe\Security\Validation\RulesPasswordValidator;
 
 /**
  * The member class which represents the users of the system
@@ -342,7 +343,7 @@ class Member extends DataObject
     {
         /** @var DBDatetime $lockedOutUntilObj */
         $lockedOutUntilObj = $this->dbObject('LockedOutUntil');
-        if ($lockedOutUntilObj->InFuture()) {
+        if ($lockedOutUntilObj?->InFuture()) {
             return true;
         }
 
@@ -369,7 +370,7 @@ class Member extends DataObject
         /** @var DBDatetime $firstFailureDate */
         $firstFailureDate = $attempts->first()->dbObject('Created');
         $maxAgeSeconds = $this->config()->get('lock_out_delay_mins') * 60;
-        $lockedOutUntil = $firstFailureDate->getTimestamp() + $maxAgeSeconds;
+        $lockedOutUntil = $firstFailureDate?->getTimestamp() + $maxAgeSeconds;
         $now = DBDatetime::now()->getTimestamp();
         if ($now < $lockedOutUntil) {
             return true;
@@ -380,10 +381,8 @@ class Member extends DataObject
 
     /**
      * Set a {@link PasswordValidator} object to use to validate member's passwords.
-     *
-     * @param PasswordValidator $validator
      */
-    public static function set_password_validator(PasswordValidator $validator = null)
+    public static function set_password_validator(?PasswordValidator $validator = null)
     {
         // Override existing config
         Config::modify()->remove(Injector::class, PasswordValidator::class);
@@ -396,13 +395,11 @@ class Member extends DataObject
 
     /**
      * Returns the default {@link PasswordValidator}
-     *
-     * @return PasswordValidator|null
      */
-    public static function password_validator()
+    public static function password_validator(): ?PasswordValidator
     {
         if (Injector::inst()->has(PasswordValidator::class)) {
-            return Deprecation::withSuppressedNotice(fn() => Injector::inst()->get(PasswordValidator::class));
+            return Injector::inst()->get(PasswordValidator::class);
         }
         return null;
     }
@@ -429,7 +426,7 @@ class Member extends DataObject
         $currentValue = $this->PasswordExpiry;
         $currentDate = $this->dbObject('PasswordExpiry');
 
-        if ($dataValue && (!$currentValue || $currentDate->inFuture())) {
+        if ($dataValue && (!$currentValue || $currentDate?->inFuture())) {
             // Only alter future expiries - this way an admin could see how long ago a password expired still
             $this->PasswordExpiry = DBDatetime::now()->Rfc2822();
         } elseif (!$dataValue && $this->isPasswordExpired()) {
@@ -1779,11 +1776,16 @@ class Member extends DataObject
     {
         $password = '';
         $validator = Member::password_validator();
-        if ($length && $validator && $length < $validator->getMinLength()) {
-            throw new InvalidArgumentException('length argument is less than password validator minLength');
+        if ($validator instanceof RulesPasswordValidator) {
+            $validatorMinLength = $validator->getMinLength();
+            if ($length && $length < $validatorMinLength) {
+                throw new InvalidArgumentException('length argument is less than password validator minLength');
+            }
+        } else {
+            // Make sure the password is long enough to beat even very strict entropy tests
+            $validatorMinLength = 128;
         }
-        $validatorMinLength = $validator ? $validator->getMinLength() : 0;
-        $len = $length ?: max($validatorMinLength, 20);
+        $len = max($length, $validatorMinLength, 20);
         // The default PasswordValidator checks the password includes the following four character sets
         $charsets = [
             'abcdefghijklmnopqrstuvwyxz',

src/Security/PermissionCheckboxSetField.php

@@ -117,7 +117,7 @@ class PermissionCheckboxSetField extends FormField
                 $uninheritedCodes[$permission->Code][] = _t(
                     'SilverStripe\\Security\\PermissionCheckboxSetField.AssignedTo',
                     'assigned to "{title}"',
-                    ['title' => $record->dbObject('Title')->forTemplate()]
+                    ['title' => $record->dbObject('Title')?->forTemplate()]
                 );
             }
 
@@ -135,7 +135,7 @@ class PermissionCheckboxSetField extends FormField
                                 'SilverStripe\\Security\\PermissionCheckboxSetField.FromRole',
                                 'inherited from role "{title}"',
                                 'A permission inherited from a certain permission role',
-                                ['title' => $role->dbObject('Title')->forTemplate()]
+                                ['title' => $role->dbObject('Title')?->forTemplate()]
                             );
                         }
                     }
@@ -159,8 +159,8 @@ class PermissionCheckboxSetField extends FormField
                                         'inherited from role "{roletitle}" on group "{grouptitle}"',
                                         'A permission inherited from a role on a certain group',
                                         [
-                                            'roletitle' => $role->dbObject('Title')->forTemplate(),
-                                            'grouptitle' => $parent->dbObject('Title')->forTemplate()
+                                            'roletitle' => $role->dbObject('Title')?->forTemplate(),
+                                            'grouptitle' => $parent->dbObject('Title')?->forTemplate()
                                         ]
                                     );
                                 }
@@ -176,7 +176,7 @@ class PermissionCheckboxSetField extends FormField
                                     'SilverStripe\\Security\\PermissionCheckboxSetField.FromGroup',
                                     'inherited from group "{title}"',
                                     'A permission inherited from a certain group',
-                                    ['title' => $parent->dbObject('Title')->forTemplate()]
+                                    ['title' => $parent->dbObject('Title')?->forTemplate()]
                                 );
                             }
                         }

src/Security/Validation/EntropyPasswordValidator.php

@@ -0,0 +1,33 @@
+<?php
+
+namespace SilverStripe\Security\Validation;
+
+use SilverStripe\Core\Extensible;
+use SilverStripe\Core\Validation\ConstraintValidator;
+use SilverStripe\Core\Validation\ValidationResult;
+use SilverStripe\Security\Member;
+use Symfony\Component\Validator\Constraints\NotBlank;
+use Symfony\Component\Validator\Constraints\PasswordStrength;
+
+/**
+ * Validates passwords based on entropy.
+ */
+class EntropyPasswordValidator extends PasswordValidator
+{
+    use Extensible;
+
+    /**
+     * The strength of a valid password.
+     * See https://symfony.com/doc/current/reference/constraints/PasswordStrength.html#minscore
+     */
+    private static int $password_strength = PasswordStrength::STRENGTH_STRONG;
+
+    public function validate(string $password, Member $member): ValidationResult
+    {
+        $minScore = static::config()->get('password_strength');
+        $result = ConstraintValidator::validate($password, [new PasswordStrength(minScore: $minScore), new NotBlank()]);
+        $result->combineAnd(parent::validate($password, $member));
+        $this->extend('updateValidatePassword', $password, $member, $result, $this);
+        return $result;
+    }
+}

src/Security/Validation/PasswordValidator.php

@@ -0,0 +1,72 @@
+<?php
+
+namespace SilverStripe\Security\Validation;
+
+use SilverStripe\Core\Config\Configurable;
+use SilverStripe\Core\Injector\Injectable;
+use SilverStripe\ORM\DataObject;
+use SilverStripe\Core\Validation\ValidationResult;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\MemberPassword;
+
+/**
+ * Abstract validator with functionality for checking for reusing old passwords.
+ */
+abstract class PasswordValidator
+{
+    use Injectable;
+    use Configurable;
+
+    /**
+     * Default number of previous passwords to check for a reusing old passwords.
+     */
+    private static int $historic_count = 6;
+
+    protected ?int $historicalPasswordCount = null;
+
+    public function validate(string $password, Member $member): ValidationResult
+    {
+        $result = ValidationResult::create();
+
+        $historicCount = $this->getHistoricCount();
+        if ($historicCount) {
+            $idColumn = DataObject::getSchema()->sqlColumnForField(MemberPassword::class, 'MemberID');
+            $previousPasswords = MemberPassword::get()
+                ->where([$idColumn => $member->ID])
+                ->sort(['Created' => 'DESC', 'ID' => 'DESC'])
+                ->limit($historicCount);
+            foreach ($previousPasswords as $previousPassword) {
+                if ($previousPassword->checkPassword($password)) {
+                    $error = _t(
+                        PasswordValidator::class . '.PREVPASSWORD',
+                        'You\'ve already used that password in the past, please choose a new password'
+                    );
+                    $result->addError($error, 'bad', 'PREVIOUS_PASSWORD');
+                    break;
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Get the number of previous passwords to check for a reusing old passwords.
+     */
+    public function getHistoricCount(): int
+    {
+        if ($this->historicalPasswordCount !== null) {
+            return $this->historicalPasswordCount;
+        }
+        return $this->config()->get('historic_count') ?? 0;
+    }
+
+    /**
+     * Set the number of previous passwords to check for a reusing old passwords.
+     */
+    public function setHistoricCount(int $count): static
+    {
+        $this->historicalPasswordCount = $count;
+        return $this;
+    }
+}

src/Security/Validation/RulesPasswordValidator.php

@@ -1,39 +1,32 @@
 <?php
 
-namespace SilverStripe\Security;
+namespace SilverStripe\Security\Validation;
 
-use SilverStripe\Core\Config\Configurable;
 use SilverStripe\Core\Extensible;
-use SilverStripe\Core\Injector\Injectable;
 use SilverStripe\Core\Validation\ValidationResult;
-use SilverStripe\Dev\Deprecation;
+use SilverStripe\Security\Member;
 
 /**
- * This class represents a validator for member passwords.
+ * Validates passwords based on a set of regex rules about what the password must contain.
  *
  * <code>
  * $pwdVal = new PasswordValidator();
  * $pwdValidator->setMinLength(7);
- * $pwdValidator->checkHistoricalPasswords(6);
+ * $pwdValidator->setHistoricCount(6);
  * $pwdValidator->setMinTestScore(3);
  * $pwdValidator->setTestNames(array("lowercase", "uppercase", "digits", "punctuation"));
  *
  * Member::set_password_validator($pwdValidator);
  * </code>
- *
- * @deprecated 5.4.0 Will be renamed to SilverStripe\Security\Validation\RulesPasswordValidator
  */
-class PasswordValidator
+class RulesPasswordValidator extends PasswordValidator
 {
-    use Injectable;
-    use Configurable;
     use Extensible;
 
     /**
-     * @config
-     * @var array
+     * Regex to test the password against. See min_test_score.
      */
-    private static $character_strength_tests = [
+    private static array $character_strength_tests = [
         'lowercase' => '/[a-z]/',
         'uppercase' => '/[A-Z]/',
         'digits' => '/[0-9]/',
@@ -41,89 +34,62 @@ class PasswordValidator
     ];
 
     /**
-     * @config
-     * @var int
+     * Default minimum number of characters for a valid password.
      */
-    private static $min_length = null;
+    private static int $min_length = 8;
 
     /**
-     * @config
-     * @var int
+     * Default minimum test score for a valid password.
+     * The test score is the number of character_strength_tests that the password matches.
      */
-    private static $min_test_score = null;
+    private static int $min_test_score = 0;
 
-    /**
-     * @config
-     * @var int
-     */
-    private static $historic_count = null;
+    protected ?int $minLength = null;
 
-    /**
-     * @var int
-     */
-    protected $minLength = null;
-
-    /**
-     * @var int
-     */
-    protected $minScore = null;
+    protected ?int $minScore = null;
 
     /**
      * @var string[]
      */
-    protected $testNames = null;
+    protected ?array $testNames = null;
 
     /**
-     * @var int
+     * Get the minimum number of characters for a valid password.
      */
-    protected $historicalPasswordCount = null;
-
-    public function __construct()
-    {
-        Deprecation::notice(
-            '5.4.0',
-            'Will be renamed to SilverStripe\Security\Validation\RulesPasswordValidator',
-            Deprecation::SCOPE_CLASS
-        );
-    }
-
-    /**
-     * @return int
-     */
-    public function getMinLength()
+    public function getMinLength(): int
     {
         if ($this->minLength !== null) {
             return $this->minLength;
         }
-        return $this->config()->get('min_length');
+        return $this->config()->get('min_length') ?? 0;
     }
 
     /**
-     * @param int $minLength
-     * @return $this
+     * Set the minimum number of characters for a valid password.
      */
-    public function setMinLength($minLength)
+    public function setMinLength(int $minLength): static
     {
         $this->minLength = $minLength;
         return $this;
     }
 
     /**
-     * @return integer
+     * Get the minimum test score for a valid password.
+     * The test score is the number of character_strength_tests that the password matches.
      */
-    public function getMinTestScore()
+    public function getMinTestScore(): int
     {
         if ($this->minScore !== null) {
             return $this->minScore;
         }
-        return $this->config()->get('min_test_score');
+        return $this->config()->get('min_test_score') ?? 0;
     }
 
     /**
-     * @param int $minScore
-     * @return $this
+     * Set the minimum test score for a valid password.
+     * The test score is the number of character_strength_tests that the password matches.
      */
-    public function setMinTestScore($minScore)
+    public function setMinTestScore(int $minScore): static
     {
         $this->minScore = $minScore;
         return $this;
@@ -134,7 +100,7 @@ class PasswordValidator
      *
      * @return string[]
      */
-    public function getTestNames()
+    public function getTestNames(): array
     {
         if ($this->testNames !== null) {
             return $this->testNames;
@@ -146,51 +112,22 @@ class PasswordValidator
      * Set list of tests to use for this validator
      *
      * @param string[] $testNames
-     * @return $this
      */
-    public function setTestNames($testNames)
+    public function setTestNames(array $testNames): static
     {
         $this->testNames = $testNames;
         return $this;
     }
 
-    /**
-     * @return int
-     */
-    public function getHistoricCount()
-    {
-        if ($this->historicalPasswordCount !== null) {
-            return $this->historicalPasswordCount;
-        }
-        return $this->config()->get('historic_count');
-    }
-
-    /**
-     * @param int $count
-     * @return $this
-     */
-    public function setHistoricCount($count)
-    {
-        $this->historicalPasswordCount = $count;
-        return $this;
-    }
-
     /**
      * Gets all possible tests
-     *
-     * @return array
      */
-    public function getTests()
+    public function getTests(): array
     {
         return $this->config()->get('character_strength_tests');
     }
 
-    /**
-     * @param string $password
-     * @param Member $member
-     * @return ValidationResult
-     */
-    public function validate($password, $member)
+    public function validate(string $password, Member $member): ValidationResult
     {
         $valid = ValidationResult::create();
 
@@ -234,23 +171,7 @@ class PasswordValidator
             }
         }
 
-        $historicCount = $this->getHistoricCount();
-        if ($historicCount) {
-            $previousPasswords = MemberPassword::get()
-                ->where(['"MemberPassword"."MemberID"' => $member->ID])
-                ->sort('"Created" DESC, "ID" DESC')
-                ->limit($historicCount);
-            foreach ($previousPasswords as $previousPassword) {
-                if ($previousPassword->checkPassword($password)) {
-                    $error = _t(
-                        __CLASS__ . '.PREVPASSWORD',
-                        'You\'ve already used that password in the past, please choose a new password'
-                    );
-                    $valid->addError($error, 'bad', 'PREVIOUS_PASSWORD');
-                    break;
-                }
-            }
-        }
+        $valid->combineAnd(parent::validate($password, $member));
 
         $this->extend('updateValidatePassword', $password, $member, $valid, $this);
 

src/View/CastingService.php

@@ -0,0 +1,100 @@
+<?php
+
+namespace SilverStripe\View;
+
+use LogicException;
+use SilverStripe\Core\ClassInfo;
+use SilverStripe\Core\Injector\Injectable;
+use SilverStripe\Core\Injector\Injector;
+use SilverStripe\Model\ArrayData;
+use SilverStripe\Model\List\ArrayList;
+use SilverStripe\Model\ModelData;
+use SilverStripe\ORM\FieldType\DBBoolean;
+use SilverStripe\ORM\FieldType\DBFloat;
+use SilverStripe\ORM\FieldType\DBInt;
+use SilverStripe\ORM\FieldType\DBText;
+
+class CastingService
+{
+    use Injectable;
+
+    /**
+     * Cast a value to the relevant object (usually a DBField instance) for use in the view layer.
+     *
+     * @param null|array|ModelData $source Where the data originates from. This is used both to check for casting helpers
+     * and to help set the value in cast DBField instances.
+     * @param bool $strict If true, an object will be returned even if $data is null.
+     */
+    public function cast(mixed $data, null|array|ModelData $source = null, string $fieldName = '', bool $strict = false): ?object
+    {
+        // null is null - we shouldn't cast it to an object, because that makes it harder
+        // for downstream checks to know there's "no value".
+        if (!$strict && $data === null) {
+            return null;
+        }
+
+        // Assume anything that's an object is intentionally using whatever class it's using
+        // and don't cast it.
+        if (is_object($data)) {
+            return $data;
+        }
+
+        $service = null;
+        if ($source instanceof ModelData) {
+            $service = $source->castingHelper($fieldName);
+        }
+
+        // Cast to object if there's an explicit casting for this field
+        // Explicit casts take precedence over array casting
+        if ($service) {
+            $castObject = Injector::inst()->create($service, $fieldName);
+            if (!ClassInfo::hasMethod($castObject, 'setValue')) {
+                throw new LogicException('Explicit casting service must have a setValue method.');
+            }
+            $castObject->setValue($data, $source);
+            return $castObject;
+        }
+
+        // Wrap arrays in ModelData so templates can handle them
+        if (is_array($data)) {
+            return array_is_list($data) ? ArrayList::create($data) : ArrayData::create($data);
+        }
+
+        // Fall back to default casting
+        $service = $this->defaultService($data, $source, $fieldName);
+        $castObject = Injector::inst()->create($service, $fieldName);
+        if (!ClassInfo::hasMethod($castObject, 'setValue')) {
+            throw new LogicException('Default service must have a setValue method.');
+        }
+        $castObject->setValue($data, $source);
+        return $castObject;
+    }
+
+    /**
+     * Get the default service to use if no explicit service is declared for this field on the source model.
+     */
+    private function defaultService(mixed $data, mixed $source = null, string $fieldName = ''): ?string
+    {
+        $default = null;
+        if ($source instanceof ModelData) {
+            $default = $source::config()->get('default_cast');
+            if ($default === null) {
+                $failover = $source->getFailover();
+                if ($failover) {
+                    $default = $this->defaultService($data, $failover, $fieldName);
+                }
+            }
+        }
+        if ($default !== null) {
+            return $default;
+        }
+
+        return match (gettype($data)) {
+            'boolean' => DBBoolean::class,
+            'string' => DBText::class,
+            'double' => DBFloat::class,
+            'integer' => DBInt::class,
+            default => DBText::class,
+        };
+    }
+}

src/View/SSTemplateParser.peg

@@ -247,7 +247,7 @@ class SSTemplateParser extends Parser implements TemplateParser
         }
 
         $res['php'] .= ($sub['ArgumentMode'] == 'default') ? $sub['string_php'] :
-            str_replace('$$FINAL', 'XML_val', $sub['php'] ?? '');
+            str_replace('$$FINAL', 'getValueAsArgument', $sub['php'] ?? '');
     }
 
     /*!*
@@ -274,8 +274,8 @@ class SSTemplateParser extends Parser implements TemplateParser
     }
 
     /**
-     * The basic generated PHP of LookupStep and LastLookupStep is the same, except that LookupStep calls 'obj' to
-     * get the next ModelData in the sequence, and LastLookupStep calls different methods (XML_val, hasValue, obj)
+     * The basic generated PHP of LookupStep and LastLookupStep is the same, except that LookupStep calls 'scopeToIntermediateValue' to
+     * get the next ModelData in the sequence, and LastLookupStep calls different methods (getOutputValue, hasValue, scopeToIntermediateValue)
      * depending on the context the lookup is used in.
      */
     function Lookup_AddLookupStep(&$res, $sub, $method)
@@ -286,15 +286,17 @@ class SSTemplateParser extends Parser implements TemplateParser
 
         if (isset($sub['Call']['CallArguments']) && isset($sub['Call']['CallArguments']['php'])) {
             $arguments = $sub['Call']['CallArguments']['php'];
-            $res['php'] .= "->$method('$property', [$arguments], true)";
+            $type = ViewLayerData::TYPE_METHOD;
+            $res['php'] .= "->$method('$property', [$arguments], '$type')";
         } else {
-            $res['php'] .= "->$method('$property', [], true)";
+            $type = ViewLayerData::TYPE_PROPERTY;
+            $res['php'] .= "->$method('$property', [], '$type')";
         }
     }
 
     function Lookup_LookupStep(&$res, $sub)
     {
-        $this->Lookup_AddLookupStep($res, $sub, 'obj');
+        $this->Lookup_AddLookupStep($res, $sub, 'scopeToIntermediateValue');
     }
 
     function Lookup_LastLookupStep(&$res, $sub)
@@ -357,7 +359,7 @@ class SSTemplateParser extends Parser implements TemplateParser
 
     function InjectionVariables_Argument(&$res, $sub)
     {
-        $res['php'] .= str_replace('$$FINAL', 'XML_val', $sub['php'] ?? '') . ',';
+        $res['php'] .= str_replace('$$FINAL', 'getOutputValue', $sub['php'] ?? '') . ',';
     }
 
     function InjectionVariables__finalise(&$res)
@@ -392,7 +394,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     */
     function Injection_STR(&$res, $sub)
     {
-        $res['php'] = '$val .= '. str_replace('$$FINAL', 'XML_val', $sub['Lookup']['php'] ?? '') . ';';
+        $res['php'] = '$val .= '. str_replace('$$FINAL', 'getOutputValue', $sub['Lookup']['php'] ?? '') . ';';
     }
 
     /*!*
@@ -535,10 +537,10 @@ class SSTemplateParser extends Parser implements TemplateParser
             if (!empty($res['php'])) {
                 $res['php'] .= $sub['string_php'];
             } else {
-                $res['php'] = str_replace('$$FINAL', 'XML_val', $sub['lookup_php'] ?? '');
+                $res['php'] = str_replace('$$FINAL', 'getOutputValue', $sub['lookup_php'] ?? '');
             }
         } else {
-            $res['php'] .= str_replace('$$FINAL', 'XML_val', $sub['php'] ?? '');
+            $res['php'] .= str_replace('$$FINAL', 'getOutputValue', $sub['php'] ?? '');
         }
     }
 
@@ -567,7 +569,7 @@ class SSTemplateParser extends Parser implements TemplateParser
         } else {
             $php = ($sub['ArgumentMode'] == 'default' ? $sub['lookup_php'] : $sub['php']);
             // TODO: kinda hacky - maybe we need a way to pass state down the parse chain so
-            // Lookup_LastLookupStep and Argument_BareWord can produce hasValue instead of XML_val
+            // Lookup_LastLookupStep and Argument_BareWord can produce hasValue instead of getOutputValue
             $res['php'] .= str_replace('$$FINAL', 'hasValue', $php ?? '');
         }
     }
@@ -697,7 +699,7 @@ class SSTemplateParser extends Parser implements TemplateParser
             $res['php'] = '';
         }
 
-        $res['php'] .= str_replace('$$FINAL', 'XML_val', $sub['php'] ?? '');
+        $res['php'] .= str_replace('$$FINAL', 'getOutputValue', $sub['php'] ?? '');
     }
 
     /*!*
@@ -827,7 +829,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     {
         $entity = $sub['String']['text'];
         if (strpos($entity ?? '', '.') === false) {
-            $res['php'] .= "\$scope->XML_val('I18NNamespace').'.$entity'";
+            $res['php'] .= "\$scope->getOutputValue('I18NNamespace').'.$entity'";
         } else {
             $res['php'] .= "'$entity'";
         }
@@ -915,7 +917,7 @@ class SSTemplateParser extends Parser implements TemplateParser
                 break;
 
             default:
-                $res['php'] .= str_replace('$$FINAL', 'obj', $sub['php'] ?? '') . '->self()';
+                $res['php'] .= str_replace('$$FINAL', 'scopeToIntermediateValue', $sub['php'] ?? '') . '->self()';
                 break;
         }
     }
@@ -948,7 +950,7 @@ class SSTemplateParser extends Parser implements TemplateParser
         $arguments = $res['arguments'];
 
         // Note: 'type' here is important to disable subTemplates in SSViewer::getSubtemplateFor()
-        $res['php'] = '$val .= \\SilverStripe\\View\\SSViewer::execute_template([["type" => "Includes", '.$template.'], '.$template.'], $scope->getItem(), [' .
+        $res['php'] = '$val .= \\SilverStripe\\View\\SSViewer::execute_template([["type" => "Includes", '.$template.'], '.$template.'], $scope->getCurrentItem(), [' .
             implode(',', $arguments)."], \$scope, true);\n";
 
         if ($this->includeDebuggingComments) { // Add include filename comments on dev sites
@@ -1037,7 +1039,8 @@ class SSTemplateParser extends Parser implements TemplateParser
 
         //loop without arguments loops on the current scope
         if ($res['ArgumentCount'] == 0) {
-            $on = '$scope->locally()->obj(\'Me\', [], true)';
+            $type = ViewLayerData::TYPE_METHOD;
+            $on = "\$scope->locally()->scopeToIntermediateValue('Me', [], '$type')"; // @TODO use self instead or move $Me to scope explicitly
         } else {    //loop in the normal way
             $arg = $res['Arguments'][0];
             if ($arg['ArgumentMode'] == 'string') {
@@ -1045,13 +1048,13 @@ class SSTemplateParser extends Parser implements TemplateParser
             }
             $on = str_replace(
                 '$$FINAL',
-                'obj',
+                'scopeToIntermediateValue',
                 ($arg['ArgumentMode'] == 'default') ? $arg['lookup_php'] : $arg['php']
             );
         }
 
         return
-            $on . '; $scope->pushScope(); while (($key = $scope->next()) !== false) {' . PHP_EOL .
+            $on . '; $scope->pushScope(); while ($scope->next() !== false) {' . PHP_EOL .
                 $res['Template']['php'] . PHP_EOL .
             '}; $scope->popScope(); ';
     }
@@ -1071,7 +1074,7 @@ class SSTemplateParser extends Parser implements TemplateParser
             throw new SSTemplateParseException('Control block cant take string as argument.', $this);
         }
 
-        $on = str_replace('$$FINAL', 'obj', ($arg['ArgumentMode'] == 'default') ? $arg['lookup_php'] : $arg['php']);
+        $on = str_replace('$$FINAL', 'scopeToIntermediateValue', ($arg['ArgumentMode'] == 'default') ? $arg['lookup_php'] : $arg['php']);
         return
             $on . '; $scope->pushScope();' . PHP_EOL .
                 $res['Template']['php'] . PHP_EOL .
@@ -1118,6 +1121,7 @@ class SSTemplateParser extends Parser implements TemplateParser
 
     /**
      * This is an open block handler, for the <% debug %> utility tag
+     * @TODO find out if this even works in CMS 5, and if so make sure it keeps working
      */
     function OpenBlock_Handle_Debug(&$res)
     {

src/View/SSTemplateParser.php

@@ -572,7 +572,7 @@ class SSTemplateParser extends Parser implements TemplateParser
         }
 
         $res['php'] .= ($sub['ArgumentMode'] == 'default') ? $sub['string_php'] :
-            str_replace('$$FINAL', 'XML_val', $sub['php'] ?? '');
+            str_replace('$$FINAL', 'getValueAsArgument', $sub['php'] ?? '');
     }
 
     /* Call: Method:Word ( "(" < :CallArguments? > ")" )? */
@@ -765,8 +765,8 @@ class SSTemplateParser extends Parser implements TemplateParser
     }
 
     /**
-     * The basic generated PHP of LookupStep and LastLookupStep is the same, except that LookupStep calls 'obj' to
-     * get the next ModelData in the sequence, and LastLookupStep calls different methods (XML_val, hasValue, obj)
+     * The basic generated PHP of LookupStep and LastLookupStep is the same, except that LookupStep calls 'scopeToIntermediateValue' to
+     * get the next ModelData in the sequence, and LastLookupStep calls different methods (getOutputValue, hasValue, scopeToIntermediateValue)
      * depending on the context the lookup is used in.
      */
     function Lookup_AddLookupStep(&$res, $sub, $method)
@@ -777,15 +777,17 @@ class SSTemplateParser extends Parser implements TemplateParser
 
         if (isset($sub['Call']['CallArguments']) && isset($sub['Call']['CallArguments']['php'])) {
             $arguments = $sub['Call']['CallArguments']['php'];
-            $res['php'] .= "->$method('$property', [$arguments], true)";
+            $type = ViewLayerData::TYPE_METHOD;
+            $res['php'] .= "->$method('$property', [$arguments], '$type')";
         } else {
-            $res['php'] .= "->$method('$property', [], true)";
+            $type = ViewLayerData::TYPE_PROPERTY;
+            $res['php'] .= "->$method('$property', [], '$type')";
         }
     }
 
     function Lookup_LookupStep(&$res, $sub)
     {
-        $this->Lookup_AddLookupStep($res, $sub, 'obj');
+        $this->Lookup_AddLookupStep($res, $sub, 'scopeToIntermediateValue');
     }
 
     function Lookup_LastLookupStep(&$res, $sub)
@@ -1009,7 +1011,7 @@ class SSTemplateParser extends Parser implements TemplateParser
 
     function InjectionVariables_Argument(&$res, $sub)
     {
-        $res['php'] .= str_replace('$$FINAL', 'XML_val', $sub['php'] ?? '') . ',';
+        $res['php'] .= str_replace('$$FINAL', 'getOutputValue', $sub['php'] ?? '') . ',';
     }
 
     function InjectionVariables__finalise(&$res)
@@ -1158,7 +1160,7 @@ class SSTemplateParser extends Parser implements TemplateParser
 
     function Injection_STR(&$res, $sub)
     {
-        $res['php'] = '$val .= '. str_replace('$$FINAL', 'XML_val', $sub['Lookup']['php'] ?? '') . ';';
+        $res['php'] = '$val .= '. str_replace('$$FINAL', 'getOutputValue', $sub['Lookup']['php'] ?? '') . ';';
     }
 
     /* DollarMarkedLookup: SimpleInjection */
@@ -1187,7 +1189,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     	$matchrule = "QuotedString"; $result = $this->construct($matchrule, $matchrule, null);
     	$_154 = NULL;
     	do {
-    		$stack[] = $result; $result = $this->construct( $matchrule, "q" );
+    		$stack[] = $result; $result = $this->construct( $matchrule, "q" ); 
     		if (( $subres = $this->rx( '/[\'"]/' ) ) !== FALSE) {
     			$result["text"] .= $subres;
     			$subres = $result; $result = array_pop($stack);
@@ -1197,7 +1199,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     			$result = array_pop($stack);
     			$_154 = FALSE; break;
     		}
-    		$stack[] = $result; $result = $this->construct( $matchrule, "String" );
+    		$stack[] = $result; $result = $this->construct( $matchrule, "String" ); 
     		if (( $subres = $this->rx( '/ (\\\\\\\\ | \\\\. | [^'.$this->expression($result, $stack, 'q').'\\\\])* /' ) ) !== FALSE) {
     			$result["text"] .= $subres;
     			$subres = $result; $result = array_pop($stack);
@@ -1818,10 +1820,10 @@ class SSTemplateParser extends Parser implements TemplateParser
             if (!empty($res['php'])) {
                 $res['php'] .= $sub['string_php'];
             } else {
-                $res['php'] = str_replace('$$FINAL', 'XML_val', $sub['lookup_php'] ?? '');
+                $res['php'] = str_replace('$$FINAL', 'getOutputValue', $sub['lookup_php'] ?? '');
             }
         } else {
-            $res['php'] .= str_replace('$$FINAL', 'XML_val', $sub['php'] ?? '');
+            $res['php'] .= str_replace('$$FINAL', 'getOutputValue', $sub['php'] ?? '');
         }
     }
 
@@ -1840,7 +1842,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     		$pos_255 = $this->pos;
     		$_254 = NULL;
     		do {
-    			$stack[] = $result; $result = $this->construct( $matchrule, "Not" );
+    			$stack[] = $result; $result = $this->construct( $matchrule, "Not" ); 
     			if (( $subres = $this->literal( 'not' ) ) !== FALSE) {
     				$result["text"] .= $subres;
     				$subres = $result; $result = array_pop($stack);
@@ -1887,7 +1889,7 @@ class SSTemplateParser extends Parser implements TemplateParser
         } else {
             $php = ($sub['ArgumentMode'] == 'default' ? $sub['lookup_php'] : $sub['php']);
             // TODO: kinda hacky - maybe we need a way to pass state down the parse chain so
-            // Lookup_LastLookupStep and Argument_BareWord can produce hasValue instead of XML_val
+            // Lookup_LastLookupStep and Argument_BareWord can produce hasValue instead of getOutputValue
             $res['php'] .= str_replace('$$FINAL', 'hasValue', $php ?? '');
         }
     }
@@ -2235,7 +2237,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     		else { $_330 = FALSE; break; }
     		if (( $subres = $this->whitespace(  ) ) !== FALSE) { $result["text"] .= $subres; }
     		else { $_330 = FALSE; break; }
-    		$stack[] = $result; $result = $this->construct( $matchrule, "Call" );
+    		$stack[] = $result; $result = $this->construct( $matchrule, "Call" ); 
     		$_326 = NULL;
     		do {
     			$matcher = 'match_'.'Word'; $key = $matcher; $pos = $this->pos;
@@ -2470,7 +2472,7 @@ class SSTemplateParser extends Parser implements TemplateParser
             $res['php'] = '';
         }
 
-        $res['php'] .= str_replace('$$FINAL', 'XML_val', $sub['php'] ?? '');
+        $res['php'] .= str_replace('$$FINAL', 'getOutputValue', $sub['php'] ?? '');
     }
 
     /* CacheBlockTemplate: (Comment | Translate | If | Require |    OldI18NTag | Include | ClosedBlock |
@@ -2740,7 +2742,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     		$_423 = NULL;
     		do {
     			if (( $subres = $this->whitespace(  ) ) !== FALSE) { $result["text"] .= $subres; }
-    			$stack[] = $result; $result = $this->construct( $matchrule, "Conditional" );
+    			$stack[] = $result; $result = $this->construct( $matchrule, "Conditional" ); 
     			$_419 = NULL;
     			do {
     				$_417 = NULL;
@@ -3166,7 +3168,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     		if (( $subres = $this->literal( '<%' ) ) !== FALSE) { $result["text"] .= $subres; }
     		else { $_555 = FALSE; break; }
     		if (( $subres = $this->whitespace(  ) ) !== FALSE) { $result["text"] .= $subres; }
-    		$stack[] = $result; $result = $this->construct( $matchrule, "CacheTag" );
+    		$stack[] = $result; $result = $this->construct( $matchrule, "CacheTag" ); 
     		$_508 = NULL;
     		do {
     			$_506 = NULL;
@@ -3225,7 +3227,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     		$_524 = NULL;
     		do {
     			if (( $subres = $this->whitespace(  ) ) !== FALSE) { $result["text"] .= $subres; }
-    			$stack[] = $result; $result = $this->construct( $matchrule, "Conditional" );
+    			$stack[] = $result; $result = $this->construct( $matchrule, "Conditional" ); 
     			$_520 = NULL;
     			do {
     				$_518 = NULL;
@@ -3587,7 +3589,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     {
         $entity = $sub['String']['text'];
         if (strpos($entity ?? '', '.') === false) {
-            $res['php'] .= "\$scope->XML_val('I18NNamespace').'.$entity'";
+            $res['php'] .= "\$scope->getOutputValue('I18NNamespace').'.$entity'";
         } else {
             $res['php'] .= "'$entity'";
         }
@@ -3792,7 +3794,7 @@ class SSTemplateParser extends Parser implements TemplateParser
                 break;
 
             default:
-                $res['php'] .= str_replace('$$FINAL', 'obj', $sub['php'] ?? '') . '->self()';
+                $res['php'] .= str_replace('$$FINAL', 'scopeToIntermediateValue', $sub['php'] ?? '') . '->self()';
                 break;
         }
     }
@@ -3897,7 +3899,7 @@ class SSTemplateParser extends Parser implements TemplateParser
         $arguments = $res['arguments'];
 
         // Note: 'type' here is important to disable subTemplates in SSViewer::getSubtemplateFor()
-        $res['php'] = '$val .= \\SilverStripe\\View\\SSViewer::execute_template([["type" => "Includes", '.$template.'], '.$template.'], $scope->getItem(), [' .
+        $res['php'] = '$val .= \\SilverStripe\\View\\SSViewer::execute_template([["type" => "Includes", '.$template.'], '.$template.'], $scope->getCurrentItem(), [' .
             implode(',', $arguments)."], \$scope, true);\n";
 
         if ($this->includeDebuggingComments) { // Add include filename comments on dev sites
@@ -4165,7 +4167,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     			unset( $pos_685 );
     		}
     		if (( $subres = $this->whitespace(  ) ) !== FALSE) { $result["text"] .= $subres; }
-    		$stack[] = $result; $result = $this->construct( $matchrule, "Zap" );
+    		$stack[] = $result; $result = $this->construct( $matchrule, "Zap" ); 
     		if (( $subres = $this->literal( '%>' ) ) !== FALSE) {
     			$result["text"] .= $subres;
     			$subres = $result; $result = array_pop($stack);
@@ -4265,7 +4267,8 @@ class SSTemplateParser extends Parser implements TemplateParser
 
         //loop without arguments loops on the current scope
         if ($res['ArgumentCount'] == 0) {
-            $on = '$scope->locally()->obj(\'Me\', [], true)';
+            $type = ViewLayerData::TYPE_METHOD;
+            $on = "\$scope->locally()->scopeToIntermediateValue('Me', [], '$type')"; // @TODO use self instead or move $Me to scope explicitly
         } else {    //loop in the normal way
             $arg = $res['Arguments'][0];
             if ($arg['ArgumentMode'] == 'string') {
@@ -4273,13 +4276,13 @@ class SSTemplateParser extends Parser implements TemplateParser
             }
             $on = str_replace(
                 '$$FINAL',
-                'obj',
+                'scopeToIntermediateValue',
                 ($arg['ArgumentMode'] == 'default') ? $arg['lookup_php'] : $arg['php']
             );
         }
 
         return
-            $on . '; $scope->pushScope(); while (($key = $scope->next()) !== false) {' . PHP_EOL .
+            $on . '; $scope->pushScope(); while ($scope->next() !== false) {' . PHP_EOL .
                 $res['Template']['php'] . PHP_EOL .
             '}; $scope->popScope(); ';
     }
@@ -4299,7 +4302,7 @@ class SSTemplateParser extends Parser implements TemplateParser
             throw new SSTemplateParseException('Control block cant take string as argument.', $this);
         }
 
-        $on = str_replace('$$FINAL', 'obj', ($arg['ArgumentMode'] == 'default') ? $arg['lookup_php'] : $arg['php']);
+        $on = str_replace('$$FINAL', 'scopeToIntermediateValue', ($arg['ArgumentMode'] == 'default') ? $arg['lookup_php'] : $arg['php']);
         return
             $on . '; $scope->pushScope();' . PHP_EOL .
                 $res['Template']['php'] . PHP_EOL .
@@ -4403,6 +4406,7 @@ class SSTemplateParser extends Parser implements TemplateParser
 
     /**
      * This is an open block handler, for the <% debug %> utility tag
+     * @TODO find out if this even works in CMS 5, and if so make sure it keeps working
      */
     function OpenBlock_Handle_Debug(&$res)
     {
@@ -4575,7 +4579,7 @@ class SSTemplateParser extends Parser implements TemplateParser
     		if (( $subres = $this->literal( '<%' ) ) !== FALSE) { $result["text"] .= $subres; }
     		else { $_743 = FALSE; break; }
     		if (( $subres = $this->whitespace(  ) ) !== FALSE) { $result["text"] .= $subres; }
-    		$stack[] = $result; $result = $this->construct( $matchrule, "Tag" );
+    		$stack[] = $result; $result = $this->construct( $matchrule, "Tag" ); 
     		$_737 = NULL;
     		do {
     			if (( $subres = $this->literal( 'end_' ) ) !== FALSE) { $result["text"] .= $subres; }

src/View/SSViewer.php

@@ -15,6 +15,7 @@ use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\FieldType\DBHTMLText;
 use SilverStripe\Security\Permission;
 use InvalidArgumentException;
+use RuntimeException;
 use SilverStripe\Model\ModelData;
 
 /**
@@ -550,10 +551,10 @@ class SSViewer implements Flushable
      * Effectively this is the common code that both SSViewer#process and SSViewer_FromString#process call
      *
      * @param string $cacheFile The path to the file that contains the template compiled to PHP
-     * @param ModelData $item The item to use as the root scope for the template
+     * @param ViewLayerData $item The item to use as the root scope for the template
      * @param array $overlay Any variables to layer on top of the scope
      * @param array $underlay Any variables to layer underneath the scope
-     * @param ModelData $inheritedScope The current scope of a parent template including a sub-template
+     * @param SSViewer_Scope $inheritedScope The current scope of a parent template including a sub-template
      * @return string The result of executing the template
      */
     protected function includeGeneratedTemplate($cacheFile, $item, $overlay, $underlay, $inheritedScope = null)
@@ -569,7 +570,7 @@ class SSViewer implements Flushable
         }
 
         $cache = $this->getPartialCacheStore();
-        $scope = new SSViewer_DataPresenter($item, $overlay, $underlay, $inheritedScope);
+        $scope = new SSViewer_Scope($item, $overlay, $underlay, $inheritedScope);
         $val = '';
 
         // Placeholder for values exposed to $cacheFile
@@ -597,6 +598,7 @@ class SSViewer implements Flushable
      */
     public function process($item, $arguments = null, $inheritedScope = null)
     {
+        $item = ViewLayerData::create($item);
         // Set hashlinks and temporarily modify global state
         $rewrite = $this->getRewriteHashLinks();
         $origRewriteDefault = static::getRewriteHashLinksDefault();
@@ -606,6 +608,10 @@ class SSViewer implements Flushable
 
         $template = $this->chosen;
 
+        if (!$template) {
+            throw new RuntimeException('No template to render');
+        }
+
         $cacheFile = TEMP_PATH . DIRECTORY_SEPARATOR . '.cache'
             . str_replace(['\\','/',':'], '.', Director::makeRelative(realpath($template ?? '')) ?? '');
         $lastEdited = filemtime($template ?? '');

src/View/SSViewer_DataPresenter.php

@@ -1,449 +0,0 @@
-<?php
-
-namespace SilverStripe\View;
-
-use InvalidArgumentException;
-use SilverStripe\Core\ClassInfo;
-use SilverStripe\Model\ModelData;
-use SilverStripe\Model\List\ArrayList;
-use SilverStripe\ORM\FieldType\DBField;
-
-/**
- * This extends SSViewer_Scope to mix in data on top of what the item provides. This can be "global"
- * data that is scope-independant (like BaseURL), or type-specific data that is layered on top cross-cut like
- * (like $FirstLast etc).
- *
- * It's separate from SSViewer_Scope to keep that fairly complex code as clean as possible.
- */
-class SSViewer_DataPresenter extends SSViewer_Scope
-{
-    /**
-     * List of global property providers
-     *
-     * @internal
-     * @var TemplateGlobalProvider[]|null
-     */
-    private static $globalProperties = null;
-
-    /**
-     * List of global iterator providers
-     *
-     * @internal
-     * @var TemplateIteratorProvider[]|null
-     */
-    private static $iteratorProperties = null;
-
-    /**
-     * Overlay variables. Take precedence over anything from the current scope
-     *
-     * @var array|null
-     */
-    protected $overlay;
-
-    /**
-     * Flag for whether overlay should be preserved when pushing a new scope
-     *
-     * @see SSViewer_DataPresenter::pushScope()
-     * @var bool
-     */
-    protected $preserveOverlay = false;
-
-    /**
-     * Underlay variables. Concede precedence to overlay variables or anything from the current scope
-     *
-     * @var array
-     */
-    protected $underlay;
-
-    /**
-     * @var object $item
-     * @var array $overlay
-     * @var array $underlay
-     * @var SSViewer_Scope $inheritedScope
-     */
-    public function __construct(
-        $item,
-        array $overlay = null,
-        array $underlay = null,
-        SSViewer_Scope $inheritedScope = null
-    ) {
-        parent::__construct($item, $inheritedScope);
-
-        $this->overlay = $overlay ?: [];
-        $this->underlay = $underlay ?: [];
-
-        $this->cacheGlobalProperties();
-        $this->cacheIteratorProperties();
-    }
-
-    /**
-     * Build cache of global properties
-     */
-    protected function cacheGlobalProperties()
-    {
-        if (SSViewer_DataPresenter::$globalProperties !== null) {
-            return;
-        }
-
-        SSViewer_DataPresenter::$globalProperties = $this->getPropertiesFromProvider(
-            TemplateGlobalProvider::class,
-            'get_template_global_variables'
-        );
-    }
-
-    /**
-     * Build cache of global iterator properties
-     */
-    protected function cacheIteratorProperties()
-    {
-        if (SSViewer_DataPresenter::$iteratorProperties !== null) {
-            return;
-        }
-
-        SSViewer_DataPresenter::$iteratorProperties = $this->getPropertiesFromProvider(
-            TemplateIteratorProvider::class,
-            'get_template_iterator_variables',
-            true // Call non-statically
-        );
-    }
-
-    /**
-     * @var string $interfaceToQuery
-     * @var string $variableMethod
-     * @var boolean $createObject
-     * @return array
-     */
-    protected function getPropertiesFromProvider($interfaceToQuery, $variableMethod, $createObject = false)
-    {
-        $methods = [];
-
-        $implementors = ClassInfo::implementorsOf($interfaceToQuery);
-        if ($implementors) {
-            foreach ($implementors as $implementor) {
-                // Create a new instance of the object for method calls
-                if ($createObject) {
-                    $implementor = new $implementor();
-                    $exposedVariables = $implementor->$variableMethod();
-                } else {
-                    $exposedVariables = $implementor::$variableMethod();
-                }
-
-                foreach ($exposedVariables as $varName => $details) {
-                    if (!is_array($details)) {
-                        $details = [
-                            'method' => $details,
-                            'casting' => ModelData::config()->uninherited('default_cast')
-                        ];
-                    }
-
-                    // If just a value (and not a key => value pair), use method name for both key and value
-                    if (is_numeric($varName)) {
-                        $varName = $details['method'];
-                    }
-
-                    // Add in a reference to the implementing class (might be a string class name or an instance)
-                    $details['implementor'] = $implementor;
-
-                    // And a callable array
-                    if (isset($details['method'])) {
-                        $details['callable'] = [$implementor, $details['method']];
-                    }
-
-                    // Save with both uppercase & lowercase first letter, so either works
-                    $lcFirst = strtolower($varName[0] ?? '') . substr($varName ?? '', 1);
-                    $result[$lcFirst] = $details;
-                    $result[ucfirst($varName)] = $details;
-                }
-            }
-        }
-
-        return $result;
-    }
-
-    /**
-     * Look up injected value - it may be part of an "overlay" (arguments passed to <% include %>),
-     * set on the current item, part of an "underlay" ($Layout or $Content), or an iterator/global property
-     *
-     * @param string $property Name of property
-     * @param array $params
-     * @param bool $cast If true, an object is always returned even if not an object.
-     * @return array|null
-     */
-    public function getInjectedValue($property, array $params, $cast = true)
-    {
-        // Get source for this value
-        $result = $this->getValueSource($property);
-        if (!array_key_exists('source', $result)) {
-            return null;
-        }
-
-        // Look up the value - either from a callable, or from a directly provided value
-        $source = $result['source'];
-        $res = [];
-        if (isset($source['callable'])) {
-            $res['value'] = $source['callable'](...$params);
-        } elseif (array_key_exists('value', $source)) {
-            $res['value'] = $source['value'];
-        } else {
-            throw new InvalidArgumentException(
-                "Injected property $property doesn't have a value or callable value source provided"
-            );
-        }
-
-        // If we want to provide a casted object, look up what type object to use
-        if ($cast) {
-            $res['obj'] = $this->castValue($res['value'], $source);
-        }
-
-        return $res;
-    }
-
-    /**
-     * Store the current overlay (as it doesn't directly apply to the new scope
-     * that's being pushed). We want to store the overlay against the next item
-     * "up" in the stack (hence upIndex), rather than the current item, because
-     * SSViewer_Scope::obj() has already been called and pushed the new item to
-     * the stack by this point
-     *
-     * @return SSViewer_Scope
-     */
-    public function pushScope()
-    {
-        $scope = parent::pushScope();
-        $upIndex = $this->getUpIndex() ?: 0;
-
-        $itemStack = $this->getItemStack();
-        $itemStack[$upIndex][SSViewer_Scope::ITEM_OVERLAY] = $this->overlay;
-        $this->setItemStack($itemStack);
-
-        // Remove the overlay when we're changing to a new scope, as values in
-        // that scope take priority. The exceptions that set this flag are $Up
-        // and $Top as they require that the new scope inherits the overlay
-        if (!$this->preserveOverlay) {
-            $this->overlay = [];
-        }
-
-        return $scope;
-    }
-
-    /**
-     * Now that we're going to jump up an item in the item stack, we need to
-     * restore the overlay that was previously stored against the next item "up"
-     * in the stack from the current one
-     *
-     * @return SSViewer_Scope
-     */
-    public function popScope()
-    {
-        $upIndex = $this->getUpIndex();
-
-        if ($upIndex !== null) {
-            $itemStack = $this->getItemStack();
-            $this->overlay = $itemStack[$upIndex][SSViewer_Scope::ITEM_OVERLAY];
-        }
-
-        return parent::popScope();
-    }
-
-    /**
-     * $Up and $Top need to restore the overlay from the parent and top-level
-     * scope respectively.
-     *
-     * @param string $name
-     * @param array $arguments
-     * @param bool $cache
-     * @param string $cacheName
-     * @return $this
-     */
-    public function obj($name, $arguments = [], $cache = false, $cacheName = null)
-    {
-        $overlayIndex = false;
-
-        switch ($name) {
-            case 'Up':
-                $upIndex = $this->getUpIndex();
-                if ($upIndex === null) {
-                    throw new \LogicException('Up called when we\'re already at the top of the scope');
-                }
-                $overlayIndex = $upIndex; // Parent scope
-                $this->preserveOverlay = true; // Preserve overlay
-                break;
-            case 'Top':
-                $overlayIndex = 0; // Top-level scope
-                $this->preserveOverlay = true; // Preserve overlay
-                break;
-            default:
-                $this->preserveOverlay = false;
-                break;
-        }
-
-        if ($overlayIndex !== false) {
-            $itemStack = $this->getItemStack();
-            if (!$this->overlay && isset($itemStack[$overlayIndex][SSViewer_Scope::ITEM_OVERLAY])) {
-                $this->overlay = $itemStack[$overlayIndex][SSViewer_Scope::ITEM_OVERLAY];
-            }
-        }
-
-        parent::obj($name, $arguments, $cache, $cacheName);
-        return $this;
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function getObj($name, $arguments = [], $cache = false, $cacheName = null)
-    {
-        $result = $this->getInjectedValue($name, (array)$arguments);
-        if ($result) {
-            return $result['obj'];
-        }
-        return parent::getObj($name, $arguments, $cache, $cacheName);
-    }
-
-    /**
-     * {@inheritdoc}
-     */
-    public function __call($name, $arguments)
-    {
-        // Extract the method name and parameters
-        $property = $arguments[0];  // The name of the public function being called
-
-        // The public function parameters in an array
-        $params = (isset($arguments[1])) ? (array)$arguments[1] : [];
-
-        $val = $this->getInjectedValue($property, $params);
-        if ($val) {
-            $obj = $val['obj'];
-            if ($name === 'hasValue') {
-                $result = ($obj instanceof ModelData) ? $obj->exists() : (bool)$obj;
-            } elseif (is_null($obj) || (is_scalar($obj) && !is_string($obj))) {
-                $result = $obj; // Nulls and non-string scalars don't need casting
-            } else {
-                $result = $obj->forTemplate(); // XML_val
-            }
-
-            $this->resetLocalScope();
-            return $result;
-        }
-
-        return parent::__call($name, $arguments);
-    }
-
-    /**
-     * Evaluate a template override. Returns an array where the presence of
-     * a 'value' key indiciates whether an override was successfully found,
-     * as null is a valid override value
-     *
-     * @param string $property Name of override requested
-     * @param array $overrides List of overrides available
-     * @return array An array with a 'value' key if a value has been found, or empty if not
-     */
-    protected function processTemplateOverride($property, $overrides)
-    {
-        if (!array_key_exists($property, $overrides)) {
-            return [];
-        }
-
-        // Detect override type
-        $override = $overrides[$property];
-
-        // Late-evaluate this value
-        if (!is_string($override) && is_callable($override)) {
-            $override = $override();
-
-            // Late override may yet return null
-            if (!isset($override)) {
-                return [];
-            }
-        }
-
-        return ['value' => $override];
-    }
-
-    /**
-     * Determine source to use for getInjectedValue. Returns an array where the presence of
-     * a 'source' key indiciates whether a value source was successfully found, as a source
-     * may be a null value returned from an override
-     *
-     * @param string $property
-     * @return array An array with a 'source' key if a value source has been found, or empty if not
-     */
-    protected function getValueSource($property)
-    {
-        // Check for a presenter-specific override
-        $result = $this->processTemplateOverride($property, $this->overlay);
-        if (array_key_exists('value', $result)) {
-            return ['source' => $result];
-        }
-
-        // Check if the method to-be-called exists on the target object - if so, don't check any further
-        // injection locations
-        $on = $this->getItem();
-        if (is_object($on) && (isset($on->$property) || method_exists($on, $property ?? ''))) {
-            return [];
-        }
-
-        // Check for a presenter-specific override
-        $result = $this->processTemplateOverride($property, $this->underlay);
-        if (array_key_exists('value', $result)) {
-            return ['source' => $result];
-        }
-
-        // Then for iterator-specific overrides
-        if (array_key_exists($property, SSViewer_DataPresenter::$iteratorProperties)) {
-            $source = SSViewer_DataPresenter::$iteratorProperties[$property];
-            /** @var TemplateIteratorProvider $implementor */
-            $implementor = $source['implementor'];
-            if ($this->itemIterator) {
-                // Set the current iterator position and total (the object instance is the first item in
-                // the callable array)
-                $implementor->iteratorProperties(
-                    $this->itemIterator->key(),
-                    $this->itemIteratorTotal
-                );
-            } else {
-                // If we don't actually have an iterator at the moment, act like a list of length 1
-                $implementor->iteratorProperties(0, 1);
-            }
-
-            return ($source) ? ['source' => $source] : [];
-        }
-
-        // And finally for global overrides
-        if (array_key_exists($property, SSViewer_DataPresenter::$globalProperties)) {
-            return [
-                'source' => SSViewer_DataPresenter::$globalProperties[$property] // get the method call
-            ];
-        }
-
-        // No value
-        return [];
-    }
-
-    /**
-     * Ensure the value is cast safely
-     *
-     * @param mixed $value
-     * @param array $source
-     * @return DBField
-     */
-    protected function castValue($value, $source)
-    {
-        // If the value has already been cast, is null, or is a non-string scalar
-        if (is_object($value) || is_null($value) || (is_scalar($value) && !is_string($value))) {
-            return $value;
-        }
-
-        // Wrap list arrays in ModelData so templates can handle them
-        if (is_array($value) && array_is_list($value)) {
-            return ArrayList::create($value);
-        }
-
-        // Get provided or default cast
-        $casting = empty($source['casting'])
-            ? ModelData::config()->uninherited('default_cast')
-            : $source['casting'];
-
-        return DBField::create_field($casting, $value);
-    }
-}

src/View/SSViewer_FromString.php

@@ -50,6 +50,7 @@ class SSViewer_FromString extends SSViewer
      */
     public function process($item, $arguments = null, $scope = null)
     {
+        $item = ViewLayerData::create($item);
         $hash = sha1($this->content ?? '');
         $cacheFile = TEMP_PATH . DIRECTORY_SEPARATOR . ".cache.$hash";
 

src/View/SSViewer_Scope.php

@@ -4,12 +4,11 @@ namespace SilverStripe\View;
 
 use ArrayIterator;
 use Countable;
+use InvalidArgumentException;
 use Iterator;
-use SilverStripe\Model\List\ArrayList;
-use SilverStripe\ORM\FieldType\DBBoolean;
-use SilverStripe\ORM\FieldType\DBText;
-use SilverStripe\ORM\FieldType\DBFloat;
-use SilverStripe\ORM\FieldType\DBInt;
+use LogicException;
+use SilverStripe\Core\ClassInfo;
+use SilverStripe\Core\Injector\Injector;
 use SilverStripe\ORM\FieldType\DBField;
 
 /**
@@ -18,6 +17,10 @@ use SilverStripe\ORM\FieldType\DBField;
  *   - Track Up and Top
  *   - (As a side effect) Inject data that needs to be available globally (used to live in ModelData)
  *
+ * It is also responsible for mixing in data on top of what the item provides. This can be "global"
+ * data that is scope-independant (like BaseURL), or type-specific data that is layered on top cross-cut like
+ * (like $FirstLast etc).
+ *
  * In order to handle up, rather than tracking it using a tree, which would involve constructing new objects
  * for each step, we use indexes into the itemStack (which already has to exist).
  *
@@ -107,37 +110,73 @@ class SSViewer_Scope
      */
     private $localIndex = 0;
 
+    /**
+     * List of global property providers
+     *
+     * @internal
+     * @var TemplateGlobalProvider[]|null
+     */
+    private static $globalProperties = null;
+
+    /**
+     * List of global iterator providers
+     *
+     * @internal
+     * @var TemplateIteratorProvider[]|null
+     */
+    private static $iteratorProperties = null;
+
+    /**
+     * Overlay variables. Take precedence over anything from the current scope
+     *
+     * @var array|null
+     */
+    protected $overlay;
+
+    /**
+     * Flag for whether overlay should be preserved when pushing a new scope
+     *
+     * @see SSViewer_Scope::pushScope()
+     * @var bool
+     */
+    protected $preserveOverlay = false;
+
+    /**
+     * Underlay variables. Concede precedence to overlay variables or anything from the current scope
+     *
+     * @var array
+     */
+    protected $underlay;
+
     /**
      * @var object $item
      * @var SSViewer_Scope $inheritedScope
      */
-    public function __construct($item, SSViewer_Scope $inheritedScope = null)
-    {
+    public function __construct(
+        $item,
+        array $overlay = null,
+        array $underlay = null,
+        SSViewer_Scope $inheritedScope = null
+    ) {
         $this->item = $item;
 
         $this->itemIterator = ($inheritedScope) ? $inheritedScope->itemIterator : null;
         $this->itemIteratorTotal = ($inheritedScope) ? $inheritedScope->itemIteratorTotal : 0;
         $this->itemStack[] = [$this->item, $this->itemIterator, $this->itemIteratorTotal, null, null, 0];
+
+        $this->overlay = $overlay ?: [];
+        $this->underlay = $underlay ?: [];
+
+        $this->cacheGlobalProperties();
+        $this->cacheIteratorProperties();
     }
 
     /**
-     * Returns the current "active" item
-     *
-     * @return object
+     * Returns the current "current" item in scope
      */
-    public function getItem()
+    public function getCurrentItem(): ?ViewLayerData
     {
-        $item = $this->itemIterator ? $this->itemIterator->current() : $this->item;
-        if (is_scalar($item)) {
-            $item = $this->convertScalarToDBField($item);
-        }
-
-        // Wrap list arrays in ModelData so templates can handle them
-        if (is_array($item) && array_is_list($item)) {
-            $item = ArrayList::create($item);
-        }
-
-        return $item;
+        return $this->itemIterator ? $this->itemIterator->current() : $this->item;
     }
 
     /**
@@ -164,56 +203,21 @@ class SSViewer_Scope
     }
 
     /**
-     * Reset the local scope - restores saved state to the "global" item stack. Typically called after
-     * a lookup chain has been completed
+     * Set scope to an intermediate value, which will be used for getting output later on.
      */
-    public function resetLocalScope()
+    public function scopeToIntermediateValue(string $name, array $arguments, string $type): static
     {
-        // Restore previous un-completed lookup chain if set
-        $previousLocalState = $this->localStack ? array_pop($this->localStack) : null;
-        array_splice($this->itemStack, $this->localIndex + 1, count($this->itemStack ?? []), $previousLocalState);
+        $overlayIndex = false;
 
-        list(
-            $this->item,
-            $this->itemIterator,
-            $this->itemIteratorTotal,
-            $this->popIndex,
-            $this->upIndex,
-            $this->currentIndex
-        ) = end($this->itemStack);
-    }
-
-    /**
-     * @param string $name
-     * @param array $arguments
-     * @param bool $cache
-     * @param string $cacheName
-     * @return mixed
-     */
-    public function getObj($name, $arguments = [], $cache = false, $cacheName = null)
-    {
-        $on = $this->getItem();
-        if ($on === null) {
-            return null;
-        }
-        return $on->obj($name, $arguments, $cache, $cacheName);
-    }
-
-    /**
-     * @param string $name
-     * @param array $arguments
-     * @param bool $cache
-     * @param string $cacheName
-     * @return $this
-     */
-    public function obj($name, $arguments = [], $cache = false, $cacheName = null)
-    {
+        // $Up and $Top need to restore the overlay from the parent and top-level scope respectively.
         switch ($name) {
             case 'Up':
-                if ($this->upIndex === null) {
+                $upIndex = $this->getUpIndex();
+                if ($upIndex === null) {
                     throw new \LogicException('Up called when we\'re already at the top of the scope');
                 }
-
+                $overlayIndex = $upIndex; // Parent scope
+                $this->preserveOverlay = true; // Preserve overlay
                 list(
                     $this->item,
                     $this->itemIterator,
@@ -224,6 +228,8 @@ class SSViewer_Scope
                 ) = $this->itemStack[$this->upIndex];
                 break;
             case 'Top':
+                $overlayIndex = 0; // Top-level scope
+                $this->preserveOverlay = true; // Preserve overlay
                 list(
                     $this->item,
                     $this->itemIterator,
@@ -234,13 +240,21 @@ class SSViewer_Scope
                 ) = $this->itemStack[0];
                 break;
             default:
-                $this->item = $this->getObj($name, $arguments, $cache, $cacheName);
+                $this->preserveOverlay = false;
+                $this->item = $this->getObj($name, $arguments, $type);
                 $this->itemIterator = null;
                 $this->upIndex = $this->currentIndex ? $this->currentIndex : count($this->itemStack) - 1;
                 $this->currentIndex = count($this->itemStack);
                 break;
         }
 
+        if ($overlayIndex !== false) {
+            $itemStack = $this->getItemStack();
+            if (!$this->overlay && isset($itemStack[$overlayIndex][SSViewer_Scope::ITEM_OVERLAY])) {
+                $this->overlay = $itemStack[$overlayIndex][SSViewer_Scope::ITEM_OVERLAY];
+            }
+        }
+
         $this->itemStack[] = [
             $this->item,
             $this->itemIterator,
@@ -254,12 +268,11 @@ class SSViewer_Scope
 
     /**
      * Gets the current object and resets the scope.
-     *
-     * @return object
+     * @TODO: Replace with $Me
      */
-    public function self()
+    public function self(): ?ViewLayerData
     {
-        $result = $this->getItem();
+        $result = $this->getCurrentItem();
         $this->resetLocalScope();
 
         return $result;
@@ -268,9 +281,13 @@ class SSViewer_Scope
     /**
      * Jump to the last item in the stack, called when a new item is added before a loop/with
      *
-     * @return SSViewer_Scope
+     * Store the current overlay (as it doesn't directly apply to the new scope
+     * that's being pushed). We want to store the overlay against the next item
+     * "up" in the stack (hence upIndex), rather than the current item, because
+     * SSViewer_Scope::obj() has already been called and pushed the new item to
+     * the stack by this point
      */
-    public function pushScope()
+    public function pushScope(): static
     {
         $newLocalIndex = count($this->itemStack ?? []) - 1;
 
@@ -284,16 +301,38 @@ class SSViewer_Scope
         // once we enter a new global scope, we need to make sure we use a new one
         $this->itemIterator = $this->itemStack[$newLocalIndex][SSViewer_Scope::ITEM_ITERATOR] = null;
 
+        $upIndex = $this->getUpIndex() ?: 0;
+
+        $itemStack = $this->getItemStack();
+        $itemStack[$upIndex][SSViewer_Scope::ITEM_OVERLAY] = $this->overlay;
+        $this->setItemStack($itemStack);
+
+        // Remove the overlay when we're changing to a new scope, as values in
+        // that scope take priority. The exceptions that set this flag are $Up
+        // and $Top as they require that the new scope inherits the overlay
+        if (!$this->preserveOverlay) {
+            $this->overlay = [];
+        }
+
         return $this;
     }
 
     /**
      * Jump back to "previous" item in the stack, called after a loop/with block
      *
-     * @return SSViewer_Scope
+     * Now that we're going to jump up an item in the item stack, we need to
+     * restore the overlay that was previously stored against the next item "up"
+     * in the stack from the current one
      */
-    public function popScope()
+    public function popScope(): static
     {
+        $upIndex = $this->getUpIndex();
+
+        if ($upIndex !== null) {
+            $itemStack = $this->getItemStack();
+            $this->overlay = $itemStack[$upIndex][SSViewer_Scope::ITEM_OVERLAY];
+        }
+
         $this->localIndex = $this->popIndex;
         $this->resetLocalScope();
 
@@ -301,11 +340,10 @@ class SSViewer_Scope
     }
 
     /**
-     * Fast-forwards the current iterator to the next item
-     *
-     * @return mixed
+     * Fast-forwards the current iterator to the next item.
+     * @return bool True if there's an item, false if not.
      */
-    public function next()
+    public function next(): bool
     {
         if (!$this->item) {
             return false;
@@ -349,23 +387,143 @@ class SSViewer_Scope
             return false;
         }
 
-        return $this->itemIterator->key();
+        return true;
     }
 
     /**
-     * @param string $name
-     * @param array $arguments
-     * @return mixed
+     * Get the value that will be directly rendered in the template.
      */
-    public function __call($name, $arguments)
+    public function getOutputValue(string $name, array $arguments, string $type): string
     {
-        $on = $this->getItem();
-        $retval = $on ? $on->$name(...$arguments) : null;
+        $retval = $this->getObj($name, $arguments, $type);
+        $this->resetLocalScope();
+        return $retval === null ? '' : $retval->__toString();
+    }
+
+    /**
+     * Get the value to pass as an argument to a method.
+     */
+    public function getValueAsArgument(string $name, array $arguments, string $type): mixed
+    {
+        $retval = null;
+
+        if ($this->hasOverlay($name)) {
+            $retval = $this->getOverlay($name, $arguments, true);
+        } else {
+            $on = $this->getCurrentItem();
+            if ($on && isset($on->$name)) {
+                $retval = $on->getRawDataValue($name, $type, $arguments);
+            }
+
+            if ($retval === null) {
+                $retval = $this->getUnderlay($name, $arguments, true);
+            }
+        }
+
+        // if ($retval instanceof DBField) {
+        //     $retval = $retval->getValue(); // Workaround because we're still calling obj in ViewLayerData
+        // }
 
         $this->resetLocalScope();
         return $retval;
     }
 
+    /**
+     * Check if the current item in scope has a value for the named field.
+     */
+    public function hasValue(string $name, array $arguments): bool
+    {
+        // @TODO: look for ways to remove the need to call hasValue (e.g. using isset($this->getCurrentItem()->$name) and an equivalent for over/underlays)
+        $retval = null;
+        $overlay = $this->getOverlay($name, $arguments);
+        if ($overlay && $overlay->hasDataValue()) {
+            $retval = true;
+        }
+
+        if ($retval === null) {
+            $on = $this->getCurrentItem();
+            if ($on) {
+                $retval = $on->hasDataValue($name, $arguments);
+            }
+        }
+
+        if (!$retval) {
+            $underlay = $this->getUnderlay($name, $arguments);
+            $retval = $underlay && $underlay->hasDataValue();
+        }
+
+        $this->resetLocalScope();
+        return $retval;
+    }
+
+    /**
+     * @var string $interfaceToQuery
+     * @var string $variableMethod
+     * @var boolean $createObject
+     * @return array
+     */
+    protected function getPropertiesFromProvider($interfaceToQuery, $variableMethod, $createObject = false)
+    {
+        $implementors = ClassInfo::implementorsOf($interfaceToQuery);
+        if ($implementors) {
+            foreach ($implementors as $implementor) {
+                // Create a new instance of the object for method calls
+                if ($createObject) {
+                    $implementor = new $implementor();
+                    $exposedVariables = $implementor->$variableMethod();
+                } else {
+                    $exposedVariables = $implementor::$variableMethod();
+                }
+
+                foreach ($exposedVariables as $varName => $details) {
+                    if (!is_array($details)) {
+                        $details = ['method' => $details];
+                    }
+
+                    // If just a value (and not a key => value pair), use method name for both key and value
+                    if (is_numeric($varName)) {
+                        $varName = $details['method'];
+                    }
+
+                    // Add in a reference to the implementing class (might be a string class name or an instance)
+                    $details['implementor'] = $implementor;
+
+                    // And a callable array
+                    if (isset($details['method'])) {
+                        $details['callable'] = [$implementor, $details['method']];
+                    }
+
+                    // Save with both uppercase & lowercase first letter, so either works
+                    $lcFirst = strtolower($varName[0] ?? '') . substr($varName ?? '', 1);
+                    $result[$lcFirst] = $details;
+                    $result[ucfirst($varName)] = $details;
+                }
+            }
+        }
+
+        return $result;
+    }
+
+    /**
+     * Reset the local scope - restores saved state to the "global" item stack. Typically called after
+     * a lookup chain has been completed
+     */
+    protected function resetLocalScope()
+    {
+        // Restore previous un-completed lookup chain if set
+        $previousLocalState = $this->localStack ? array_pop($this->localStack) : null;
+        array_splice($this->itemStack, $this->localIndex + 1, count($this->itemStack ?? []), $previousLocalState);
+
+        list(
+            $this->item,
+            $this->itemIterator,
+            $this->itemIteratorTotal,
+            $this->popIndex,
+            $this->upIndex,
+            $this->currentIndex
+        ) = end($this->itemStack);
+    }
+
     /**
      * @return array
      */
@@ -390,13 +548,175 @@ class SSViewer_Scope
         return $this->upIndex;
     }
 
-    private function convertScalarToDBField(bool|string|float|int $value): DBField
+    /**
+     * Evaluate a template override. Returns an array where the presence of
+     * a 'value' key indiciates whether an override was successfully found,
+     * as null is a valid override value
+     *
+     * @param string $property Name of override requested
+     * @param array $overrides List of overrides available
+     * @return array An array with a 'value' key if a value has been found, or empty if not
+     */
+    protected function processTemplateOverride($property, $overrides)
     {
-        return match (gettype($value)) {
-            'boolean' => DBBoolean::create()->setValue($value),
-            'string' => DBText::create()->setValue($value),
-            'double' => DBFloat::create()->setValue($value),
-            'integer' => DBInt::create()->setValue($value),
-        };
+        if (!array_key_exists($property, $overrides)) {
+            return [];
+        }
+
+        // Detect override type
+        $override = $overrides[$property];
+
+        // Late-evaluate this value
+        if (!is_string($override) && is_callable($override)) {
+            $override = $override();
+
+            // Late override may yet return null
+            if (!isset($override)) {
+                return [];
+            }
+        }
+
+        return ['value' => $override];
+    }
+
+    /**
+     * Build cache of global properties
+     */
+    protected function cacheGlobalProperties()
+    {
+        if (SSViewer_Scope::$globalProperties !== null) {
+            return;
+        }
+
+        SSViewer_Scope::$globalProperties = $this->getPropertiesFromProvider(
+            TemplateGlobalProvider::class,
+            'get_template_global_variables'
+        );
+    }
+
+    /**
+     * Build cache of global iterator properties
+     */
+    protected function cacheIteratorProperties()
+    {
+        if (SSViewer_Scope::$iteratorProperties !== null) {
+            return;
+        }
+
+        SSViewer_Scope::$iteratorProperties = $this->getPropertiesFromProvider(
+            TemplateIteratorProvider::class,
+            'get_template_iterator_variables',
+            true // Call non-statically
+        );
+    }
+
+    protected function getObj(string $name, array $arguments, string $type): ?ViewLayerData
+    {
+        if ($this->hasOverlay($name)) {
+            return $this->getOverlay($name, $arguments);
+        }
+
+        // @TODO caching
+        $on = $this->getCurrentItem();
+        if ($on && isset($on->$name)) {
+            if ($type === ViewLayerData::TYPE_METHOD) {
+                return $on->$name(...$arguments);
+            }
+            // property
+            return $on->$name;
+        }
+
+        return $this->getUnderlay($name, $arguments);
+    }
+
+    protected function hasOverlay(string $property): bool
+    {
+        $result = $this->processTemplateOverride($property, $this->overlay);
+        return array_key_exists('value', $result);
+    }
+
+    protected function getOverlay(string $property, array $args, bool $getRaw = false): mixed
+    {
+        $result = $this->processTemplateOverride($property, $this->overlay);
+        if (array_key_exists('value', $result)) {
+            return $this->getInjectedValue($result, $property, $args, $getRaw);
+        }
+        return null;
+    }
+
+    protected function getUnderlay(string $property, array $args, bool $getRaw = false): mixed
+    {
+        // Check for a presenter-specific override
+        $result = $this->processTemplateOverride($property, $this->underlay);
+        if (array_key_exists('value', $result)) {
+            return $this->getInjectedValue($result, $property, $args, $getRaw);
+        }
+
+        // Then for iterator-specific overrides
+        if (array_key_exists($property, SSViewer_Scope::$iteratorProperties)) {
+            $source = SSViewer_Scope::$iteratorProperties[$property];
+            /** @var TemplateIteratorProvider $implementor */
+            $implementor = $source['implementor'];
+            if ($this->itemIterator) {
+                // Set the current iterator position and total (the object instance is the first item in
+                // the callable array)
+                $implementor->iteratorProperties(
+                    $this->itemIterator->key(),
+                    $this->itemIteratorTotal
+                );
+            } else {
+                // If we don't actually have an iterator at the moment, act like a list of length 1
+                $implementor->iteratorProperties(0, 1);
+            }
+
+            return $this->getInjectedValue($source, $property, $args, $getRaw);
+        }
+
+        // And finally for global overrides
+        if (array_key_exists($property, SSViewer_Scope::$globalProperties)) {
+            return $this->getInjectedValue(
+                SSViewer_Scope::$globalProperties[$property],
+                $property,
+                $args,
+                $getRaw
+            );
+        }
+
+        return null;
+    }
+
+    protected function getInjectedValue(
+        array|TemplateGlobalProvider|TemplateIteratorProvider $source,
+        string $property,
+        array $params,
+        bool $getRaw = false
+    ) {
+        // Look up the value - either from a callable, or from a directly provided value
+        $value = null;
+        if (isset($source['callable'])) {
+            $value = $source['callable'](...$params);
+        } elseif (array_key_exists('value', $source)) {
+            $value = $source['value'];
+        } else {
+            throw new InvalidArgumentException(
+                "Injected property $property doesn't have a value or callable value source provided"
+            );
+        }
+
+        if ($value === null) {
+            return null;
+        }
+
+        // TemplateGlobalProviders can provide an explicit service to cast to which works outside of the regular cast flow
+        if (!$getRaw && isset($source['casting'])) {
+            $castObject = Injector::inst()->create($source['casting'], $property);
+            if (!ClassInfo::hasMethod($castObject, 'setValue')) {
+                throw new LogicException('Explicit cast from template global provider must have a setValue method.');
+            }
+            $castObject->setValue($value);
+            $value = $castObject;
+        }
+
+        return $getRaw ? $value : ViewLayerData::create($value);
     }
 }

src/View/ViewLayerData.php

@@ -0,0 +1,210 @@
+<?php
+
+namespace SilverStripe\View;
+
+use BadMethodCallException;
+use Countable;
+use InvalidArgumentException;
+use IteratorAggregate;
+use SilverStripe\Core\ClassInfo;
+use SilverStripe\Core\Injector\Injectable;
+use SilverStripe\Model\ModelData;
+use SilverStripe\Model\ModelDataCustomised;
+use Stringable;
+use Traversable;
+
+class ViewLayerData implements IteratorAggregate, Stringable, Countable
+{
+    use Injectable;
+
+    public const TYPE_PROPERTY = 'property';
+
+    public const TYPE_METHOD = 'method';
+
+    private object $data;
+
+    public function __construct(mixed $data, mixed $source = null, string $name = '')
+    {
+        if ($data === null) {
+            throw new InvalidArgumentException('$data must not be null');
+        }
+        if ($data instanceof ViewLayerData) {
+            $data = $data->data;
+        } else {
+            $data = CastingService::singleton()->cast($data, $source, $name);
+        }
+        $this->data = $data;
+    }
+
+    /**
+     * Needed so we can rewind in SSViewer_Scope::next() after getting itemIteratorTotal without throwing an exception.
+     * @TODO see if we can remove the need for this
+     */
+    public function count(): int
+    {
+        if (is_countable($this->data)) {
+            return count($this->data);
+        }
+        if (ClassInfo::hasMethod($this->data, 'getIterator')) {
+            return count($this->data->getIterator());
+        }
+        if (ClassInfo::hasMethod($this->data, 'count')) {
+            return $this->data->count();
+        }
+        if (isset($this->data->count)) {
+            return $this->data->count;
+        }
+        return 0;
+    }
+
+    public function getIterator(): Traversable
+    {
+        if (!is_iterable($this->data) && !ClassInfo::hasMethod($this->data, 'getIterator')) {
+            $type = is_object($this->data) ? get_class($this->data) : gettype($this->data);
+            throw new BadMethodCallException("$type is not iterable.");
+        }
+
+        $iterator = $this->data;
+        if (!is_iterable($iterator)) {
+            $iterator = $this->data->getIterator();
+        }
+        $source = $this->data instanceof ModelData ? $this->data : null;
+        foreach ($iterator as $item) {
+            yield $item === null ? null : ViewLayerData::create($item, $source);
+        }
+    }
+
+    public function __isset(string $name): bool
+    {
+        // Might be worth reintroducing the way ss template engine checks if lists/countables "exist" here,
+        // i.e. if ($this->data->__isset($name) && is_countable($this->data->{$name})) { return count($this->data->{$name}) > 0; }
+        // In worst-case scenarios that would result in lazy-loading a value when we don't need to, but we already do that with the current system.
+
+        // The SS template system uses `ModelData::hasValue()` rather than isset(), but using that doesn't check for methods and we can't use
+        // method_exists on ViewLayerData because the method just simply DOESN'T exist.... so. Hmm.
+        // UPDATE: Added ClassInfo::hasMethod here to simulate what ModelData does... will still have to check if it works with twig
+        // Removing method_exists check in scope for now.
+        return isset($this->data->$name) || ClassInfo::hasMethod($this->data, $name);
+    }
+
+    public function __get(string $name): ?ViewLayerData
+    {
+        $value = $this->getRawDataValue($name, ViewLayerData::TYPE_PROPERTY);
+        if ($value === null) {
+            return null;
+        }
+        $source = $this->data instanceof ModelData ? $this->data : null;
+        return ViewLayerData::create($value, $source, $name); // @TODO maybe not return this here, but wrap it again in the next layer? This may not play nicely with twig when passing values into args?
+    }
+
+    public function __call(string $name, array $arguments = []): ?ViewLayerData
+    {
+        $value = $this->getRawDataValue($name, ViewLayerData::TYPE_METHOD, $arguments);
+        if ($value === null) {
+            return null;
+        }
+        $source = $this->data instanceof ModelData ? $this->data : null;
+        return ViewLayerData::create($value, $source, $name); // @TODO maybe not return this here, but wrap it again in the next layer? This may not play nicely with twig when passing values into args?
+    }
+
+    public function __toString(): string
+    {
+        if ($this->data instanceof ModelData) {
+            return $this->data->forTemplate();
+        }
+        return (string) $this->data;
+    }
+
+    // @TODO We need this right now for the ss template engine, but need to check if
+    // we can rely on it, since twig won't be calling this at all
+    public function hasDataValue(?string $name = null, array $arguments = []): bool
+    {
+        if ($name) {
+            if ($this->data instanceof ModelData) {
+                return $this->data->hasValue($name, $arguments);
+            }
+            return isset($this->$name);
+        }
+        if ($this->data instanceof ModelData) {
+            return $this->data->exists();
+        }
+        return (bool) $this->data;
+    }
+
+    // @TODO We need this publicly right now for the ss template engine method args, but need to check if
+    // we can rely on it, since twig won't be calling this at all
+    public function getRawDataValue(string $name, string $type, array $arguments = []): mixed
+    {
+        if ($type !== ViewLayerData::TYPE_METHOD && $type !== ViewLayerData::TYPE_PROPERTY) {
+            throw new InvalidArgumentException('$type must be one of the TYPE_* constant values');
+        }
+
+        $data = $this->data;
+        if ($data instanceof ModelDataCustomised && $data->customisedHas($name)) {
+            $data = $data->getCustomisedModelData();
+        }
+
+        $value = $this->getValueFromData($data, $name, $type, $arguments);
+
+        return $value;
+    }
+
+    private function getValueFromData(object $data, string $name, string $type, array $arguments): mixed
+    {
+        // Values from ModelData can be cached
+        if ($data instanceof ModelData) {
+            $cached = $data->objCacheGet($name, $arguments);
+            if ($cached !== null) {
+                return $cached;
+            }
+        }
+
+        $value = null;
+        // Keep track of whether we've already fetched a value (allowing null to be the correct value)
+        $fetchedValue = false;
+
+        // Try calling a method even if we're fetching as a property
+        // This matches historical behaviour that a LOT of logic in core modules expects
+        $value = $this->callDataMethod($data, $name, $arguments, $fetchedValue);
+
+        // Only try to get a property if we aren't explicitly trying to call a method
+        if (!$fetchedValue && $type === ViewLayerData::TYPE_PROPERTY) {
+            // Try an explicit getter
+            // This matches the "magic" getter behaviour of ModelData across the board for consistent results
+            $getter = "get{$name}";
+            $value = $this->callDataMethod($data, $getter, $arguments, $fetchedValue);
+            if (!$fetchedValue && isset($data->$name)) {
+                $value = $data->$name;
+                $fetchedValue = true;
+            }
+        }
+
+        // Caching for modeldata
+        if ($data instanceof ModelData) {
+            $data->objCacheSet($name, $arguments, $value);
+        }
+
+        return $value;
+    }
+
+    private function callDataMethod(object $data, string $name, array $arguments, bool &$fetchedValue = false): mixed
+    {
+        $hasDynamicMethods = method_exists($data, '__call');
+        $hasMethod = ClassInfo::hasMethod($data, $name);
+        if ($hasMethod || $hasDynamicMethods) {
+            try {
+                $value = $data->$name(...$arguments);
+                $fetchedValue = true;
+                return $value;
+            } catch (BadMethodCallException $e) {
+                // Only throw the exception if we weren't relying on __call
+                // It's common for __call to throw BadMethodCallException for methods that aren't "implemented"
+                // so we just want to return null in those cases.
+                if (!$hasDynamicMethods) {
+                    throw $e;
+                }
+            }
+        }
+        return null;
+    }
+}

tests/php/Cli/Command/NavigateCommandTest.php

@@ -13,7 +13,7 @@ use Symfony\Component\Console\Output\BufferedOutput;
 
 class NavigateCommandTest extends SapphireTest
 {
-    protected $usesDatabase = false;
+    protected $usesDatabase = true;
 
     public static function provideExecute(): array
     {

tests/php/Forms/ConfirmedPasswordFieldTest.php

@@ -11,11 +11,9 @@ use SilverStripe\Forms\Form;
 use SilverStripe\Forms\ReadonlyField;
 use SilverStripe\Forms\RequiredFields;
 use SilverStripe\Security\Member;
-use SilverStripe\Security\PasswordValidator;
 use SilverStripe\View\SSViewer;
 use Closure;
 use PHPUnit\Framework\Attributes\DataProvider;
-use SilverStripe\Dev\Deprecation;
 
 class ConfirmedPasswordFieldTest extends SapphireTest
 {
@@ -25,11 +23,7 @@ class ConfirmedPasswordFieldTest extends SapphireTest
     {
         parent::setUp();
 
-        Deprecation::withSuppressedNotice(
-            fn() => PasswordValidator::singleton()
-            ->setMinLength(0)
-            ->setTestNames([])
-        );
+        Member::set_password_validator(null);
     }
 
     public function testSetValue()
@@ -217,10 +211,10 @@ class ConfirmedPasswordFieldTest extends SapphireTest
         return [
             'valid: within min and max' => [3, 8, true],
             'invalid: lower than min with max' => [8, 12, false, 'Passwords must be 8 to 12 characters long'],
-            'valid: greater than min' => [3, null, true],
-            'invalid: lower than min' => [8, null, false, 'Passwords must be at least 8 characters long'],
-            'valid: less than max' => [null, 8, true],
-            'invalid: greater than max' => [null, 4, false, 'Passwords must be at most 4 characters long'],
+            'valid: greater than min' => [3, 0, true],
+            'invalid: lower than min' => [8, 0, false, 'Passwords must be at least 8 characters long'],
+            'valid: less than max' => [0, 8, true],
+            'invalid: greater than max' => [0, 4, false, 'Passwords must be at most 4 characters long'],
 
         ];
     }
@@ -239,7 +233,7 @@ class ConfirmedPasswordFieldTest extends SapphireTest
         $this->assertFalse($result, 'Validate method should return its result');
         $this->assertFalse($validator->getResult()->isValid());
         $this->assertStringContainsString(
-            'Passwords must have at least one digit and one alphanumeric character',
+            'The password strength is too low. Please use a stronger password.',
             json_encode($validator->getResult()->__serialize())
         );
     }

tests/php/Forms/EmailFieldTest.php

@@ -4,9 +4,7 @@ namespace SilverStripe\Forms\Tests;
 
 use SilverStripe\Dev\FunctionalTest;
 use SilverStripe\Forms\EmailField;
-use Exception;
-use PHPUnit\Framework\AssertionFailedError;
-use SilverStripe\Forms\Tests\EmailFieldTest\TestValidator;
+use SilverStripe\Forms\FieldsValidator;
 
 class EmailFieldTest extends FunctionalTest
 {
@@ -40,21 +38,14 @@ class EmailFieldTest extends FunctionalTest
         $field = new EmailField("MyEmail");
         $field->setValue($email);
 
-        $val = new TestValidator();
-        try {
-            $field->validate($val);
-            // If we expect failure and processing gets here without an exception, the test failed
-            $this->assertTrue($expectSuccess, $checkText . " (/$email/ passed validation, but not expected to)");
-        } catch (Exception $e) {
-            if ($e instanceof AssertionFailedError) {
-                 // re-throw assertion failure
-                throw $e;
-            } elseif ($expectSuccess) {
-                $this->fail(
-                    $checkText . ": " . $e->getMessage() . " (/$email/ did not pass validation, but was expected to)"
-                );
-            }
+        if ($expectSuccess) {
+            $message = $checkText . " (/$email/ did not pass validation, but was expected to)";
+        } else {
+            $message = $checkText . " (/$email/ passed validation, but not expected to)";
         }
+
+        $result = $field->validate(new FieldsValidator());
+        $this->assertSame($expectSuccess, $result, $message);
     }
 
     /**

tests/php/Forms/EmailFieldTest/TestValidator.php

@@ -1,27 +0,0 @@
-<?php
-
-namespace SilverStripe\Forms\Tests\EmailFieldTest;
-
-use Exception;
-use SilverStripe\Forms\Validator;
-use SilverStripe\Core\Validation\ValidationResult;
-
-class TestValidator extends Validator
-{
-    public function validationError(
-        $fieldName,
-        $message,
-        $messageType = ValidationResult::TYPE_ERROR,
-        $cast = ValidationResult::CAST_TEXT
-    ) {
-        throw new Exception($message);
-    }
-
-    public function javascript()
-    {
-    }
-
-    public function php($data)
-    {
-    }
-}

tests/php/Forms/TreeDropdownFieldTest.php

@@ -314,7 +314,7 @@ class TreeDropdownFieldTest extends SapphireTest
         $noResult = $parser->getBySelector($cssPath);
         $this->assertEmpty(
             $noResult,
-            $subObject2 . ' is not found'
+            get_class($subObject2) . ' is not found'
         );
     }
 

tests/php/Forms/UrlFieldTest.php

@@ -89,4 +89,23 @@ class UrlFieldTest extends SapphireTest
         $expectedCount = $valid ? 0 : 1;
         $this->assertEquals($expectedCount, count($validator->getErrors()));
     }
+
+    public function testAllowedProtocols(): void
+    {
+        $field = new UrlField('MyUrl');
+        // Defaults should be http and https
+        $this->assertSame(['https', 'http'], $field->getAllowedProtocols());
+
+        // Defaults change with config, and ignore keys
+        UrlField::config()->set('default_protocols', ['my-key' => 'ftp']);
+        $this->assertSame(['ftp'], $field->getAllowedProtocols());
+
+        // Can set explicit protocols - again keys are ignored
+        $field->setAllowedProtocols(['http', 'key' => 'irc', 'nntp']);
+        $this->assertSame(['http', 'irc', 'nntp'], $field->getAllowedProtocols());
+
+        // Can reset back to config defaults
+        $field->setAllowedProtocols([]);
+        $this->assertSame(['ftp'], $field->getAllowedProtocols());
+    }
 }

tests/php/Model/ModelDataTest.php

@@ -122,7 +122,7 @@ class ModelDataTest extends SapphireTest
         $this->assertEquals('casted', $newModelData->XML_val('alwaysCasted'));
 
         $this->assertEquals('castable', $modelData->forTemplate());
-        $this->assertEquals('casted', $newModelData->forTemplate());
+        $this->assertEquals('castable', $newModelData->forTemplate());
     }
 
     public function testDefaultValueWrapping()
@@ -139,25 +139,6 @@ class ModelDataTest extends SapphireTest
         $this->assertEquals('SomeTitleValue', $obj->forTemplate());
     }
 
-    public function testCastingClass()
-    {
-        $expected = [
-            //'NonExistant'   => null,
-            'Field'         => 'CastingType',
-            'Argument'      => 'ArgumentType',
-            'ArrayArgument' => 'ArrayArgumentType'
-        ];
-        $obj = new ModelDataTest\CastingClass();
-
-        foreach ($expected as $field => $class) {
-            $this->assertEquals(
-                $class,
-                $obj->castingClass($field),
-                "castingClass() returns correct results for ::\$$field"
-            );
-        }
-    }
-
     public function testObjWithCachedStringValueReturnsValidObject()
     {
         $obj = new ModelDataTest\NoCastingInformation();

tests/php/Model/ModelDataTest/NotCached.php

@@ -9,7 +9,7 @@ class NotCached extends ModelData implements TestOnly
 {
     public $Test;
 
-    protected function objCacheGet($key)
+    public function objCacheGet(string $fieldName, array $arguments = []): mixed
     {
         // Disable caching
         return null;

tests/php/ORM/Filters/EndsWithFilterTest.php

@@ -197,20 +197,6 @@ class EndsWithFilterTest extends SapphireTest
                 'modifiers' => [],
                 'matches' => false,
             ],
-            // These will both evaluate to true because the __toString() method just returns the class name.
-            // We're testing this scenario because ArrayList might contain arbitrary values
-            [
-                'filterValue' => new ArrayData(['SomeField' => 'some value']),
-                'matchValue' => new ArrayData(['SomeField' => 'some value']),
-                'modifiers' => [],
-                'matches' => true,
-            ],
-            [
-                'filterValue' => new ArrayData(['SomeField' => 'SoMe VaLuE']),
-                'matchValue' => new ArrayData(['SomeField' => 'some value']),
-                'modifiers' => [],
-                'matches' => true,
-            ],
             // case insensitive
             [
                 'filterValue' => 'somevalue',

tests/php/ORM/Filters/PartialMatchFilterTest.php

@@ -197,20 +197,6 @@ class PartialMatchFilterTest extends SapphireTest
                 'modifiers' => [],
                 'matches' => false,
             ],
-            // These will both evaluate to true because the __toString() method just returns the class name.
-            // We're testing this scenario because ArrayList might contain arbitrary values
-            [
-                'filterValue' => new ArrayData(['SomeField' => 'some value']),
-                'matchValue' => new ArrayData(['SomeField' => 'some value']),
-                'modifiers' => [],
-                'matches' => true,
-            ],
-            [
-                'filterValue' => new ArrayData(['SomeField' => 'SoMe VaLuE']),
-                'matchValue' => new ArrayData(['SomeField' => 'some value']),
-                'modifiers' => [],
-                'matches' => true,
-            ],
             // case insensitive
             [
                 'filterValue' => 'somevalue',

tests/php/ORM/Filters/StartsWithFilterTest.php

@@ -197,20 +197,6 @@ class StartsWithFilterTest extends SapphireTest
                 'modifiers' => [],
                 'matches' => false,
             ],
-            // These will both evaluate to true because the __toString() method just returns the class name.
-            // We're testing this scenario because ArrayList might contain arbitrary values
-            [
-                'filterValue' => new ArrayData(['SomeField' => 'some value']),
-                'matchValue' => new ArrayData(['SomeField' => 'some value']),
-                'modifiers' => [],
-                'matches' => true,
-            ],
-            [
-                'filterValue' => new ArrayData(['SomeField' => 'SoMe VaLuE']),
-                'matchValue' => new ArrayData(['SomeField' => 'some value']),
-                'modifiers' => [],
-                'matches' => true,
-            ],
             // case insensitive
             [
                 'filterValue' => 'somevalue',

tests/php/ORM/LabelFieldTest.php

@@ -11,6 +11,6 @@ class LabelFieldTest extends SapphireTest
     public function testFieldHasNoNameAttribute()
     {
         $field = new LabelField('MyName', 'MyTitle');
-        $this->assertEquals(trim($field->Field() ?? ''), '<label id="MyName" class="readonly">MyTitle</label>');
+        $this->assertEquals('<label id="MyName" class="readonly">MyTitle</label>', trim($field->Field()));
     }
 }

tests/php/Security/MemberAuthenticatorTest.php

@@ -6,7 +6,6 @@ use SilverStripe\Control\Controller;
 use SilverStripe\Control\NullHTTPRequest;
 use SilverStripe\Core\Config\Config;
 use SilverStripe\Core\Injector\Injector;
-use SilverStripe\Dev\Deprecation;
 use SilverStripe\Dev\SapphireTest;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\Core\Validation\ValidationResult;
@@ -19,7 +18,6 @@ use SilverStripe\Security\MemberAuthenticator\CMSMemberAuthenticator;
 use SilverStripe\Security\MemberAuthenticator\CMSMemberLoginForm;
 use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
 use SilverStripe\Security\MemberAuthenticator\MemberLoginForm;
-use SilverStripe\Security\PasswordValidator;
 use SilverStripe\Security\Security;
 
 class MemberAuthenticatorTest extends SapphireTest
@@ -44,12 +42,8 @@ class MemberAuthenticatorTest extends SapphireTest
         }
         DefaultAdminService::setDefaultAdmin('admin', 'password');
 
-        // Enforce dummy validation (this can otherwise be influenced by recipe config)
-        Deprecation::withSuppressedNotice(
-            fn() => PasswordValidator::singleton()
-            ->setMinLength(0)
-            ->setTestNames([])
-        );
+        // Enforce no password validation
+        Member::set_password_validator(null);
     }
 
     protected function tearDown(): void

tests/php/Security/MemberCsvBulkLoaderTest.php

@@ -2,12 +2,10 @@
 
 namespace SilverStripe\Security\Tests;
 
-use SilverStripe\Dev\Deprecation;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\Security\Group;
 use SilverStripe\Security\MemberCsvBulkLoader;
 use SilverStripe\Security\Member;
-use SilverStripe\Security\PasswordValidator;
 use SilverStripe\Security\Security;
 use SilverStripe\Dev\SapphireTest;
 use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
@@ -19,12 +17,7 @@ class MemberCsvBulkLoaderTest extends SapphireTest
     protected function setUp(): void
     {
         parent::setUp();
-
-        Deprecation::withSuppressedNotice(
-            fn() => PasswordValidator::singleton()
-            ->setMinLength(0)
-            ->setTestNames([])
-        );
+        Member::set_password_validator(null);
     }
 
     public function testNewImport()

tests/php/Security/MemberTest.php

@@ -8,7 +8,6 @@ use SilverStripe\Control\Cookie;
 use SilverStripe\Core\Config\Config;
 use SilverStripe\Core\Convert;
 use SilverStripe\Core\Injector\Injector;
-use SilverStripe\Dev\Deprecation;
 use SilverStripe\Dev\FunctionalTest;
 use SilverStripe\Forms\CheckboxField;
 use SilverStripe\Forms\FieldList;
@@ -29,7 +28,6 @@ use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
 use SilverStripe\Security\MemberAuthenticator\SessionAuthenticationHandler;
 use SilverStripe\Security\MemberPassword;
 use SilverStripe\Security\PasswordEncryptor_Blowfish;
-use SilverStripe\Security\PasswordValidator;
 use SilverStripe\Security\Permission;
 use SilverStripe\Security\RememberLoginHash;
 use SilverStripe\Security\Security;
@@ -37,6 +35,8 @@ use SilverStripe\Security\Tests\MemberTest\FieldsExtension;
 use SilverStripe\SessionManager\Models\LoginSession;
 use ReflectionMethod;
 use PHPUnit\Framework\Attributes\DataProvider;
+use SilverStripe\Security\Validation\EntropyPasswordValidator;
+use SilverStripe\Security\Validation\RulesPasswordValidator;
 
 class MemberTest extends FunctionalTest
 {
@@ -75,12 +75,6 @@ class MemberTest extends FunctionalTest
 
         Member::config()->set('unique_identifier_field', 'Email');
 
-        Deprecation::withSuppressedNotice(
-            fn() => PasswordValidator::singleton()
-            ->setMinLength(0)
-            ->setTestNames([])
-        );
-
         i18n::set_locale('en_US');
     }
 
@@ -1743,7 +1737,7 @@ class MemberTest extends FunctionalTest
     public function testChangePasswordOnlyValidatesPlaintext()
     {
         // This validator requires passwords to be 17 characters long
-        Member::set_password_validator(Deprecation::withSuppressedNotice(fn() => new MemberTest\VerySpecificPasswordValidator()));
+        Member::set_password_validator(new MemberTest\VerySpecificPasswordValidator());
 
         // This algorithm will never return a 17 character hash
         Security::config()->set('password_encryption_algorithm', 'blowfish');
@@ -1770,11 +1764,23 @@ class MemberTest extends FunctionalTest
         $this->assertNotNull(Member::get()->find('Email', 'trimmed@test.com'));
     }
 
-    public function testChangePasswordToBlankIsValidated()
+    public static function provideChangePasswordToBlankIsValidated(): array
     {
-        Member::set_password_validator(Deprecation::withSuppressedNotice(fn() => new PasswordValidator()));
-        // override setup() function which setMinLength(0)
-        PasswordValidator::singleton()->setMinLength(8);
+        return [
+            [
+                'validatorClass' => RulesPasswordValidator::class,
+            ],
+            [
+                'validatorClass' => EntropyPasswordValidator::class,
+            ],
+        ];
+    }
+
+    #[DataProvider('provideChangePasswordToBlankIsValidated')]
+    public function testChangePasswordToBlankIsValidated(string $validatorClass): void
+    {
+        $validator = new $validatorClass();
+        Member::set_password_validator($validator);
         // 'test' member has a password defined in yml
         $member = $this->objFromFixture(Member::class, 'test');
         $result = $member->changePassword('');
@@ -1896,34 +1902,57 @@ class MemberTest extends FunctionalTest
         ];
     }
 
-    public function testGenerateRandomPassword()
+    public static function provideGenerateRandomPassword(): array
+    {
+        return [
+            [
+                'validatorClass' => RulesPasswordValidator::class,
+            ],
+            [
+                'validatorClass' => EntropyPasswordValidator::class,
+            ],
+        ];
+    }
+
+    #[DataProvider('provideGenerateRandomPassword')]
+    public function testGenerateRandomPassword(string $validatorClass): void
     {
         $member = new Member();
         // no password validator
         Member::set_password_validator(null);
-        // password length is same as length argument
+        // password length is min 128 chars long
         $password = $member->generateRandomPassword(5);
-        $this->assertSame(5, strlen($password));
-        // default to 20 if not length argument
-        $password = $member->generateRandomPassword();
-        $this->assertSame(20, strlen($password));
+        $this->assertSame(128, strlen($password));
+        // password length can be longer
+        $password = $member->generateRandomPassword(130);
+        $this->assertSame(130, strlen($password));
         // password validator
-        $validator = Deprecation::withSuppressedNotice(fn() => new PasswordValidator());
+        $validator = new $validatorClass();
         Member::set_password_validator($validator);
-        // Password length of 20 even if validator minLength is less than 20
-        $validator->setMinLength(10);
+        if ($validator instanceof RulesPasswordValidator) {
+            // Password length of 20 even if validator minLength is less than 20
+            $validator->setMinLength(10);
+            $minLengthInMember = 20;
+        } else {
+            $minLengthInMember = 128;
+        }
         $password = $member->generateRandomPassword();
-        $this->assertSame(20, strlen($password));
-        // Password length of 25 if passing length argument, and validator minlength is less than length argument
-        $password = $member->generateRandomPassword(25);
-        $this->assertSame(25, strlen($password));
-        // Password length is validator minLength if validator minLength is greater than 20 and no length argument
-        $validator->setMinLength(30);
-        $password = $member->generateRandomPassword();
-        $this->assertSame(30, strlen($password));
-        // Exception throw if length argument is less than validator minLength
-        $this->expectException(InvalidArgumentException::class);
-        $this->expectExceptionMessage('length argument is less than password validator minLength');
-        $password = $member->generateRandomPassword(15);
+        $this->assertSame($minLengthInMember, strlen($password));
+        // Password length of 256 if passing length argument, and validator minlength is less than length argument
+        $password = $member->generateRandomPassword(256);
+        $this->assertSame(256, strlen($password));
+        if ($validator instanceof RulesPasswordValidator) {
+            // Password length is validator minLength if validator minLength is greater than 20 and no length argument
+            $validator->setMinLength(30);
+            $password = $member->generateRandomPassword();
+            $this->assertSame(30, strlen($password));
+            // Exception throw if length argument is less than validator minLength
+            $this->expectException(InvalidArgumentException::class);
+            $this->expectExceptionMessage('length argument is less than password validator minLength');
+            $password = $member->generateRandomPassword(15);
+        } else {
+            // No exception for entropy validator
+            $password = $member->generateRandomPassword(15);
+        }
     }
 }

tests/php/Security/MemberTest/TestPasswordValidator.php

@@ -3,9 +3,9 @@
 namespace SilverStripe\Security\Tests\MemberTest;
 
 use SilverStripe\Dev\TestOnly;
-use SilverStripe\Security\PasswordValidator;
+use SilverStripe\Security\Validation\RulesPasswordValidator;
 
-class TestPasswordValidator extends PasswordValidator implements TestOnly
+class TestPasswordValidator extends RulesPasswordValidator implements TestOnly
 {
     public function __construct()
     {

tests/php/Security/MemberTest/VerySpecificPasswordValidator.php

@@ -4,11 +4,12 @@ namespace SilverStripe\Security\Tests\MemberTest;
 
 use SilverStripe\Dev\TestOnly;
 use SilverStripe\Core\Validation\ValidationResult;
-use SilverStripe\Security\PasswordValidator;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Validation\PasswordValidator;
 
 class VerySpecificPasswordValidator extends PasswordValidator implements TestOnly
 {
-    public function validate($password, $member)
+    public function validate(string $password, Member $member): ValidationResult
     {
         $result = ValidationResult::create();
         if (strlen($password ?? '') !== 17) {

tests/php/Security/SecurityTest.php

@@ -22,7 +22,6 @@ use SilverStripe\Core\Validation\ValidationResult;
 use SilverStripe\Security\LoginAttempt;
 use SilverStripe\Security\Member;
 use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
-use SilverStripe\Security\PasswordValidator;
 use SilverStripe\Security\Security;
 use SilverStripe\Security\SecurityToken;
 
@@ -60,11 +59,6 @@ class SecurityTest extends FunctionalTest
 
         Member::config()->set('unique_identifier_field', 'Email');
 
-        PasswordValidator::config()
-            ->remove('min_length')
-            ->remove('historic_count')
-            ->remove('min_test_score');
-
         Member::set_password_validator(null);
 
         parent::setUp();

tests/php/Security/Validation/EntropyPasswordValidatorTest.php

@@ -0,0 +1,42 @@
+<?php
+
+namespace SilverStripe\Security\Tests\Validation;
+
+use PHPUnit\Framework\Attributes\DataProvider;
+use SilverStripe\Dev\SapphireTest;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Validation\EntropyPasswordValidator;
+
+/**
+ * EntropyPasswordValidator uses a third-party for its validation so we don't need rigorous testing here.
+ * Just test that stupid simple passwords don't pass, and complex ones do.
+ */
+class EntropyPasswordValidatorTest extends SapphireTest
+{
+    protected $usesDatabase = false;
+
+    public static function provideValidate(): array
+    {
+        return [
+            [
+                'password' => '',
+                'expected' => false,
+            ],
+            [
+                'password' => 'password123',
+                'expected' => false,
+            ],
+            [
+                'password' => 'This is a really long and complex PASSWORD',
+                'expected' => true,
+            ],
+        ];
+    }
+
+    #[DataProvider('provideValidate')]
+    public function testValidate(string $password, bool $expected): void
+    {
+        $validator = new EntropyPasswordValidator();
+        $this->assertSame($expected, $validator->validate($password, new Member())->isValid());
+    }
+}

tests/php/Security/Validation/PasswordValidatorTest.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace SilverStripe\Security\Tests\Validation;
+
+use SilverStripe\Dev\SapphireTest;
+use SilverStripe\Security\Member;
+use SilverStripe\Security\Tests\Validation\RulesPasswordValidatorTest\DummyPasswordValidator;
+
+class PasswordValidatorTest extends SapphireTest
+{
+    /**
+     * {@inheritDoc}
+     * @var bool
+     */
+    protected $usesDatabase = true;
+
+    public function testValidate()
+    {
+        $validator = new DummyPasswordValidator;
+        $validator->setHistoricCount(3);
+        Member::set_password_validator($validator);
+
+        $member = new Member;
+        $member->FirstName = 'Repeat';
+        $member->Surname = 'Password-Man';
+        $member->Password = 'honk';
+        $member->write();
+
+        // Create a set of used passwords
+        $member->changePassword('foobar');
+        $member->changePassword('foobaz');
+        $member->changePassword('barbaz');
+
+        $this->assertFalse($member->changePassword('barbaz')->isValid());
+        $this->assertFalse($member->changePassword('foobaz')->isValid());
+        $this->assertFalse($member->changePassword('foobar')->isValid());
+        $this->assertTrue($member->changePassword('honk')->isValid());
+        $this->assertTrue($member->changePassword('newpassword')->isValid());
+    }
+}

tests/php/Security/Validation/PasswordValidatorTest/DummyPasswordValidator.php

@@ -0,0 +1,11 @@
+<?php
+
+namespace SilverStripe\Security\Tests\Validation\RulesPasswordValidatorTest;
+
+use SilverStripe\Dev\TestOnly;
+use SilverStripe\Security\Validation\PasswordValidator;
+
+class DummyPasswordValidator extends PasswordValidator implements TestOnly
+{
+    // no-op, just need a concrete class instead of an abstract one.
+}

tests/php/Security/Validation/RulesPasswordValidatorTest.php

@@ -1,25 +1,20 @@
 <?php
 
-namespace SilverStripe\Security\Tests;
+namespace SilverStripe\Security\Tests\Validation;
 
-use SilverStripe\Dev\Deprecation;
 use SilverStripe\Dev\SapphireTest;
 use SilverStripe\Security\Member;
-use SilverStripe\Security\PasswordValidator;
+use SilverStripe\Security\Validation\RulesPasswordValidator;
 
-class PasswordValidatorTest extends SapphireTest
+class RulesPasswordValidatorTest extends SapphireTest
 {
-    /**
-     * {@inheritDoc}
-     * @var bool
-     */
-    protected $usesDatabase = true;
+    protected $usesDatabase = false;
 
     protected function setUp(): void
     {
         parent::setUp();
 
-        PasswordValidator::config()
+        RulesPasswordValidator::config()
             ->remove('min_length')
             ->remove('historic_count')
             ->set('min_test_score', 0);
@@ -27,7 +22,7 @@ class PasswordValidatorTest extends SapphireTest
 
     public function testValidate()
     {
-        $v = Deprecation::withSuppressedNotice(fn() => new PasswordValidator());
+        $v = new RulesPasswordValidator();
         $r = $v->validate('', new Member());
         $this->assertTrue($r->isValid(), 'Empty password is valid by default');
 
@@ -37,7 +32,7 @@ class PasswordValidatorTest extends SapphireTest
 
     public function testValidateMinLength()
     {
-        $v = Deprecation::withSuppressedNotice(fn() => new PasswordValidator());
+        $v = new RulesPasswordValidator();
 
         $v->setMinLength(4);
         $r = $v->validate('123', new Member());
@@ -51,7 +46,7 @@ class PasswordValidatorTest extends SapphireTest
     public function testValidateMinScore()
     {
         // Set both score and set of tests
-        $v = Deprecation::withSuppressedNotice(fn() => new PasswordValidator());
+        $v = new RulesPasswordValidator();
         $v->setMinTestScore(3);
         $v->setTestNames(["lowercase", "uppercase", "digits", "punctuation"]);
 
@@ -62,7 +57,7 @@ class PasswordValidatorTest extends SapphireTest
         $this->assertTrue($r->isValid(), 'Passing enough tests');
 
         // Ensure min score without tests works (uses default tests)
-        $v = Deprecation::withSuppressedNotice(fn() => new PasswordValidator());
+        $v = new RulesPasswordValidator();
         $v->setMinTestScore(3);
 
         $r = $v->validate('aA', new Member());
@@ -76,31 +71,4 @@ class PasswordValidatorTest extends SapphireTest
         $r = $v->validate('aA1!', new Member());
         $this->assertTrue($r->isValid(), 'Passing enough tests');
     }
-
-    /**
-     * Test that a certain number of historical passwords are checked if specified
-     */
-    public function testHistoricalPasswordCount()
-    {
-        $validator = Deprecation::withSuppressedNotice(fn() => new PasswordValidator);
-        $validator->setHistoricCount(3);
-        Member::set_password_validator($validator);
-
-        $member = new Member;
-        $member->FirstName = 'Repeat';
-        $member->Surname = 'Password-Man';
-        $member->Password = 'honk';
-        $member->write();
-
-        // Create a set of used passwords
-        $member->changePassword('foobar');
-        $member->changePassword('foobaz');
-        $member->changePassword('barbaz');
-
-        $this->assertFalse($member->changePassword('barbaz')->isValid());
-        $this->assertFalse($member->changePassword('foobaz')->isValid());
-        $this->assertFalse($member->changePassword('foobar')->isValid());
-        $this->assertTrue($member->changePassword('honk')->isValid());
-        $this->assertTrue($member->changePassword('newpassword')->isValid());
-    }
 }

tests/php/Security/VersionedMemberAuthenticatorTest.php

@@ -3,24 +3,11 @@
 namespace SilverStripe\Security\Tests;
 
 use SilverStripe\Control\Controller;
-use SilverStripe\Control\NullHTTPRequest;
-use SilverStripe\Core\Config\Config;
-use SilverStripe\Core\Injector\Injector;
-use SilverStripe\Dev\Deprecation;
 use SilverStripe\Dev\SapphireTest;
 use SilverStripe\ORM\FieldType\DBDatetime;
 use SilverStripe\Core\Validation\ValidationResult;
-use SilverStripe\Security\Authenticator;
-use SilverStripe\Security\DefaultAdminService;
-use SilverStripe\Security\IdentityStore;
-use SilverStripe\Security\LoginAttempt;
 use SilverStripe\Security\Member;
-use SilverStripe\Security\MemberAuthenticator\CMSMemberAuthenticator;
-use SilverStripe\Security\MemberAuthenticator\CMSMemberLoginForm;
 use SilverStripe\Security\MemberAuthenticator\MemberAuthenticator;
-use SilverStripe\Security\MemberAuthenticator\MemberLoginForm;
-use SilverStripe\Security\PasswordValidator;
-use SilverStripe\Security\Security;
 use SilverStripe\Versioned\Versioned;
 
 class VersionedMemberAuthenticatorTest extends SapphireTest
@@ -43,12 +30,8 @@ class VersionedMemberAuthenticatorTest extends SapphireTest
             return;
         }
 
-        // Enforce dummy validation (this can otherwise be influenced by recipe config)
-        Deprecation::withSuppressedNotice(
-            fn() => PasswordValidator::singleton()
-            ->setMinLength(0)
-            ->setTestNames([])
-        );
+        // Remove password validation
+        Member::set_password_validator(null);
     }
 
     protected function tearDown(): void

tests/php/View/SSViewerTest.php

@@ -360,8 +360,9 @@ SS;
             'z<div></div>z',
             $this->render('$SSViewerTest_GlobalThatTakesArguments($SSViewerTest_GlobalHTMLFragment)')
         );
+        // Don't escape value when passing into a method call
         $this->assertEquals(
-            'z&lt;div&gt;&lt;/div&gt;z',
+            'z<div></div>z',
             $this->render('$SSViewerTest_GlobalThatTakesArguments($SSViewerTest_GlobalHTMLEscaped)')
         );
     }
@@ -1118,57 +1119,59 @@ after'
     public function testIncludeWithArguments()
     {
         $this->assertEquals(
-            $this->render('<% include SSViewerTestIncludeWithArguments %>'),
-            '<p>[out:Arg1]</p><p>[out:Arg2]</p><p>[out:Arg2.Count]</p>'
+            '<p>[out:Arg1]</p><p>[out:Arg2]</p><p>[out:Arg2.Count]</p>',
+            $this->render('<% include SSViewerTestIncludeWithArguments %>')
         );
 
         $this->assertEquals(
-            $this->render('<% include SSViewerTestIncludeWithArguments Arg1=A %>'),
-            '<p>A</p><p>[out:Arg2]</p><p>[out:Arg2.Count]</p>'
+            '<p>A</p><p>[out:Arg2]</p><p>[out:Arg2.Count]</p>',
+            $this->render('<% include SSViewerTestIncludeWithArguments Arg1=A %>')
         );
 
         $this->assertEquals(
-            $this->render('<% include SSViewerTestIncludeWithArguments Arg1=A, Arg2=B %>'),
-            '<p>A</p><p>B</p><p></p>'
+            '<p>A</p><p>B</p><p></p>',
+            $this->render('<% include SSViewerTestIncludeWithArguments Arg1=A, Arg2=B %>')
         );
 
         $this->assertEquals(
-            $this->render('<% include SSViewerTestIncludeWithArguments Arg1=A Bare String, Arg2=B Bare String %>'),
-            '<p>A Bare String</p><p>B Bare String</p><p></p>'
+            '<p>A Bare String</p><p>B Bare String</p><p></p>',
+            $this->render('<% include SSViewerTestIncludeWithArguments Arg1=A Bare String, Arg2=B Bare String %>')
         );
 
         $this->assertEquals(
+            '<p>A</p><p>Bar</p><p></p>',
             $this->render(
                 '<% include SSViewerTestIncludeWithArguments Arg1="A", Arg2=$B %>',
                 new ArrayData(['B' => 'Bar'])
-            ),
-            '<p>A</p><p>Bar</p><p></p>'
+            )
         );
 
         $this->assertEquals(
+            '<p>A</p><p>Bar</p><p></p>',
             $this->render(
                 '<% include SSViewerTestIncludeWithArguments Arg1="A" %>',
                 new ArrayData(['Arg1' => 'Foo', 'Arg2' => 'Bar'])
-            ),
-            '<p>A</p><p>Bar</p><p></p>'
+            )
         );
 
         $this->assertEquals(
-            $this->render('<% include SSViewerTestIncludeWithArguments Arg1="A", Arg2=0 %>'),
-            '<p>A</p><p>0</p><p></p>'
+            '<p>A</p><p>0</p><p></p>',
+            $this->render('<% include SSViewerTestIncludeWithArguments Arg1="A", Arg2=0 %>')
         );
 
         $this->assertEquals(
-            $this->render('<% include SSViewerTestIncludeWithArguments Arg1="A", Arg2=false %>'),
-            '<p>A</p><p></p><p></p>'
+            '<p>A</p><p></p><p></p>',
+            $this->render('<% include SSViewerTestIncludeWithArguments Arg1="A", Arg2=false %>')
         );
 
         $this->assertEquals(
-            $this->render('<% include SSViewerTestIncludeWithArguments Arg1="A", Arg2=null %>'),
-            '<p>A</p><p></p><p></p>'
+            '<p>A</p><p></p><p></p>',
+            // Note Arg2 is explicitly overridden with null
+            $this->render('<% include SSViewerTestIncludeWithArguments Arg1="A", Arg2=null %>')
         );
 
         $this->assertEquals(
+            'SomeArg - Foo - Bar - SomeArg',
             $this->render(
                 '<% include SSViewerTestIncludeScopeInheritanceWithArgsInLoop Title="SomeArg" %>',
                 new ArrayData(
@@ -1179,19 +1182,19 @@ after'
                         ]
                     )]
                 )
-            ),
-            'SomeArg - Foo - Bar - SomeArg'
+            )
         );
 
         $this->assertEquals(
+            'A - B - A',
             $this->render(
                 '<% include SSViewerTestIncludeScopeInheritanceWithArgsInWith Title="A" %>',
                 new ArrayData(['Item' => new ArrayData(['Title' =>'B'])])
-            ),
-            'A - B - A'
+            )
         );
 
         $this->assertEquals(
+            'A - B - C - B - A',
             $this->render(
                 '<% include SSViewerTestIncludeScopeInheritanceWithArgsInNestedWith Title="A" %>',
                 new ArrayData(
@@ -1202,11 +1205,11 @@ after'
                         ]
                     )]
                 )
-            ),
-            'A - B - C - B - A'
+            )
         );
 
         $this->assertEquals(
+            'A - A - A',
             $this->render(
                 '<% include SSViewerTestIncludeScopeInheritanceWithUpAndTop Title="A" %>',
                 new ArrayData(
@@ -1217,8 +1220,7 @@ after'
                         ]
                     )]
                 )
-            ),
-            'A - A - A'
+            )
         );
 
         $data = new ArrayData(
@@ -2202,7 +2204,66 @@ EOC;
         }
     }
 
-    public function testCallsWithArguments()
+    public static function provideCallsWithArguments(): array
+    {
+        return [
+            [
+                'template' => '$Level.output(1)',
+                'expected' => '1-1',
+            ],
+            [
+                'template' => '$Nest.Level.output($Set.First.Number)',
+                'expected' => '2-1',
+            ],
+            [
+                'template' => '<% with $Set %>$Up.Level.output($First.Number)<% end_with %>',
+                'expected' => '1-1',
+            ],
+            [
+                'template' => '<% with $Set %>$Top.Nest.Level.output($First.Number)<% end_with %>',
+                'expected' => '2-1',
+            ],
+            [
+                'template' => '<% loop $Set %>$Up.Nest.Level.output($Number)<% end_loop %>',
+                'expected' => '2-12-22-32-42-5',
+            ],
+            [
+                'template' => '<% loop $Set %>$Top.Level.output($Number)<% end_loop %>',
+                'expected' => '1-11-21-31-41-5',
+            ],
+            [
+                'template' => '<% with $Nest %>$Level.output($Top.Set.First.Number)<% end_with %>',
+                'expected' => '2-1',
+            ],
+            [
+                'template' => '<% with $Level %>$output($Up.Set.Last.Number)<% end_with %>',
+                'expected' => '1-5',
+            ],
+            [
+                'template' => '<% with $Level.forWith($Set.Last.Number) %>$output("hi")<% end_with %>',
+                'expected' => '5-hi',
+            ],
+            [
+                'template' => '<% loop $Level.forLoop($Set.First.Number) %>$Number<% end_loop %>',
+                'expected' => '!0',
+            ],
+            [
+                'template' => '<% with $Nest %>
+                        <% with $Level.forWith($Up.Set.First.Number) %>$output("hi")<% end_with %>
+                    <% end_with %>',
+                'expected' => '1-hi',
+            ],
+            [
+                'template' => '<% with $Nest %>
+                        <% loop $Level.forLoop($Top.Set.Last.Number) %>$Number<% end_loop %>
+                    <% end_with %>',
+                'expected' => '!0!1!2!3!4',
+            ],
+        ];
+    }
+
+    #[DataProvider('provideCallsWithArguments')]
+    public function testCallsWithArguments(string $template, string $expected): void
     {
         $data = new ArrayData(
             [
@@ -2222,28 +2283,7 @@ EOC;
             ]
         );
 
-        $tests = [
-        '$Level.output(1)' => '1-1',
-        '$Nest.Level.output($Set.First.Number)' => '2-1',
-        '<% with $Set %>$Up.Level.output($First.Number)<% end_with %>' => '1-1',
-        '<% with $Set %>$Top.Nest.Level.output($First.Number)<% end_with %>' => '2-1',
-        '<% loop $Set %>$Up.Nest.Level.output($Number)<% end_loop %>' => '2-12-22-32-42-5',
-        '<% loop $Set %>$Top.Level.output($Number)<% end_loop %>' => '1-11-21-31-41-5',
-        '<% with $Nest %>$Level.output($Top.Set.First.Number)<% end_with %>' => '2-1',
-        '<% with $Level %>$output($Up.Set.Last.Number)<% end_with %>' => '1-5',
-        '<% with $Level.forWith($Set.Last.Number) %>$output("hi")<% end_with %>' => '5-hi',
-        '<% loop $Level.forLoop($Set.First.Number) %>$Number<% end_loop %>' => '!0',
-        '<% with $Nest %>
-				<% with $Level.forWith($Up.Set.First.Number) %>$output("hi")<% end_with %>
-			<% end_with %>' => '1-hi',
-        '<% with $Nest %>
-				<% loop $Level.forLoop($Top.Set.Last.Number) %>$Number<% end_loop %>
-			<% end_with %>' => '!0!1!2!3!4',
-        ];
-
-        foreach ($tests as $template => $expected) {
-            $this->assertEquals($expected, trim($this->render($template, $data) ?? ''));
-        }
+        $this->assertEquals($expected, trim($this->render($template, $data) ?? ''));
     }
 
     public function testRepeatedCallsAreCached()
@@ -2360,7 +2400,7 @@ EOC;
     public function testMe(): void
     {
         $myArrayData = new class extends ArrayData {
-            public function forTemplate()
+            public function forTemplate(): string
             {
                 return '';
             }

tests/php/View/SSViewerTest/TestFixture.php

@@ -2,23 +2,78 @@
 
 namespace SilverStripe\View\Tests\SSViewerTest;
 
-use SilverStripe\Model\List\ArrayList;
-use SilverStripe\Model\ModelData;
+use ReflectionClass;
+use SilverStripe\Dev\TestOnly;
+use SilverStripe\View\SSViewer_Scope;
+use Stringable;
 
 /**
  * A test fixture that will echo back the template item
  */
-class TestFixture extends ModelData
+class TestFixture implements TestOnly, Stringable
 {
-    protected $name;
+    private ?string $name;
 
     public function __construct($name = null)
     {
         $this->name = $name;
-        parent::__construct();
     }
 
-    private function argedName($fieldName, $arguments)
+    public function __call(string $name, array $arguments = []): static|array|null
+    {
+        return $this->getValue($name, $arguments);
+    }
+
+    public function __get(string $name): static|array|null
+    {
+        return $this->getValue($name);
+    }
+
+    public function __isset(string $name): bool
+    {
+        if (preg_match('/NotSet/i', $name)) {
+            return false;
+        }
+        $reflectionScope = new ReflectionClass(SSViewer_Scope::class);
+        $globalProperties = $reflectionScope->getStaticPropertyValue('globalProperties');
+        if (array_key_exists($name, $globalProperties)) {
+            return false;
+        }
+        return true;
+    }
+
+    public function __toString(): string
+    {
+        if (preg_match('/NotSet/i', $this->name ?? '')) {
+            return '';
+        }
+        if (preg_match('/Raw/i', $this->name ?? '')) {
+            return $this->name ?? '';
+        }
+        return '[out:' . $this->name . ']';
+    }
+
+    private function getValue(string $name, array $arguments = []): static|array|null
+    {
+        $childName = $this->argedName($name, $arguments);
+
+        // Special field name Loop### to create a list
+        if (preg_match('/^Loop([0-9]+)$/', $name ?? '', $matches)) {
+            $output = [];
+            for ($i = 0; $i < $matches[1]; $i++) {
+                $output[] = new TestFixture($childName);
+            }
+            return $output;
+        }
+
+        if (preg_match('/NotSet/i', $name)) {
+            return null;
+        }
+
+        return new TestFixture($childName);
+    }
+
+    private function argedName(string $fieldName, array $arguments): string
     {
         $childName = $this->name ? "$this->name.$fieldName" : $fieldName;
         if ($arguments) {
@@ -27,46 +82,4 @@ class TestFixture extends ModelData
             return $childName;
         }
     }
-
-    public function obj(
-        string $fieldName,
-        array $arguments = [],
-        bool $cache = false,
-        ?string $cacheName = null
-    ): ?object {
-        $childName = $this->argedName($fieldName, $arguments);
-
-        // Special field name Loop### to create a list
-        if (preg_match('/^Loop([0-9]+)$/', $fieldName ?? '', $matches)) {
-            $output = new ArrayList();
-            for ($i = 0; $i < $matches[1]; $i++) {
-                $output->push(new TestFixture($childName));
-            }
-            return $output;
-        } else {
-            if (preg_match('/NotSet/i', $fieldName ?? '')) {
-                return new ModelData();
-            } else {
-                return new TestFixture($childName);
-            }
-        }
-    }
-
-    public function XML_val(string $fieldName, array $arguments = [], bool $cache = false): string
-    {
-        if (preg_match('/NotSet/i', $fieldName ?? '')) {
-            return '';
-        } else {
-            if (preg_match('/Raw/i', $fieldName ?? '')) {
-                return $fieldName;
-            } else {
-                return '[out:' . $this->argedName($fieldName, $arguments) . ']';
-            }
-        }
-    }
-
-    public function hasValue(string $fieldName, array $arguments = [], bool $cache = true): bool
-    {
-        return (bool)$this->XML_val($fieldName, $arguments);
-    }
 }

tests/php/i18n/i18nTestManifest.php

@@ -17,10 +17,10 @@ use SilverStripe\i18n\Tests\i18nTest\MyObject;
 use SilverStripe\i18n\Tests\i18nTest\MySubObject;
 use SilverStripe\i18n\Tests\i18nTest\TestDataObject;
 use SilverStripe\View\SSViewer;
-use SilverStripe\View\SSViewer_DataPresenter;
 use SilverStripe\View\ThemeResourceLoader;
 use SilverStripe\View\ThemeManifest;
 use SilverStripe\Model\ModelData;
+use SilverStripe\View\SSViewer_Scope;
 use Symfony\Component\Translation\Loader\ArrayLoader;
 use Symfony\Component\Translation\Translator;
 
@@ -71,9 +71,9 @@ trait i18nTestManifest
 
     public function setupManifest()
     {
-        // force SSViewer_DataPresenter to cache global template vars before we switch to the
+        // force SSViewer_Scope to cache global template vars before we switch to the
         // test-project class manifest (since it will lose visibility of core classes)
-        $presenter = new SSViewer_DataPresenter(new ModelData());
+        $presenter = new SSViewer_Scope(new ModelData());
         unset($presenter);
 
         // Switch to test manifest