# 3.2.0 (unreleased) ## Overview ### CMS * Moved SS_Report and ReportAdmin out to a separate module. If you're using composer or downloading a release, this module should be included for you. Otherwise, you'll need to include the module yourself (https://github.com/silverstripe-labs/silverstripe-reports) ### Framework * API: Removed URL routing by controller name * Security: The multiple authenticator login page should now be styled manually - i.e. without the default jQuery UI layout. A new template, Security_MultiAuthenticatorLogin.ss is available. * Security: This controller's templates can be customised by overriding the `getTemplate` function. * API: Form and FormField ID attributes rewritten. ## Details ### API: Removed URL routing by controller name The auto-routing of controller class names to URL endpoints has been removed (rule: `'$Controller//$Action/$ID/$OtherID': '*'`). This increases clarity in routing since it makes URL entpoints explicit, and thereby simplifies system and security reviews. Please access any custom controllers exclusively through self-defined [routes](/reference/director). For controllers extending `Page_Controller`, simply use the provided page URLs. :::php class MyController extends Controller { static $allowed_actions = array('myaction'); public function myaction($request) { // ... } } Create a new file `mysite/_config/routes.yml` (read more about the [config format](/topics/configuration)). Your controller is now available on `http://yourdomain.com/my-controller-endpoint`, after refreshing the configuration cache through `?flush=all`. :::yaml --- Name: my-routes After: framework/routes#coreroutes --- Director: rules: 'my-controller-endpoint//$Action' : 'MyController' The auto-routing is still in place for unit tests, since its a frequently used feature there. Although we advise against it, you can reinstate the old behaviour through a director rule: :::yaml --- Name: my-routes After: framework/routes#coreroutes --- Director: rules: '$Controller//$Action/$ID/$OtherID': '*' ### API: Default Form and FormField ID attributes rewritten. Previously the automatic generation of ID attributes throughout the Form API could generate invalid ID values such as Password[ConfirmedPassword] as well as duplicate ID values between forms on the same page. For example, if you created a field called `Email` on more than one form on the page, the resulting HTML would have multiple instances of `#Email`. ID should be a unique identifier for a single element within the document. This rewrite has several angles, each of which is described below. If you rely on ID values in your CSS files, Javascript code or application unit tests *you will need to update your code*. #### Conversion of invalid form ID values ID attributes on Form and Form Fields will now follow the [HTML specification](http://www.w3.org/TR/REC-html40/types.html#type-cdata). Generating ID attributes is now handled by the new `FormTemplateHelper` class. Please test each of your existing site forms to ensure that they work correctly in particular, javascript and css styles which rely on specific ID values. #### Invalid ID attributes stripped ID attributes will now be run through `Convert::raw2htmlid`. Invalid characters are replaced with a single underscore character. Duplicate, leading and trailing underscores are removed. Custom ID attributes (set through `setHTMLID`) will not be altered. Before: