Aaron Carlino 6888901468
NEW: Update docs to be compliant with Gatsby site (#9314)
* First cut

* Temporarily disable composer.json for netlify build

* POC

* New recursive directory query, various refinements

* Fix flexbox

* new styled components plugin

* Apply frontmatter delimiters

* Mobile styles, animation

* Search

* Redesign, clean up

* Nuke the cache, try again

* fix file casing

* Remove production env file

* ID headers

* Move app to new repo

* Add frontmatter universally

* Hide children changelogs

* Add how to title

* New callout tags

* Revert inline code block change

* Replace note callouts

* Fix icons

* Repalce images

* Fix icon

* Fix image links

* Use proper SQL icon
2019-11-18 17:58:33 +13:00

65 KiB
Raw Permalink Blame History

4.4.0

Overview

DevelopmentAdmin controllers

On Live environment all browser based HTTP requests to /dev/* urls get redirected to a confirmation form. See more details below in the Upgrading section.

DevelopmentAdmin cli-only mode

DevelopmentAdmin now has CLI-only mode (off by default). The mode makes all dev/* controllers to be only accessible from CLI (e.g. sake). To turn it on you may add the following configuration to your project configs:

SilverStripe\Dev\DevelopmentAdmin:
  deny_non_cli: true

Upgrading

If you are migrating files from SilverStripe 3

Youll want to use the 4.4.1 release if youre migrating files from SilverStripe 3 to 4.4, as this concurrent patch release contains critical bug fixes and optimisations for file migrations.

Adopting to new _resources directory

The name of the directory where vendor module resources are exposed can now be configured by defining a extra.resources-dir key in your composer.json file. If the key is not set, it will automatically default to resources. New projects will be preset to _resources. This will avoid potential conflict with SiteTree URL Segments.

  1. Update your .gitignore file to ignore the new _resources directory. This file is typically located in the root of your project or in the public folder.
  2. Add a new extra.resources-dir key to your composer file.
{
    // ...
    "extra": {
        // ...
        "resources-dir": "_resources"
    }
}
  1. Expose your vendor assets by running composer vendor-expose.
  2. Remove the old resources folder. This folder will be located in the public folder if you have adopted the public web root, or in the root of your project if you haven't.

You may also need to update your server configuration if you have applied special conditions to the resources path.

Optional migration tasks: Overview

SilverStripe 4.x introduced an asset abstraction system which required a file migration task.

We have ironed out some edge cases since then:

You can opt-in to performing these migration tasks on your already upgraded SilverStripe 4.x project. Projects which are upgraded from 3.x to 4.4 or newer will run these tasks by default (excluding the shortcode migration task which should be run manually if required). You can perform these tasks in the background without CLI access by installing and configuring the queuedjobs module.

Optional migration tasks: Hash-less public asset URLs

It allowed files to be access protected, have a separate draft stage, and track changes to file metadata and their contents through the Versioned system.

This change defaulted to adding a content "hash" to file paths, unless the migration was performed with legacy_filenames=true. The hash would be updated when file contents change, and any link generated through SilverStripe (e.g. through HTMLText or $Image template placeholders) would automatically adjust. However, any direct links from search engines, bookmarks, etc would break. This limitation was pointed out in the upgrading advice to developers, but the impact wasnt sufficiently highlighted.

SilverStripe 4.3.2 introduced a redirect to fix those broken links. Dynamic redirects are more resource intensive than serving static files. With SilverStripe 4.4.0, we're providing an optional migration script to move public files into their "hash-less" locations, removing the need for most redirects. The original "hashed" file paths continue to work through redirects. In order to opt-in to moving these files, run the following command:

vendor/bin/sake dev/tasks/MigrateFileTask

Further information is provided in the Hash-less Public Asset URLs FAQ below, as well as the Github issue.

Optional migration tasks: Legacy thumbnail locations

Alongside the new asset abstraction, we've also changed where thumbnails are stored. The file format is now generalised as a "variant", and no longer lives in a _resampled folder. Prior to this release, these thumbnails were left in place. For thumbnails generated through PHP or template code, these are generated on demand in their new location, causing duplication and unnecessary storage space.

You can opt-in to moving these legacy thumbnails to their new locations with a subtask of dev/tasks/MigrateFileTask. If newer thumbnails have been generated, it'll keep those. New migrations from 3.x to 4.x will include this migration step by default.

vendor/bin/sake dev/tasks/MigrateFileTask only=move-thumbnails

Note that as part of the hash-less public asset URLs introduced in this release, requests to these legacy thumbnails will automatically redirect to their new locations. Review the Github issue for more details.

Optional migration tasks: Remove artifacts from "secureassets" module

The silverstripe/secureassets module allowed opt-in file security on SilverStripe 3.x sites. It is included by default in the Common Web Platform (CWP) 1.x recipe as well. The module uses the same metadata as the asset abstraction built-in to SilverStripe 4.x (File.CanViewType), so no migration is required for existing data.

The module worked by placing .htaccess files in the specific folders it protected. The 4.x asset abstraction places files in a separate assets/.protected store instead. Those leftover .htaccess files can cause issues with accessing public files. In order to remove them, run the following task.

vendor/bin/sake dev/tasks/MigrateFileTask only=fix-secureassets

The task will auto-detect if you have any custom .htaccess files in folders, and retain those. Note that you'll need to run your own migration scripts if you've used the module with IIS and web.config files instead.

Optional migration tasks: HTMLText Shortcode Migration

The shortcode format in SilverStripe 4 has changed from SilverStripe 3. This means that when CMS editors try to edit existing content and alter image or file links, the reference to the file will not work.

After running the file migration, you can run the short code migration task to update your existing HTML content in your database:

vendor/bin/sake dev/tasks/TagsToShortcode

This will rewrite your existing shortcodes to the newer format SilverStripe 4 expects as well as convert img and a tags to use shortcodes.

Hash-less Public Asset URLs FAQ

How are files named and renamed?

Here's an example of how file names changed during an initial 4.x migration, and when upgrading to 4.4:

  • Original file created under SS 3.x: assets/myfile.pdf
  • File migrated under SS 4.x with legacy_filenames=false: assets/[content-hash]/myfile.pdf (Regression: links to assets/myfile.pdf no longer work)
  • File migrated under SS 4.x with legacy_filenames=true: assets/myfile.pdf
  • File with updated file content under SS 4.x: assets/[new-content-hash]/myfile.pdf (Regression: links to assets/[content-hash]/myfile.pdf no longer work)
  • File with hotfix applied (SS 4.2.3): assets/myfile.pdf and assets/[old-content-hash]/myfile.pdf redirects to assets/[new-content-hash]/myfile.pdf
  • File with full fix applied (SS 4.3.x) : assets/myfile.pdf and assets/[old-content-hash]/myfile.pdf redirects to assets/[new-content-hash]/myfile.pdf
  • Newly uploaded file with full fix applied (SS 4.4.0): assets/my-other-file.pdf (no redirect required)

More details on how files are stored can be found in the "File Storage" guide.

How are redirects handled?

Redirects from (now legacy) hashed public URLs default to 301 Permanent Redirect. By opting into the file migration to hash-less public URLs, you can minimise these redirects. SilverStripe will automatically generate hash-less public URLs regardless, but external links might still point to legacy hashed public URLs. If you have a high traffic site with lots of direct references to asset URLs (e.g. search engines indexing popular PDF documents), we recommend that you configure HTTP caching for these redirects in your webserver (e.g. through .htaccess).

The redirect code can be configured via FlysystemAssetStore.permanent_redirect_response_code.

If you upgrade an older SilverStripe 4 project to SilverStripe 4.4 and choose not to run the file migration task, your files will still be stored under a "hash" folder. Browsers who try to access this file via the "hashless" url will be redirected to the "hash" URL with a 302 Temporary Redirect.

The temporary redirect code can be configured via FlysystemAssetStore.redirect_response_code.

Pages and other views can contain links to asset locations, e.g. as HTML content rendered with <img> and <a> tags. These might point to old locations of files (prior to running the optional migration). While SilverStripe will automatically fix these references the next time the view is rendered, this content is often cached (e.g. in a CDN).

We have implemented an automatic redirect for URLs pointing to asset locations prior to running the optional migration script, so there is no need to regenerate any content.

Are there any data loss or data integrity issues?

There are no known issues around data integrity. All files that were available on a SS 3.x site are still available after upgrading to SS 4.x.

Will this affect my search engine ranking?

As long as your files are still linked on your website, search engines will pick up the new links on any projects which have already been migrated. The 4.3.2 bugfix will redirect links, which passes on any SEO rankings to the new link location. Since links to files should be permanent after the bugfix has been applied, this can lead to improved search engine rankings (since existing files under new links dont need to be re-ranked by search engines).

Can I migrate away from the legacy_filenames=true option?

Yes. Simply disable legacy_filenames in your YML configuration, then run the MigrateFileTask. This will normalise the path of all existing assets.

Can I still choose legacy_filenames=true when starting new upgrades?

Technically yes, but you need to be aware of the tradeoffs. Once the regression has been fixed, we dont see the need for people to choose this option any more.

SilverStripe 4.4, ignores legacy_filenames in most situations. Enabling legacy_filenames on a fresh SilverStripe 4.4 installation will have no affect.

How do I test that the fix has worked on my site?

Before applying the upgrade and migration script: Find an existing published and draft file. Get the link by clicking on the preview in admin/assets. It should link to assets/[hash]/myfile.pdf.

After applying the upgrade and migration task, you can test that it applied correctly. Please perform these tests on a test or UAT environment, since your local environment might have different routing conditions.

  • Check that the file still routes correctly with the hash in place (should redirect)
  • Remove [hash]/, and check that it still routes correctly (should not redirect)

Will this patch redirect URLs for previous file versions?

Yes, it will attempt to find the most recent public "hash-less" URL for this file and redirect to it.

Changing the file resolver

The file resolution strategy describes how files are resolved. It relies on a list of file helpers and will iterate through them when looking up files.

Out of the box, the public file resolver handles Natural File ID's, Hash File ID's and Legacy File ID's. But after you've ran the file migration task, all your files will be in the correct spot, so you may want to change your config to only resolve Natural File ID's:

  # Define public resolution strategy
  SilverStripe\Assets\FilenameParsing\FileResolutionStrategy.public:
    class: SilverStripe\Assets\FilenameParsing\FileIDHelperResolutionStrategy
    properties:
      ResolutionFileIDHelpers:
        - '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
        - '%$SilverStripe\Assets\FilenameParsing\NaturalFileIDHelper'
        - '%$SilverStripe\Assets\FilenameParsing\LegacyFileIDHelper'
      DefaultFileIDHelper: '%$SilverStripe\Assets\FilenameParsing\NaturalFileIDHelper'
      VersionedStage: Live
  # Define protected resolution strategy
  SilverStripe\Assets\FilenameParsing\FileResolutionStrategy.protected:
    class: SilverStripe\Assets\FilenameParsing\FileIDHelperResolutionStrategy
    properties:
      DefaultFileIDHelper: '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
      ResolutionFileIDHelpers:
        - '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
        - '%$SilverStripe\Assets\FilenameParsing\NaturalFileIDHelper'
      VersionedStage: Stage

You can also configure it to only resolve Hash File ID's after the migration:

SilverStripe\Core\Injector\Injector:
  # Define public resolution strategy
  SilverStripe\Assets\FilenameParsing\FileResolutionStrategy.public:
    class: SilverStripe\Assets\FilenameParsing\FileIDHelperResolutionStrategy
    properties:
      ResolutionFileIDHelpers:
        - '%$SilverStripe\Assets\FilenameParsing\NaturalFileIDHelper'
      DefaultFileIDHelper: '%$SilverStripe\Assets\FilenameParsing\NaturalFileIDHelper'
      VersionedStage: Live
  # Define protected resolution strategy
  SilverStripe\Assets\FilenameParsing\FileResolutionStrategy.protected:
    class: SilverStripe\Assets\FilenameParsing\FileIDHelperResolutionStrategy
    properties:
      DefaultFileIDHelper: '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
      ResolutionFileIDHelpers:
        - '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
      VersionedStage: Stage

If someone wanted to keep hash file id's for their public files, they could do something like this:

SilverStripe\Core\Injector\Injector:
  # Define public resolution strategy
  SilverStripe\Assets\FilenameParsing\FileResolutionStrategy.public:
    class: SilverStripe\Assets\FilenameParsing\FileIDHelperResolutionStrategy
    properties:
    DefaultFileIDHelper: '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
    ResolutionFileIDHelpers:
      - '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
      VersionedStage: Live
  # Define protected resolution strategy
  SilverStripe\Assets\FilenameParsing\FileResolutionStrategy.protected:
    class: SilverStripe\Assets\FilenameParsing\FileIDHelperResolutionStrategy
    properties:
      DefaultFileIDHelper: '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
      ResolutionFileIDHelpers:
        - '%$SilverStripe\Assets\FilenameParsing\HashFileIDHelper'
      VersionedStage: Stage

Upgrade to React 16 in the CMS

React-rendered UIs represent a growing proportion of the CMS, and we're continuing to invest in this technology by staying up-to-date with its newest APIs. React 16 offers a number of features that developers love, such as fragments, portals, and declarative error handling.

If you have thirdparty code, such as a backend module, that depends on React UIs, your code may break due to incompatability with React 16. The most common API breakage we see is that PropTypes has been moved to its own library.

DevelopmentAdmin controllers

The security fix for CVE-2019-12246 introduces a new Confirmation component and ConfirmationMiddleware that prevents CSRF based attacks on the urls placed under dev/* path.

If you use dev/ endpoints, you may need to consider the following changes:

  • /dev/confirm url now holds the confirmation form, where users will have to manually approve their actions
  • on live environments all non-cli (browser based) HTTP requests to dev/* urls get redirected to the confirmation form
  • ajax requests to /dev/* urls will be redirected as well (as such may stop working until configuration is added)
  • GET and POST requests are handled gracefully, but other HTTP methods will be transformed to GET by the confirmation form
  • you may add custom configuration for the confirmation middleware to prevent redirection for some requests or URLs

CLI based requests (e.g. sake) are not affected by the confirmation middleware and keep working as is.

If you are a 3rd party module developer and you extend DevelopmentAdmin adding new routes under the dev/ path, you may need to add custom rules for the confirmation middleware in your module configuration. Otherwise, people navigating those through browsers will have to confirm every single action, which may impair user experience significantly.

You may find a configuration example in the framework _config/requestprocessors.yml file, named dev_urls-confirmation-exceptions.

ErrorControlChainMiddleware is deactivated

ErrorControlChainMiddleware has been deactivated and deprecated. It is going to be removed in SilverStripe 5.0. That means uncaught exceptions and fatal errors will no longer trigger flush on live environments.

The main historic purpose of ErrorControlChainMiddleware was to detect the application state in which manifest cache is incompatible with the source code, which might lead to fatal errors or unexpected exceptions. The only way this can happen is when manifest cache has been generated and application source code files change afterwards. The only reasonable cause for that on live environments would be application deployment.

Ideally, you should avoid reusing manifest cache between different application deploys, so that every newly deployed version generates its own manifest cache. However, if that's not the case, you may want to consider using SS_FLUSH_ON_DEPLOY setting, which automatically triggers flush on every deploy by comparing filesystem modification time with cache generation timestamp. This effectively eliminates the possibility for the manifest cache to be incompatible with the deployed app.

[alert] WARNING! If you do not deploy your application as a whole, but rather update its files in place with rsync, ssh or FTP, you should consider triggering CLI based flush manually on every such deploy (e.g. with sake). Otherwise, you may end up with your application cache to be incompatible with its source code, which would make things broken. There is a tiny possibility that you wouldn't even be able to flush through browser in that case.
In that case you may consider using SS_FLUSH_ON_DEPLOY. Depending on your deployment tooling you may point it to a filesystem resource that gets modified on every deploy update so that the framework will automatically perform flush for you.
The best practice is not to reuse the application manifest cache between deploys. [/alert]

New GridField detail form actions

Pagination controls and an add new button has been added to the bottom toolbar of GridField detail forms. This is enabled by default. In cases where you do not want these buttons to appear on your detail form then you can use the new constructor API of the detail form to control whether pagination and/or the add button are shown. Additionally the default value can be set globally with the following configuration:

---
Name: app_buttons
After:
  - '#buttons'
---
SilverStripe\Forms\GridField\GridFieldDetailForm_ItemRequest:
  formActions:
    showPagination: false
    showAdd: false

Changes to internal APIs

  • PDOQuery::__construct() now has a 2nd argument.
  • The name of the directory where vendor module resources are exposed can now be configured by adding a extra.resources-dir key to your composer file. The new default in silverstripe/installer has been changed to _resources rather than resources. This allows you to use resources as a URL segment or a route.
  • SilverStripe\Control\HTTPApplication now uses FlushDiscoverer implementers to check for flush
  • SilverStripe\Control\Middleware\ConfirmationMiddleware component implemented
  • SilverStripe\Control\Middleware\URLSpecialsMiddleware component implemented
  • SilverStripe\Control\Director::isManifestFlushed static function implemented
  • SilverStripe\Core\CoreKernel::isFlushed function keeps boolean whether manifest cache has been flushed
  • SilverStripe\Core\Environment::isCli method is now responsible for low level CLI detection (on before the kernel boot stage). Director::is_cli is still to be used on the application level.
  • SilverStripe\Core\Startup\ErrorControlChainMiddleware::__construct has a 2nd argument which activates its legacy behaviour
  • SilverStripe\Core\Startup\FlushDiscoverer interface and a number of its implementations in the same namespace
  • SilverStripe\Dev\DevConfirmationController implements the confirmation form for the /dev/confirm endpoint
  • SilverStripe\Dev\DevelopmentAdmin now has deny_non_cli configuration parameter
  • SilverStripe\Security\Confirmation component implemented

Deprecations

  • SilverStripe\Control\Director::isManifestFlushed
  • SilverStripe\Core\CoreKernel::getEnvironment
  • SilverStripe\Core\CoreKernel::sessionEnvironment
  • SilverStripe\Core\Startup\AbstractConfirmationToken
  • SilverStripe\Core\Startup\ConfirmationTokenChain
  • SilverStripe\Core\Startup\ErrorControlChain
  • SilverStripe\Core\Startup\ErrorControlChainMiddleware
  • SilverStripe\Core\Startup\ErrorDirector
  • SilverStripe\Core\Startup\ParameterConfirmationToken
  • SilverStripe\Core\Startup\URLConfirmationToken

Change Log

Security

  • 2019-06-10 bea3f0205 [CVE-2019-12437] Cross Site Request Forgery (CSRF) Protection Bypass in GraphQL (Aaron Carlino) - See CVE-2019-12437
  • 2019-06-10 7d32b4502 [CVE-2019-12246] Denial of Service on flush and development URL tools (Serge Latyntcev) - See CVE-2019-12246
  • 2018-11-07 74698af40 Ensure that table names are escaped to prevent possible SQL injection (Robbie Averill) - See ss-2018-020
  • 2018-10-24 88d9131 CSRF protection (Aaron Carlino) - See ss-2018-007

API Changes

  • 2019-05-03 5337e6d04 Replace FormActions with anchors to enable panel-based loading in GridField navigation buttons (#8953) (Robbie Averill)
  • 2019-04-30 d325b8a Mark the FlysystemAssetStore FileResolutionStrategy getters and setters as internal (#255) (Maxime Rainville)
  • 2019-04-16 3c6357d Add an extension to the regular AssetStore interface (Maxime Rainville)
  • 2019-04-12 c3739d3 Allow FileIDHelper::build() to accept a ParsedFiledID (Maxime Rainville)
  • 2019-04-10 27f6165 Rename ParseFileID, add generateVariantFileID, add stripVariant on FileResolutionStrategy (Maxime Rainville)
  • 2019-04-09 ab01ac99 Deprecated CMSMain->publishall() (Ingo Schommer)
  • 2019-04-09 7be48e8 Add a resolveFileID method to FileResolutionStrategy (Maxime Rainville)
  • 2019-03-28 77fc163 Add immutable setters to ParsedFileID (Maxime Rainville)
  • 2019-03-26 3f38c77 Add logic to find variants based on the FileID scheme. (Maxime Rainville)
  • 2019-03-21 e919291 Define a new FileResolutionStrategy API. (Maxime Rainville)
  • 2019-03-20 c123b64 Deprecate parseFileID, getFileID, getOriginalFilename and getVariant on FlysystemAssetStore (Maxime Rainville)
  • 2019-03-20 19e51a3 Add a LegacyPathFileIDHelperTest (Maxime Rainville)
  • 2019-03-19 6b450395c Allow empty arraylists to be typed (#8866) (Damian Mooyman)
  • 2019-03-14 e708e58 Move FileID parsing logic to dedicated helper class (Maxime Rainville)
  • 2018-11-13 580214cc3 Add PHP deprecation notices to setLogger and getLogger (Robbie Averill)
  • 2018-11-05 ebfab45e2 LoginForm::authentiator_class is now deprecated, use getters or setters instead (Robbie Averill)
  • 2018-10-31 0703c1a94 Deprecating Permission::$declared_permissions and related methods/props (Maxime Rainville)
  • 2018-10-28 9724d1dd7 Convert JSON methods are now deprecated, use json_encode or decode instead (Robbie Averill)
  • 2018-10-23 2773e9c0 Deprecate CMSPageHistoryController (#2298) (Maxime Rainville)
  • 2018-07-03 a8853504b API MonologErrorHandler::setLogger is deprecated, use MonologErrorHandler::pushLogger instead (Robbie Averill)

Features and Enhancements

  • 2019-05-02 1f78e8ae8 Clean up secureassets module artefacts (#8948) (Ingo Schommer)
  • 2019-05-02 236094c FixFilePermissionsTask to fix secureassets permissions (#250) (Andre Kiste)
  • 2019-05-02 48db515fb Fix folder permissions (#8950) (Andre Kiste)
  • 2019-05-01 0696045e5 Legacy thumbnail migration task (#8924) (Ingo Schommer)
  • 2019-05-01 30e7fe2 Migrate legacy thumbnails (fixes #235) (#242) (Ingo Schommer)
  • 2019-04-30 06f84d2 Clean up secureassets module artefacts (fixes #231) (Ingo Schommer)
  • 2019-04-24 43bde65 Update FileMigrationHelper to normalise existing files (Maxime Rainville)
  • 2019-04-24 cfa36b7 improve visibility of insert file button (#934) (Aaron Carlino)
  • 2019-04-23 bb0ae72 Use natural paths for public files to support permalinks (#223) (Maxime Rainville)
  • 2019-04-18 80ad336e9 Add API to create a generator from a DataList (#8931) (Guy Marriott)
  • 2019-04-15 b1339f0d7 Update FieldList::replaceField API to match removeByName (#8876) (Guy Marriott)
  • 2019-03-25 ca6a343 Add search params, filtering service for queries (#220) (Aaron Carlino)
  • 2019-03-11 25f1b17 Operation descriptions (#210) (Ingo Schommer)
  • 2019-03-05 39a29fa2f has_extension() should allow injector overrides (Aaron Carlino)
  • 2019-02-22 12512e84 BrokenLinksReport now uses injector for fields, uses short array syntax and single quotes (Robbie Averill)
  • 2019-02-03 8267623 Add getter for ModelAdmin::$modelClass (jcarter)
  • 2019-02-01 bbace74 Add to Campaign button in SiteTree now lives in campaign-admin (Robbie Averill)
  • 2019-01-29 c4bf06f60 Add new execmetric debug URL parameter to print out exection time and peak memory usage (Maxime Rainville)
  • 2019-01-23 13b8475 add a memory limit to the ImageThumbnailHelper (Maxime Rainville)
  • 2019-01-16 6689db1b Convert drag handle and dropdown caret to use font-icons in site tree (Sacha Judd)
  • 2019-01-16 e665820 Convert drag handle and dropdown caret to use font-icons in site tree (Sacha Judd)
  • 2019-01-14 e0dc7ad Add font-icon for site tree error page (Sacha Judd)
  • 2019-01-14 1f1f4496 Add font-icon support for site tree (Sacha Judd)
  • 2019-01-14 17ff5cf Add font-icon support for site tree (Sacha Judd)
  • 2019-01-09 1e01deea3 Make resources dir configurable (#8519) (Maxime Rainville)
  • 2019-01-07 394dd4765 Scaffolded field labels now only have an uppercased first word (Robbie Averill)
  • 2019-01-01 a302acf Add Roave Security advisories to composer (Simon Erkelens)
  • 2018-11-23 dbb24f9 Persist query support (#179) (Aaron Carlino)
  • 2018-11-20 52a23441 Extracting out the method to determine parameters (filters) for update the report sourceRecords (Guy Marriott)
  • 2018-11-18 d6b1c071 Adding tests for new report breadcrumbs feature (Guy Marriott)
  • 2018-11-18 cc712892a Port betterbuttons to framework (#8569) (Andre Kiste)
  • 2018-11-16 edecbabe Allow reports to specify breadcrumbs for child reports (Guy Marriott)
  • 2018-11-12 acf4b3a MoveFormFactory::getForm is now extensible and no longer uses divider lines (Robbie Averill)
  • 2018-11-09 0f2eebe5d Change to variadic calls in ListDecorator and add unit tests (Robbie Averill)
  • 2018-11-01 2ff7ee675 Deprecate RandomGenerator::generateEntropy in favour of using random_bytes directly (Guy Marriott)
  • 2018-10-20 c418ee291 Add getters and setters for public properties in ConfirmPasswordField, add tests (Robbie Averill)
  • 2018-10-20 3cdb73bd4 Add getLogger() to MonologErrorHandler and add test for exception without one (Robbie Averill)
  • 2018-09-25 12907271 Add update extension hooks for LinkFormFactory subclasses (Robbie Averill)
  • 2018-09-25 4415655 Add update extension hooks for LinkFormFactory subclasses (Robbie Averill)
  • 2018-09-13 0a64b07b2 Use Bootstrap alerts throughout the CMS (Robbie Averill)
  • 2018-09-13 05486897 Use Bootstrap alerts throughout the CMS (Robbie Averill)
  • 2018-09-13 2fe58f8a Use Bootstrap alerts throughout the CMS (Robbie Averill)
  • 2018-09-13 f11cd44 Use Bootstrap alerts throughout the CMS (Robbie Averill)
  • 2018-07-15 e20be929 Meta tag components (Jonathon Menz)
  • 2018-07-03 1cb23178e Separate core error logging from standard LoggerInterface (Robbie Averill)
  • 2018-07-03 d37551de3 Setters in DebugViewFreindlyErrorFormatter are now chainable (Robbie Averill)

Bugfixes

  • 2019-05-06 856e84195 Ensuring pagination buttons have a consistent state to work off of (#8957) (Guy Marriott)
  • 2019-05-03 768bee1 Fix linting (Maxime Rainville)
  • 2019-05-03 2a91b777c Rewrite deprecation notice for declared_permissions (Maxime Rainville)
  • 2019-05-03 65b9465 Remove duplicate FileMigrationHelper class by aliaising it to the proper one (Maxime Rainville)
  • 2019-05-03 7cfa7716 Use Bootstrap 4 alert for page type restriction message when adding a page (Robbie Averill)
  • 2019-05-02 7ec9937 Fix broken test (Maxime Rainville)
  • 2019-05-02 100a298 Fix invalic file variant (bergice)
  • 2019-05-02 5fa823a Fix more tests (bergice)
  • 2019-05-02 8f5fa41 Fix tests, linting (Aaron Carlino)
  • 2019-05-02 0c3a7de Fix tests (bergice)
  • 2019-05-01 ecfe039e7 Don't add "better buttons" previous and next without a paginator (Guy Marriott)
  • 2019-05-01 b335c68 Split the new content unit test. (Maxime Rainville)
  • 2019-04-30 efaaa86 Add more complicated tests for the TagsToShortcodeHelper (Maxime Rainville)
  • 2019-04-29 87db65f Set correct COMPOSER_ROOT_VERSION value (Maxime Rainville)
  • 2019-04-29 5d237b0 Fix getQueryParam() on null error (Sheila Bañez)
  • 2019-04-28 71c72f0 Fix minor linting issue (Maxime Rainville)
  • 2019-04-28 31a9fcb Ditch ExtendedAssetStore interface. (Maxime Rainville)
  • 2019-04-26 346b7e3 Tweak FileMigrationHelper to not skip files and make it a bit more performant (Maxime Rainville)
  • 2019-04-26 03d38f2 Unload the Intervention Image resource so it can be garbaged collected (Maxime Rainville)
  • 2019-04-24 3a86fa2 Adjsut unit test to work with new natural paths (#932) (Maxime Rainville)
  • 2019-04-23 c0a8886 Adapt FileMigrationHelper to normalise location of files (Maxime Rainville)
  • 2019-04-23 04c1bbf Get current Migration task working with permalink (Maxime Rainville)
  • 2019-04-22 fe4d7c4 Make sure we don't override existing files when performing operations on a file and all its variants (Maxime Rainville)
  • 2019-04-18 c63c8b0 Return a permanent redirect when a file has been published under its normal path (Maxime Rainville)
  • 2019-04-18 e6c1061 folders always go first when ordering (#936) (Serge Latyntsev)
  • 2019-04-18 353f2b5 Implement feedback from peer review (Maxime Rainville)
  • 2019-04-18 bfa7021 Fix typos from code review (Maxime Rainville)
  • 2019-04-17 e1234a5 Fix typo to fetch a dynamic field rather than always assume it's called content. (Maxime Rainville)
  • 2019-04-17 da1af3d8b Postgres booleans should return as int for consistency (Guy Marriott)
  • 2019-04-16 2e5467a TinyMCE not updating form state (Aaron Carlino)
  • 2019-04-16 0d43492 Add methods to normalise file path to confirm with the default file ID of the strategy. (Maxime Rainville)
  • 2019-04-16 9d6b5048a Table aliases are retained on base tables in queries built using SQLConditionalExpression (#8918) (Guy Marriott)
  • 2019-04-15 63360f804 Replace substr with mb_substr to get the correct position (Sheila Bañez)
  • 2019-04-15 4fbe0fd6 Fix linking anchor on the same page (#2388) (Will Rossiter)
  • 2019-04-15 0b56a563 Fixes #2110 added default Title value for saved pages. (#2366) (ttunua)
  • 2019-04-15 4302fb1 Tweak findVariants to not return null, because in 5.6 yield and return can not be used in the same method (Maxime Rainville)
  • 2019-04-14 a48beac84 Calculate threshold condition with SQL rather than PHP (Guy Marriott)
  • 2019-04-13 e561d06 Tweak FileID helper to handle stack variant (Maxime Rainville)
  • 2019-04-12 ade7c9d Add test to make sure we write the variants next to the main file (Maxime Rainville)
  • 2019-04-12 64e9560 Write some unit test for stripVariant and generateVariantFileID on FileIDHelperResolutionStrategy (Maxime Rainville)
  • 2019-04-12 23d55f1 Deprecate legacy filename usage and add extra unit tests (Maxime Rainville)
  • 2019-04-12 91ea306 Tweak FileIDResolutionStrategy to better handle hashless tuple (Maxime Rainville)
  • 2019-04-11 bf1dbec Provide a strategy for legacu_filenames (Maxime Rainville)
  • 2019-04-11 24c72c1 Add explicit test to make sure files are written to the expected store (Maxime Rainville)
  • 2019-04-11 0b6e5d3 Update setFromString and setFromLocalFile to wrap data around stream and call setFromStream (Maxime Rainville)
  • 2019-04-11 6baf400 Add some swapPublish logic to publish to store that don't support hash paths and add extra validation around hashes (Maxime Rainville)
  • 2019-04-11 07cc061 Add some extra logic to read the hash from the file content when it can't be picked up from the file id (Maxime Rainville)
  • 2019-04-10 4b0d5c8 #8916 Prevent session generation on file_link shortcode handling (micmania1)
  • 2019-04-10 cd5fdca FInish converting all the methods on FlysystemAssetStore (Maxime Rainville)
  • 2019-04-10 12ae61d Tweak the NaturalFileIDHelper so it doesn't accept legacy style variant file ids (Maxime Rainville)
  • 2019-04-09 661a27e Fix hash redirection logic on PostreSQL and add PostreSQL to the travis matrix (#237) (Serge Latyntsev)
  • 2019-04-09 9a4395238 Fix formatting (Al)
  • 2019-04-09 956b268 Fix hash redirection logic on PostreSQL and add PostreSQL to the travis matrix (Maxime Rainville)
  • 2019-04-09 a61cb1de9 Fix reference to webconfig.php, an invalid file (Matt Peel)
  • 2019-04-09 7ca4ee5 Fix unit tests (Maxime Rainville)
  • 2019-04-08 f12fa62ad Better error message when GridFieldLevelup passed bad record details (Sam Minnee)
  • 2019-04-05 594af7713 prevent unnecessary field alterations for enums with empty defaults (Loz Calver)
  • 2019-04-05 1cfc4c7 Still fixing unit tests (Maxime Rainville)
  • 2019-04-05 f0b61bd Hard fail when trying to build a Hash file ID without prvoding a hash (Maxime Rainville)
  • 2019-04-05 4cdaae9 Explicitely set hash when returning variant parsed ID (Maxime Rainville)
  • 2019-04-04 759968bbe Fix Undefined variable: result when catch Exception (Ian Patel)
  • 2019-04-04 a3c61e5 Long site names now display correctly in CMS menu with equal margins and alignment (Robbie Averill)
  • 2019-04-04 b542585 Convert more of FlyAssetStore to use new format (Maxime Rainville)
  • 2019-04-04 4be41a8 Define and test a softResolveFileID method on FileResolutionStrategy (Maxime Rainville)
  • 2019-04-04 ad5d379 Show RightTitle on CheckboxField in React forms (Sam Minnee)
  • 2019-04-04 a17e1de Show RightTitle on CheckboxField (Sam Minnee)
  • 2019-04-04 8a098d637 Show RightTitle on CheckboxField (Sam Minnee)
  • 2019-04-03 c767d81 Adjust test to work with new asset structure (Maxime Rainville)
  • 2019-04-03 fbf385a Adjust writting logic to work with file resolution strategies (Maxime Rainville)
  • 2019-04-03 ad828a4 Validate hash when looking for variant (Maxime Rainville)
  • 2019-03-29 c84ad4278 Update installer to create the assets folder if its missing (Maxime Rainville)
  • 2019-03-28 2b386e6 Fix the exist and delete logic when working (Maxime Rainville)
  • 2019-03-26 83ec0b69f Resolve issue where schema changes between enum / non-enum types (Damian Mooyman)
  • 2019-03-25 fae19c16b has_one File form scaffolding (Jonathon Menz)
  • 2019-03-22 95344a6 Re-instate assuming redux knows best with more specific checks (See #922) (Guy Marriott)
  • 2019-03-22 cb670f4 TinyMCE editor.scss now applies to the correct body class, and has correct broken link colours (Robbie Averill)
  • 2019-03-22 db6e105 ReadVersions now uses public accessors for private dataObjectClass property (Robbie Averill)
  • 2019-03-21 595d8ec UploadField now ensures that file data is copied to redux store of value updates (Guy Marriott)
  • 2019-03-21 e1190e33d Fix PDOConnector GeneratedID return type (Johannes Hammersen)
  • 2019-03-20 388baa01b Fix linting (Aaron Carlino)
  • 2019-03-19 aa491d929 Fix tests (Aaron Carlino)
  • 2019-03-18 7f5ae1c Increment bootstrap requirements (Maxime Rainville)
  • 2019-03-14 fd98212 Bump bootstrap and merge js dependency (Maxime Rainville)
  • 2019-03-13 4d35ba3 Bump JS dependencies for merge and bootstrap (Maxime Rainville)
  • 2019-03-13 c7b3b307 Bump JS dependencies for merge and bootstrap (Maxime Rainville)
  • 2019-03-13 11bcf3e Bump JS depednencies for merge and bootstrap (Maxime Rainville)
  • 2019-03-13 a43593b Upgrade merge and bootstrap JS dependencies (Maxime Rainville)
  • 2019-03-11 ca781c684 RequestHandler::__construct() should run after middlewares (fixes #8848) (Loz Calver)
  • 2019-02-26 252397d8d Fix #8829: mention get_one does not escape field names (Nicola Fontana)
  • 2019-02-26 d1fa6e40d Fix some minor typos (Andre Kiste)
  • 2019-02-25 49c05ce Update font-icon hover for site tree 'Add new page here' (Sacha Judd)
  • 2019-02-25 a0aaf050 Deprecate creatableChildren and add new function to support font-icon classes for allowedChildren (Sacha Judd)
  • 2019-02-02 1a7b23a2 URL segment generation tests for resources dir are now accurate (Robbie Averill)
  • 2019-02-01 f9aeeb1d Remove coupling from SiteTree to campaign admin module (Robbie Averill)
  • 2019-01-31 7c5b73881 Prevent null->null being flagged as a value change (fixes #8774) (Loz Calver)
  • 2019-01-11 bbffe055 Fixing linting error. (Maxime Rainville)
  • 2019-01-10 f05afac Fix case difference in form field label assertion failure (Robbie Averill)
  • 2019-01-08 50837b4 Fix duplicated class import declarations from merge up (Robbie Averill)
  • 2018-12-22 33854ce do not pass SourceLocation to createLocatedError (Nicola Fontana)
  • 2018-12-18 0397c54b5 Fixes #8459 (Russell Michell)
  • 2018-12-10 3d403f2 Ensure httpMethod context is applied to all controller actions (#194) (Aaron Carlino)
  • 2018-12-02 0692a30 PopoverOptionSet now explicitly sets an auto height for its search field (Robbie Averill)
  • 2018-11-30 cc7aa7b68 incorrect composer module type (Ed Linklater)
  • 2018-11-30 0c17ffc94 Manifest should ignore vendor folders within packages contained in vendor (Sam Minnee)
  • 2018-11-26 f22a4b980 getComponentByType can return null - prevent null pointer errors (Robbie Averill)
  • 2018-11-26 efa427fc4 Remove redundant "rightGroup" logic and increase getRightGroupField to protected (Robbie Averill)
  • 2018-11-21 b8796be Downgrade to @storybook/addon-notes to 3.4 to allow pattern lib to build (Maxime Rainville)
  • 2018-11-16 c9c7c0c82 Fix PDO cached statement column coercion (Sam Minnee)
  • 2018-11-13 8854f053c Fix rebase conflicts (Robbie Averill)
  • 2018-11-11 45e1fcaf3 Correct type coercion of MySQL (Sam Minnee)
  • 2018-11-11 adb6e9eb8 Perform type coercion on PDO-based MySQL and SQLite connections (Sam Minnee)
  • 2018-11-09 a8d3b9517 Make test work with utf8mb4 (Sam Minnee)
  • 2018-11-05 7775f8258 Handle falsy return value when setting form field value in setAuthenticatorClass() (Robbie Averill)
  • 2018-11-01 7086f2ea3 many many through not sorting by join table (#8534) (Michael Strong)
  • 2018-10-30 ba9ccb0 Update gridfield sorted icon and border colours (Sacha Judd)
  • 2018-10-30 d8f9162 Remove incorrect modal close icon hover colour (Sacha Judd)
  • 2018-10-29 1c6e22239 Fix the GitHub issue template (Serge Latyntcev)
  • 2018-10-28 3425005 Replace usage of Convert JSON methods with json_encode and json_decode (Robbie Averill)
  • 2018-10-28 ab739c7f Replace usage of Convert JSON methods with json_encode and json_decode (Robbie Averill)
  • 2018-10-28 87ee897 Replace usage of Convert JSON methods with json_encode and json_decode (Robbie Averill)
  • 2018-10-28 4a06f52 Replace usage of Convert JSON methods with json_encode and json_decode (Robbie Averill)
  • 2018-10-28 89c5abe Replace usage of Convert JSON methods with json_encode and json_decode (Robbie Averill)
  • 2018-10-28 b02a6fa02 Replace usage of Convert JSON methods with json_encode (Robbie Averill)
  • 2018-10-25 bed1906f7 Fix typo (Andre Kiste)
  • 2018-10-24 f635a2d Fix typo (bergice)
  • 2018-10-20 c06cf4820 Readonly and disabled CurrencyFields no longer always returns dollar currency sign, now respect config (Robbie Averill)
  • 2018-10-18 76255c9fb CheckboxSetField can now save into DBMultiEnum (Sam Minnee)
  • 2018-10-18 5531baa87 Introduce readonly transaction test to all database. (Sam Minnee)
  • 2018-10-18 1e83dff4e #828 optimised query in graphql asset admin (micmania1)
  • 2018-10-16 b4201fcf7 Fix example code (DorsetDigital)
  • 2018-10-15 d4d9cbf allow base path of / (Sam Minnee)
  • 2018-10-08 bd5a81590 Make all enums non-destructive, not just ClassName (Sam Minnee)
  • 2018-10-08 67fe41d00 Ensure that repeated setting/unsetting doesnt corrode forceChange() (Sam Minnee)
  • 2018-10-04 5bb2d9484 Update “original” DataObject data to be the content of the last write (Sam Minnee)
  • 2018-10-04 a7b5de5de ensure that there are PGSQL builds both with and without PDO (Sam Minnee)
  • 2018-10-04 261539953 Use PDOs built-in transaction support in MySQLDatabase. (Sam Minnee)
  • 2018-10-04 0111b98b1 Ensure that types are preserved fetching from database (Sam Minnee)
  • 2018-09-14 274657f4f Add support in "I should see a message" step definition for Bootstrap alerts (Robbie Averill)
  • 2018-07-04 18293f7af Rename pushHandler to pushLogger (Robbie Averill)