2018-03-23 12:47:07 +13:00

2.9 KiB

4.2.0

Overview

  • Disable session-based stage setting in Versioned (see #1578)
  • Deprecated FunctionalTest::useDraftSite(). You should use querystring args instead for setting stage.

Upgrading

Disable session-based stage setting

When viewing a versioned record (usually pages) in "draft" mode, SilverStripe used to record this mode in the session for further requests. This has the advantage of transparently working on XHR and API requests, as well as authenticated users navigating through other views.

These subsequent requests no longer carried an explicit stage query parameter, which meant the same URL might show draft or live content depending on your session state. While most HTTP caching layers deal gracefully with this variation by disabling any caching when a session cookie is present, there is a small chance that draft content is exposed to unauthenticated users for the lifetime of the cache.

Due to this potential risk for information leakage, we have decided to only rely on the stage query parameter. If you are consistently using the built-in SiteTree->Link() and Controller->Link() methods to get URLs, this change likely won't affect you.

If you are manually concatenating URLs to SilverStripe controllers rather than through their Link() methods (in custom PHP or JavaScript), or have implemented your own Link() methods on controllers exposing versioned objects, you'll need to check your business logic.

Alternatively, you can opt-out of this security feature via YAML configuration:

SilverStripe\Versioned\Versioned:
  use_session: true

Check our versioning docs for more details.

New Versioned API

The following methods have been added to [api:SilverStripe\Versioned\Versioned] class:

  • withVersionedMode() Allows users to execute a closure which may internally modify the current stage, but will guarantee these changes are reverted safely on return. Helpful when temporarily performing a task in another stage or view mode.
  • get_draft_site_secured() / set_draft_site_secured() Enables the explicit toggle of draft site security. By setting this to false, you can expose a draft mode to unauthenticated users. Replaces unsecuredDraftSite session var.
  • get_default_reading_mode() / set_default_reading_mode() The default reading mode is now configurable. Any non-default reading mode must have querystring args to be visible. This will be the mode choosen for requests that do not have these args. Note that the default mode for CMS is now draft, but is live on the frontend.

A new class [api:SilverStripe\Versioned\ReadingMode] has also been added to assist with conversion of the reading mode between:

  • Reading mode string
  • DataQuery parameters
  • Querystring parameters