2013-10-10 12:35:07 +02:00

4.6 KiB

3.2.0 (unreleased)

Overview

CMS

Framework

  • API: Removed URL routing by controller name
  • Security: The multiple authenticator login page should now be styled manually - i.e. without the default jQuery UI layout. A new template, Security_MultiAuthenticatorLogin.ss is available.
  • Security: This controller's templates can be customised by overriding the getTemplate function.
  • API: Form and FormField ID attributes rewritten.

Details

API: Removed URL routing by controller name

The auto-routing of controller class names to URL endpoints has been removed (rule: '$Controller//$Action/$ID/$OtherID': '*'). This increases clarity in routing since it makes URL entpoints explicit, and thereby simplifies system and security reviews.

Please access any custom controllers exclusively through self-defined routes. For controllers extending Page_Controller, simply use the provided page URLs.

:::php
class MyController extends Controller {
	static $allowed_actions = array('myaction');
	public function myaction($request) {
		// ...
	}
}

Create a new file mysite/_config/routes.yml (read more about the config format). Your controller is now available on http://yourdomain.com/my-controller-endpoint, after refreshing the configuration cache through ?flush=all.

:::yaml
---
Name: my-routes
After: framework/routes#coreroutes
---
Director:
	rules:
		'my-controller-endpoint//$Action' : 'MyController'

The auto-routing is still in place for unit tests, since its a frequently used feature there. Although we advise against it, you can reinstate the old behaviour through a director rule:

:::yaml
---
Name: my-routes
After: framework/routes#coreroutes
---
Director:
	rules:
		'$Controller//$Action/$ID/$OtherID':  '*'

API: Default Form and FormField ID attributes rewritten.

Previously the automatic generation of ID attributes throughout the Form API could generate invalid ID values such as Password[ConfirmedPassword] as well as duplicate ID values between forms on the same page. For example, if you created a field called Email on more than one form on the page, the resulting HTML would have multiple instances of #Email. ID should be a unique identifier for a single element within the document.

This rewrite has several angles, each of which is described below. If you rely on ID values in your CSS files, Javascript code or application unit tests you will need to update your code.

Conversion of invalid form ID values

ID attributes on Form and Form Fields will now follow the HTML specification. Generating ID attributes is now handled by the new FormTemplateHelper class.

Please test each of your existing site forms to ensure that they work correctly in particular, javascript and css styles which rely on specific ID values.

Invalid ID attributes stripped

ID attributes will now be run through Convert::raw2htmlid. Invalid characters are replaced with a single underscore character. Duplicate, leading and trailing underscores are removed. Custom ID attributes (set through setHTMLID) will not be altered.

Before:
<form id="MyForm[Form]"
	<div id="MyForm[Form][ID]">

Now:
<form id="MyForm_Form">
	<div id="MyForm_Form_ID">

Namespaced FormField ID's

Form Field ID values will now be namespaced with the parent form ID.

Before:
<div id="Email">

Now:
<div id="MyForm_Email">

FormField wrapper containers suffixed with _Holder

Previously both the container div and FormField tag shared the same ID in certain cases. Now, the wrapper div in the default FormField template will be suffixed with _Holder.

Before:
<div id="Email">
	<input id="Email" />

After:
<div id="MyForm_Email_Holder"
	<input id="MyForm_Email" />

Reverting to the old specification

If upgrading existing forms is not feasible, developers can opt out of the new specifications by using the FormTemplateHelper_Pre32 class rules instead of the default ones.

:::yaml
# mysite/config/_config.yml

Injector:
	FormTemplateHelper:
		class: FormTemplateHelper_Pre32

Further Changes

  • Removed Member.LastVisited and Member.NumVisits properties, see Howto: Track Member Logins to restore functionality as custom code