mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
5.6 KiB
5.6 KiB
3.2.1
Upgrading
FormField validation messages generated by the Validator
class will now be automatically XML
encoded before being rendered alongside an invalid field.
If a validation message in a custom Validator
instance should be rendered as literal HTML,
then the $message parameter for Validator::validationError
should be passed as an instance
of HTMLText
For example:
:::php
class MyCustomValidator extends Validator {
public function php($data) {
$this->validationError(
'EmailAddress',
DBField::create_field('HTMLText', "Invalid email. Please sign up at <a href='signup'>this page</a>")
);
}
}
Change Log
Security
- 2015-11-12 b61d6dc HtmlEditorField_Toolbar#viewfile not whitelisting URLs (Hamish Friedlander) - See ss-2015-027
- 2015-11-11 bc1b289 Fix FormField error messages not being encoded safely (Damian Mooyman) - See ss-2015-026
- 2015-11-09 f290d86 Dont expose class on error (Hamish Friedlander) - See ss-2015-025
- 2015-11-01 4f55b6a XML escape RSSFeed $link parameter (Ingo Schommer) - See ss-2015-022
- 2015-10-28 132e9b3 Fix rewrite hash links XSS (Damian Mooyman) - See ss-2015-021
Bugfixes
- 2015-11-10 732e705 Correct behaviour for empty filter array (as per 3.1) (Damian Mooyman)
- 2015-11-09 414ea3d prevent UploadField edit form generation for Folders (Damian Mooyman)
- 2015-11-05 c6c650f Ensure CMSMainTest uses correct siteconfig (Damian Mooyman)
- 2015-11-02 0272e44 Prevent dev/build continually regenerating Number field type (Damian Mooyman)
- 2015-10-30 2813f94 Ensure that filters on any fixed field are scoped to the base data table (Damian Mooyman)
- 2015-10-30 38ca963 Add missing CMSSecurity route (Damian Mooyman)
- 2015-10-29 daa86d3 Fix regression from #4396 in test fixtures (Damian Mooyman)
- 2015-10-28 db16248 Fix broken InlineFormAction (Damian Mooyman)
- 2015-10-27 293d847 for #4712: Dropping in some PHP documentation on return types for dynamically generated image methods. (Patrick Nelson)
- 2015-10-20 b857bdf Fix duplicate files being included in case of flush (Damian Mooyman)
- 2015-10-19 c364158 only use sethasemptydefault if exists. (Cam Findlay)
- 2015-10-08 ff6c0a3 (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
- 2015-10-08 785f850 for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)
- 2015-10-01 75dc391 for #586 and possible fix for #736 and relates to #2449: Don't perform validation upon deletion, since it isn't necessary. Cleaned up type hint. (Patrick Nelson)
- 2015-09-17 e64d73c Fix ClassInfo::table_for_object_field (Damian Mooyman)
- 2015-08-05 2901664 . FulltextFilter requires table identifiers in match query (Elvinas L.)
- 2015-07-12 f192a6e #4392: Ensure headers are checked first before being clobbered by globally maintained state. Also ensuring tests utilize separate responses for isolation. (Patrick Nelson)