mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-09-16 14:36:26 +02:00
23 lines
990 B
Markdown
23 lines
990 B
Markdown
# 4.3.5
|
|
|
|
Embedding files with shortcodes (`FileShortcodeProvider`) no longer provides a session grant
|
|
by default. This is because it has the potential to escalate file access
|
|
to users who otherwise should not have viewing permissions for the file.
|
|
|
|
There is a minor performance trade-off for disabling these grants. If you have a page with a lot of
|
|
images that are in a draft state or have custom viewing permissions, it adds an extra database
|
|
query for each embedded image. With session grants enabled, the first permission check persists
|
|
the grant into the session, meaning there is no need to query the database on every single file.
|
|
|
|
Unless you have a lot of shortcode images embedded with protected or draft status on a single page,
|
|
this setting is best left to its default value of `false`.
|
|
|
|
To revert to the old behaviour:
|
|
|
|
```
|
|
SilverStripe\Assets\Shortcodes\FileShortcodeProvider:
|
|
allow_session_grant: true
|
|
```
|
|
|
|
<!--- Changes below this line will be automatically regenerated -->
|