silverstripe-framework/docs/en/04_Changelogs/3.1.16.md
2015-11-16 15:16:49 +13:00

2.2 KiB

3.1.16

Upgrading

FormField validation messages generated by the Validator class will now be automatically XML encoded before being rendered alongside an invalid field.

If a validation message in a custom Validator instance should be rendered as literal HTML, then the $message parameter for Validator::validationError should be passed as an instance of HTMLText

For example:

:::php
class MyCustomValidator extends Validator {
	public function php($data) { 
		$this->validationError(
			'EmailAddress',
			DBField::create_field('HTMLText', "Invalid email. Please sign up at <a href='signup'>this page</a>")
		);
	}
}

Change Log

Security

  • 2015-11-11 245e0aa Fix FormField error messages not being encoded safely (Damian Mooyman) - See ss-2015-026
  • 2015-11-09 53b3bc7 Dont expose class on error (Hamish Friedlander) - See ss-2015-025
  • 2015-11-01 ac4342d XML escape RSSFeed $link parameter (Ingo Schommer) - See ss-2015-022
  • 2015-10-28 97f21fd Fix rewrite hash links XSS (Damian Mooyman) - See ss-2015-021

Bugfixes

  • 2015-10-20 b857bdf Fix duplicate files being included in case of flush (Damian Mooyman)
  • 2015-10-08 ff6c0a3 (v3.1) for #1294 to workaround ErrorPage fatal errors (and undefined var) when publishing. (Patrick Nelson)