mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
6.3 KiB
6.3 KiB
3.2.4
Upgrading
LoginForm
no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with
login forms or other changes. To re-enable this, you'll need to use the Injector
to create a custom login form.
Define a login form:
class CustomLoginForm extends MemberLoginForm {
public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
{
parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);
$this->disableSecurityToken();
}
}
Add this to mysite/_config/config.yml
Injector:
MemberLoginForm:
class: CustomLoginForm
Change Log
Security
- 2016-04-18 3c0f2e8 Add CSFR protection to tree reorganise (Daniel Hensby) - See ss-2015-029
- 2016-04-18 a24c826 Store current page IDs as ints (Daniel Hensby) - See ss-2016-004
- 2016-04-18 1ccd392 Properly check backurl on CMSSecurity@success (Daniel Hensby) - See ss-2016-001
- 2016-04-18 f32c893 Apply brute force protection to default admin (Daniel Hensby) - See ss-2016-005
- 2016-04-18 a6bd22a dont disable XSS for login forms (Daniel Hensby) - See ss-2016-006
Bugfixes
- 2016-04-24 fde6376 Admin bloacklisted messages using correct $.inArray check (Daniel Hensby)
- 2016-04-12 36283b8 Stop "success" message showing in CMS (Daniel Hensby)
- 2016-03-31 6ec2656 fix ErrorControlChain causing errors to be displayed if display_errors in php.ini is false (Damian Mooyman)
- 2016-03-28 aeb4aa9 Dont allow plain text friendly errors (Daniel Hensby)
- 2016-03-27 5ede516 GridField::FieldHolder() should not attempt to parse shortcodes (fixes #5129) (Loz Calver)
- 2016-03-21 9d62d9d Link tracking not escaping
#
Fixes #1409 (Daniel Hensby) - 2016-03-21 5f8356d Fix File::getRelativePath() failing if parent folder is renamed (Damian Mooyman)
- 2016-03-18 add2ecd Parameter tokens now redirect to correct url if mod_rewrite is off (Daniel Hensby)
- 2016-03-18 57cfe3c Bad joining of links in reports (Daniel Hensby)
- 2016-03-10 bc31d9c Use
Controller::join_links()
in Reports (Daniel Hensby) - 2016-03-08 0364204 Incorrect title attribute on CMS tabs (Loz Calver)
- 2016-03-07 aa57427 Don't install imagick on php 5.3 (Damian Mooyman)
- 2016-03-07 86b1c8f file sync removes folders with dot in name (Jonathon Menz)
- 2016-03-07 6a22454 Fix FulltextsearchEnable (Damian Mooyman)
- 2016-03-01 2079844 fixes "Uncaught ImagickException: Can not process empty Imagick object" when deleting an image (Ryan McLaren)
- 2016-03-01 817b836 getIP from behind a load-balancer that adds many IPs to the header (Daniel Hensby)
- 2016-02-26 bd48d89 undeclared constant issue (Daniel Hensby)
- 2016-02-26 cc95703 Fix regressions in missing CSRF on print button (Damian Mooyman)
- 2016-02-25 3dc0d0e Fix regression in gridfield get actions (Damian Mooyman)
- 2016-02-22 65a0981 Correct behaviour of publish with $createNewVersion = true (Damian Mooyman)
- 2016-02-16 644c807 Use correct formaction for doRollback exemption #1378 (Andrew Aitken-Fincham)
- 2015-01-08 adf0f10 Fixes CMS errors when viewing history on "Deleted" pages. (Russell Michell)