tonyair
/
silverstripe-framework
mirror of https://github.com/silverstripe/silverstripe-framework
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
silverstripe-framework/docs/en/changelogs/2.4.2.md

13 KiB
Raw Blame History

2.4.2 (2010-09-22)

  • Fixed a security issue where pages in draft mode might be visible to unauthenticated users
  • Fixed a security issue where users with access to admin/security (but limited privileges) can take over a known administrator account by changing its password
  • Allow Apache webserver to customized error pages in HTML, rather than Apache default styling
  • Testing harness improvements: More verbose testing output, fixed coverage report generation
  • Fixed installer logic for SQLite database drivers
  • All unit tests pass on Windows OS/SQL Server
  • Over 100 other improvements and bugfixes

Changelogs

Features and Enhancements

  • [110757] added the ability to toggle the use draft site setting
  • [110467] #5977 Added optional argument to !ClassInfo::getValidSubClasses() and removed harcoded !SiteTree
  • [110211] disable basic auth by default, tests run on the assumption it is disabled.
  • [109104] Added -v / --verbose option to dev/tests/*, to make it output every single test name before it starts that test.
  • [109101] Session::set_cookie_path() and Session::set_cookie_domain() are now possible. This is useful for sharing cookies across all subdomains, for example.
  • [108942] make !RestfulService support PUT method.
  • [108663] ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages
  • [108644] #3828 500 server error page is created by default on dev/build
  • [108499] New Member records are populated with the currently set default through i18n::set_locale()
  • [108437] Restful service returns cached response on http and curl errors
  • [108428] #2856 Limiting of relative URLs for Director::forceSSL() using a map of PCRE regular expressions
  • [108418] Added argument to SQLQuery->leftJoin()/innerJoin() (#5802, thanks stojg)
  • [108417] Full-text search with double quotes returns too many results. ticket #5733. Thanks ktauber.

API Changes

  • [110856] Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_!SecurityAdmin permissions tries to edit an ADMIN (fixes #5651)
  • [109156] #5873 !DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use !DataObjectSet::unshift($item) if unshifting was intended!
  • [109156] Added !DataObjectSet::pop()
  • [109103] Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site

Bugfixes

  • [110944] Fixed column names that were not quoted that broke PostgreSQL
  • [110914] Fixed double quotes around column names in Versioned::augmentDatabase()
  • [110901] delete orphaned records from versioned tables when updating. #5936
  • [110894] Protect !MemberTest from side effects caused by auth_openid and forum modules
  • [110889] Respecting field specific locale settings in !DatetimeField and !DateField when validating and saving values (fixes #5931, thanks Tjofras)
  • [110859] Disallow addition of members to groups with !MemberTableField->addtogroup() when the editing member doesn't have permissions on the added member
  • [110858] Don't suggest members in !SecurityAdmin->autocomplete() that the current user doesn't have rights to edit (fixes #5651)
  • [110857] Enforcing canEdit() checks in !ComplexTableField_Popup - making form readonly if the current user can't edit
  • [110838] Case insensitive !DateField value navigation (fixes #5990, thanks gw0(
  • [110835] Passing $name in !MoneyField->!FieldCurrency() (fixes #5982, thanks andersw)
  • [110809] Removing "typography" class from HTMLEditorField container (should just apply to the contained