mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
13 KiB
13 KiB
2.4.2 (2010-09-22)
- Fixed a security issue where pages in draft mode might be visible to unauthenticated users
- Fixed a security issue where users with access to admin/security (but limited privileges) can take over a known administrator account by changing its password
- Allow Apache webserver to customized error pages in HTML, rather than Apache default styling
- Testing harness improvements: More verbose testing output, fixed coverage report generation
- Fixed installer logic for SQLite database drivers
- All unit tests pass on Windows OS/SQL Server
- Over 100 other improvements and bugfixes
Changelogs
Features and Enhancements
- [110757] added the ability to toggle the use draft site setting
- [110467] #5977 Added optional argument to !ClassInfo::getValidSubClasses() and removed harcoded !SiteTree
- [110211] disable basic auth by default, tests run on the assumption it is disabled.
- [109104] Added -v / --verbose option to dev/tests/*, to make it output every single test name before it starts that test.
- [109101] Session::set_cookie_path() and Session::set_cookie_domain() are now possible. This is useful for sharing cookies across all subdomains, for example.
- [108942] make !RestfulService support PUT method.
- [108663] ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages
- [108644] #3828 500 server error page is created by default on dev/build
- [108499] New Member records are populated with the currently set default through i18n::set_locale()
- [108437] Restful service returns cached response on http and curl errors
- [108428] #2856 Limiting of relative URLs for Director::forceSSL() using a map of PCRE regular expressions
- [108418] Added argument to SQLQuery->leftJoin()/innerJoin() (#5802, thanks stojg)
- [108417] Full-text search with double quotes returns too many results. ticket #5733. Thanks ktauber.
API Changes
- [110856] Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMS_ACCESS_!SecurityAdmin permissions tries to edit an ADMIN (fixes #5651)
- [109156] #5873 !DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use !DataObjectSet::unshift($item) if unshifting was intended!
- [109156] Added !DataObjectSet::pop()
- [109103] Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site
Bugfixes
- [110944] Fixed column names that were not quoted that broke PostgreSQL
- [110914] Fixed double quotes around column names in Versioned::augmentDatabase()
- [110901] delete orphaned records from versioned tables when updating. #5936
- [110894] Protect !MemberTest from side effects caused by auth_openid and forum modules
- [110889] Respecting field specific locale settings in !DatetimeField and !DateField when validating and saving values (fixes #5931, thanks Tjofras)
- [110859] Disallow addition of members to groups with !MemberTableField->addtogroup() when the editing member doesn't have permissions on the added member
- [110858] Don't suggest members in !SecurityAdmin->autocomplete() that the current user doesn't have rights to edit (fixes #5651)
- [110857] Enforcing canEdit() checks in !ComplexTableField_Popup - making form readonly if the current user can't edit
- [110838] Case insensitive !DateField value navigation (fixes #5990, thanks gw0(
- [110835] Passing $name in !MoneyField->!FieldCurrency() (fixes #5982, thanks andersw)
- [110809] Removing "typography" class from HTMLEditorField container (should just apply to the contained