mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
55 lines
2.7 KiB
Markdown
55 lines
2.7 KiB
Markdown
# 2.3.8 (2010-07-23)
|
|
|
|
No overview noted.
|
|
|
|
## Upgrading Notes
|
|
|
|
See API Changes below
|
|
|
|
### Security: File->setName() and File->Filename handling
|
|
|
|
See [2.4.1](2.4.1#securityfile-_setname_and_file-_filename_handling)
|
|
|
|
### Security: Disallow direct execution of *.php files
|
|
|
|
See [2.4.1](2.4.1#securitydisallow_direct_execution_of_php_files)
|
|
|
|
## Changelog
|
|
|
|
### Features and Enhancements
|
|
|
|
* [rev:108062] Added File::$allowed_extensions (backport from 2.4 to enable File->validate() security fix)
|
|
* [rev:103684] Allowing !TestRunner? to skip certain tests through the ?!SkipTests?=... GET paramete (merged from branches/2.3-nzct) (from r80646)
|
|
* [rev:103659] do not show comments that need moderation in the comment rss feed
|
|
|
|
|
|
### API Changes
|
|
|
|
* [rev:108062] Don't reflect changes in File and Folder property setters on filesystem before write() is called, to ensure that validate() applies in all cases. This fixes a problem where File->setName() would circumvent restrictions in File::$allowed_extensions (fixes #5693)
|
|
* [rev:108062] Removed File->resetFilename(), use File->updateFilesystem() to update the filesystem, and File->getRelativePath() to just update the "Filename" property without any filesystem changes (emulating the old $renamePhysicalFile method argument in resetFilename())
|
|
* [rev:108062] Removed File->autosetFilename(), please set the "Filename" property via File->getRelativePath()
|
|
|
|
|
|
### Bugfixes
|
|
|
|
* [rev:108045] Don't allow direct access to PHP files in mysite module. (from r108029)
|
|
* [rev:108044] Don't allow direct access to PHP files in cms module. (from r108028)
|
|
* [rev:108043] Don't allow direct access to PHP files in sapphire module, except for main.php and static-main.php (from r108023)
|
|
|
|
|
|
### Minor changes
|
|
|
|
* [rev:108062] Added unit tests to !FileTest and !FolderTest (some of them copied from !FileTest, to test Folder behaviour separately)
|
|
* [rev:108046] Partially reverted r108045, mistakenly committed !RewriteBase change
|
|
* [rev:108040] Added .mergesources.yml
|
|
* [rev:103897] Added querystring option to Makefile (from r103884)
|
|
* [rev:103895] Added querystring option to Makefile (from r103746)
|
|
* [rev:103528] sort page comment table by Created field - show newest entries first
|
|
* [rev:103521] Fixed !FileTest execution if the assets/ directory doesn't exist. (from r88353) (from r98086)
|
|
* [rev:103447] Fixed js applying to non-tinymce textarea fields in !ModelAdmin.js (fixes #5453)
|
|
* [rev:103362] Fixed js applying to non-tinymce textarea fields in !ModelAdmin.js (fixes #5453)
|
|
* [rev:103348] added moderation message for non-ajax mode
|
|
* [rev:101258] Fixed missing closing <div> in !ContentController->successfullyinstalled() (from r101254)
|
|
|
|
|
|
<code>./sscreatechangelog --version 2.3.8 --branch branches/2.3 --stopbranch tags/2.3.7</code> |