tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
cf29b2c146
silverstripe-framework/docs/en/04_Changelogs/3.1.19.md
Daniel Hensby a6bd22ab2f
[SS-2016-006] FIX dont disable XSS for login forms
2016-04-20 23:57:59 +01:00

792 B
Raw Blame History

3.1.19

Upgrading

LoginForm no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with login forms or other changes. To re-enable this, you'll need to use the Injector to create a custom login form.

Define a login form:

class CustomLoginForm extends MemberLoginForm {

	public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
	{
		parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);

		$this->disableSecurityToken();
	}

}

Add this to mysite/_config/config.yml

Injector:
  MemberLoginForm:
    class: CustomLoginForm

Change Log

Security

Bugfixes