tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
d969e29d00
silverstripe-framework/docs/en/changelogs/3.0.4.md
Ingo Schommer d969e29d00 API Require ADMIN for ?showtemplate=1
2013-02-12 23:26:04 +01:00

677 B
Raw Blame History

3.0.4

Overview

  • Changed dev/tests/setdb and dev/tests/startsession from session to cookie storage.
  • Require ADMIN permissions for ?showtemplate=1

Details

Require ADMIN permissions for ?showtemplate=1

Avoids information leakage of compiled template data, which might expose some of the internal template logic.

Upgrading

  • If you are using dev/tests/setdb and dev/tests/startsession, you'll need to configure a secure token in order to encrypt the cookie value: Simply run sake dev/generatesecuretoken and add the resulting code to your mysite/_config.php. Note that this functionality now requires the PHP mcrypt extension.