Versions:

2.4.2 (2010-09-22)

  • Fixed a security issue where pages in draft mode might be visible to unauthenticated users
  • Fixed a security issue where users with access to admin/security (but limited privileges) can take over a known administrator account by changing its password
  • Allow Apache webserver to customized error pages in HTML, rather than Apache default styling
  • Testing harness improvements: More verbose testing output, fixed coverage report generation
  • Fixed installer logic for SQLite database drivers
  • All unit tests pass on Windows OS/SQL Server
  • Over 100 other improvements and bugfixes

Changelogs

Features and Enhancements

  • [110757] added the ability to toggle the use draft site setting
  • [110467] #5977 Added optional argument to !ClassInfo::getValidSubClasses() and removed harcoded !SiteTree
  • [110211] disable basic auth by default, tests run on the assumption it is disabled.
  • [109104] Added -v / --verbose option to dev/tests/*, to make it output every single test name before it starts that test.
  • [109101] Session::set_cookie_path() and Session::set_cookie_domain() are now possible. This is useful for sharing cookies across all subdomains, for example.
  • [108942] make !RestfulService support PUT method.
  • [108663] ErrorDocument in default .htaccess so Apache serves default 404 and 500 server error pages
  • [108644] #3828 500 server error page is created by default on dev/build
  • [108499] New Member records are populated with the currently set default through i18n::set_locale()
  • [108437] Restful service returns cached response on http and curl errors
  • [108428] #2856 Limiting of relative URLs for Director::forceSSL() using a map of PCRE regular expressions
  • [108418] Added argument to SQLQuery->leftJoin()/innerJoin() (#5802, thanks stojg)
  • [108417] Full-text search with double quotes returns too many results. ticket #5733. Thanks ktauber.

API Changes

  • [110856] Member->canEdit() returns false if the editing member has lower permissions than the edited member, for example if a member with CMSACCESS!SecurityAdmin permissions tries to edit an ADMIN (fixes #5651)
  • [109156] #5873 !DataObjectSet::shift() now performs a proper shift instead of unshift (wrong). Please use !DataObjectSet::unshift($item) if unshifting was intended!
  • [109156] Added !DataObjectSet::pop()
  • [109103] Member::set_session_regenerate_id() can now be used to disable Member::session_regenerate_id() which can break setting session cookies across all subdomains of a site

Bugfixes

  • [110944] Fixed column names that were not quoted that broke PostgreSQL
  • [110914] Fixed double quotes around column names in Versioned::augmentDatabase()
  • [110901] delete orphaned records from versioned tables when updating. #5936
  • [110894] Protect !MemberTest from side effects caused by auth_openid and forum modules
  • [110889] Respecting field specific locale settings in !DatetimeField and !DateField when validating and saving values (fixes #5931, thanks Tjofras)
  • [110859] Disallow addition of members to groups with !MemberTableField->addtogroup() when the editing member doesn't have permissions on the added member
  • [110858] Don't suggest members in !SecurityAdmin->autocomplete() that the current user doesn't have rights to edit (fixes #5651)
  • [110857] Enforcing canEdit() checks in !ComplexTableField_Popup - making form readonly if the current user can't edit
  • [110838] Case insensitive !DateField value navigation (fixes #5990, thanks gw0(
  • [110835] Passing $name in !MoneyField->!FieldCurrency() (fixes #5982, thanks andersw)
  • [110809] Removing "typography" class from HTMLEditorField container (should just apply to the contained <iframe>) (fixes #5949)
  • [110808] Allowing $extraClass on !CheckboxField !FieldHolder (fixes #5939, thanks mobiusnz)
  • [110759] ensure that pages can only be requested from staging and live
  • [110463] Fixed boundary PHP notice case in !RequiredFields::php() where a field name may not be defined in the $data array when a Form is submitted
  • [110439] #5811 Fixed default selection of root node when CMS first opened (no currentPage set in session)
  • [110262] fix !TranslatableSearchFormText by supporting fulltext search for MSSQL and using extendedSQL function call that augments queries properly (previously it was using DB::query which does not augment). Added wait to !TranslatableSearchFormText so the test actually passes.
  • [110197] MigrateSiteTreeLinkingTask now takes a direct map when querying the page tracked links instead of looping through the direct result set. This fixes SQL Server failing when MARS (Multiple Active Result Sets) is disabled
  • [110165] Fixed missing "Save" action input label on !ComplexTableField popup form
  • [110130] force the test to wait until indexing completes. Do not use stop words ('me')
  • [109834] BasicAuthTests fail when Member's unique_identifier_field is anything except the default of Email
  • [109714] disable basic auth for the restful controller test
  • [109712] makeRelative would return "false" for the root path, empty string is expected - fix that
  • [109712] change the check in forceSSL to work on Windows - it sets the $_SERVER['https'] to off, instead of null
  • [109591] getItem didn't consider the PostgreSQL SQL syntax. Columns with Capital letters must be quoted. Added quotes to the where clause in getItem. I didn't added quotes to the baseTable because it causes PostgreSQL errors (tables can not be double quoted, just single quoted).
  • [109168] $val is now cast as an int to prevent strings always returning true (YES)
  • [109155] Validator::requiredField() should check the required field submitted value is an array before check strlen(). Some fields submitted as an array, e.g. !MoneyField
  • [109128] Remove () that was breaking coverage report
  • [109106] sort order of widgets is now fixed.
  • [109102] Themed permissionFailure messages
  • [109083] Group::getCMSFields() should use Tab instances with a fixed name instead of translated one, leaving the translation for the tab title instead
  • [109082] SiteTree decorated canView() checks not being passed through to !SiteTree::canView()
  • [109081] StringField::setNullifyEmpty() should assign the given value boolean, not evaluate whether it's true or not
  • [109079] Count() call on a non-object in File::!BackLinkTrackingCount()
  • [109063] Fixed File::getAbsoluteURL() absolute generation
  • [109062] File::getAbsoluteURL() should return a URL, not a filesystem path
  • [108887] CSVBulkLoader import method now no longer requires files to end in '.csv'. Some projects want to import files in CSV format, but not of csv file type.
  • [108811] Added specific border case for array form data in !RequiredFields::php()
  • [108792] Fixed validation to accept arrays (!FileField case)
  • [108633] NumericField javascript does not accept negatives, make use of isNaN built-in javascript function instead of custom regex
  • [108515] #5627 Clear session on logout
  • [108513] EMAIL_BOUNCEHANDLER_KEY cannot be defined
  • [108512] Validator/!RequiredFields should not regard "0" as an empty value
  • [108509] SapphireTest::create_temp_db() should restore the SS error handler from the PHPUnit one temporarily in case there's any errors building
  • [108492] Undefined variable destURL in Director::forceWWW() (regression from r107094)
  • [108436] Checking for existence of $('!SwitchView') (fixes #5282)
  • [108432] Database password input in installer should be password, so that the password is obfuscated when input
  • [108427] Take note of output format when building Location header for !RestfulServer
  • [108422] CurrencyField doesn't accept negative value (#5769, thanks simon_w)
  • [108421] Fixed !ContentNegotiator to handle HTML and XHTML base tags properly when converting, regression from r108413
  • [108413] #5855 SSViewer::get_base_tag() should produce a properly closed base tag for XHTML (thanks smorris!)
  • [108409] #5862 JSON output of JSONDataFormatter now uses quotes for keys to be safer
  • [108408] Member_!ProfileForm should fallback to english text for save button if no translation defined for current language
  • [108407] #5852 Missing translation for !SecurityAdmin save button causes it to have no text, should default to english "Save"
  • [108400] Undefined variable when calling !DataObject::many_many_extraFields() and relation name couldn't be found for the component
  • [108399] DataObjects without the Versioned decorator cannot have a "Version" field. ticket #5775. Thanks ajshort
  • [108397] Added condition to avoid error creating "!PastMember" cookie on dev/build (ticket #5780) Thanks simon_w
  • [108396] Applied/edited paradigmincarnate's patch to quote plaintext email with htmlEmail (#5120)

Minor changes

  • [110847] Documentation
  • [110837] Check in !TableListField->!HighlightClasses() (fixes #5993, thanks lx)
  • [110836] Avoid using ASP-style tags in SSViewer comments, it confuses PHP with asp_tags=ON (fixes #5976, thanks ezero)
  • [110440] Warning about install.php existing for root site tree node as well (!SiteConfig form)
  • [110435] German translations for cms javascript (#5921, thanks bartlomiej)
  • [110243] added missing closing tag
  • [110205] Make dev/build not constantly show a changed index because of whitespace between VersionID and Version in the index spec
  • [110200] Removed removeDuplicates() call on linked pages !DataObjectSet in !MigrateSiteTreeLinkingTask which is no longer required, as the duplicate results were fixed in !DataObject directly
  • [110190] only call next() in iterator validation on initialisation or after reset NOT if current value is invalid
  • [109788] repair installer for sqlite
  • [109787] repair installer for sqlite
  • [109405] neatly quote identifiers
  • [109382] return a fail instead of an error
  • [109334] Remove whitespace if Surname field set on Member, but not !FirstName
  • [109333] Tests for Member::getName() and Member::setName()
  • [109330] trim space off end of firstname if surname is not set. #5925
  • [109274] CSSContentParser::__construct() now gives a better error if the content could not be parsed. This will mostly happen if tidy isn't present.
  • [109165] phpDoc updates for SS!LogFileWriter and SS!LogEmailWriter
  • [109156] Unit tests for !DataObjectSet::shift(), !DataObjectSet::unshift() and !DataObjectSet::pop()
  • [109152] Doc update for Director::forceSSL()
  • [109127] Applied patch from walec51 for <% control %> on empty set (#5579) Also added unit tests by ischommer
  • [109105] Fix links etc, and remove www. from SS urls
  • [109100] Clear out the test database in between each salad scenario.
  • [109066] Added tests for File::getURL() and File::getAbsoluteURL()
  • [108961] remove SQL table alias keyword AS
  • [108666] Fixed tests not working on the web side as redirection to https would occur
  • [108665] Fixed !DirectorTest to restore it's REQUEST_URI state to the original one after each test method is run
  • [108640] allow $icon to be overridden on !ErrorPages. PATCH via martljn (#5875).
  • [108571] Changed unknown web server text
  • [108570] Allow checking for a specific IIS version (parameter to !InstallRequirements::isIIS())
  • [108569] Removed double up of similar logic in !InstallRequirements
  • [108568] Simplified discovery of webserver during install
  • [108561] Removed unncessary isset() check
  • [108559] Add some documentation to !LeftAndMain_right.js
  • [108546] Removed command line functionality from installer which is no longer used
  • [108518] Fixed failing test as session being set before logging out and losing BackURL
  • [108500] Fixed failing tests because of locale not being set to the default in !SapphireTest::setUp()
  • [108442] Translations in CMSMain_left.ss
  • [108441] Making "todo" tab title translatable
  • [108435] Fixed Director::forceSSL() breaking unit tests because headers were already sent
  • [108434] Reverted r108433
  • [108433] DirectorTest should not extend from !FunctionalTest (regression from r108428)
  • [108376] Add trailing slash to image tag (thanks to mattclegg)
  • [108375] Cross-referencing some documentation

Other

  • [110241] #5870 Block web requests to silverstripe-cache directory via htaccess !RedirectMatch rule or web.config hiddenSegments functionality if using IIS 7.x
  • [109177] Revert "MINOR: Applied patch from walec51 for <% control %> on empty set (#5579) Also added unit tests by ischommer"
  • [109177] This was not supposed to be pushed out yet.
  • [109177]
  • [109177] This reverts commit 9c2aafa414948314236674e31fd756797d695139.
  • [109163] Revert "BUGFIX: sort order of widgets is now fixed."
  • [109163]
  • [109163] This reverts commit 1e7781ba2b8ac30333a20d9a1b0bcb9b4ba5b0b0.
  • [109099] Added dev/tests/emptydb to clear out test session databases.
  • [108417] Using htmlentities($keywords,ENT_NOQUOTES) instead of proposed solution