This document contains information for an outdated version (2.3) and may not be maintained any more.

If some of your projects still use this version, consider upgrading as soon as possible.

2.3.8 (2010-07-23)

No overview noted.

Upgrading Notes

See API Changes below

Security: File->setName() and File->Filename handling

See 2.4.1

Security: Disallow direct execution of *.php files

See 2.4.1

Changelog

Features and Enhancements

  • [rev:108062] Added File::$allowed_extensions (backport from 2.4 to enable File->validate() security fix)
  • [rev:103684] Allowing !TestRunner? to skip certain tests through the ?!SkipTests?=... GET paramete (merged from branches/2.3-nzct) (from r80646)
  • [rev:103659] do not show comments that need moderation in the comment rss feed

API Changes

  • [rev:108062] Don't reflect changes in File and Folder property setters on filesystem before write() is called, to ensure that validate() applies in all cases. This fixes a problem where File->setName() would circumvent restrictions in File::$allowed_extensions (fixes #5693)
  • [rev:108062] Removed File->resetFilename(), use File->updateFilesystem() to update the filesystem, and File->getRelativePath() to just update the "Filename" property without any filesystem changes (emulating the old $renamePhysicalFile method argument in resetFilename())
  • [rev:108062] Removed File->autosetFilename(), please set the "Filename" property via File->getRelativePath()

Bugfixes

  • [rev:108045] Don't allow direct access to PHP files in mysite module. (from r108029)
  • [rev:108044] Don't allow direct access to PHP files in cms module. (from r108028)
  • [rev:108043] Don't allow direct access to PHP files in sapphire module, except for main.php and static-main.php (from r108023)

Minor changes

  • [rev:108062] Added unit tests to !FileTest and !FolderTest (some of them copied from !FileTest, to test Folder behaviour separately)
  • [rev:108046] Partially reverted r108045, mistakenly committed !RewriteBase change
  • [rev:108040] Added .mergesources.yml
  • [rev:103897] Added querystring option to Makefile (from r103884)
  • [rev:103895] Added querystring option to Makefile (from r103746)
  • [rev:103528] sort page comment table by Created field - show newest entries first
  • [rev:103521] Fixed !FileTest execution if the assets/ directory doesn't exist. (from r88353) (from r98086)
  • [rev:103447] Fixed js applying to non-tinymce textarea fields in !ModelAdmin.js (fixes #5453)
  • [rev:103362] Fixed js applying to non-tinymce textarea fields in !ModelAdmin.js (fixes #5453)
  • [rev:103348] added moderation message for non-ajax mode
  • [rev:101258] Fixed missing closing

<

div> in !ContentController->successfullyinstalled() (from r101254)

<code>./sscreatechangelog --version 2.3.8 --branch branches/2.3 --stopbranch tags/2.3.7</code>

Comments

Comment policy: Please use comments for tips and corrections about the described functionality.
Comments are moderated, we reserve the right to remove comments that are inappropriate or are no longer relevant. Use the Silverstripe Forum to ask questions.

blog comments powered by Disqus