3.2.0 (unreleased)

Overview

CMS

• Moved SS_Report and ReportAdmin out to a separate module. If you're using composer or downloading a release, this module should be included for you. Otherwise, you'll need to include the module yourself (https://github.com/silverstripe-labs/silverstripe-reports)

Framework

• API: Removed URL routing by controller name
• Security: The multiple authenticator login page should now be styled manually - i.e. without the default jQuery UI layout. A new template, Security_MultiAuthenticatorLogin.ss is available.
• Security: This controller's templates can be customised by overriding the getTemplate function.

Details

API: Removed URL routing by controller name

The auto-routing of controller class names to URL endpoints has been removed (rule: '$Controller//$Action/$ID/$OtherID': '*'). This increases clarity in routing since it makes URL entpoints explicit, and thereby simplifies system and security reviews.

Please access any custom controllers exclusively through self-defined routes. For controllers extending Page_Controller, simply use the provided page URLs.

class MyController extends Controller {
    static $allowed_actions = array('myaction');
    public function myaction($request) {
        // ...
    }
}

Create a new file mysite/_config/routes.yml (read more about the config format). Your controller is now available on http://yourdomain.com/my-controller-endpoint, after refreshing the configuration cache through ?flush=all.

---
Name: my-routes
After: framework/routes#coreroutes
---
Director:

    rules:
        'my-controller-endpoint//$Action' : 'MyController'

The auto-routing is still in place for unit tests, since its a frequently used feature there. Although we advise against it, you can reinstate the old behaviour through a director rule:

---
Name: my-routes
After: framework/routes#coreroutes
---
Director:

    rules:
        '$Controller//$Action/$ID/$OtherID':  '*'