2.3.1 Changelog

New Features

  • [72804] #3659 - Update key to show what purple means (ezero)
  • [72791] #3614 - Allow spell checking in HTMLEditorField when used outside of the CMS
  • [72788] #3612 - Option to auto-login with basic auth (jshipman)
  • [72771] added ability to disable AJAX commenting
  • [72763] #3610 - Require ADMIN permissions for ?flush=all
  • [72517] Allow access to the live site via RESTful api
  • [73435] more robust conditional check before we go to foreach loop, more robust conditional checking before we call a FormField function where we are not sure the caller is a FormField object.
  • [73285] Added Director::is_relative_url() and Director::is_site_url()
  • [73149] Allow calling methods on DataObjects using RESTful API. Methods which can be called must be specified in the $allowed_actions array of the DataObject.
  • [72574] Made JS i18n optional; disable it by calling Requirements::set_js_i18n(false)
  • [72497] Database will fix itself if you view the site and the database doesn't exist
  • [72496] Added BASE_SCRIPT_URL that lets you run a site without rewriting rules
  • [72346] Added onBeforeSecurityLogin event handler to Security/login, for extensions to plug into
  • [72229] Fixed invalid RSSFeed format - added <atom:link> and <dc:creator> elements, removed <author> element (invalid unless it contains an email address)
  • [72119] #3232 lenix: Added Date::FormatI18N()

Bugfixes

  • [73437] Fixed possible SQL injection in file name part for File::find()
  • [73318] Added missing action 'DeleteImageForm' to Image::$allowed_actions
  • [73304] Added missing action 'EditImageForm' to Image::$allowed_actions
  • [73301] Fixed too strict permission checking on Image::$allowed_actions. Replaced broken * permission check with explicit method names
  • [73299] Fixed array to string conversion caused by patch commited in r73285
  • [73291] Using $allowed_actions in Image_Uploader (Merged from r73255)
  • [73290] Validating $_FILES in Upload->validate() (Merged from r73254)
  • [73289] Existence check for Member autologin token (Merged from r73253)
  • [73288] Checking for Director::is_site_url() before redirecting in Controller->redirectBack() and MemberLoginForm (Merged from r73252)
  • [73286] Added isDev() and Permission::check() directives to DatabaseAdmin and DevelopmentAdmin (Merged from r73251)
  • [73285] Validating $_FILES array in Director::direct()
  • [73284] Using $allowed_actions in ImageEditor (Merged from r73248)
  • [73261] Interpret 401s and 403s created init() methods as 'finished' requests
  • [73117] Fixed ajax-response for multiple-item deletion
  • [73099] Fix notice-level error in rewriteless operation of homepage when db needs to be created
  • [73084] #3715: Show the changes message in a popup instead of a blank confirm box
  • [73082] #3716: Added error trapping to WYSIWYG side forms
  • [73080] #3714: Added default value to modeladmin search button
  • [73016] redirect user down to their posted comment if it was not posted via AJAX
  • [72926] #3591: Make Controller::isAjax() more reliable
  • [72854] #3529 - SilverStripeNavigator causes strict XHTML pages to fail in Firefox (michaek)
  • [72852] #3596 - Creating more than one new folder causes infinite loop (hamish)
  • [72819] Only use target="_blank" for files by default
  • [72816] #3645 - CommenterURL missing from CMS
  • [72798] #1450 - Passwords should be obscured when adding a member in a MemberTableField
  • [72760] Make sure "Template to install" retains its value when rechecking requirements
  • [72694] #3590: Allow subclassing of Folder
  • [72693] #3590: Allow subclassing of Folder
  • [72564] Include i18n where necessary. 2nd part of r72563
  • [72563] Updated i18n javascript system so that the i18n javascript needs to be explicitly included, so that it doesn't poke its nose in where it's not wanted.
  • [72557] #3418: Remove jQuery coupling from Email field focus, and only include email focus when validation is enabled
  • [72457] #3644 - _ss_environment.php search creates open_basedir error (ed)
  • [72341] Ensure that $this->class is set on ArrayData objects
  • [72338] Allow SilverStripe to work when asp_tags is on
  • [72252] Memory usage improvements to CsvBulkLoader and Member::onBeforeWrite()
  • [72201] fixed syntax fail in silverstripe navigator
  • [72200] Prevent infinite redirection when the homepage isn't available, when using modules such as subsites.
  • [72190] escaped filename before querying with it - #ajoneil
  • [73283] Using auto-escaped get_by_id() in CommentAdmin and SecurityAdmin (Merged from r73247)

* [73395] Disallow access of cli-script.php through a browser

  • [72602] restored image panel showing 3 across (#3670)
  • [72254] Fix tabs not being correct size when first loaded

Other