Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

 

Improved Config API and secure default template casting in 3.1.0-beta3

We're proud to release our third beta of SilverStripe 3.1 (download), which gets us very...

Comments 3

by Ingo Schommer

Posted 22 April 2013

Read post

We're proud to release our third beta of SilverStripe 3.1 (download), which gets us very close to the Release Candidate (RC) stage. Compared to previous beta releases, beta 3 has seen some large but unavoidable API changes. Please ensure to read the changelog and upgrading guide. You'll need to at least rewrite your static declarations in your Page and Page_Controller classes (incl. custom subclasses). Also, check that any used modules are compatible with the new beta. The easiest way to manage those dependencies is an installation through Composer.

The "old way" of setting configuration through static properties or methods at runtime has been deprecated with 3.0. The YAML-based Config API which replaces it has not seen widespread use though. This changes now, with most core configuration only accessible through this API. In order to enforce this change, the visibility of statics has changed to "private", which will throw errors if your codebase accesses those directly. The Config API helps us to provide a faster and cleaner bootstrap process, since less PHP files need to be autoloaded.

In order to reduce the chance of accidentally allowing XSS attacks, the value of $default_cast has been changed from HTMLText to Text. This means that any values used in a template that haven't been explicitly cast as safe will be escaped (< replaced with &lt; etc). Please check your controllers and templates to see if this affects you.

On the CMS front, we're only adding a little polish. The pages list view is now more useful since it remembers the open tab and URL, meaning authors can use it as their default view. We've also added a "Show children as list" context menu in the tree to easily switch, and make it more feasible to manage large flat structures, such as blog entries without requiring interaction with the tree.

We hope you enjoy beta 3!