Improved Config API and secure default template casting in 3.1.0-beta3

Posted by Ingo Schommer on 22 April 2013

We're proud to release our third beta of SilverStripe 3.1 (download), which gets us very close to the Release Candidate (RC) stage. Compared to previous beta releases, beta 3 has seen some large but unavoidable API changes. Please ensure to read the changelog and upgrading guide. You'll need to at least rewrite your static declarations in your Page and Page_Controller classes (incl. custom subclasses). Also, check that any used modules are compatible with the new beta. The easiest way to manage those dependencies is an installation through Composer.

The "old way" of setting configuration through static properties or methods at runtime has been deprecated with 3.0. The YAML-based Config API which replaces it has not seen widespread use though. This changes now, with most core configuration only accessible through this API. In order to enforce this change, the visibility of statics has changed to "private", which will throw errors if your codebase accesses those directly. The Config API helps us to provide a faster and cleaner bootstrap process, since less PHP files need to be autoloaded.

In order to reduce the chance of accidentally allowing XSS attacks, the value of $default_cast has been changed from HTMLText to Text. This means that any values used in a template that haven't been explicitly cast as safe will be escaped (< replaced with &lt; etc). Please check your controllers and templates to see if this affects you.

On the CMS front, we're only adding a little polish. The pages list view is now more useful since it remembers the open tab and URL, meaning authors can use it as their default view. We've also added a "Show children as list" context menu in the tree to easily switch, and make it more feasible to manage large flat structures, such as blog entries without requiring interaction with the tree.

We hope you enjoy beta 3!

Post your comment

Note: Comments are moderated and won't show until they are approved

Comments

  • Yeah, I'll second what Francisco said.

    Posted by Andrew Houle, 1 year ago @andrewhoule

  • Well, first I was annoyed by having to adjust my configuration and all statics - now I am really happy to see (and learn) how much SilverStripe has improved.
    For me as Software Developer Silverstripe is a clean and logical mighty tool to have fun working with.
    Thanks!
    Hendrik

    Posted by Hendrik Schaper, 1 year ago

  • this all look great guys, congrats on the new developments. can i ask for something? i read all the documentation and it looks amazing for a seasoned developer, but not for a regular user, lots of designers and frontend devs learn by example and foo bar baz is not a good way to understand how things work. the other day i was talking with unclecheese and he told me: 'its really clear and well commented' - i read the complete doc twice and it doesnt look clear to me :(

    it feels like something is missing (probably a real life example)

    if you could post an small example with real content like the model admin CRM or something like that it would be really appreciated by the not hardcore community.

    keep up the good work!

    Posted by francisco arenas, 1 year ago @dospuntocero

RSS feed for comments on this page | RSS feed for all comments

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.