Version 3
end of life
This version of Silverstripe CMS will not recieve any additional bug fixes or documentation updates.
Go to documentation for the most recent stable version.
3.1.16
Upgrading
FormField validation messages generated by the Validator
class will now be automatically XML
encoded before being rendered alongside an invalid field.
If a validation message in a custom Validator
instance should be rendered as literal HTML,
then the $message parameter for Validator::validationError
should be passed as an instance
of HTMLText
For example:
:::php
class MyCustomValidator extends Validator {
public function php($data) {
$this->validationError(
'EmailAddress',
DBField::create_field('HTMLText', "Invalid email. Please sign up at <a href='signup'>this page</a>")
);
}
}
Change Log
Security
- 2015-11-11 245e0aa Fix FormField error messages not being encoded safely (Damian Mooyman) - See ss-2015-026
- 2015-11-09 53b3bc7 Dont expose class on error (Hamish Friedlander) - See ss-2015-025
- 2015-11-01 ac4342d XML escape RSSFeed $link parameter (Ingo Schommer) - See ss-2015-022
- 2015-10-28 97f21fd Fix rewrite hash links XSS (Damian Mooyman) - See ss-2015-021