Versions:

This document contains information about a future release and not the current stable version (4). Be aware that information on this page may change and API's may not be stable for production use.

3.1.19

Upgrading

LoginForm no longer disables CSRF protection. This may cause regressions on sites that statically publish pages with login forms or other changes. To re-enable this, you'll need to use the Injector to create a custom login form.

Define a login form:

class CustomLoginForm extends MemberLoginForm {

    public function __construct($controller, $name, $fields = null, $actions = null, $checkCurrentUser = true)
    {
        parent::__construct($controller, $name, $fields, $actions, $checkCurrentUser);

        $this->disableSecurityToken();
    }

}

Add this to mysite/_config/config.yml

Injector:
  MemberLoginForm:
    class: CustomLoginForm

Change Log

Security

Bugfixes

  • 2016-04-24 fde6376 Admin bloacklisted messages using correct $.inArray check (Daniel Hensby)
  • 2016-04-12 36283b8 Stop "success" message showing in CMS (Daniel Hensby)
  • 2016-03-31 6ec2656 fix ErrorControlChain causing errors to be displayed if display_errors in php.ini is false (Damian Mooyman)
  • 2016-03-18 add2ecd Parameter tokens now redirect to correct url if mod_rewrite is off (Daniel Hensby)
  • 2016-03-10 bc31d9c Use Controller::join_links() in Reports (Daniel Hensby)
  • 2016-03-08 0364204 Incorrect title attribute on CMS tabs (Loz Calver)
  • 2016-03-01 817b836 getIP from behind a load-balancer that adds many IPs to the header (Daniel Hensby)
  • 2015-01-08 adf0f10 Fixes CMS errors when viewing history on "Deleted" pages. (Russell Michell)

Was this article helpful?