SilverStripe 3.2.0
16 October 2015
SilverStripe version 3.2.0 is now available (major release).
Upgrading to SilverStripe 3.2.0
SilverStripe 3.2.0 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply SilverStripe updates as new versions are released, or use Installatron's Clone feature to duplicate an existing SilverStripe install to test the 3.2.0 upgrade prior to applying it live. Get started managing your SilverStripe installations with Installatron
What's New in SilverStripe 3.2.0
Major changes
- Minimum PHP version raised to 5.3.3
- Introduction of new parameterised ORM
- Default support for PDO
- Moved SS_Report and ReportAdmin out to a separate module. If you're using composer or downloading a release, this module should be included for you. Otherwise, you'll need to include the module yourself (https://github.com/silverstripe-labs/silverstripe-reports)
- Moved SiteConfig also out to its own module. This will be included by default if you include the CMS module. (https://github.com/silverstripe/silverstripe-siteconfig)
- Implementation of new "Archive" concept for page removal, which supercedes "delete from draft". Where deletion removed pages only from draft, archiving removes from both draft and live simultaneously.
- Most of the Image manipulation methods have been renamed
Deprecated classes/methods
- DataList::getRange() removed. Use limit() instead.
- SQLMap removed. Call map() on a DataList or use SS_Map directly instead.
- SQLQuery methods select(), limit(), orderby(), groupby(), having(), from(), leftjoin(), innerjoin(), where() and whereAny() removed. Use set*() and add*() methods instead.
New and changed API
- Implementation of a parameterised query framework eliminating the need to manually escape variables for use in SQL queries. This has been integrated into nearly every level of the database ORM.
- Refactor of database connectivity classes into separate components linked together through dependency injection
- Refactor of SQLQuery into separate objects for each query type: SQLSelect, SQLDelete, SQLUpdate and SQLInsert
- PDO is now a standard connector, and is available for all database interfaces
- DataObject::doValidate() method visibility added to access DataObject::validate externally
- NumericField now uses HTML5 "number" type instead of "text"
- UploadField "Select from files" shows files in all folders by default
- UploadField won't display an overwrite warning unless Upload::replaceFile is true
- HtmlEditorField no longer substitutes <blockquote /> for indented text
- ClassInfo::dataClassesFor now returns classes which should have tables, regardless of whether those tables actually exist.
- SS_Filterable, SS_Limitable and SS_Sortable now explicitly extend SS_List
- Convert::html2raw no longer wraps text by default and can decode single quotes.
- Mailer no longer calls xml2raw on all email subject line, and now must be passed in via plain text.
- ErrorControlChain now supports reload on exceptions
- FormField::validate now requires an instance of Validator
- API: Removed URL routing by controller name
- Security: The multiple authenticator login page should now be styled manually - i.e. without the default jQuery UI layout. A new template, Security_MultiAuthenticatorLogin.ss is available.
- Security: This controller's templates can be customised by overriding the getTemplatesFor function.
- Deprecation::set_enabled() or SS_DEPRECATION_ENABLED can now be used to enable or disable deprecation notices. Deprecation notices are no longer displayed on test.
- API: Form and FormField ID attributes rewritten.
- SearchForm::getSearchQuery no longer pre-escapes search keywords and must be cast in your template
- Helper function DB::placeholders can be used to generate a comma separated list of placeholders useful for creating "WHERE ... IN (?,...)" SQL fragments
- Implemented Convert::symbol2sql to safely encode database and table names and identifiers. E.g. Convert::symbol2sql('table.column') => '"table"."column"';
- Convert::raw2sql may now quote the escaped value, as well as safely escape it, according to the current database adaptor's preference.
- DB class has been updated and many static methods have been renamed to conform to coding convention. Renamed API: affectedRows -> affected_rows; checkAndRepairTable -> check_and_repair_table; createDatabase -> create_database; createField -> create_field; createTable -> create_table; dontRequireField -> dont_require_field; dontRequireTable -> dont_require_table; fieldList -> field_list; getConn -> get_conn; getGeneratedID -> get_generated_id; isActive -> is_active; requireField -> require_field; requireIndex -> require_index; requireTable -> require_table; setConn -> set_conn; tableList -> table_list. Deprecated API: getConnect (Was placeholder for PDO connection string building code, but is made redundant after the PDOConnector being fully abstracted). New API: build_sql - Hook into new SQL generation code; get_connector (Nothing to do with getConnect); get_schema; placeholders; prepared_query
- SS_Database class has been updated and many functions have been deprecated, or refactored into the various other database classes. Most of the database management classes remain in the database controller, due to individual databases (changing, creating of, etc) varying quite a lot from API to API, but schema updates within a database itself is managed by an attached DBSchemaManager. Refactored into DBSchemaManager: createTable; alterTable; renameTable; createField; renameField; fieldList; tableList; hasTable; enumValuesForField; beginSchemaUpdate and endSchemaUpdate -> Use schemaUpdate with a callback; cancelSchemaUpdate; isSchemaUpdating; doesSchemaNeedUpdating; transCreateTable; transAlterTable; transCreateField; transCreateField; transCreateIndex; transAlterField; transAlterIndex; requireTable; dontRequireTable; requireIndex; hasField; dontRequireField; Refactored into DBQueryBuilder; sqlQueryToString. Deprecated: getConnect - Was intended for use with PDO, but was never implemented, and is now redundant, now that there is a stand-alone PDOConnector; prepStringForDB - Use quoteString instead; dropDatabase - Use dropSelectedDatabase; createDatabase - Use selectDatabase with the second parameter set to true instead; allDatabaseNames - Use databaseList instead; currentDatabase - Use getSelectedDatabase instead; addslashes - Use escapeString instead.
- LogErrorEmailFormatter now better displays SQL queries in errors by respecting line breaks
- Installer has been majorly upgraded to handle the new database configuration options and additional PDO functionality.
- Created SS_DatabaseException to emit database errors. Query information such as SQL and any relevant parameters may be used by error handling user code that catches this exception.
- The SQLConditionGroup interface has been created to represent dynamically evaluated SQL conditions. This may be used to wrap a class that generates a custom SQL clause(s) to be evaluated at the time of execution.
- DataObject constants CHANGE_NONE, CHANGE_STRICT, and CHANGE_VALUE have been created to provide more verbosity to field modification detection. This replaces the use of various magic numbers with the same meaning.
- create_table_options now uses constants as API specific filters rather than strings. This is in order to promote better referencing of elements across the codebase. See FulltextSearchable->enable for example.
- $FromEnd iterator variable now available in templates.
- Support for multiple HtmlEditorConfigs on the same page.
- Object::singleton() method for better type-friendly singleton generation
- New Image methods CropWidth and CropHeight added
- 'Max' versions of Image methods introduced to prevent up-sampling
- Update Image method names in PHP code and templates: SetRatioSize -> Fit; CroppedImage -> Fill; PaddedImage -> Pad; SetSize -> Pad; SetWidth -> ScaleWidth; SetHeight -> ScaleHeight
Bugfixes
- Reduced database regeneration chances on subsequent rebuilds after the initial dev/build
- Elimination of various SQL injection vulnerability points
- DataObject::writeComponents() now called correctly during DataObject::write()
- Fixed missing theme declaration in installer
- Fixed incorrect use of non-existing exception classes (e.g. HTTPResponse_exception)
- GridState fixed to distinguish between check for missing values, and creation of nested state values, in order to prevent non-empty values being returned for missing keys. This was breaking DataObject::get_by_id by passing in an object for the ID.
- Fixed order of File fulltext searchable fields to use same order as actual fields. This is required to prevent unnecessary rebuild of MS SQL databases when fulltext searching is enabled.
- In the past E_RECOVERABLE_ERROR would be ignored, and now correctly appear as warnings.