Document the template modifier allowlist

Resolves #279

diff --git a/docs/migration/wsc55/templates.md b/docs/migration/wsc55/templates.md
new file mode 100644 (file)
index 0000000..7b2b63e
--- /dev/null
+++ b/docs/migration/wsc55/templates.md
@@ -0,0 +1,11 @@
+# Migrating from WoltLab Suite 5.5 - Templates
+
+## Template Modifiers
+
+WoltLab Suite featured a strict allow-list for template modifiers within the enterprise mode since 5.2.
+This allow-list has proved to be a reliable solution against malicious templates.
+To improve security and to reduce the number of differences between enterprise mode and non-enterprise mode the allow-list will always be enabled going forward.
+
+It is strongly recommended to keep the template logic as simple as possible by moving the heavy lifting into regular PHP code, reducing the number of (specialized) modifiers that need to be applied.
+
+See [WoltLab/WCF#4788](https://github.com/WoltLab/WCF/pull/4788) for details.

diff --git a/mkdocs.yml b/mkdocs.yml
index a3e80932299168a87427c84f041987a73f39bd6c..d6c51ccf24f32fe83c03e61529b56de5a3f6f77a 100644 (file)
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -113,6 +113,7 @@ nav:
     - 'From WoltLab Suite 5.5':
       - 'PHP API': 'migration/wsc55/php.md'
       - 'TypeScript and JavaScript': 'migration/wsc55/javascript.md'
+      - 'Templates': 'migration/wsc55/templates.md'
       - 'Third Party Libraries': 'migration/wsc55/libraries.md'
       - 'Deprecations and Removals': 'migration/wsc55/deprecations_removals.md'
     - 'From WoltLab Suite 5.4':