As of 1.7.2, the Viewmodel class is deprecated, and replaced by the Presenter class. Functionality has remained largely the same, and a Viewmodel alias is present to maintain backward compatibility.
It has proven difficult to explain what a Viewmodel is and does, and why you should use it. Also having a classes/view and a views folder was very confusing for a lot of people. It is also a step closer to Fuel v2, there this class is also called Presenter.
As a result of the security issue mentioned below, the auto-format of the response in the Request_Curl
class is now disabled by default, as it is possible for a malicious site to construct a response of a specific reponse type that can lead to code execution. This means that if you use Request_Curl
, you have to either enable this manually in your code (ONLY if you absolutely trust the site you connect to!), or add code to validate the response before you process it.
The validation rule required
rule no longer treats an input value false
as a value, so passing this value will now trigger a validation error.
The PDO driver now returns the error code of the underlying database driver back as the error code in the Database_Exception
, instead of the PDO error code. This allows you to act on specific platform errors.
It also means you loose access to the original generic PDO error code, which you can work around by retrieving the current PDO database connection (through the connection()
method on the database object) and call PDO's errorCode()
method to retrieve the original generic PDO error code.
None.
There was one security advisory issued for 1.7.1, which also impact all previous versions from 1.1 onwards (see http://fuelphp.com/security-advisories). The issue is mitigated in 1.7.2, it is strongly advised that you upgrade as soon as possible, or alternatively follow the advice in the advisory.
A potentional vulnerability was discovered in the way column name quoting was done. This has been fixed. This means that coding SQL functions manually was something you could get away with earlier now require you to use DB::expr() to encapsulate the function.
// old code, no longer works
$result = DB::select("LOWER \"field\")")->from($table)->execute();
// has to be replaced by
$result = DB::select(DB::Expr("LOWER \"field\")"))->from($table)->execute();
Error messages are now escaped, to prevent a possible XSS through the generated error. Note that it is best practice not to display error messages in a production environment, so the possible risk for XSS is deemed to be very low.
- A possible XSS vulnerabity in the Profiler output has been fixed.
- The
import()
function can now also import third-party classes in APPPATH/vendor. - When using multiple DB connections, the profiler now shows the connection used for the query.
- The Profiler now html encodes the output to avoid incorrect handling of the ampersand.
- The internal Markdown class has been removed, and replaced by the Composer library.
- Some methods were still defined as
private
. This has been changed toprotected
to allow extension. - Fully namespaced controllers are now supported. Now you can use class names like Controller\Foo\Bar, Controller_Foo_Bar, or Controller\Foo_Bar.
- The Database layer now has support for nested transactions, either through native SQL support, or via SAVEPOINTS.
- The Agent class has been switched back to the original browscap.org URL's.
- Saving a Lang or Config file will now flush the APC and/or Opcode cache.
- Double quotes inside an HTML tag attribute value are now escaped.
- Debug logging has been added to the Session classes to aid in debugging session loss.
- GZIP compression is now automatically disabled if the client indicates it doesn't support it.
- Unit tests have been adapted where needed to support PHPUnit 4.
- The
html_tag
helper function now generates compliant HTML. - Several pieces of file handling code has been modified to handle Windows file paths better.
- The Autoloader now thows an exception if the class file can be found, but it doesn't contain the class expected.
- The Autoloader now supports loading Traits.
- The shutdown handler now logs any error if it fails to shutdown properly.
- The included PHPSecLib version has been upgraded to the July 1st version of the php5 branch.
- Unit testing now has support for AspectMock.
- An entry to the phpunit xml has been added to run tests in modules.
- Agent: Now correctly uses the defined browser agent instead of the system one.
- Arr: New
keyval_to_assoc()
method converts key-value pairs into an associative array. - Arr: When passing an object as key to
get()
, it is now cast to string. - Asset: Has a new config option "always_resolve", which will do local asset resolving even for absolute URL's.
- Cache: A check is added to avoid possible deadlocks with using files for caching.
- Cache: Now has a driver for Xcache (http://xcache.lighttpd.net).
- Cli: Backtrace output has been rewritten to make it more readable on the commandline.
- Cli: Now has the option to disable output colouring.
- Cli: New methods
stdout
andstderr
allow you to redirect them to file. - Config: When saving a config file, the configured permission mask is now applied.
- Controller_Hybrid: Now correctly handles returned array responses.
- Controller_Rest: When no data is returned, "204 NO CONTENT" status is set.
- Controller_Rest: Better support for Digest authentication.
- Controller_Rest: The option to specify the return format in the URL now actually works.
- Database: The PDO driver will now add the
charset
to the DSN if not specified. - Database: The MySQL drivers no longer use the "AUTOCOMMIT" value, which interferes with table locking.
- Database:
Insert
now has the options to define multiple value sets, to insert multiple rows at once. - Database: Quoted strings can now passed to methods without requiring
DB::expr()
. - DBUtil: Default values are now correctly quoted, instead of escaped.
- DBUtil: Make sure the
COMMENT
keyword appears beforeAFTER
andBEFORE
. - DBUtil: Now allows you to set a specific DB connection to operate on.
- Fieldset:
field()
without parameter will now correctly return all defined fieldset fields. - Fieldset: Now has a
delete()
method to remove an existing field from the fieldset. - Fieldset_Field:
set_fieldset()
now allows you to move a Field to a different fieldset. - File:
download()
now has the option to delete the file after download is completed. - File: New
file_exists()
method that will honour the defined Area. - File: Fixed possible infinite recursion in
delete_dir()
. - File:
Download
now supports the option to select "inline" or "attachment" disposition. - Form: If no action is specified to
open()
, the current URI will be used. - Format: CSV conversion methods now have separate config for import and export of CSV data.
- Format: Improved CSV parsing, to support non-standards formats created by Microsoft applications.
- Format: CSV files without headers can now be imported.
- Format:
to_csv()
now allows you to define custom headers. - Format: Incorrect handling of empty XML tags has been fixed.
- FTP: Fixed directory recursion in
delete_dir()
. - Inflector: The separator of
friendly_title()
is now configurable. - Input: Added better support for NGINX.
- Lang: If multiple languages are defined, the lang files are now loaded in the correct order.
- Log: New
log_filename
config key allows you to override the generated log file name. - Model_Crud: Can now correctly handle properties with a
null
value. - Mongo_Db:
like()
method now correctly uses it's wildcard parameters. - Mongo_Db: New method
list_collections()
. - Pagination: Logic has been completely rewritten to fix all bugs.
- Pagination: You can now define an offset to shift the active page in the navigation block left or right.
- Session:
set_flash()
now correctly resets the state when setting an existing expired flash value. - Session: Deleting a session cookie now takes the configured path and domain into account.
- Session: Now has emulation of $_SESSION, to support external code using this to access session data.
- Str: The
truncate
method now correctly handles multibyte strings. - Uri: An empty URI string is valid input for
Uri::create()
. - Uri: Uri suffixing has been rewritten to accept new long TLD names.
- Validation:
valid_string
now allows you to test for "slash" and "backslash". - Validation: New
valid_collection
rule allows you to check against a predefined list of values. - Validation: The
required
rule no longer treatsfalse
as a value. - Viewmodel: Now has the option to unset a variable set on it.
- Auth: The included ORM User model now supports both Ormauth and Simpleauth.
- Auth: Ormgroup's member() method now correctly checks for group membership.
- Auth: Calculating effective user permissions in Ormauth has been fixed.
- Auth:
Opauth
: if no nickname is returned by the provider, try to find a match on email address. - Auth: Ormauth now supports database selection and DB's replication features.
- Email: Recepient names are now quoted to support comma's in the name.
- Email: New
Mailgun
driver to support sending email through Mailgun's email service. - Email: SMTP driver now only authenicates ones per connection, to facilitate bulk email.
- Email: Added the option to strip or leave HTML comments in the HTML message body.
- Email: New
Mandrill
driver to support sending email through Mandrill's email service. - Email: SMTP driver now supports STARTTLS for secure email. Used for example by Google mail.
- Email: Now has a config option to automatically correct relative protocol URI's in HTML bodies.
- Oil:
oil server
now has inline help. - Oil: Authentication in generated Admin controllers has been fixed.
- Oil: Added the
--module
argument to add module support to the code generation commands. - Oil: Scaffolding templates are updated for Boostrap 3.
- Oil:
oil test
now supports the PHPunit argument--testsuite
. - Oil:
oil test
now supports the PHPunit argument--debug
. - Oil:
oil generate model
now can generate ORM temporal or nestedset models. - Oil: the
--with-viewmodel
switch has been renamed to--with-presenter
. - Oil: when
refine
calls an unknown command, it now lists the ones defined in the Task. - Oil: Generated view code now works properly cross platform and cross OS.
- Orm:
to_array
now also also exports EAV value pairs. - Orm: The
before_save
observer is now called before the object is checked for changes. - Orm: New
enable_event
anddisable_event
methods for enabling/disabling observer events. - Orm: Fixed
Soft_Delete::purge
, now it actually deletes the purged records. - Orm: You can now pass custom data when forging an ORM object.
- Orm: Observer_Slug now has a configurable separator.
- Orm: Observer_Slug now allows you to generate duplicate slugs, or to assign slugs manually.
- Orm: Fixed validation of new objects, now all fields are correctly validated.
- Orm: There is now support for
DB::expr()
in ORMselect()
. - Orm: There is now support for
select('*')
. - Orm: You can now add custom sanitation code to a model (used when a model object is passed to a View).
- Parser: Twig driver now support
Input::post
,Session::get
andAuth::check
. - Parser: Smarty driver how has the same Fuel interface plugins as Twig.
- Parser: Now supports the "Lex" parser (http://github.com/pyrocms/lex).
- The index.php has been updated to make sure the Response body is rendered, and rendered only once. When upgrading to 1.7.1, don't forget to apply these changes!
- When using the REST controller and returning an array as a response, the controller now checks if the response format is compatible. If not, it will return an error messsage and set a 406 HTTP status when in production mode. In other modes, it will return a warning and a JSON encoded dump of the array.
None.
None.
There were one security advisory issued for 1.7, which also impact all previous versions (see http://fuelphp.com/security-advisories). These issues are addressed in 1.7.1, it is strongly advised that you upgrade as soon as possible.
A new Sanitization interface has been introduced to the core. Objects can implement this interface, and when you pass such an object to a View, the object will not be cleaned, but the individual properties will be cleaned by the object itself when the properties are requested by the view.
ORM and Model_Crud models now implement the sanitization interface by default, and when enabled, they will return a cleaned copy of the property, instead of the property itself. This means you can now pass ORM model objects to Views, without the ORM object being destroyed.
- Cache_Storage_Redis: Support for non-default Redis DB configs has been fixed.
- Arr:
get()
now allows you to get array values using a key that contains a dot. - Arr:
search()
now has a new parameter to enforce a strict search. - Asset:
css()
now accepts the 'type' attribute. - DB: Now allows a DB connection to be set, to make sure SQL is compiled using the correct driver.
- DB: You can now
disconnect()
andconnect()
, allowing you to reconnect when the connection has dropped. - DBUtil:
set_connection()
now acceptsnull
to reset the connection instance set previously. - DBUtil:
add_foreign_key()
now has support for custom DB connections. - DBUtil:
create_index
now allows you to create a PRIMARY KEY index. - DBUtil:
drop_index
now allows you to drop a PRIMARY KEY index. - File:
download()
will now be executed after cookies have been written. - Form:
select()
now accepts zero or null as selected value. - Format:
from_xml()
now has support for XML namespaces. - Format:
to_json()
now accepts JSON encoding options, with configured default options. - Fuel: Make sure the locale is set before processing 'always_load'.
- Image:
create_hex_color()
now correctly processes the alpha value. - Image:
convert_number()
can now deal properly with numbers using a decimal comma. - Image: Imagemagick driver now correctly stores the image size in its cache.
- Input:
uri()
now always returns the URI with a leading slash. - Input: You can now control double decoding of urlencoded forms.
- Lang: No longer uses a fixed path delimiter, causing issues on Windows.
- Lang: When multiple languages are defined, the files are now loaded in the correct order.
- Migrate: Now displays the correct migration version when migrating down.
- Migrate: Now checks for existence of packages and modules before attempting to migrate them.
- Model_Crud: Now implements lazy sanitation when an object is passed to a View.
- Theme: You can now call
render()
more than once. - Uri: When $_GET is reassembled, it will now be security cleaned.
- Auth: Problems with direct updates of permission join tables (PK=FK) have been fixed.
- Auth: The
multiple-logins
config setting is now ignored unless there actually are multiple login drivers. - Email: A background color (#aabbcc) in an img tag is no longer seen as an attachment.
- Parser:
auth_has_access
has been added as a Twig function. - Oil: Improved error reporting when it is unable to parse the given field definition.
- Oil: When running a module task, the module path is now added at the front of the finder path list.
- Oil: Duplicate migration filename detection has been fixed.
- Oil: Refine will no longer dump the callstack when an exception occurs in production mode.
- Oil: Generating a drop table migration has been fixed.
- Orm: Models now implement lazy sanitation when an object is passed to a View.
- Orm: Missing config for Temporal models has been fixed.
- Orm: Model_Temporal
find_revision()
no longer throws an exception when no revision could be found. - Orm: The
UpdatedAt
observer now has the option to mark the object as updated if a related object was changed. - Orm: The
Slug
observer now has the option to define a custom separator.
Full List of core changes since 1.6.1
- A fix has been added to deal with PHP bugs #42098/#54054, which cause an SPL autoloader to malfunction when trying to autoload from an exception handler. This will fix erradic "class not found" messages when processing exceptions.
- File::close_file() was broken when using locking. This has been fixed.
- Date::test_format() no longer resets the current timezone to UTC.
- Output buffering is now disabled when in CLI mode. This allows you to get messages from your tasks in realtime, instead of having to wait until the task has finished.
- A bug in all session drivers (except cookie) that caused the session timestamp not to be updated has been fixed. The session will now not expire as long as there is activity within the expiration timeout.
- PHP E_ERROR's are now reported as "Fatal error".
- Profiler data will no longer be added to the output if the request is an ajax call.
- The finder now checks for "?:" to detect a Windows path, so that one-letter module names can be used in finder filenames ("?:filename").
- Where relevant calls to
file_exists()
have been changed tois_file()
for performance reasons. - Where relevant calls to
call_user_func_array()
have been changed tocall_fuel_func_array()
, our internal equivalent which is about 30% faster. - Lots of bugfixes in the Auth package, especially in relation to OpAuth and the Ormauth drivers.
- Lots of bugfixes in the Orm package, especially related to Model_Soft and Model_Nestedset.
- The CSV configuration for the Format class has been split into a separate config for imports and exports. Also, the default escape character has been changed from a backslash to a double quote, to be more standards compliant. If your application relies on the backslash, make sure to create a custom format config after you have upgraded.
- The Redis class has been renamed to Redis_Db, to avoid collisions with the Redis PECL class, which seems to be installed by default on a lot of systems. If the PECL extension is not found, Redis_Db will be aliased to Redis, to make sure existing applications that use the Redis class don't break. If you use the Redis class, it is advised that you change it to Redis_Db.
- Cookie::set() now returns
false
when called in CLI mode.
- The Event::shutdown() method has been removed. This is replaced by two events, 'shutdown' which can be used by applications to run code after the script has finished, and 'fuel-shutdown', which runs after the application shutdown events, will close any open session, and runs the framework cleanup.
There were two security advisories issued for 1.6.1, which also impact all previous versions (see http://fuelphp.com/security-advisories). These issues are addressed in 1.7, it is strongly advised that you upgrade as soon as possible.
- Composer now runs "oil refine install" when you run the initial installation.
- A
web.config
file is now included to support rewriting for those using PHP/IIS on Windows. - Twitter Bootstrap has been upgraded to 3.0. Check for dependencies with your current code if you upgrade, oil will now generates 3.0 compliant view files.
- FuelPHP\Upload has been switched to version 2.0.1. If you upgrade, don't forget to change your composer.json and run
php composer.phar update
. - Exception handling in the index.php now resets the main Request, to avoid subsequent Requests to be seen as HMVC calls.
- index.php now only updates the output with profiling data if the placeholders are present in the output.
- All code using preg_replace() with the \e modifier has been rewritten to be compliant with PHP 5.5+.
- Reverse routing now works with regex routes.
- New Arr::merge_assoc() method as alternative to array_merge_recursive(), which does not alter numeric keys, and does not merge mixed values (see docs).
- New Arr::reindex() method to recursively reindex an indexed array, or the numeric keys in an assoc array.
- New Arr::subset() method returns a subset of an array based on a list of (dot-notated) keys.
- Asset methods
css()
andjs()
now allow inline code to be passed as a string. - Cache_Storage_Memcached now creates and reuses a single connection to the Memcached server.
- Cache_Storage_Memcached now supports a relative expiration time, like the native PHP functions.
- Cache_Storage_Redis now creates and reuses a single connection to the Redis server.
- Config now has a driver to store config data in a database table.
- Date has a new emulation function for strptime(), for better Windows support.
- DB now supports master/slave configurations, completely transparent for the application.
- DB where() method now has support for DB::expr().
- DB configuration now has support for speciying the collating sequence.
- New
has_connection()
method for DB::instance() to check if a valid DB connection is present. - You can now create nameless Fieldset objects.
- File_Handler_File now has a new method
get_path()
to retrieve the file's path. - New Form::csrf() method to add a hidden field to your form with the CSRF token.
- Form::select() now allows you to pass a default value via the attributes array.
- Form::to_xml() now has a configuration option to escape data using CDATA instead of converting to HTML entities.
- Fuel has improved base_url detection, to work better with installations inside the document root.
- New Image
extension()
method to retrieve the extension of the loaded image. - Input now supports the HTTP method PATCH.
- Lang now has a driver to store language data in a database table.
- Log now tells you why it couldn't open or write to the logfile.
- Migrate now prints a warning if one or more migration steps were skipped.
- Mongo_Db now uses the MongoClient class, instead of the deprecated Mongo class.
- Pagination now casts all numeric values to int after calculation.
- Pagination now has a
__toString()
method to render when the object is cast to string. - Pagination render methods now correctly use the configured default values when called without arguments.
- Pagination::render() now has the option to return the raw pagination data array instead of the rendered HTML.
- New config section for Pagination to support Bootstrap v3.
- New Redis_Db method
psubscribe()
allows you to listen and define a callback for every response. - Request now writes the request type to the log, together with the requested URI.
- Request now checks if all required action arguments are present, and throws HttpNotFoundException if not.
- Response now has an updated HTTP status code list (including the famous 418!).
- The use of wildcards in a URI for Response::redirect() is now configurable.
- Security::xss_clean() is now using htmLawed v1.1.16.
- New options parameter for Security::xss_clean() to pass custom configuration to htmLawed.
- Security::check_token() now uses Input::param() to fetch the token. This allows HTTP methods other then POST to be secured with a token.
- New Str::random() feature to generate UUID v4 strings.
- Uri::segment_replace() now allows you to force the URL scheme to HTTP or HTTPS.
- New Uri::update_query_string() method allows you to add query string data to an existing URL.
- Validation::valid_date() will now ensure the date value format is valid.
- New Validation::get_error_message() to retrieve all or individual error message from validation error objects. This saves you having to loop over the objects in your code to get the messages out.
- Validation::valid_string() now has support for "brackets" and "braces".
- Viewmodel::forge() now allows you to pass a custom view name or View object.
- New Theme::viewmodel() method allows you to create theme aware Viewmodel objects.
- Upload init method has been modified to make sure uploaded files are not processed twice.
- New Uri::build_query_string() method to generate a query string from a list of arrays or strings.
- Auth: Opauth driver now has a config switch to allow auto registration after OAuth login.
- Email: Added support for images in base64 encoding.
- Email: Fixed additional blank line in the mail header causing some mailservers to barf...
- Email: New getter methods
get_from()
,get_to()
,get_cc()
,get_bcc()
,get_subject()
,get_body()
andget_reply_to()
. - Oil: There is now support for the
_init()
static method for tasks. - Oil:
test
now has (expiremental) support for phpunit.phar. - Oil: Scaffolding menu links are now rendered as buttons.
- Oil: Running
create
inside a valid FuelPHP installation now displays an error message. - Oil: Generating a migration without the correct arguments now fails with an error message.
- Oil: Scaffolding and Admin scaffolding now generate Bootstrap v3 compliant view files.
- Oil: New
package
command generates a skeleton for a new package. - Oil: You can now use dashes and underscore in generate field options (p.e. enum values).
- Oil: All commands now have a help screen.
- Orm: Observer_Typing now creates an empty array when calling unserialize() on a NULL column value.
- Orm:
get_one()
now usesrows_limit(1)
when fetching an object with related objects. - Orm: New
Model_Soft::purge()
method allows bypassing the soft-delete functionality and delete an object permanently. - Orm:
Model::to_object()
can now be called with the same arguments asto_array()
. - Orm:
group_by()
Query method now supports relation name prefixes for column names. - Orm: You can now pass additional conditions to a lazy get() of a related object.
- Orm: Model_Soft now has support for
count()
,min()
andmax()
. - Orm:
min()
andmax()
results are no longer cast to int, so they can be used on date columns. - Orm:
Model::to_array()
has better object tracking to prevent recursion. - Orm:
from_array()
now has support for the EAV extension. Importing non-model properties will now create EAV records instead of custom data if the model has an EAV container configured. - Orm: There is now support for EAV containers in
Model_Nestedset
.
Orm: You can no longer use property assignment to create a custom property on a model object if that model implements an EAV container. It will set an EAV value instead.
Orm: calling find()
with no parameters or with a single parameter that is null
will return null
as a result. It will no longer throw an exception.
- Fixed broken CSS code in the welcome controller views.
- Improvement to the query analysis information displayed in the profiler (MySQL only).
- The included Markdown library has been upgraded to v1.2.6.
- Lots of path processing improvement to have the framework work better on Windows.
- Finder now ignores the cache if there are permission issues on the cache file.
- Agent: Don't try to fetch browser information if no user agent is present in the server data.
- Arr: New
previous_by_key()
method to fetch the previous key or value from an array using the current key. - Arr: New
previous_by_value()
method to fetch the previous key or value from an array using the current value. - Arr: New
next_by_key()
method to fetch the next key or value from an array using the current key. - Arr: New
next_by_value()
method to fetch the next key or value from an array using the current value. - Cache:
delete_all
in the File driver now properly recurses all folders. - Controller: Now has a
response_status
property to set the HTTP status for automatically created responses. - Controller_Rest: Fixed using a controller method to determine the authentication status.
- Controller_Rest: Fixed warning when the format passed in the URL is not a valid format.
- Crypt: Now uses the file permissions defined in the file.php configuration file when generating the crypt configuration file.
- Format: "to" methods now deal with a passed null value correctly.
- Html: Now enforces HTML5 by default.
- Input: New
headers
method allows you to fetch HTTP headers. - Input: New
allow_x_headers
configuration key controls if using X-headers are acceptable. - Inflector: Method
friendly_title()
now correctly deals with apostrophes by replacing them with a separator. - Request_Curl: Added support for the 'HEAD' method to the cURL driver.
- Response: New
redirect_back()
method to redirect back to the previous page in your application. - Session: Now supports passing the session id as a string in get/post variables.
- Session: Now supports passing the session id in the "Session-Id" HTTP header.
- Session: Now allows you to disable creating a session cookie if you want to pass it manually.
- Session_Redis : Fixed recovering from expired sessions when using the Redis driver.
- Theme: Now allows you to store module theme views inside the module folder.
- Theme: New
partial_count
andhas_partials
methods. - Upload: Implemented missing save() argument behavior, for backward compatibility.
- Viewmodel: New
get_view()
method returns the associated View object.
- Auth: Now includes secure "remember_me" functionality.
- Auth: Fixed typo in the Simpleauth migation file, causing a missing 'group' column
- Auth: Ormauth's
create_user()
method now supports updating profile fields (which are mapped to EAV attributes) for compatibility with Simpleauth. - Auth: Now includes an OpAuth interface to integrate OAuth authentication with Simpleauth or Ormauth.
- Auth: When running migrations for Ormauth, groups and roles created now mimic the functionality of Simpleauth.
- Email: Support added for pipelining, sending multiple emails out over a single connection. Currently only supported by the SMTP driver.
- Oil: Command processor updated to work from Windows' powershell.
- Oil: The
refine()
method of the Command processor now accepts arguments so you can call it from code with the same arguments as from the commandline. - Oil: New "--csrf" switch adds the CSRF token to generated forms.
- Oil: CSS in generated forms has been updated to the new Bootstrap version.
- Oil: Generated Admin code now has support for Ormauth.
- Orm: You can now create new EAV attributes by simply assigning a value to a new property (note: this disables Custom data for models with EAV support!).
- Orm: You can now use
unset()
to delete an EAV attribute. - Orm: Several bugfixes in Model_Soft and Model_Temporal.
- Orm: New "Nestedset" Model to work with nested sets (hierarchical structures).
- Orm: No longer signals an insert failure if you don't use auto-increment PK's.
- Orm: Observer_Slug now works correctly with Model_Temporal.
- Orm: Added
count()
,min()
andmax()
support to Model_Soft and Model_Temporal. - Orm: Complex
find_this_and_that_or_other()
calls now work correctly. - Parser: You can now call
Markdown::parse()
from within a Twig template. - Parser: You can now call
Session::get_flash()
andSession::set_flash()
from within a Twig template.
Full List of core changes since 1.5
- This release officially introduces Composer to FuelPHP. You will have to install it, and run a 'php composer.phar update' to pull in any required packages. Without this step, 1.6 WILL NOT WORK!!!
- Class names in the Auth package have been modified to match FuelPHP coding standards. Check your configuration ('SimpleAuth' is now 'Simpleauth'!) and any class extensions you have made.
- The Log functionality has been moved back in the core. If you are upgrading from 1.5, please remove the old 'Log' package from the
always_load
section in yourconfig.php
, and remove the package from the packages folder. - The environment 'stage' has been renamed to 'staging', the corresponding constant to Fuel::STAGING.
- You now get a proper error message if your PHP timezone settings are not correctly configured.
- You now get a proper error message if there is an issue with rights to the log file.
- All code that creates files or directories has been rewritten to properly set the configured permission mask without using
umask()
, which is not thread-safe.
- The names of the Auth classes have been changed to comply with FuelPHP coding standards (
Auth_Login_Simpleauth
instead ofAuth_Login_SimpleAuth
), this can cause a class-not-found error if you have extended an Auth class in your application. - The ORM
validation_observer
now has multiple events. Do not define it without specifying which events to call, as it would cause validation to be called twice! - The Orm behaviour with regards to relation assignments has been changed. Now, when you do an unset(), a set to NULL or array(), or you assign a new value, the previous relation will be unset. Regardless of whether you had fetched that relation or not. This might impact your application if you have used this 'bug' as a shortcut to adding additional objects to an existing relation!
- Orm:
find()
andfind(null)
functionality is now removed. Usequery()
instead.
- ViewModel: when determining the name of the ViewModel class to load, it will search for classes with and without the 'View_' prefix. This behaviour is deprecated, as of the next release ViewModel classes MUST be in classes/view, and MUST be prefixed with 'View_'.
- The default security filters have been removed from the core configuration, to allow you to define your own security filters. Note: if you're migration from previous versions and relied on this default config, make sure your app config file has the default security filters defined!
- The Markdown library has been upgraded to 1.2.6.
- The cache option in the global configuration now correctly caches finder paths to speedup file lookups.
- Controller methods can now return 'false' or 'array()' as valid values, for use in HMVC requests.
- Exceptions in shutdown event are now properly caught and handled.
- Agent: will now re-use an expired download if a new browscap file could not be downloaded.
- Arr: New
search
method allows you to search for values in array structures, and get the (dot-notated) key returned. - Arr: New
unique
method allows you to de-dup an array. Like array_unique(), but this one supports objects and closures, and doesn't sort the source array first. - Arr: New
sum
method allows you to sum up specific values in a multi-dimensional array structure. - Asset: now generates the correct Asset URL when using a CDN.
- Controller_Rest: now allows auth checks using a controller method (avoids
before()
orrouter()
hacks). - DB: new
identifier
method allows you to properly quote an identifier for use in custom queries. - DB: the
Database_Transaction
class that was already deprecated in v1.2 has been removed. All drivers support transactions natively. - DButil: now supports the keyword "PRIMARY KEY" on field updates.
- Cache: index mechanism has been refactored. Dependency checking now works properly when using APC, Memcached or Redis backends.
- Error: a new configuration option allows you to render already generated output to be shown in error messages via the 'prior output' link, instead of the HTML.
- File:
create_dir
method now works properly on Windows. - Form:
select
now doesn't use inline css to generate optgroups unless needed. - Fieldset: fixed generation of invalid labels.
- Html:
anchor
method now generates URL's without a trailing slash. - Input:
uri
method now works properly on Windows. - Lang:
delete
method now works properly when passing a $group value. - Pagination: now generates the last link correctly.
- Profiler: DB query profiling now includes a stack trace for every query to make it easier to find it in your code.
- Router: now supports protocol specific routes (http/https) in verb based route notation.
- Upload: has been rewritten to use the FuelPHP v2 composer library.
- Viewmodel: now calls
before
before rendering the view, instead of when constructing the object. - Viewmodel: ViewModel class name is now correctly determined from the passed view name.
- Viewmodel: Will now look in the global namespace for the ViewModel class if called from a module and not found in the module namespace.
- Auth: Class names have been modified to match FuelPHP coding standards.
- Auth:
update_user
now verifies if the new email address is unique before updating it. - Auth: Number of PBKDF2 iterations can now be configured in the auth config file.
- Auth: Multiple concurrent user logins can now be configured through the driver configuration file.
- Auth: Auth login drivers now set 'updated_at' correctly.
- Auth: new
get
method allows unified access to all user properties. - Auth: new
groups
method which returns the list of all defined groups. - Auth: new
roles
method which returns the list of all defined roles. - Auth: new 'Ormauth' driver set that uses the database through ORM as datastore.
- Auth: Package now contains migrations for both Simpleauth and Ormauth.
- Auth: New 'Simple2Orm' task can migrate your existing Simpleauth config to Ormauth.
- Email: Attachments can now be named.
- Log: The Log package, introduced in 1.5 as a temporary solution, has been removed again.
- Oil: Fixed redirect loop in the generated admin backend code.
- Oil: Improved exception handling and reporting.
- Oil: Added support for ORM soft-delete models.
- Oil: Modified the scaffolding templates to work better with bootstrap.
- Oil: New commandline options for PHPunit allow for more granular testing and logging.
- Orm: Validation observer now supports 'before_insert' and 'before_update'.
- Orm: Now correctly resets foreign keys if cascade_delete is false.
- Orm: Added view support to count(), min() and max() queries.
- Orm: min() and max() now return integers instead of strings.
- Orm: Added temporal support (data versioning).
- Orm: You can now test for existence of EAV attributes using isset().
- Orm: Validation observer can now validate on insert and update too.
- Orm: It is now allowed for models to have a FK as part of the PK.
- Orm: You can now order a many_many result on an attribute in the through table.
- Orm: You can now pass custom (non-column) data when forging a new model object.
- Orm: Current relations are now properly unset when using unset() or a new assignment.
- Orm:
from_array
now returns $this so you can chain on it. - Orm:
from_array
now allows you to load custom data. - Orm:
from_array
now allows you to load related objects from a multidimensional array. - Orm: Several speed improvements in Observer_Typing.
- Orm: Observer_Typing float conversions are now locale aware.
- Orm: Observer_Typing now uses property defaults on null values if defined.
- Orm: Observer_Typing can now handle MySQL '0000-00-00 00:00:00' datetime values.
- Orm: new
from_cache
method allows you to enable/disable object caching on a query. - Orm: 'join on' now works correctly as documented.
- Orm: 'order_by' now works correctly when a subquery is generated.
- Orm:
is_changed
now does loose-typing, so 1 => '1' doesn't trigger an update query anymore. - Parser: Added support for mthaml (HamlTwig)
- Parser: Switched to using Composer for smarty, mustache, mthaml and twig template engines.
- Parser: Markdown has been upgraded to 1.2.6.
Full List of core changes since 1.4
- The "Undefined constant MYSQL_ATTR_COMPRESS" issue that pops up under certain conditions has been fixed.
- It has been reported that under certain circumstances there might be issues with serialized data stored in the Auth user table, field "profile_fields", and the "payload" field in the sessions table. It is strongly advised to define those columns as "blob" to avoid these issues.
- A new
Log
package has been introduced in preparation for the transition to 2.0, which replaces theLog
class.
- Uri::to_assoc() no longer throws an exception with uneven segments, but returns
null
as value of the last segment - ORM Model::find() no longer accepts
null
as only parameter. If you want to use that, you are now REQUIRED to also pass the options array (or an empty array). - Sessions have been refactored, all validation and validation data has been moved server side. Because of this, pre-1.5 sessions are not longer compatible.
- The Log class has been removed and replaced by the log package. If you have extended the
Log
class in your application, you will have to extend\Log\Log
instead, and check the compatibility of your changes. If they are about logging to other locations, you might want to look into the Monolog stream handlers instead.
- ORM Model::find() can no longer be used to construct queries using method chaining. Use Model::query() instead.
- Controller_Hybrid: Now sets the correct content-type header on empty responses.
- Controller_Rest: Now sets the correct content-type header on empty responses.
- Agent: Will now honour 301/302 redirects when trying to fetch the browscap file.
- Arr: New
filter_recursive
method, a recursive version of PHP'sarray_filter()
function. - Debug:
dump()
method now html encodes string variables. - Debug:
dump()
andinspect()
can now be styled using CSS (a classname has been added to the div). - Fieldset: New
set_tabular_form()
method allows creation of one-to-many forms. - Fieldset: New
get_tabular_form()
method to check if a fieldset defines a tabular form. - Image: New
flip()
method for vertical/horizontal image flipping. - Inflector:
friendly_title()
now has an option to deal with non-ascii characters. - Inflector:
pluralize()
now has an count parameter to return a singular value if the count is 1. - Migrate: Now allows you to define the DB connection to be used for migrations in the global migrations config file.
- Model_Crud: Now has a
$_write_connection
property to support master/slave database setups. - Mongo_Db: Will now log it's queries to the profiler if enabled.
- Mongo_Db: Now has a method
get_cursor()
to directly get a mongodb cursor. - Pagination: Now support pagination using a Query String variable.
- Pagination: Now has support for first/last page links.
- Response: Will now add a "Content-Length" header when generating the output.
- Session: Now correctly erases the session cookie on a
destroy
. - Session: Now silently (re)creates the session if data is present by no session is created.
- Session: Cookie encryption can now be disabled using a session configuration key.
- Session: Session cookie now only contains the session id. Validation now happens with server-side data.
- Session: New configuration key
expire_flash_after_get
controlsget_flash()
expiration. - Session:
get_flash()
now has to override the configured flash variable expiration rules. - Session:
set_flash()
now has to partial array dot-notation support. - Uri:
to_assoc()
now accepts a start parameter allowing you to skip leading segments. - Validation: Now has a new built-in rule 'numeric_between' allowing you to specify a range.
- Database_Query_Builder_Join: Now supports both AND and ON chaining of join condition.
- Orm: Supports the new tabular form fieldset in it's models.
- Orm:
find()
options array now has support for 'group_by'. - Orm: New
Model_Soft
implements soft-delete functionality (thanks to Steve West). - Orm:
from_array()
can now also populate related objects. - Orm:
Model
now has a$_write_connection
property to support master/slave database setups. - Oil:
oil install
now installs packages without 'fuel_' prefix too. - Oil: scaffolding now supports subdirectories.
- Oil: Now has a config file that allows you to configure the location of phpunit.
- Oil: Now has a task
fromdb
that can generate models, migrations, scaffolding or admin from an existing database. - Parser: Twig driver has been updated to work with Twig v1.12.0.
Full List of core changes since 1.3
- fixed DB class error about missing PDO::MYSQL_ATTR_COMPRESS constant
- you are now REQUIRED to set a correct php timezone. The FuelPHP default value of 'UTC' has been removed, as it would cause date conversion errors that are difficult to find. Most notable, you will have issues with session and cookie expiration.
- ALL default configuration has been moved to core/config. Only use the app/config folder for application specific overrides of default values, or for custom configuration.
This release features a new Pagination class that isn't completely backward compatible with the API from previous versions. We have put a lot of effort in emulating the old behaviour of the class, but as PHP doesn't support magic getters/setters for static properties, you'll have to replace those in your code manually when you upgrade to v1.4. The required changes can be found in the documentation.
- Removed "auto_encode_view_data" config key, deprecated in v1.2
- Fuel: Removed
Fuel::add_module()
, deprecated in v1.2. UseModule::load()
instead. - Fuel: Removed
Fuel::module_exists()
, deprecated in v1.2. UseModule::exists()
instead. - Theme: Removed
$theme->asset()
, deprecated in v1.2. Use$theme->asset_path()
instead. - Theme: Removed
$theme->info()
, deprecated in v1.2. Use$theme->get_info()
instead. - Theme: Removed
$theme->all_info()
, deprecated in v1.2. Use$theme->load_info()
instead. - Orm\Model : Removed
$model->values()
, deprecated in v1.3. Use$model->set()
instead.
- Redis:
Redis::instance()
will no longer create new objects. UseRedis::forge()
for that. - Orm\Model: Using the
find()
method without parameters is deprecated. Usequery()
instead.
- Config and Lang loading with forced reload now bypasses the file cache and always reload.
- Controller_Hybrid: Is now fully hybrid, with support for get/post methods, and no longer restricted to ajax calls when returning json.
- Fieldset, Form and Validation now have full support for input tags using array notation.
- Input and Route now support a new configuration key
routing.strip_extension
to control wether or not the extension must be stripped from the URI. - Lang: fixed double loading of language files when the active and fallback language are the same.
- Pagination: Class completely rewritten, now with instance and template support.
- Uri: Has improved extension processing, and now handles dots in URI parameters correctly.
- The active language is now a per-request setting instead of a global setting. Changing it in an HMVC request will no longer affect the language setting of the parent request.
- Arr: New
filter_suffixed()
method to filter an array on key suffix. - Arr: New
remove_suffixed()
method to remove keys from an array based on key suffix. - Asset: DOCROOT can now be specified as the asset root path (by using "").
- Controller_Rest: Now allows you to specify a basenode when returning XML.
- DB:
select()
now has an option to reset previous selects. - DB: Added
error_info()
to return information about the last error that occurred. - DB:
join()
can now be used without conditions for a full join. - DB:
group_by()
now supports passing an array of columns. - Fieldset: New
enable()
/disable()
methods to control which fields will be build. - Fieldset: New
get_name()
method allows retrieval of the fieldset object name. - Fieldset:
set_config()
andget_config()
now support dot-notation for accessing config values. - Finder: Fixed PHP notices after removing a finder search path.
- Format: Added JSONP support.
- FTP: Now supports a timeout on the connect.
- Image: Fixed forcing an image extension when using ImageMagick.
- Inflector:
friendly_title()
now has the option not to filter non-latin characters. - Input: Fixed skipping IP validation when reserved_IP ranges were excluded.
- Lang: Now supports multiple languages concurrently. Loaded files for a given language code will no longer be overwritten when you switch the active language.
- Lang:
load()
method now also returns the loaded group on subsequent calls. - Markdown: Has been upgraded to v1.2.5.
- Migrate: Fixed PHP notice when a non-existent package was specified.
- Migrate: An up or down migration can now be rejected by returning
false
. - Migrate: Added support for processing out-of-sequence migrations.
- Redis: Now has a
forge()
method to create multiple instances. - Redis: Added support for Redis authentication.
- Response: If the body contains an array it will be converted to a string representation before outputting it.
- Response:
redirect()
now supports wildcards in the URL. - Router: Re-introduced support for routing using URI extensions.
- Session: Fixed passing a session cookie via POST to allow access to the session by flash objects.
- Session: Added support for dot_notation to
get_flash()
. - Session: Fixed flash variables not being stored when retrieved in the same request.
- Session: Fixed session key data not available for new sessions until after a page reload.
- Str: Now has an
is_xml()
method. - Theme: Is now module aware, and can prefix view paths with the current module name.
- Upload:
process()
now throws an exception if$_FILES
does not exist (due to missing form enctype) - Uri: New
segment_replace()
method allows for replacement of wildcards by current segments. - View:
get()
now returns all variables set when no variable name is given. - Viewmodel:
get()
now returns all variables set when no variable name is given.
- Auth: No changes.
- Email: Added a Noop dummy driver, which can be used to prevent test emails going out.
- Oil: Added "generate TASK" option to generate task classes.
- Oil: Added support for Viewmodels to scaffolding.
- Oil: Fixed errors on
false
results in the console. - Oil: Added support for "drop_{field}from{table}" to migrations.
- Oil: oil -v now also displays the current environment setting.
- Oil: New --singular option to force the use of singular names in scaffolding.
- Orm: Fixed PK overwrite issue when PK is not auto_increment.
- Orm: Observer_Slug now supports the
before_update
trigger. - Orm: Added support for filter conditions to the model through the
$_conditions
property. - Orm: Fixed incorrect sequence of multiple
order_by()
clauses. - Orm: Implemented full support for partial selects.
- Orm: Fixed circular reference problem when using
to_array()
with included relations that self reference. - Orm:
get_one
now usesrows_limit()
instead oflimit()
when set. - Orm: Model objects now support custom properties
- Orm: Added support for custom properties to
to_array()
- Orm:
is_changed()
now deals better with null values. - Orm: Introduced support for EAV containers (emulation of EAV via one or more related tables)
- Orm:
get_diff()
now deals better with unset relations. - Orm: Relations of new objects can now be fetched if the FK is known.
- Orm: Added support for
group_by()
. - Parser:
forge()
functionality now equals that ofView::forge()
. - Parser: Markdown has been upgraded to v1.2.5.
Full List of core changes since 1.2
- Controller: Deprecated
$response
property has been removed from all base controller classes. All controller actions now HAVE TO return their results, either aResponse
object, or something that can be cast to string. If you are still on pre v1.2 controller code, your application will NO LONGER work after the upgrade to v1.3.
- Orm: Model method
values()
has been deprecated. Useset()
instead.
- PHPSecLib: Has been updated to v0.2.2.
- HTMLawed: Has been updated to v1.1.12.
- Debug_: You can now modify the default display behaviour of
dump()
throughDebug::$js_toggle_open
. - Upload: Now allows you to set custom messages in validation callbacks.
- Config:
Config::load
now always returns the loaded configuration. - Pagination: Now uses anchors for all pagination enties, which allows for better styling.
- Arr:
Arr::pluck
has been added. - Arr:
Arr::remove_prefixed
has been added. - Arr:
Arr::insert_assoc
has been added. - Asset: Has been updated to work better on Windows.
- Asset:
Asset::find_file
has been added. - Asset:
Asset::add_type
has been added. - DB:
DB::in_transaction
has been added. - DB: Added support for compressed MySQL connections through the new
compress
config key. - Error: PHP notices/warnings/errors are now caught and thrown as an Exception.
- Event: The Event class has been converted to be instance based.
- Fieldset: You can now choose to overwrite existing options when using
set_options
. - File: download() has been made to work when shutdown events are defined that set headers.
- Image: New option on load() to force a file extension.
- Format: CSV file handling has been improved.
- Log: Now supports custom log levels.
- Log: Now allows you to configure an array of specific log levels to log.
- Migrate: Now supports multiple package paths.
- Mongo_Db:
Mongo_Db::get_collection
has been added. - Pagination: Added
attrs
keys to the configuration to define custom anchor attributes. - Redis: Added support for connection timeouts through the new
timeout
config key. - Str:
Str::starts_with
has been added. - Str:
Str::ends_with
has been added. - Str:
Str::is_json
has been added. - Str:
Str::is_html
has been added. - Str:
Str::is_serialized
has been added.
- Auth:
get_profile_fields()
now allows you to fetch a single profile field. - Email: New
NoOp
email driver allows testing without sending emails out. - Oil: Now returns a non-zero exit code on failures.
- Oil: Added support for PHPunit clover, text and phpformat Code Coverage methods.
- Orm: New model method
register_observer()
andunregister_observer()
to define new observers at runtime. - Orm: Added support for
where
andorder_by
clauses to relation conditions. - Orm:
set()
method has been updated to provide the same API as Model_Crud. - Orm: PK's are now typecast on retrieval if a type has been defined in the properties.
- Orm: Update query code has been improved for better support of PostgreSQL.
- Parse: Smarty driver now supports the
plugin_dir
path.
Full List of core changes since 1.1
- All
factory()
methods. The have been replaced byforge()
. - Agent::is_mobile(). Replaced by
is_mobiledevice()
. - Arr::element(). Replaced by
get()
. - Arr::elements(). Replaced by
get()
. - Arr::replace_keys(). Replaced by
replace_key()
. - Controller::render(). Is no longer used as actions need to return a Response object now.
- Database_Connection::transactional(). Was already a NOOP.
- DB::transactional(). Called Database_Connection::transactional().
- Fieldset::errors(). Replaced by
error()
. - Fieldset::repopulate(). Undocumented parameter was removed, functionality is offered by
populate()
. - Fuel::find_file(). Replaced by
Finder::search()
. - Fuel::list_files(). Replaced by
Finder::instance()->list_files()
. - Fuel::add_path(). Was used by
find_file()
, no longer needed. - Fuel::get_paths(). Was used by
find_file()
, no longer needed. - Fuel::add_package(). Replaced by
Package::load()
. - Fuel::remove_package(). Replaced by
Package::unload()
. - Fuel_Exception class. Replaced by
FuelException
. - Input::get_post(). Replaced by
param()
. - Lang::line(). Replaced by
get()
. - Request404Exception class. Is replaced by
HttpNotFoundException
. - Uri properties $uri and $segments are now protected. Use Uri::get() and Uri::get_segment() or Uri::get_segments().
- Validation::errors(). Replaced by
error()
. - Viewmodel property $_template. Is replaced by
$_view
. - Viewmodel::set_template(). Replaced by
set_view()
.
- Pagination: Class will be removed and replaced by a new
Paginate
class. - Fuel::add_module(). Is replaced by
Module::load()
. - Fuel::module_exists(). Is replaced by
Module::exists()
. - Theme::asset(). Replaced by
asset_path()
. - Theme::info(). Replaced by
get_info()
. - Theme::all_info(). Replaced by
load_info()
.
- Security class now requires you to define the
security.output_filter
application config setting. An exception is thrown if it isn't present. - Security::htmlentities() now defaults to use ENT_QUOTES instead of ENT_COMPAT as flag. This is configurable in the second argument for the method and the default can be overwritten in config as
security.htmlentities_flags
.
- Controller: action methods, or the controllers
after()
method if present, now must return aResponse
object. - Controller:
before()
andafter()
methods are now optional, as documented. - Controller_Hybrid: combines
Controller_Template
andController_Rest
in a single base controller for mixed HTTP and REST responses. - Controller_Rest: added a fallback to
"action_"
when no HTTP method action is found. - Controller_Rest: you can now define custom HTTP status codes.
- Controller_Template: the
$auto_render
setting has been removed, to prevent rendering return whatever you want to use instead. - Database: The PDO driver now supports
list_columns()
. - Module: new
Module
class to load or unload modules. - Uri: the URL extension is no longer part of the URI. A new
extension()
method allows you to fetch it. - Request:
Request_Curl
now properly deals with succesful requests that return a 4xx or 5xx HTTP status. - Request:
Request_Curl
andRequest_Soap
now supports returning header information. Aget_headers()
has been added to fetch them manually. - Router: can now be configured to treat URI's without regards to case.
- Arr:
Arr::to_assoc()
now throws a BadMethodCallException on bad input. - Arr:
Arr::assoc_to_keyval()
now requires all parameters and first parameter must be an array or implementIterator
. - Arr: Added
reverse_flatten()
,is_assoc()
andinsert_before_key()
methods. - Arr: Added
in_array_recursive()
to do a recursivein_array()
lookup. - Asset: Separated into the static front (
Asset
) and dynamic instance (Asset_Instance
). - Asset: Separated into the static front (
Asset
) and dynamic instance (Asset_Instance
). - Asset:
css()
,js()
andimg()
methods are now chainable. - Asset: you can now specify a URL as location, for CDN support.
- Asset: new
fail_silently
config value allows you to skip missing assets. - Cli: now supports ANSICON on Windows for colored commandline output.
- Config: is now driver based to support
php
,ini
,yaml
andjson
type configs. - Config: now allow you to load a file by FQFN.
- Cookie: all cookie data can now be fetched like Input class does.
- Date: All fuel notices have been replaced by
UnexpectedValueException
s. - Date: On windows an extra fallback has been added for the
create_from_string()
method. - Date: new
display_timezone()' and
get_timezone_abbr()`, and changes to support working with multiple timezones. - DB:
cache()
now has the option not to cache empty resultsets. - DB:
where()
do now support closures to specify the where clause. - DB: Update now supports
limit()
andorder_by()
. - DB: now tries to reconnect when a disconnected DB connection is detected.
- DButil:
create_database()
now supports 'IF NOT EXIST'. - DButil: Better support for the CONSTRAINT keyword.
- DButil: new
add_foreign_key()
anddrop_foreign_key()
methods. - Event: shutdown events are now also executed after
exit
anddie
statements. - Fieldset: added
set_fieldset_tag()
to define the fieldset tag. Fieldset: addedadd_before()
andadd_after()
methods to insert a new field before/after a specific field. - Fieldset_Field: added
add_description()
method and{description}
tag to templates. - Fieldset_Field: added
add_error_message()
method to create error message overwrites per field. - File:
download()
now allows you to continue processing after calling it. - Form: Separated into the static front (
Form
) and dynamic instance (Form_Instance
). - Inflector: now supports Hungarian accepted characters when converting to ascii.
- Input:
method()
now supports theX-HTTP-Method-Override
header. - Input: new
json()
andxml()
methods to fetch json or xml from the HTTP request body. - Lang:
load()
method now supports overwriting when merging language files. - Lang: now allow you to load a file by FQFN.
- Lang: is now driver based to support
php
,ini
,yaml
andjson
type language files. - Lang: language files can now be saved (as
php
,ini
,yaml
orjson
) usingsave()
. - Migrate: now tracks individual migrations, so they don't have to have a sequence number anymore.
- Model_Crud: now supports
created_at
andupdated_at
fields, likeORM\Model
does. - Model_Crud: now has full callback support.
- Model_Crud: you can now run validation separately (
::validates
) and skip validation when saving a model. - Profiler: profiler logging methods are now NO-OP's when the profiler is not loaded.
- Profiler: now writes it's output under the page content, instead of using an overlay.
- Session: Added session task to create and remove sessions table.
- Session: New sessions are not saved until there is data present in the session.
- Theme: Separated into the static front (
Theme
) and dynamic instance (Theme_Instance
). - Theme: now supports installation outside the docroot (for views).
- Theme: now uses the
Asset
class to load theme assets. - Theme: instances now support templates, template partials and partial chrome templates.
- Validation: You can now disable fallback to global input using the 'validation.global_input_fallback' config setting.
- Auth: Auth login drivers no have a
validate_user
method to validate a user/password without setting up a logged-in session. - Auth: SimpleAuth
SimpleUserUpdateException
s are now numbered to be able to identify the exact error after catching the exception. - Email: Now handles SMTP timeouts properly.
- Email: You can now specify the return address.
- Email: Now handles BCC lists correctly when using SMTP.
- Email: Respects new lines in alt body better.
- Email: You can now specify the return address.
- Oil: Use
phpunit.xml
fromAPPPATH
if present when running unit tests. - Oil: Reinstated
oil package
command to install packages from git repositories. - Oil: You can define the environment the command has to run in using the
-env
commandline switch. - Oil: Scaffolding now supports both
Model_Crud
andOrm\Model
. - Oil: Scaffolding now supports adding created-at and updated-at.
- Oil: Scaffolding now supports skipping the creation of a migration file using
-no-migration
. - Oil: There is now a core task to generate the table for the database session store.
- Orm: New model method
is_fetched()
checks if relation data is fetched without triggering a new query. - Orm: Validation section of the properties has a new key
skip
to indicate the field should not be validated.
Full List of core changes since 1.0.1
- Deprication of
Request::show_404()
, replaced withthrow new HttpNotFoundException
that has a handle method to show the 404 - Support for
handle()
method that is run when an exception isn't caught beforeError::exception_handler()
catches it. - Support for special
_404_
route now inpublic/index.php
thus no longer part of the core but still supported as a 'official default' - Closures are now also supported in routes, thus routing to a Closure instead of a controler/method uri. Also added support for any type of callable in Route extensions you write yourself.
- Closure support in all getters & setters: if you get a value and also input a default the default can also be a Closure and you'll get the result of that. For setters the input can also be a closure and the result of the Closure will be set. (except for
View::set()
as one might want to pass a closure to the View) - Moved the Environment setting from the
app/config/config.php
file to theapp/bootstrap.php
file. - All
factory()
methods have been renamed toforge()
. This name better states the method's function. Thefactory()
methods are still there for backwards compatibility, but are deprecated and will log warning messages when used. - The
$this->response
Response object is now deprecated. Your action methods should return either a string, View object, ViewModel object or a Response object. - Added the
fuel/app/vendor
directory to the default install. - You can now have an unlimited number of sub-directories for your controllers. (e.g.
classes/controller/admin/users/groups.php
with a class name ofController_Admin_Users_Groups
would be atsite.com/admin/users/groups
) - There is no longer a default controller for directories. It used to be that going to something like
site.com/admin
would bring upController_Admin_Admin
inclasses/controller/admin/admin.php
. Now you must place that controller at it's expected locationclasses/controller/admin.php
with a name ofController_Admin
. - A
Controller::after()
method now gets passed the response of the controller, it must return that response (or modified) as well. - Added new function
get_real_class()
to which you can pass a classname and it will return the actual class, to be used on classes of which you're not sure whether it is an alias or not. - Module routes are prepended to the routes array when Fuel detects the fist URI segment as a module, therefor parsing them before an
(:any)
route in the app config. - Config is now environment aware and allows partial/full overwriting of the base config from subdirectories in the config dir named after the environment.
- Added a new
Theme
class. It allows you to easily add Theme support to your applications. Fuel_Exception
has been renamed toFuelException
Fuel::find_file()
and related methods are now deprecated. Use theFinder
class instead (e.g.Finder::search()
).- Migrations are now supported in Modules and Packages
- Routing has 3 new shortcuts:
:almun
matches all utf-8 alphabetical and numeric characters:num
matches all numeric characters.:alpha
matches all utf-8 alphabetical characters
- Put the
Autoloader
class intoFuel\Core
to allow extending it, it must now be required in the app bootstrap file which is also the location where you must require your own extension.
- Added Fuel's own response object class
Fuel\Core\Response
to default whitelist inapp/config/config.php
of objects that aren't encoded on output by the View when passed. - The
security.auto_encode_view_data
config option inapp/config/config.php
has been renamed tosecurity.auto_filter_output
. stdClass
was part of the default whitelisted classes from output encoding, this was a bug and it has been removed.
- Arr: Added methods
Arr::get()
,Arr::set()
andArr::prepend()
. - Arr:
Arr::element()
andArr::elements()
have been deprecated. Use the newArr::get()
instead. - Database: Using transactions will no longer prevent exceptions, exceptions are thrown and should be handled by the dev. The
Database_Transaction
class has been deprecated as it has little use because of this change. - File:
File::read_dir()
(and related methods on Area and Directory handler) now return dirnames with directory separator suffix - Fieldset_Field: Parsing of validation rules has been moved from
Fieldset_Field::add_rule()
toValidaton::_find_fule()
, from the outside the method still works the same but notices for inactive rules are now only shown when running the validation. - Form: Added inline error reporting, which must first be switched on in config and will replace an
{error_msg}
tag - Form: New default form template which puts it inside a table.
- Fuel: Added
Fuel::value()
which checks if the given value is a Closure, and returns the result of the Closure if it is, otherwise, simply the value. - Image: No longer throws
Fuel_Exception
for any type of exception but insteadRuntimeException
,InvalidArguementException
andOutOfBoundsException
where appropriate. - Input:
Input::post(null)
doesn't work to get full post array anymore, justInput::post()
without params - same for all other Input methods - Input:
Input::get_post()
has been deprecated and replaced byInput::param()
. It now also includes PUT and DELETE variables. - Input / Uri:
Uri::detect()
moved toInput::uri()
as it is part of the input and thus should be part of the input class - Request: You can now also do external requests through the Request class, for now only a curl driver:
Request::forge('http//url', 'curl')
orRequest::forge('http//url', array('driver' => 'curl', 'method' => 'post', 'params' => array())
. - Validation:
Validation::errors()
is depricated and replaced by singular formValidation::error()
to be more in line with other class methods - Validation: New 3rd parameter added to
Validation::run()
that allows adding callables for the duration of the run. - View: The view class has been refactored and works much better now. Output filtering is vastly improved.
- View:
View::capture()
has been split into two protected instance methods:process_file()
andget_data()
. You will need to update your View class extensions. - View:
View::$auto_encode
has been removed. It has been replaced but auto_filter, which is per-view instance. - ViewModel: Refactored the class internals to work more transparently with the
View
. - ViewModel: Deprecated
$this->_template
and renamed it to$this->_view
. - ViewModel: Updated to work with the refactored
View
class. Added$this->bind()
. - ViewModel: Deprecated
$this->set_template()
and renamed it to$this->set_view()
. - Html: Removed (not deprecated) the following methods:
Html::h()
,Html::br()
,Html::hr()
,Html::nbs()
,Html::title()
,Html::header()
. You should simply write the HTML yourself. - Config: Added Config file drivers for PHP, INI, JSON and Yaml. They are detected by file extension (e.g.
Config::load('foo.yml')
will load and parse the Yaml).
- Auth: Renamed default table name from
simpleusers
tousers
. - Auth: Added config options for DB connection and table columns used for fetching the user.
- Auth: Removed default config for groups & roles in
simpleauth.php
config file, only commented out examples left. - Orm: Lots of tweaks to
Observer_Validation
related to changes toValidation
&Fieldset_Field
classes. Also changed it to only save properties that are actually changed. - Orm: The
ValidationFailed
thrown when theObserver_Validation
fails now includes a reference to the Fieldset instance that failed:$valfailed->get_fieldset();
- Orm: Added support for changing the type of join used when fetching relations, example:
Model_Example::query()->related('something', array('join_type' => 'inner'))->get();
- Orm: Observers are no longer singleton but one instance per model with per model settings, check docs for more info.
- Parser: Added Parser package to the default install.
- Parser: Mustache is now part of the Parser package by default. Version 0.7.1.
- Email: The Email package is added.
- Fixed a security issue where the URI was not being properly sanitized.
- oil refine install now makes the config directory writable. (Dan Horrigan)
- Added auto-id to select fields (Kelly Banman)
- Fixed typo in ::analyze_table (Frank de Jonge)
- replaced the regex that processes :segment in the Route class. closes #33. (Harro Verton)
- Closes #31: logic error caused the Crypt class to update the config when nothing is changed. (Harro Verton)
- Fixed up XML output so that singular versions of basenode names are used when a numeric value is provided as a key.XML doesn't like numeric keys and item, item, item is boring. Also moved formatting logic out of the REST library. (Phil Sturgeon)
- Added Format::to_php(). (Phil Sturgeon)
- Updated Form config file to work with the Form class we've had for the past 3 months (oops). Fixes #93 (Jelmer Schreuder)
- Fixes #115: Form::button() now produces a <button> tag instead of <input> (Harro Verton)
- Fixed #116: Throw an error if File::update can't open the file for write (Harro Verton)
- Added a check to File::open_file() to make sure $resource is a valid resource before we attempt to flock() (Harro Verton)
- Fixed badly named variable in profiler. (Phil Sturgeon)
- Show full file paths in the Install task. No security concern if you're already in the terminal. (Phil Sturgeon)
- Fixed bug in \Date::create_from_string() where the date produced would always be exactly one month behind the actual date. (Ben Corlett)
- updated the Crypt class to make the generation of the random keys more secure (Harro Verton)
- fixed error in Fuel::find_file(), causing a PHP notice on repeated finds (Harro Verton)
- The DBUtil class now respects the table prefix if set (Fixes #103). (Dan Horrigan)
- If an empty string is passed to Format::factory('', 'xml') it will no longer error, just return an empty array. (Phil Sturgeon)
- Added PHPSecLib to vendor to provide encryption features if no crypto is available in PHP. (Harro Verton)
- Rewritten the crypto class to use AES256 encryption, and a HMAC-SHA256 tamper validation hash. (Harro Verton)
- Added Redis to the bootstrap. (Jelmer Schreuder)
- Made Inflector::camelize() return camelcased result again but the Inflector::classify() won't use it anymore and still respect underscores. (Jelmer Schreuder)
- Allow setting labels as array including attributes instead of just tring in form->add (Jeffery Utter)
- Fix Date class. strptime returns years since 1900 not 1901. Dates were a year in the future. (Jeffery Utter)
- Options wasn't being passed when adding a radio.. thus it wasn't making all the separate fields. (Jeffery Utter)
- fixes bug #96: advanced regex must use non greedy match to properly match segments (Harro Verton)
- fixes bug #99: PHP notice due to not-initialized property (Harro Verton)
- Using memory_get_peak_usage() instead of memory_get_usage() for more reliable memory reporting. (Jelmer Schreuder)
- Form generation: Fixed issue with "type" attribute set for textareas and selects. Also prevented empty for="" attributes by ignoring null values. (Jelmer Schreuder)
- Moved page link creation into separate method for more flexibility (Kelly Banman)
- fixed broken database profiling (Harro Verton)
- Input::real_ip() now returns "0.0.0.0" if IP detection fails (Harro Verton)
- Bugfix: hidden inputs created with the Fieldset class caused unending loops. (Jelmer Schreuder)
- Fixed a bug that caused the image library to refuse all image types. (Alexander Hill)
- Corrected typos in the image class. (Alexander Hill)
- Fuel::find_file() now caches files found per request URI, instead of a global cache. (Harro Verton)
- Fixed a bug in the response constructor. Response body was not setting. (Dan Horrigan)
- Bugfix: Fieldset::build() didn't match Form::build() for which it should be an alias. (Jelmer Schreuder)
- Changed Controller_Rest formatting methods from private to protected so they can be extended (Tom Arnfeld)
- Improved the Fieldset::repopulate() method to also take a Model or array instead of using the POST values. Will accept any array, ArrayAccess instance, Orm\Model or object with public properties. (Jelmer Schreuder)
- Fixed an issue with the casing of the Simple-driver classnames. (Jelmer Schreuder)
- Fixed small bug in Auth check method. (Jelmer Schreuder)
- Bugfix: ACL rights merging went wrong because the base was a string instead of an array. (Jelmer Schreuder)
- Updated scaffolding to work better with the new ORM package. Fix #81.
- Suppress the error message for PHPUnit in oil, if it can't load the file from include it should just error as usual. (Phil Sturgeon)
- Fixed PHPUnit, said it wasn't installed when it was. (Phil Sturgeon)
- Fix #85: Scaffolding still referred to ActiveRecord instead of Orm. (Phil Sturgeon)
- Added to_array() method to export current object as an array. Improved ArrayAccess and Iterable implementation to work with relations. (Jelmer Schreuder)
- Finished the unfinished __clone() method. (Jelmer Schreuder)
- Fixes #84 - now an exception is thrown when an invalid Model classname is given to a relation. (Jelmer Schreuder)
- Implemented __isset() and __unset() magic methods for Orm\Model (Jelmer Schreuder)
- Moved Query object creation into its own method to allow the more accurate Model_Example::query()->where()->get(). (Jelmer Schreuder)
- order_by() didn't return $this with array input. (Jelmer Schreuder)
- Fixed issue with constructing new models without adding properties. (Jelmer Schreuder)