Skip to content

Changelog v1.7.2

Jump to bottom
Harro Verton edited this page May 7, 2014 · 28 revisions

This keeps track of important changes to the 1.x branch.

When you decide to upgrade to a new version, pay attention to the changes documented in this changelog, and the upgrade procedures documented.

Important fixes, changes, notes. Read them carefully.

None.

Backward compatibility notes

As a result of the security issue mentioned below, the auto-format of the response in the Request_Curl class is now disabled by default, as it is possible for a malicious site to construct a response of a specific reponse type that can lead to code execution. This means that if you use Request_Curl, you have to either enable this manually in your code (ONLY if you absolutely trust the site you connect to!), or add code to validate the response before you process it.

Removed code (because it was deprecated in v1.7.1 or earlier)

None.

Security related

There was one security advisory issued for 1.7.1, which also impact all previous versions from 1.1 onwards (see http://fuelphp.com/security-advisories). The issue is mitigated in 1.7.2, it is strongly advised that you upgrade as soon as possible, or alternatively follow the advice in the advisory.

System changes

  • A possible XSS vulnerabity in the Profiler output has been fixed.
  • When using multiple DB connections, the profiler now shows the connection used for the query.
  • The internal Markdown class has been removed, and replaced by the Composer library.
  • Some methods were still defined as private. This has been changed to protected to allow extension.
  • Fully namespaced controllers are now supported. Now you can use class names like Controller\Foo\Bar, Controller_Foo_Bar, or Controller\Foo_Bar.

Specific classes

  • Controller_Hybrid: Now correctly handles returned array responses.
  • Model_Crud: Can now correctly handle properties with a null value.
  • Session: set_flash() now correctly resets the state when setting an existing expired flash value.
  • Session: Deleting a session cookie now takes the configured path and domain into account.
  • Format: CSV conversion methods now have separate config for import and export of CSV data.
  • Controller_Rest: When no data is returned, "204 NO CONTENT" status is set.
  • Controller_Rest: Better support for Digest authentication.
  • DButil: Default values are now correctly quoted, instead of escaped.
  • DButil: Make sure the COMMENT keyword appears before AFTER and BEFORE.
  • Config: When saving a config file, the configured permission mask is now applied.
  • Arr: When passing an object as key to get(), it is now cast to string.
  • Inflector: The separator of friendly_title() is now configurable.
  • Pagination: Logic has been completely rewritten to fix all bugs.
  • Pagination: You can now define an offset to shift the active page in the navigation block left or right.

Packages

  • Auth: The included ORM User model now supports both Ormauth and Simpleauth.
  • Auth: Ormgroup's member() method now correctly checks for group membership.
  • Auth: Calculating effective user permissions in Ormauth has been fixed.
  • Auth: Opauth: if no nickname is returned by the provider, try to find a match on email address.
  • Auth: Ormauth now supports database selection and DB's replication features.
  • Email: Recepient names are now quoted to support comma's in the name.
  • Email: New Mailgun driver to support sending email through Mailgun's email service.
  • Email: SMTP driver now only authenicates ones per connection, to facilitate bulk email.
  • Email: Added the option to strip or leave HTML comments in the HTML message body.
  • Email: New Mandrill driver to support sending email through Mandrill's email service.
  • Email: SMTP driver now supports STARTTLS for secure email. Used for example by Google mail.
  • Oil: oil server now has inline help.
  • Oil: Authentication in generated Admin controllers has been fixed.
  • Oil: Added the --module argument to add module support to the code generation commands.
  • Oil: Scaffolding templates are updated for Boostrap 3.
  • Oil: oil test now supports the PHPunit argument --testsuite.
  • Oil: oil generate model now can generate ORM temporal or nestedset models.
  • Orm: to_array now also also exports EAV value pairs.
  • Orm: The before_save observer is now called before the object is checked for changes.
  • Orm: New enable_event and disable_event methods for enabling/disabling observer events.
  • Orm: Fixed Soft_Delete::purge, now it actually deletes the purged records.
  • Orm: You can now pass custom data when forging an ORM object.
  • Orm: Observer_Slug now has a configurable separator.
  • Orm: Observer_Slug now allows you to generate duplicate slugs, or to assign slugs manually.
  • Orm: Fixed validation of new objects, now all fields are correctly validated.
  • Orm: There is now support for DB::expr() in ORM select().
  • Orm: There is now support for select('*').
  • Orm: You can now add custom sanitation code to a model (used when a model object is passed to a View).
  • Parser: Twig driver now support Input::post, Session::get and Auth::check.
  • Parser: Smarty driver how has the same Fuel interface plugins as Twig.
Clone this wiki locally