Skip to content

Changelog

Jump to bottom Edit New page
Ryan Fischbach edited this page Dec 13, 2016 · 43 revisions

BitsTheater Framework Changelog

3.6.2 (2016-Dec-13)

  1. added Account::addMobileHardwareIdsForAutoLogin() which sets the "hardware_ids" field of returned Account information via the get() and getAll() endpoints.

3.6.1 (2016-Nov-30)

  1. APIResponse::setError() added a boolean SetResponseCode parameter
  2. added Arrays::parseCsvParamsStringToArray() util method to convert a CSV string of params into a true associative 2D array.
  3. AuthBasic::removeStaleTokens() was broken since it compared a timestamp with a string, not a SQL error, but a logic error.
  4. introduced the MODEL_NAME constant inside app/models so that descendant websites may use IDirected->getProp( ModelClass::MODEL_NAME ) rather than a string which may get misspelled.
  5. refactored fingerprints/circumstances POST vars to parse auth_header_data as if constructed for the HTTP Authorization header so there is only one way to build/parse Broadway Auth data; easier to extend and fewer mistakes that way; modified ping/pong results; added ability to pre-provision hardware ID mapped to an auth account; added traits for HTTP Auth header to make it easier to understand.

3.6 (2016-Nov-02)

  1. BrokenLeg now also provides mnemonic constants for a selection of HTTP error codes, so that the numeric constants for errors can be more obviously tied to those standard codes.
  2. Strings::var_dump() modified to avoid fetching data from DB Cursor objects (PDOStatements).
  3. OutputToCSV modified to accept any object with a fetch() method rather than specifically a PDOStatement.
  4. Created a new costume, IteratedSet, for enabling printing out DB Cursor objects (PDOStatements); modified "results_as_json" view to detect and use printToJson() method, if found; added APIResponse::printToJson() method.
  5. SqlBuilder adds a couple of methods for standardizing logging SQL failures and throwing DbExceptions.
  6. Finally figured out how to get a costume to get all its public properties (very useful for exporting data); updated ABitsCostume and ASimpleCostume to export only public properties by default.
  7. Created new AuthAccount API endpoints; updated Auth DB schema (AuthBasic model); updated Permissions and AuthGroups to accommodate as well; "is_active" flag can prevent logins if FALSE.
  8. Added CLI terminal effects (colors, bold, reverse, etc.).

3.5.2 (2016-Sept-27)

  1. Actor static methods are now denied URL access by default
  2. Scene now permits a switch to specifically enable/disable the Pager mechanism (for export purposes).
  3. UserParameterException added INVALID_ARGUMENT_VALUE.
  4. Added WornForRestService::sendRequestToRestService().
  5. Login fixed to handle multiple sessions/windows/devices with anti-CSRF tokens correctly.
  6. Password reset now sets the anti-CSRF token correctly so a JavaScript font-end will actually work as intended.
  7. Upgrade feature (e.g. db schema changes) now displays the error message, if any; also calls the SetupDb::normalizeFeature() non-statically like it should (meaning it can be overridden now).
  8. Added anti-CSRF token mechanism to default Accounts and Rights views.
  9. Fixed OutputToCSV so that double-double-quotes ("") are used whenever double quotes are encountered within data; also check for "+" at start of field data to prevent Excel from converting value to formula, prepend with '=' before enclosure.

3.5.1 (2016-Sept-01)

  1. Output to ICS (vCalendar format) now available.
  2. SetupDb moved into PropCloset so a website can descend from it.

3.5.0 (2016-June-21)

  1. Move configs folder out from [site]/app/configs to just [site]/configs for new sites.
  2. Remove the "no_sessions" workaround which just causes more trouble than it is worth.
  3. Updated PasswordReset feature.
  4. Updated SqlBuilder to handle paged queries easier.
  5. Added UserParameterException.
  6. Updated CLI with a -h param to specify which config to use.
  7. Allow CLI to operate from any folder, not just from the app/cli subfolder.

3.4.5 (2016-May-06)

  1. CLI capability introduced.
  2. getModel()/getProp() can now accept the full class name as its parameter.
  3. Saving list of configuration settings now returns those that were changed.
  4. AuthGroups & BitsGroups refactored to ensure protection from SQL Injection. Admins were the only ones capable of introducing such SQL Injection, so the threat for earlier versions is quite low.
  5. "Action" configuration setting introduced so that Buttons are now an option.
  6. Traits for various classes have been introduced.
  7. CSRF tokens now take advantage of the AuthBasic token mechanism, if available.
  8. The hidden input companion field for checkboxes now has its value default to "0".

3.4.4 (2016-Apr-10)

  1. Actor refactored so the SEO URL transformation can be tweaked on an Actor-by-Actor basis now.
  2. The base Actor public methods cannot be called via URL by default.
  3. BrokenLeg converts Exceptions more completely so that more information is passed to the caller.
  4. Actor names are now converted to class names using the standard function instead of relying on PHP's case insensitive nature.
  5. Several ancestor class names changed so they did not share the same name as their descendant as website installation was starting to get confused about which class to load.
  6. Many new API endpoints exist so that framework features that used to require page renders to accomplish can now be done via a JavaScript front-end calling API routines in the background.
  7. Install now provides an API endpoint to accomplish the entire install process in one call. This allows automation such as Ansible to install a website entirely without human interaction.
  8. Boolean website settings that employed a checkbox widget now work properly when unchecking them.
  9. "Auth" website settings now editable by a non-titan group admin.
  10. PHP 5.5 deprecated code fixed.
  11. Strings::wordWrap() greatly improved to attempt to break on word boundaries.
  12. Improved security for permission related endpoints.

3.3.2 (2016-Mar-03)

  1. Cookie management updated to allow HTTPOnly flag
  2. getProp() smarter in that lower case class names figured out just like Actor class names
  3. Registration cap website option added
  4. Costumes with toJson() methods respected if passed to the "results_as_json" view
  5. CommonMySql costume created to help simplify common model tasks.
  6. Newly introduced CSRF protection mechanism debugged
  7. Admin> Settings page now protected by CSRF protection mechanism

3.3.1 (2016-Feb-01)

  1. Introduced login auto-lockout after X failed attempts per hour.
  2. Introduced CSRF protection for API's using "ajaj" prefix.
  3. Introduced non-cached-auth for API's using "api" prefix.

3.3.0 (2016-Jan-15)

  1. Created a standardized API response object, if desired.
  2. Shutdown code that helps debugging Out of Memeory errors.

3.0.0

  1. Features introduced, version numbers can be displayed and now have meaning.
  2. The CSS classes data-* have been renamed to db-* to avoid HTML5 class conflicts.
  3. SqlBuilder costume class can now handle filters and orderby clauses as well as convert "=" operations into " IN ()" operations if the parameter data is an array.
  4. Actor views will now additionally check app/views/* for their named view PHP file before giving a 404 error so that site-wide views can be re-used rather than copied everywhere. The check is done after checking for the actor/action-specific view and the framework-included site-wide view file in use is the results_as_json.php view.
  5. The base class object now contains debugLog() which does not depend on debug settings in case you want to log something regardless of any of the "is debugging" const or vars such as logging a specific db error.

2.4.9

This version and anything prior was not versioned.

Add a custom footer
Add a custom sidebar

Clone this wiki locally