Skip to content
This repository

CakePHP 2.5.0-RC1 Released

Mark Story markstory released this April 10, 2014 · 10 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.5.0-RC1[1]. This is the first release candidate for the 2.5.0 branch. The 2.5.0-RC contains bugfixes and a few new features added since 2.5.0-beta was released. When complete, 2.5.0 will replace the 2.4.x branch. A migration guide is available in the book [2] and we encourage you to read it if you are upgrading from an older version.

Changes since 2.5.0-beta

  • HtmlHelper::addCrumb() can now be chained to add multiple crumbs.
  • BaseAuthorize::mapActions() can now map custom action types.
  • cake acl delete now deletes all matching rows.
  • Dispatcher::_invoke() no longer takes a response parameter.
  • Set class is now deprecated and has been removed in 3.0. You should use Hash class instead.
  • CakePlugin::loadAll() now merges settings with defaults.
  • AssetDispatcher now returns 404 errors with no content body when plugin/theme assets cannot be found.

If there are no important issues found, a stable release of 2.5.0 should be released in the next few weeks.

A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework.

Links

CakePHP 2.4.7 Released

Mark Story markstory released this April 04, 2014 · 22 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.4.7. 2.4.7 is a bugfix release for the 2.4 release branch. A short list of the changes you can expect is:

  • Core fixtures are now included in PEAR packages.
  • Limburgish locale was added to L10n.
  • MailTransport now includes the last error in the exception raised when mail() fails.
  • HtmlHelper::getCrumbList() supports the escape parameter now.
  • Describing tables in specific SQLserver schemas now works correctly.
  • Improved API docs for several classes.
  • URLs are correctly generated when two routing keys start with the same substring.
  • Model::deleteAll() works correctly when using MySQL views.
  • CakeEmail sets theme on helpers now.
  • Hidden inputs generated in radio(), select() and checkbox() have the 'form' attribute set when provided.
  • Inflection for words ending in 'aves' was improved.
  • CakeTestCase::assertTags() now runs much faster.
  • CakeTestCase::assertTags() requires all attributes to be verified now.
  • AclShell::delete now removes all matching records.
  • CakeEmail now correctly renders messages when the template and layout are in different plugins.

You can view the full changelog on cakephp.org[1]. I'd like to thank the people who have contributed to this release. Your bug tickets, documentation edits, and patches/pull requests are a big part of what keeps CakePHP alive and ticking. Download a packaged release on github[2].

Links

CakePHP 2.5.0-beta Released

Mark Story markstory released this March 25, 2014 · 47 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.5.0-beta[1]. This is the first beta release for the 2.5 branch. The 2.5.0-beta release contains several new features that improve CakePHP's performance, security and ease of use. When done, this new version will replace the 2.4.x branch. A migration guide is provided in the book [2] and we encourage you to read it if you are upgrading from an older version.

New features

While the migration guide[2] contains all the changes in 2.5.0, here are a few we are excited about.

Cache::remember()

This method allows you to implement read-through cache operations. For the passed cached key, it will first look for any cached data that is still valid. If not found, a callback method will be executed and its return value stored under the cache key.

You will find this useful for reducing the amount of repetitive code around checking for cache misses.

Improved Memcached support

A new Cache engine has been added to provide support for the php extension ext/memcached, which is the faster and better supported extension for utilizing this popular key-value database. In introducing this new adapter, we have deprecated the old Memcache engine and plan for its removal in 3.0.

CompletionShell

For shell environments that support command completion such as bash and zsh, we have provided a cake shell that will help you get command and options completion for your cake shells by hitting the tab key. If you have ever wondered what shells are available, or what options they can take, this might be for you. Make sure to check the documentation for more information on how to set this up.

Security::encrypt() and AES encrypted cookies

If for any reason you are storing data in cookies that should not be changed by the user, you can now use AES encrypted cookies. This utilizes the new AES-256 encryption offered by the Security class to prevent various classes of attacks, such as cookie tampering.

Consistent priorities in global and local events

One limitation in previous CakePHP versions was that listeners attached to the global EventManager would always be called before any other local listeners, despite the priorities. CakePHP 2.5 unifies the priority queue between global and local event listeners. With a single unified set of priorities, you can implement more complex and complete aspect oriented programs.

The API docs[3] and cookbook have been updated to reflect the changes and updates for 2.5.0.

The CakePHP core team would also like to welcome Brian Crowe (bcrowe) to the team. Brian has been actively improving the cookbook, API docs and code during the development of 2.5, and 3.0.

A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework.

Links

CakePHP 3.0.0 dev preview 2 released

José Lorenzo Rodríguez lorenzo released this March 12, 2014 · 79 commits to master since this release

CakePHP 3.0.0-dev2 released

The CakePHP core team is excited to announce the second development preview of CakePHP 3.0.0[1]. In the few months since 3.0.0-dev1, we've been hard at work incorporating community feedback on the ORM, and building out some of the functionality that was missing in the first development preview.

New features in 3.0.0-dev2

  • CakePHP has adopted the PSR-4 autoloader standard. If you are updating, make sure you update composer as well using composer self-update.
  • The directory structure of both CakePHP and the App skeleton has been simplified a bit thanks to PSR-4.
  • The AclComponent has been removed - It will be returning as a plugin.
  • The TestShell, and webrunner have been removed in favor of only supporting phpunit from the CLI, and VisualPHPUnit.
  • View templates have been moved from View/ to Template/. This was done so the View/ directory would only contain view classes and helpers.
  • The HtmlHelper, FormHelper, and SessionHelper use string templates consistently.
  • ID attributes are now always generated with - instead of CamelCase. This was done to standardize on one convention for CSS selectors.
  • API documentation and the cookbook have had many new sections and improvements.
  • Scaffold has been removed. Dynamic scaffolding is now available through the CRUD plugin[2] which is already compatible with 3.0.
  • The UpgradeShell has been moved into a separate plugin.
  • Better debugging output for some complex objects like Entities, Tables and Queries. Also added a special method to control what data is outputed for objects when using the debug() function
  • Added Collection::insert()

FormHelper

FormHelper has been re-built from the ground up. It features a new extensible widget system. Form widgets allow you to build self contained input widgets. This makes it easy to define complex widgets like the datetime widget in application or plugin code. Once created, widgets can be combined with other FormHelper features like input().

FormHelper also works with the new ORM now. You can create forms for individual entities, or collections of entities:

// Create a form for a single entity & its associations
echo $this->Form->create($article);

// Create a form for multiple entities & their associations.
echo $this->Form->create($articles);

FormHelper also features a pluggable context system that allows you to integrate FormHelper with any ORM you may wish to use.

TranslateBehavior

TranslateBehavior has been re-built from the ground up. It features the long awaited ability to translate all models including associations from a find(). The new TranslateTrait makes dealing with multiple translations in your entities simple as well.

ORM improvements

We've continued to build out capabilities in the ORM. Some notable improvements in dev2 were:

  • Composite primary key support - The ORM now supports composite primary keys in all associations.
  • The Model.beforefind event is now triggered for all associations in the same query.
  • Eager loading is now separate from the Query class. This makes implementing custom eager loading much easier.
  • Model/Repository was renamed to Model/Table. Several people found 'Repository' to be a confusing and alien term.
  • Interfaces have been extracted to reduce the reliance on concrete implementations.
  • The formatResults() method has been added to provide many of the features that afterFind() used to do.
  • Query::counter() was added to provide support for complex count logic. This makes it easier to override the count in the PaginatorComponent.
  • Table::patchEntity() was added, it enables you to merge requet form data into an existing entity and its associations.

Up next

Our next release will be yet another development preview. In the dev3 release we are going to focus on updating:

  • Bake and all the related tasks need to be updated to work with the new ORM.
  • Update the i18n extract task to extract validation messages from Table objects
  • Add support for SQLServer. With the database layer reasonably stable adding SQLServer will help developers on windows.

For more details on all the changes in 3.0.0, you can consult the migration guide[2]. I'd like to thank everyone who has contributed thoughts, code, documentation or feedback to 3.0 so far. It's going to be a major milestone for the project, and we're just getting started with making it the best version of CakePHP ever.

Links

CakePHP 2.4.6 Released

Mark Story markstory released this March 01, 2014 · 112 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.4.6. 2.4.6 is a bugfix release for the 2.4 release branch. A short list of the changes you can expect is:

  • Extract task handles quotes inside validation messages correctly.
  • Model::field() now works with fields translated with TranslateBehavior.
  • Core tests are no longer part of PEAR packages. This solves issues when the pear package is used as a composer dependency, and an incorrect classmap was generated.
  • FormHelper::checkbox() can now generate checkboxes for empty values.
  • Postgres can now convert boolean fields to integer when using SchemaShell.
  • Changes to how ID's are generated for radio inputs were reverted. These changes caused issues in some applications.
  • API documentation has been improved.
  • Reverse routing for prefixed actions was improved.
  • Temporary associations setup with TranslateBehavior::bindTranslation() are now correctly unbound & restored.
  • Clearing data with MemcacheEngine will now work with greater than 100 slabs.
  • Validation::decimal() now works with localized floats.
  • Invalid data in datetime pickers is now correctly handled.
  • FormHelper::postLink() and FormHelper::postButton() now handle N dimensional data.

You can view the full changelog on cakephp.org[1]. I'd like to thank the people who have contributed to this release. Your bug tickets, documentation edits, and patches/pull requests are a big part of what keeps CakePHP alive and ticking. Download a packaged release on github[2].

Links

CakePHP 2.4.5 Released

Mark Story markstory released this January 26, 2014 · 179 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.4.5. 2.4.5 is a bugfix release for the 2.4 release branch. A short list of the changes you can expect is:

  • Generated DOM ids for radios and checkboxes should now be collision free when using non-alphanumeric values.
  • The postgres driver now quotes schema names. This solves issues with legacy schemas using special characters.
  • Translate behavior now correctly handles translated values of '0'.
  • Controller baking now provides better feedback when no controllers are generated.
  • Datetime inputs will not select year 0 when the selected value is '0000-00-00'. This improves compatibility with MySQL.
  • Schema creation with the connection parameter now works as expected.
  • URLs are no longer double URL decoded. This fixes lost data when named parameters or path segments contain values that look like URL encoded data.
  • Model::updateCounterCache() no longer triggers a notice error when $this->data is empty.

You can view the full changelog on cakephp.org[1]. I'd like to thank the people who have contributed to this release. Your bug tickets, documentation edits, and patches/pull requests are a big part of what keeps CakePHP alive and ticking. Download a packaged release on github[2].

Links

CakePHP 3.0.0 dev preview 1 released

Mark Story markstory released this January 05, 2014 · 215 commits to master since this release

The CakePHP core team is very excited to announce the first development preview of CakePHP 3.0[1]. The team has been hard at work for the while, and we're very excited and pleased with the progress we've made so far. Our goal with development preview releases like this is to gather early feedback about the changes coming in CakePHP 3.0. While a number of things will be changing in CakePHP 3.0, our focus for this release has been the ORM.

The Model layer in CakePHP has served the community very well for the past 8 years, but it has started to show its age. One of the goals of CakePHP 3.0 is to replace the ageing ORM with a more modern object-orientated implementation. This development preview has the underpinnings of the new ORM. The ORM has many of the features/methods you can expect in future 3.0 release, albeit with a few rough spots.

CakePHP 3.0 represents a significant break in backwards compatibility. One of the largest the project has ever had. We're trying to modify existing methods and classes only where it's required. However, modernizing the ORM has caused a significant ripple effect to other parts of the framework. You can expect fairly significant changes in everything that touches the ORM/Models as we've started over and built what we will become a great ORM.

Still a preview

We'd like to remind you that this is a development preview release. Many features are incomplete or missing. For example, the TreeBehavior and TranslateBehavior do not yet have 3.x versions. This release is not intended for production use, and should be considered alpha software. We are hoping that by releasing preview releases we can get feedback from you - the community - about CakePHP 3.0. The following features are known to be incomplete or broken. We will not be accepting any bug reports on these features at this time:

  • Console/cake bake does not work at this time.
  • FormHelper does not work with the new ORM yet.
  • SchemaShell has been removed.
  • Scaffold has been removed.
  • Many behaviors have been removed or are not working.
  • AclComponent is not working with DbAcl.

In addition to incomplete subsystems, many subsystems have had breaking API changes made to them. We recommend you checkout the migration guide[2] for more detail on which methods/classes have been changed.

Other improvements

In addition to the ORM we've improved other parts of the framework. A short list of improvements you an expect are:

  • Reverse routing has almost consistent time complexity now. In previous releases reverse routing performance decreased as the number of routes increased. Thanks to named routes and some additional optimizations routing performance should stay more consistent even with large numbers of routes.
  • Routing prefixes now map to controllers in sub-namespaces and not prefixed methods.
  • New HTTP client. The HttpSocket class has been entirely re-written. It is now simpler, more performant and easier to use.
  • Simplified configuration. While CakePHP does not have much configuration required. The configuration it does have is now much simpler and more transparent than ever before.
  • Community standards adopted. CakePHP is leveraging PSR-0, PSR-1 and composer support.
  • Streamlined events system. The events system is now simpler and more efficient than ever before.

Getting started

On top of the framework changes, we've created a new repository for the application skeleton[3]. You can install this and the development preview of CakePHP using composer[4]. After downloading and installing composer you can use:

$ php composer.phar create-project -s dev cakephp/app

This will generate a new application, so you can start experimenting with CakePHP 3.0.

Documentation online

While this is a preview release, we have been busy building documentation alongside the code changes. The in-development book[5] and API[6] are already online. They will be receiving frequent updates as more documentation and examples are written.

Getting involved

If you're as excited about CakePHP 3.0 as we are, there are many ways you can get involved. You could help with the open issues in github[7], or provide your thoughts on any of the open RFC/Enhancement tickets. Both of these help us design and build the best framework we can. If you're reading through the documentation and notice an error, please let us know, either by opening an issue or sending a pull request.

I'd like to thank everyone who has contributed thoughts, code, documentation or feedback to 3.0 so far. It's going to be a major milestone for the project, and we're just getting started with making it the best version of CakePHP ever.

Links

CakePHP 2.4.4 released

Jose Diaz-Gonzalez josegonzalez released this December 23, 2013 · 235 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.4.4. 2.4.4 is a bugfix release for the 2.4 release branch. A short list of the changes you can expect is:

  • TextHelper::autoLink() now handles email addresses inside URLs correctly.
  • Pagination request data is set even when a NotFoundException is raised now.
  • Model::deleteAll will only delete distinct records now.
  • Router::mapResources() now ensures that the prefix has both the leading and trailing slash.
  • An infinite loop condition in CakeSession was fixed. This could be triggered by starting an already invalidated session.
  • Hash::numeric() now works as expected with negative numbers and other numeric values.
  • The 'my' and 'ym' formats for Validation::date() have been relaxed to allow both 2 and 4 digit year values.
  • FormHelper will not infer types incorrectly when type=checkbox is provided.
  • Postgres biginteger primary keys now correctly use the bigserial type.
  • FormHelper::dateTime() correctly handles times around 12:00:00 when an interval is also used.
  • Hash::combine() now throws exceptions when the key and value paths result in arrays of differing lengths.
  • CakeRequest::referer() no longer incorrectly reads the HTTP_X_FORWARDED_HOST header.
  • CakeRequest::host() now has a trustProxy parameter that allows access to the proxy host value.

You can view the full changelog on cakephp.org[1]. I'd like to thank the people who have contributed to this release. Your bug tickets, documentation edits, and patches/pull requests are a big part of what keeps CakePHP alive and ticking. Download a packaged release on github[2].

Links

CakePHP 2.4.3 released

Mark Story markstory released this November 24, 2013 · 298 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.4.3. 2.4.3 is a bugfix release for the 2.4 release branch. A short list of the changes you can expect is:

  • API Documentation improvements.
  • Long headers are no longer wrapped with PHP_EOL when sending email with MailTransport. This should solve delivery issues with Qmail, and other SMTP transport agents.
  • Model::_clearCache() has improved performance.
  • Model's now work better with schema's containing numeric column names.
  • An exception is now raised when a view block is opened while it is already open.
  • SchemaShell no longer uses schema.php as the filename when a custom name parameter is provided.
  • MKV is a supported content type.
  • CookieComponent writes are now more consistent. Previously writing multi-key and single writes were handled very differently. Fixing the write consistency makes deletion data saner and results in fewer cookies being transmitted.
  • Empty array data in cookies is now parsed correctly.
  • CakeTime::dayAsSQL() now correct supports the timezone parameter.
  • COUNT(DISTINCT x) queries work better in SQLServer now.
  • Postgres sequence values now use custom primary keys.
  • HtmlHelper now correctly encodes URLs generated for meta tags.
  • Using FormHelper::postLink() after creating a GET form now works as expected.
  • Model::saveAssociated() handles expression objects correctly now.
  • Model::setSource() does not alter the datasource's cacheSources property anymore.
  • Non-breaking spaces are now removed by Inflector::slug()

You can view the full changelog on cakephp.org[1]. I'd like to thank the people who have contributed to this release. Your bug tickets, documentation edits, and patches/pull requests are a big part of what keeps CakePHP alive and ticking. Download a packaged release on github[2].

Links

CakePHP 2.4.2 released

Mark Story markstory released this October 22, 2013 · 402 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.4.2[1]. 2.4.2 is a bugfix release for the 2.4 release branch. A short list of the changes you can expect is:

  • Sqlite::truncate() will verify that the sqlite_sequence table exists before modifying it.
  • Label elements now have their for attributes generated correctly for radio inputs.
  • Improved API documentation for a number of classes and methods.
  • TreeBehavior::recover() now correctly uses the scope conditions.
  • Hash::contains() can now look for needle values containing nulls.
  • Disabled radio buttons are now generated correctly when integer and string keys are used.
  • International domains are now accepted by Validation::url()
  • Inflector now handles 'quota' and 'curves' correctly.
  • jQueryEngineHelper now treats the 'xhr' option as a callback argument.
  • Bake now adds the numeric validator for float fields.
  • DboSource::renderStatement() now trims whitespace from generated queries.

As always, a big thank you to everyone involved in both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP. Download a packaged release [2].

Links

CakePHP 2.4.1 released

Mark Story markstory released this September 14, 2013 · 560 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.4.1[1]. 2.4.1 is a bugfix release for the 2.4 release branch. A short list of the changes you can expect is:

  • Improved API documentation and links to the book from the API.
  • Notice errors when loading LC_TIME files should no longer happen.
  • TreeBehavior::generateTreeList() now includes the scope defined in the model's actsAs property.
  • Support for readline was added to Shell commands. If your environment supports readline, arrow keys will no longer output escape sequences.
  • FormHelper::input() will now use attributes defined in the label key.
  • Inflection support was improved.
  • Performance of CakeTime::timeAgoInWords() was improved.
  • Method signatures of Behavior callbacks was corrected. If you are using PHP5.4 you may have to update the method signatures of your behaviors to resolve any E_STRICT errors.
  • CROSS JOINs work correctly now.
  • SqlServer::value() now correctly handles NULL values.
  • Cache::clearGroup() with FileEngine and no prefix behaves as expected now.
  • CakeEmail now quotes email aliases that contain non-alphanumeric characters, that have not already been encoded.
  • Phone number validation was simplified to fix valid area codes being detected as invalid.

Security disclosure

In 2.3.8 a security issue in AssetDispatcher was fixed. In the spirit of being open and transparent a more detailed description of the issue is being provided. By carefully crafting a URL the AssetDispatcher would allow arbitrary file access. A successful attack required at least one theme or plugin to be in use. An example url would look like:

http://example.com/DebugKit/%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e.//%2e./etc/passwd

AssetDispatcher incorrectly checked for directory traversal before decoding the URL. We'd like to thank Takeshi Terada of Mitsui Bussan Secure Directions, Inc for notifying us of the issue.

As always, a big thank you to everyone involved in both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP. Download a packaged release [2].

Links

CakePHP 2.4.0 is ready

Mark Story markstory released this August 30, 2013 · 641 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of CakePHP 2.4.0 and 2.3.10[1]. There have been a few small improvements and fixes since the release of 2.4.0-RC2.

CakePHP 2.4.0

CakePHP 2.4.0 is now marked as stable. It is a new version in the 2.x series that is API compatible with other releases in the 2.x series. Make sure you read the migration guide [2] before upgrading as there are a few changes you may need to make.

A quick overview of the changes in 2.4 are:

  • The constants IMAGES_URL, JS_URL, CSS_URL have been deprecated and replaced with config variables App.imageBaseUrl, App.jsBaseUrl, App.cssBaseUrl respectively. Each of the deprecated constants will be removed in 3.0.
  • The CAKEPHP_SHELL constant has been deprecated and will be removed in 3.0.
  • Sanitize class has been deprecated and will be removed in 3.0.
  • FileLogs can now have a max size and simple rotation configured.
  • Logging now support syslog out of the box.
  • A number of locales have been renamed.
  • JSONP support has been added to the JsonView
  • You can disable updating counterCache values with the counterCache option when saving models.
  • Password hashing has been extracted into a set of PasswordHasher classes. These classes make changing out password hashing strategies for the various authentication adapters simple.
  • Stateless authentication has been improved.

For a full list of the changes and improvements you should review the 2.4 Migration guide [2].

Changes to 2.4.0 since 2.4.0-RC2

  • confirm handlers are now correctly encoded.
  • Helpers are now loaded during View construction. This ensures that helpers are always available.
  • View blocks can now operate on any object that can be converted to a string.
  • All changes detailed in the 2.3.10 changelogs are also included with 2.4.0

CakePHP 2.3.10

2.3.10 marks the end of normal bug fix releases for 2.3.x. Security fixes will continue to be released for 2.3.x until 2.6.0. The following is a short list of issues fixed and changes you can find in 2.3.10

  • Configuration values are now merged between Emails and their transports.
  • CakeTime::timeAgoInWords() now uses 'about X ago' when the time delta is lower than accuracy.
  • DbAcl now uses INNER joins instead of LEFT joins. This yields improved performance with some database vendors.
  • CakeEmail::template() can now disable the layout as documented.
  • Number formatting in locales that use ',' for a decimal separator is now correct.
  • RedirectRoute now honors the 'persist' parameter correctly.
  • Constants are now conditionally defined in ShellDispatcher.
  • session.auto_start is no longer set as it never worked and triggers errors in PHP 5.5.
  • Sqlite now generates schema correctly when BIGINT columns are used as a primary key.
  • FileCache now removes special characters that would cause issues on windows systems.
  • i18n shell now correctly extracts categories other than LC_MESSAGES.

Development continues to progress on 3.0 with pull requests being frequently opened. Work has also begun on 2.5, another API compatible release in the 2.x line of releases. A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP. Download a packaged release [3].

Links

CakePHP 2.3.10 released

Mark Story markstory released this August 30, 2013 · 1007 commits to master since this release

The CakePHP core team is proud to announce the immediate availability of 2.3.10[1].

2.3.10 marks the end of normal bug fix releases for 2.3.x. Security fixes will continue to be released for 2.3.x until 2.6.0. The following is a short list of issues fixed and changes you can find in 2.3.10

  • Configuration values are now merged between Emails and their transports.
  • CakeTime::timeAgoInWords() now uses 'about X ago' when the time delta is lower than accuracy.
  • DbAcl now uses INNER joins instead of LEFT joins. This yields improved performance with some database vendors.
  • CakeEmail::template() can now disable the layout as documented.
  • Number formatting in locales that use ',' for a decimal separator is now correct.
  • RedirectRoute now honors the 'persist' parameter correctly.
  • Constants are now conditionally defined in ShellDispatcher.
  • session.auto_start is no longer set as it never worked and triggers errors in PHP 5.5.
  • Sqlite now generates schema correctly when BIGINT columns are used as a primary key.
  • FileCache now removes special characters that would cause issues on windows systems.
  • i18n shell now correctly extracts categories other than LC_MESSAGES.

Development continues to progress on 3.0 with pull requests being frequently opened. Work has also begun on 2.5, another API compatible release in the 2.x line of releases. A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP. Download a packaged release [2].

Links

CakePHP 2.4.0-RC2 released

Mark Story markstory released this August 19, 2013 · 684 commits to master since this release

The CakePHP core team is happy to announce the immediate availability of the second release candidate for 2.4.0[1].

CakeFest 2013[2] is just around the corner. If you haven't already bought your ticket do it now. It will be a great time to learn way beyond just CakePHP, this year we feature talks about performance, the future of PHP and modern javascript frontend frameworks. The core team is making great strides for having a new stable version for CakeFest and workshops will be based off the great new features next release is included.

A short list of changes you can expect in 2.4.0-RC2 are:

  • Config data between Email and Transport classes now merges correctly.
  • CakeTime::timeAgoInWords() uses fuzzy terms when time is below thresholds.
  • Confirm values are now correctly encoded. This was a regression introduced in 2.4.0-RC1.
  • DbAcl uses INNER joins instead of LEFT joins to help increase performance.
  • CakeEmail::template() can now disable rendering the layout as documented.
  • Formatting number in european locales now works correctly.
  • Translation strings were updated to exclude non-translable content.
  • RedirectRoute now persists parameters using the same methods as normal routes.
  • Components with settings are now mocked better.

A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP. Download a packaged release [3].

Links

CakePHP 2.4.0-RC1 released

ADmad ADmad released this August 11, 2013 · 755 commits to master since this release

The CakePHP core team is happy to announce the immediate availability of the first release candidate for 2.4.0[1].

As the date for CakeFest 2013[2] comes closer, you should be thinking on buying a ticket if haven't already. It will be a great time to learn way beyond just CakePHP, this year we feature talks about performance, the future of PHP and modern javascript frontend frameworks. The core team is making great strides for having a new stable version for CakeFest and workshops will be based off the great new features next release is including.

A short list of changes you can expect in 2.4.0-RC1 are:

  • Support for query parameters on Router::parse()
  • Add option to send email attachment from string in CakeEmail
  • Allow variable aliasing when using _serialize for the JsonView and XmlView. It also support pretty printing when available
  • Improving phone validation for USA and Canada
  • New option to multiply decimal percentages in CakeNumber::toPercentage()
  • Ability to provide custom strings for timeAgoInWords()
  • Minutes display with FormHelper can now be rounded to the next or previous custom value
  • PaginatorHelper won't display the first page argument for the first page, to avoid duplication on search engines
  • Added CakeResponse::location() to quickly send redirect status codes and location
  • Ability to set multiple headers at once with CakeRespose::header()
  • Improved handling of response codes to avoid sending invalid HTTP responses
  • Added SSL support to MySQL PDO connections
  • IMAGES_URL, CSS_URL, JS_URL are now deprecated and can be controlled with a new Configure value
  • ConsoleShell was also deprecated
  • Support for setting full URLs in css/js/image constants and configure values
  • CakeTestCase::getMockForModel() is now smarted and can mock AppModel
  • Deprecated DEFAULT_LANGUAGE constant
  • Deprecated Sanitize class
  • Missing directories under tmp used for logging and caching are now created automatically in debug mode

A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP.

Links

CakePHP 2.3.9 released

ADmad ADmad released this August 11, 2013 · 1070 commits to master since this release

The CakePHP core team is happy to announce the immediate availability of a new maintenance release for the 2.3 branch[1].

As the date for CakeFest 2013[2] comes closer, you should be thinking on buying a ticket if haven't already. It will be a great time to learn way beyond just CakePHP, this year we feature talks about performance, the future of PHP and modern javascript frontend frameworks. The core team is making great strides for having a new stable version for CakeFest and workshops will be based off the great new features next release is including.

Maintenance release 2.3.9 incorporates over 20 bugfixes and some performance improvements, developers are encouraged to upgrade their apps to profit from these changes.

A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP.

Links

CakePHP 2.2.9

Mark Story markstory released this July 17, 2013 · 2191 commits to master since this release

The CakePHP core team is happy to announce the immediate availability of 2.2.9. This release contains security fixes and is recommended for all CakePHP developers.

A security issue related to the AssetDispatcher was fixed. This upgrade is important for all applications serving assets out of themes or plugins using the built-in AssetDispatcher. A big thank you to Takeshi Terada of Mitsui Bussan Secure Directions for contacting us about the security issue and providing steps to reproduce it. We'll disclose more details about the vulnerability in the future once people have had the chance to upgrade.

CakePHP 2.3.8

Mark Story markstory released this July 17, 2013 · 1148 commits to master since this release

The CakePHP core team is happy to announce the immediate availability of 2.3.8. This release contains security fixes and is recommended for all CakePHP developers. A short list of changes you can expect in 2.3.8 are:

  • Improved API documentation.
  • I18nShell now extracts plugin model validation messages correctly.
  • ServerShell now serves static assets with query string parameters.
  • ServerShell correctly uses the document_root parameter.
  • Inflector can now pluralize additional words.
  • File responses using HTTP Range now work correctly.
  • A regression introduced to AuthComponent in 2.3.7 for redirectUrl() when an application is running in a subdirectory has been fixed.
  • Pagination sort whitelists are now trusted implicitly. No additional validation is done on whitelisted fields. This makes it easier to sort on synthetic columns, or columns added through joins in custom finds.

As previously mentioned, a security issue related to the AssetDispatcher was fixed. This upgrade is important for all applications serving assets out of themes or plugins using the built-in AssetDispatcher. A big thank you to Takeshi Terada of Mitsui Bussan Secure Directions for contacting us about the security issue and providing steps to reproduce it. We'll disclose more details about the vulnerability in the future once people have had the chance to upgrade.

CakePHP 2.4.0-beta

Mark Story markstory released this July 04, 2013 · 972 commits to master since this release

The 2.4.0-beta release contains several new features that improve CakePHP's performance, security and ease of use. When done, this new version is intended to be a replacement for the 2.3.x branch. A migration guide is provided in the book and we encourage you to read it if you are upgrading from an older version.

The current list of the new features & changes you can expect in 2.4.0:

Console

  • Logged notice messages will now be colourized in terminals that support colours.

SchemaShell

  • cake schema generate now supports the --exclude parameter.

BakeShell

  • cake bake model now supports baking $behaviors. Finding lft, rght and parent_id fields in your table it will add the Tree behavior, for example. You can also extend the ModelTask to support your own behaviors to be recognized.

FixtureTask

  • cake bake fixture now supports a --schema parameter to allow baking all fixtures with noninteractive "all" while using schema import.

Object

  • Object::log() had the $scope parameter added.

Components

AuthComponent

  • AuthComponent now supports proper stateless mode when using Basic or Digest authenticators. Starting of session can be prevented by setting AuthComponent::$sessionKey to false. Also now when using only Basic or Digest you are no longer redirected to login page. For more info check the AuthComponent page.
  • Property AuthComponent::$authError can be set to boolean false to suppress flash message from being displayed.

PasswordHasher

  • Authenticating objects now use new password hasher objects for password hash generation and checking.

Models

  • Model::save(), Model::saveField(), Model::saveAll(), Model::saveAssociated(), Model::saveMany() now take a new counterCache option. You can set it to false to avoid updating counter cache values for the particular save operation.
  • Model::clear() was added.

Datasource

  • Mysql, Postgres, and SQLserver now support a 'settings' array in the connection definition. This key => value pair will be issued as SET commands when the connection is created.

View

JsonView

  • JSONP support has been added to :php:class:JsonView.

HtmlHelper

  • The API for HtmlHelper::css() has been changed.
  • New option escapeTitle added to HtmlHelper::link() to control escaping of only link title and not attributes.

TextHelper

  • TextHelper::autoParagraph() has been added. It allows to automatically convert text into HTML paragraphs.

PaginatorHelper

  • PaginatorHelper::param() has been added.

Network

CakeRequest

  • CakeRequest::param() has been added.
  • CakeRequest::is() has been modified to support an array of types and will return true if the request matches any type.
  • CakeRequest::isAll() has been added to check that a request matches all the given types.

CakeEmail

  • Logged email messages now have the scope of email by default. If you are not seeing email contents in your logs, be sure to add the email scope to your logging configuration.

HttpSocket

  • HttpSocket::patch() has been added.

L10n

  • ell is now the default locale for Greek as specified by ISO 639-3 and gre its alias. The locale folders have to be adjusted accordingly (from /Locale/gre/ to /Locale/ell/).
  • fas is now the default locale for Farsi as specified by ISO 639-3 and per its alias. The locale folders have to be adjusted accordingly (from /Locale/per/ to /Locale/fas/).
  • sme is now the default locale for Sami as specified by ISO 639-3 and smi its alias. The locale folders have to be adjusted accordingly (from /Locale/smi/ to /Locale/sme/).
  • mkd replaces mk as default locale for Macedonian as specified by ISO 639-3. The corresponding locale folders have to be adjusted, as well.
  • Catalog code in has been dropped in favor of id (Indonesian), e has been dropped in favor of el (Greek), n has been dropped in favor of nl (Dutch), p has been dropped in favor of pl (Polish), sz has been dropped in favor of se (Sami).
  • Kazakh has been added with kaz as locale and kk as catalog code.
  • Kalaallisut has been added with kal as locale and kl as catalog code.

Logging

  • Log engines do not need the suffix Log anymore in their setup configuration. So for the FileLog engine it suffices to define 'engine' => 'File' now. This unifies the way engines are named in configuration (see Cache engines for example). Note: If you have a Log engine like DatabaseLogger that does not follow the convention of using the Log suffix, you will have to adjust your class name to DatabaseLog. You should also avoid class names like SomeLogLog which include the suffix twice at the end.

FileLog

  • Two new config options size and rotate have been added for FileLog engine.

SyslogLog

  • The new logging engine SyslogLog was added to stream messages to syslog.

Utility

  • pr no longer outputs HTML when running in cli mode.

Validation

  • Validation::date() now supports the y and ym formats.
  • The country code of Validation::phone() for Canada has been changed from can to ca to unify the country codes for validation methods according to ISO 3166 (two letter codes).

CakeNumber

  • The currencies AUD, CAD and JPY have been added.
  • The symbols for GBP and EUR are now UTF-8. If you upgrade a non-UTF-8 application, make sure that you update the static $_currencies attribute with the appropriate HTML entity symbols (£ and €) before you use those currencies.

CakeTime

  • CakeTime::isPast() and CakeTime::isFuture() were added.

Xml

  • New option pretty has been added to Xml::fromArray() to return nicely formatted Xml.

Error

ErrorHandler

  • New configuration option skipLog has been added, to allow skipping certain Exception types to be logged. Configure::write('Exception.skipLog', array('NotFoundException', 'ForbiddenException')); will skip logging these exceptions and the ones extending them when 'Exception.log' config is true

Routing

Router

  • Router::baseUrl() was added. This method replaces FULL_BASE_URL. Which is now deprecated.

The API docs and cookbook have been updated to reflect the changes and updates for 2.4.0.

A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP.

CakePHP 2.3.7

Mark Story markstory released this July 04, 2013 · 1191 commits to master since this release

2.3.7 is a bugfix release for the 2.3 branch, while 2.4.0-beta is the first release of the 2.4 branch. A short list of the changes you can expect in 2.3.7 are:

  • Cached views now contain their Content-Type header. It is recommended that you flush your view caches when upgrading.
  • Return-Path is now excluded on emails delivered via SMTP.
  • The automatic created & modified times when saving records are now consistent. There used to be an edge case where they could differ by one second.
  • Undocumented, untested features around the IIS_SERVER constant have been removed.
  • FormHelper::dateTime() now selects the correct year when creating an input which has a maxYear earlier than the current year.
  • Email views now calculate the boundary later in the rendering process fixing issues where View callbacks could append inline images or attachments, resulting in incorrect boundary markers.
  • AuthComponent now correctly generates redirect URL's when the application base path matches the controller name.
  • Errors generated from requests containing 'index.php' now render correctly.
  • Classnames containing '..' are now rejected.

There was a security fix in this release that fixes an issue where controllers outside of the application could be loaded under certain conditions. This is an important upgrade for applications that accept uploaded PHP files where user data is used to determine the final file name. In these situations it would be possible for an attacker to upload a PHP file and remotely execute code. A big thanks to Adrian Ulrich for contacting us about the issue, and providing steps to reproduce it.

A huge thanks to all involved in terms of both contributions through commits, tickets, documentation edits, and those whom have otherwise contributed to the framework. Without you there would be no CakePHP.

Important upgrade for 1.3

Andy Dawson AD7six released this June 24, 2013 · 8460 commits to master since this release

This is an important update for all users of 1.3. It is recommended that all users of 1.3 should upgrade as soon as possible.

In the previous release for 1.3.16 a mistake was made when creating the 1.3.16 tag. An important fix was missed from the packaged release. We recommend that all applications using 1.3 upgrade to 1.3.17 immediately safeguard against the SQL injection issue that 1.3.16 was intended to fix.

How did this happen?

When creating the package for 1.3.16, a git clone was not correctly updated before generating the new tag. To prevent this issue in the future, we'll be updating the automated build script used to package CakePHP to always update the local clone. This should prevent similar errors in the future.

links

Something went wrong with that request. Please try again.