Changelog v1.7

Harro Verton edited this page Oct 12, 2013 · 32 revisions

This keeps track of important changes to the 1.x branch.

When you decide to upgrade to a new version, pay attention to the changes documented in this changelog, and the upgrade procedures documented.

Important fixes, changes, notes. Read them carefully.

  • A fix has been added to deal with PHP bugs #42098/#54054, which cause an SPL autoloader to malfunction when trying to autoload from an exception handler. This will fix erradic "class not found" messages when processing exceptions.
  • File::close_file() was broken when using locking. This has been fixed.
  • Date::test_format() no longer resets the current timezone to UTC.
  • Output buffering is now disabled when in CLI mode. This allows you to get messages from your tasks in realtime, instead of having to wait until the task has finished.
  • A bug in all session drivers (except cookie) that caused the session timestamp not to be updated has been fixed. The session will now not expire as long as there is activity within the expiration timeout.
  • PHP E_ERROR's are now reported as "Fatal error".
  • Profiler data will no longer be added to the output if the request is an ajax call.
  • The finder now checks for "?:\" to detect a Windows path, so that one-letter module names can be used in finder filenames ("?:filename").
  • Where relevant calls to file_exists() have been changed to is_file() for performance reasons.
  • Where relevant calls to call_user_func_array() have been changed to call_fuel_func_array(), our internal equivalent which is about 30% faster.
  • Lots of bugfixes in the Auth package, especially in relation to OpAuth and the Ormauth drivers.
  • Lots of bugfixes in the Orm package, especially related to Model_Soft and Model_Nestedset.

Backward compatibility notes

  • The CSV configuration for the Format class has been split into a separate config for imports and exports. Also, the default escape character has been changed from a backslash to a double quote, to be more standards compliant. If your application relies on the backslash, make sure to create a custom format config after you have upgraded.
  • The Redis class has been renamed to Redis_Db, to avoid collisions with the Redis PECL class, which seems to be installed by default on a lot of systems. If the PECL extension is not found, Redis_Db will be aliased to Redis, to make sure existing applications that use the Redis class don't break. If you use the Redis class, it is advised that you change it to Redis_Db.
  • Cookie::set() now returns false when called in CLI mode.

Removed code (because it was deprecated in v1.6 or earlier)

  • The Event::shutdown() method has been removed. This is replaced by two events, 'shutdown' which can be used by applications to run code after the script has finished, and 'fuel-shutdown', which runs after the application shutdown events, will close any open session, and runs the framework cleanup.

Security related

There were two security advisories issued for 1.6.1, which also impact all previous versions (see These issues are addressed in 1.7, it is strongly advised that you upgrade as soon as possible.

System changes

  • Composer now runs "oil refine install" when you run the initial installation.
  • A web.config file is now included to support rewriting for those using PHP/IIS on Windows.
  • Twitter Bootstrap has been upgraded to 3.0. Check for dependencies with your current code if you upgrade, oil will now generates 3.0 compliant view files.
  • FuelPHP\Upload has been switched to version 2.0.1. If you upgrade, don't forget to change your composer.json and run php composer.phar update.
  • Exception handling in the index.php now resets the main Request, to avoid subsequent Requests to be seen as HMVC calls.
  • index.php now only updates the output with profiling data if the placeholders are present in the output.
  • All code using preg_replace() with the \e modifier has been rewritten to be compliant with PHP 5.5+.
  • Reverse routing now works with regex routes.

Specific classes

  • New Arr::merge_assoc() method as alternative to array_merge_recursive(), which does not alter numeric keys, and does not merge mixed values (see docs).
  • New Arr::reindex() method to recursively reindex an indexed array, or the numeric keys in an assoc array.
  • New Arr::subset() method returns a subset of an array based on a list of (dot-notated) keys.
  • Asset methods css() and js() now allow inline code to be passed as a string.
  • Cache_Storage_Memcached now creates and reuses a single connection to the Memcached server.
  • Cache_Storage_Memcached now supports a relative expiration time, like the native PHP functions.
  • Cache_Storage_Redis now creates and reuses a single connection to the Redis server.
  • Config now has a driver to store config data in a database table.
  • Date has a new emulation function for strptime(), for better Windows support.
  • DB now supports master/slave configurations, completely transparent for the application.
  • DB where() method now has support for DB::expr().
  • DB configuration now has support for speciying the collating sequence.
  • New has_connection() method for DB::instance() to check if a valid DB connection is present.
  • You can now create nameless Fieldset objects.
  • File_Handler_File now has a new method get_path() to retrieve the file's path.
  • New Form::csrf() method to add a hidden field to your form with the CSRF token.
  • Form::select() now allows you to pass a default value via the attributes array.
  • Form::to_xml() now has a configuration option to escape data using CDATA instead of converting to HTML entities.
  • Fuel has improved base_url detection, to work better with installations inside the document root.
  • New Image extension() method to retrieve the extension of the loaded image.
  • Input now supports the HTTP method PATCH.
  • Lang now has a driver to store language data in a database table.
  • Log now tells you why it couldn't open or write to the logfile.
  • Migrate now prints a warning if one or more migration steps were skipped.
  • Mongo_Db now uses the MongoClient class, instead of the deprecated Mongo class.
  • Pagination now casts all numeric values to int after calculation.
  • Pagination now has a __toString() method to render when the object is cast to string.
  • Pagination render methods now correctly use the configured default values when called without arguments.
  • Pagination::render() now has the option to return the raw pagination data array instead of the rendered HTML.
  • New config section for Pagination to support Bootstrap v3.
  • New Redis_Db method psubscribe() allows you to listen and define a callback for every response.
  • Request now writes the request type to the log, together with the requested URI.
  • Request now checks if all required action arguments are present, and throws HttpNotFoundException if not.
  • Response now has an updated HTTP status code list (including the famous 418!).
  • The use of wildcards in a URI for Response::redirect() is now configurable.
  • Security::xss_clean() is now using htmLawed v1.1.16.
  • New options parameter for Security::xss_clean() to pass custom configuration to htmLawed.
  • Security::check_token() now uses Input::param() to fetch the token. This allows HTTP methods other then POST to be secured with a token.
  • New Str::random() feature to generate UUID v4 strings.
  • Uri::segment_replace() now allows you to force the URL scheme to HTTP or HTTPS.
  • New Uri::update_query_string() method allows you to add query string data to an existing URL.
  • Validation::valid_date() will now ensure the date value format is valid.
  • New Validation::get_error_message() to retrieve all or individual error message from validation error objects. This saves you having to loop over the objects in your code to get the messages out.
  • Validation::valid_string() now has support for "brackets" and "braces".
  • Viewmodel::forge() now allows you to pass a custom view name or View object.
  • New Theme::viewmodel() method allows you to create theme aware Viewmodel objects.
  • Upload init method has been modified to make sure uploaded files are not processed twice.
  • New Uri::build_query_string() method to generate a query string from a list of arrays or strings.


  • Auth: Opauth driver now has a config switch to allow auto registration after OAuth login.
  • Email: Added support for images in base64 encoding.
  • Email: Fixed additional blank line in the mail header causing some mailservers to barf...
  • Email: New getter methods get_from(), get_to(), get_cc(), get_bcc(), get_subject(), get_body() and get_reply_to().
  • Oil: There is now support for the _init() static method for tasks.
  • Oil: test now has (expiremental) support for phpunit.phar.
  • Oil: Scaffolding menu links are now rendered as buttons.
  • Oil: Running create inside a valid FuelPHP installation now displays an error message.
  • Oil: Generating a migration without the correct arguments now fails with an error message.
  • Oil: Scaffolding and Admin scaffolding now generate Bootstrap v3 compliant view files.
  • Oil: New package command generates a skeleton for a new package.
  • Oil: You can now use dashes and underscore in generate field options (p.e. enum values).
  • Oil: All commands now have a help screen.
  • Orm: Observer_Typing now creates an empty array when calling unserialize() on a NULL column value.
  • Orm: get_one() now uses rows_limit(1) when fetching an object with related objects.
  • Orm: New Model_Soft::purge() method allows bypassing the soft-delete functionality and delete an object permanently.
  • Orm: Model::to_object() can now be called with the same arguments as to_array().
  • Orm: group_by() Query method now supports relation name prefixes for column names.
  • Orm: You can now pass additional conditions to a lazy get() of a related object.
  • Orm: Model_Soft now has support for count(), min() and max().
  • Orm: min() and max() results are no longer cast to int, so they can be used on date columns.
  • Orm: Model::to_array() has better object tracking to prevent recursion.
  • Orm: from_array() now has support for the EAV extension. Importing non-model properties will now create EAV records instead of custom data if the model has an EAV container configured.
  • Orm: There is now support for EAV containers in Model_Nestedset.