-
Notifications
You must be signed in to change notification settings - Fork 347
Changelog v1.8.0 hotfix 4
- [SEC-CORE-007]: Filenames in
ImageMagick
were passed toexec()
without proper escaping. - VENDORPATH is now also stripped from generated profiler and error output, to prevent path exposure.
The the website for more information about reported security issues and their status.
- Fuel now uses version 1.4.0 of the PHP-Markdown composer package.
-
Asset
: [BUG-FIX]: The "always_resolve" config should only apply to local assets. -
Asset
: [BUG-FIX]: Make sure a passed data type is not overwritten. -
DB
: [BUG-FIX]: PDO attributes passed on in the "attrs" config key are no longer ignored. -
DB
: [FEATURE]: You can now useDB::expr()
and sub-queries as argument for ajoin()
. -
DB
: [FEATURE]:DB::expr()
and sub-queries now properly support defined table aliases. -
Cli
: [FEATURE]: CLI scripts now exit with exit code 1 on fatal errors. -
File
: [BUG-FIX]: Additional checks have been added to prevent possible errors when creating new directories concurrently. -
File
: [BUG-FIX]: Fixed issues with creating new directories on Windows. -
File
: [FEATURE]: When copying a file, its permissions are now copied as well. -
Input
: [FEATURE]: Input now supports variables posted as "multipart/form-data". -
Input
: [FEATURE]: Input is no longer defined globally, but per request. This allows you to set input variables on HMVC requests. -
Input
: [FEATURE]: Optional values are now stripped from the "Content-Type". -
Migrate
: [FEATURE]: A new configuration key "flush_cache" allows you to flush all cache after a migration has run. -
Pagination
: [BUG-FIX]: Specifying a non-existent uri-segment no longer throws an error. -
Presenter
: [FEATURE]: You can now use theset_view()
method to change views on an already instantiated Presenter. -
Profiler
: [FEATURE]: You can now overload the HEIGHT, DETAILS, BOTTOM and SHOWONLOAD javascript variables in your application to control initial behaviour of the profiler. -
Profiler
: [FEATURE]: A new "log_profile_data" configuration key allows profile data to be written to a file. -
Profiler
: [BUG-FIX]: Database profile data is no longer generated when profiling is disabled in the config. -
Redis_Db
: [BUG-FIX]: Fixed infinite loop when the connection got lost while writing to the database. -
Request
: [BUG-FIX]: Strip attributes from content-type response header, to make sure the mime-type matches correctly when setting a response. -
Session
: [BUG-FIX]: The session handler code has been updated to support PHP7.x. -
Str
: [BUG-FIX]:truncate()
now handles self-closing HTML tags properly. -
Validation
: [BUG-FIX]: Thevalidate()
method now supports array dot-notation to directly access posted array data.
-
Auth
: [BUG-FIX] Fixed PHP notice error when a user object doesn't have a group attached. -
Auth
: [FEATURE] Added group validation to the Auth_User model definition. -
Auth
: [BUG-FIX] Fixed not being able to overload "table_columns" in your app's Auth configuration. -
Email
: [BUG-FIX] The "return-path" is now correctly set in the SMTP driver. -
Email
: [BUG-FIX] Make sure the SMTP connection is correctly terminated after errors. -
Email
: [BUG-FIX] Added validation for file attachments. -
Email
: [BUG-FIX] The "QUIT" command response is made optional, some SMTP servers don't respond but disconnect immediately. -
Oil
: [FEATURE] You can now add a CRLF to console writes to produce multi-line output. -
Oil
: [BUG-FIX] Fixed dumping objects to the console when they have circular references. -
Orm
: [FEATURE] Added support for "HAVING" in the ORM query builder. -
Orm
: [FEATURE] The soft-delete ORM model now has support for "before_purge" and "after_purge" events. -
Orm
: [BUG-FIX] The restore of soft-deleted singular relations has been fixed. -
Orm
: [FEATURE] You can now useDB::expr()
as anorder_by()
clause. -
Orm
: [BUG-FIX] Therelated_class()
now returns the correct information when using short relation notation. -
Orm
: [BUG-FIX] Thediff()
now uses the same comparison logic for "int" and "bool" asis_changed()
. -
Orm
: [FEATURE] Newget_pk_assoc()
method returns an assoc array with the primary keys and their values. -
Parser
: [FEATURE] Added support for Twig v2.x. -
Parser
: [BUG FIX] The extension class for Smarty has been added to the default configuration. -
Parser
: [BUG FIX] You can now overload an already defined extension in your app's parser config file. -
Parser
: [FEATURE] You can now access theSecurity
methodsjs_fetch_token
andjs_set_token
from Twig templates. -
Parser
: [BUG FIX] The default extension for haml files has been changed to '.haml', extensions have to be unique.