Skip to content

Latest commit

 

History

History
797 lines (663 loc) · 58.8 KB

CHANGELOG.md

File metadata and controls

797 lines (663 loc) · 58.8 KB
Raw

Changelog

v1.7

Full List of core changes since 1.6.1

Important fixes, changes, notes. Read them carefully.

  • A fix has been added to deal with PHP bugs #42098/#54054, which cause an SPL autoloader to malfunction when trying to autoload from an exception handler. This will fix erradic "class not found" messages when processing exceptions.
  • File::close_file() was broken when using locking. This has been fixed.
  • Date::test_format() no longer resets the current timezone to UTC.
  • Output buffering is now disabled when in CLI mode. This allows you to get messages from your tasks in realtime, instead of having to wait until the task has finished.
  • A bug in all session drivers (except cookie) that caused the session timestamp not to be updated has been fixed. The session will now not expire as long as there is activity within the expiration timeout.
  • PHP E_ERROR's are now reported as "Fatal error".
  • Profiler data will no longer be added to the output if the request is an ajax call.
  • The finder now checks for "?:" to detect a Windows path, so that one-letter module names can be used in finder filenames ("?:filename").
  • Where relevant calls to file_exists() have been changed to is_file() for performance reasons.
  • Where relevant calls to call_user_func_array() have been changed to call_fuel_func_array(), our internal equivalent which is about 30% faster.
  • Lots of bugfixes in the Auth package, especially in relation to OpAuth and the Ormauth drivers.
  • Lots of bugfixes in the Orm package, especially related to Model_Soft and Model_Nestedset.

Backward compatibility notes

  • The CSV configuration for the Format class has been split into a separate config for imports and exports. Also, the default escape character has been changed from a backslash to a double quote, to be more standards compliant. If your application relies on the backslash, make sure to create a custom format config after you have upgraded.
  • The Redis class has been renamed to Redis_Db, to avoid collisions with the Redis PECL class, which seems to be installed by default on a lot of systems. If the PECL extension is not found, Redis_Db will be aliased to Redis, to make sure existing applications that use the Redis class don't break. If you use the Redis class, it is advised that you change it to Redis_Db.
  • Cookie::set() now returns false when called in CLI mode.

Removed code (because it was deprecated in v1.6 or earlier)

  • The Event::shutdown() method has been removed. This is replaced by two events, 'shutdown' which can be used by applications to run code after the script has finished, and 'fuel-shutdown', which runs after the application shutdown events, will close any open session, and runs the framework cleanup.

Security related

There were two security advisories issued for 1.6.1, which also impact all previous versions (see http://fuelphp.com/security-advisories). These issues are addressed in 1.7, it is strongly advised that you upgrade as soon as possible.

System changes

  • Composer now runs "oil refine install" when you run the initial installation.
  • A web.config file is now included to support rewriting for those using PHP/IIS on Windows.
  • Twitter Bootstrap has been upgraded to 3.0. Check for dependencies with your current code if you upgrade, oil will now generates 3.0 compliant view files.
  • FuelPHP\Upload has been switched to version 2.0.1. If you upgrade, don't forget to change your composer.json and run php composer.phar update.
  • Exception handling in the index.php now resets the main Request, to avoid subsequent Requests to be seen as HMVC calls.
  • index.php now only updates the output with profiling data if the placeholders are present in the output.
  • All code using preg_replace() with the \e modifier has been rewritten to be compliant with PHP 5.5+.
  • Reverse routing now works with regex routes.

Specific classes

  • New Arr::merge_assoc() method as alternative to array_merge_recursive(), which does not alter numeric keys, and does not merge mixed values (see docs).
  • New Arr::reindex() method to recursively reindex an indexed array, or the numeric keys in an assoc array.
  • New Arr::subset() method returns a subset of an array based on a list of (dot-notated) keys.
  • Asset methods css() and js() now allow inline code to be passed as a string.
  • Cache_Storage_Memcached now creates and reuses a single connection to the Memcached server.
  • Cache_Storage_Memcached now supports a relative expiration time, like the native PHP functions.
  • Cache_Storage_Redis now creates and reuses a single connection to the Redis server.
  • Config now has a driver to store config data in a database table.
  • Date has a new emulation function for strptime(), for better Windows support.
  • DB now supports master/slave configurations, completely transparent for the application.
  • DB where() method now has support for DB::expr().
  • DB configuration now has support for speciying the collating sequence.
  • New has_connection() method for DB::instance() to check if a valid DB connection is present.
  • You can now create nameless Fieldset objects.
  • File_Handler_File now has a new method get_path() to retrieve the file's path.
  • New Form::csrf() method to add a hidden field to your form with the CSRF token.
  • Form::select() now allows you to pass a default value via the attributes array.
  • Form::to_xml() now has a configuration option to escape data using CDATA instead of converting to HTML entities.
  • Fuel has improved base_url detection, to work better with installations inside the document root.
  • New Image extension() method to retrieve the extension of the loaded image.
  • Input now supports the HTTP method PATCH.
  • Lang now has a driver to store language data in a database table.
  • Log now tells you why it couldn't open or write to the logfile.
  • Migrate now prints a warning if one or more migration steps were skipped.
  • Mongo_Db now uses the MongoClient class, instead of the deprecated Mongo class.
  • Pagination now casts all numeric values to int after calculation.
  • Pagination now has a __toString() method to render when the object is cast to string.
  • Pagination render methods now correctly use the configured default values when called without arguments.
  • Pagination::render() now has the option to return the raw pagination data array instead of the rendered HTML.
  • New config section for Pagination to support Bootstrap v3.
  • New Redis_Db method psubscribe() allows you to listen and define a callback for every response.
  • Request now writes the request type to the log, together with the requested URI.
  • Request now checks if all required action arguments are present, and throws HttpNotFoundException if not.
  • Response now has an updated HTTP status code list (including the famous 418!).
  • The use of wildcards in a URI for Response::redirect() is now configurable.
  • Security::xss_clean() is now using htmLawed v1.1.16.
  • New options parameter for Security::xss_clean() to pass custom configuration to htmLawed.
  • Security::check_token() now uses Input::param() to fetch the token. This allows HTTP methods other then POST to be secured with a token.
  • New Str::random() feature to generate UUID v4 strings.
  • Uri::segment_replace() now allows you to force the URL scheme to HTTP or HTTPS.
  • New Uri::update_query_string() method allows you to add query string data to an existing URL.
  • Validation::valid_date() will now ensure the date value format is valid.
  • New Validation::get_error_message() to retrieve all or individual error message from validation error objects. This saves you having to loop over the objects in your code to get the messages out.
  • Validation::valid_string() now has support for "brackets" and "braces".
  • Viewmodel::forge() now allows you to pass a custom view name or View object.
  • New Theme::viewmodel() method allows you to create theme aware Viewmodel objects.
  • Upload init method has been modified to make sure uploaded files are not processed twice.
  • New Uri::build_query_string() method to generate a query string from a list of arrays or strings.

Packages

  • Auth: Opauth driver now has a config switch to allow auto registration after OAuth login.
  • Email: Added support for images in base64 encoding.
  • Email: Fixed additional blank line in the mail header causing some mailservers to barf...
  • Email: New getter methods get_from(), get_to(), get_cc(), get_bcc(), get_subject(), get_body() and get_reply_to().
  • Oil: There is now support for the _init() static method for tasks.
  • Oil: test now has (expiremental) support for phpunit.phar.
  • Oil: Scaffolding menu links are now rendered as buttons.
  • Oil: Running create inside a valid FuelPHP installation now displays an error message.
  • Oil: Generating a migration without the correct arguments now fails with an error message.
  • Oil: Scaffolding and Admin scaffolding now generate Bootstrap v3 compliant view files.
  • Oil: New package command generates a skeleton for a new package.
  • Oil: You can now use dashes and underscore in generate field options (p.e. enum values).
  • Oil: All commands now have a help screen.
  • Orm: Observer_Typing now creates an empty array when calling unserialize() on a NULL column value.
  • Orm: get_one() now uses rows_limit(1) when fetching an object with related objects.
  • Orm: New Model_Soft::purge() method allows bypassing the soft-delete functionality and delete an object permanently.
  • Orm: Model::to_object() can now be called with the same arguments as to_array().
  • Orm: group_by() Query method now supports relation name prefixes for column names.
  • Orm: You can now pass additional conditions to a lazy get() of a related object.
  • Orm: Model_Soft now has support for count(), min() and max().
  • Orm: min() and max() results are no longer cast to int, so they can be used on date columns.
  • Orm: Model::to_array() has better object tracking to prevent recursion.
  • Orm: from_array() now has support for the EAV extension. Importing non-model properties will now create EAV records instead of custom data if the model has an EAV container configured.
  • Orm: There is now support for EAV containers in Model_Nestedset.

v1.6

Full List of core changes since 1.5

Important fixes, changes, notes. Read them carefully.

  • This release officially introduces Composer to FuelPHP. You will have to install it, and run a 'php composer.phar update' to pull in any required packages. Without this step, 1.6 WILL NOT WORK!!!
  • Class names in the Auth package have been modified to match FuelPHP coding standards. Check your configuration ('SimpleAuth' is now 'Simpleauth'!) and any class extensions you have made.
  • The Log functionality has been moved back in the core. If you are upgrading from 1.5, please remove the old 'Log' package from the always_load section in your config.php, and remove the package from the packages folder.
  • The environment 'stage' has been renamed to 'staging', the corresponding constant to Fuel::STAGING.
  • You now get a proper error message if your PHP timezone settings are not correctly configured.
  • You now get a proper error message if there is an issue with rights to the log file.
  • All code that creates files or directories has been rewritten to properly set the configured permission mask without using umask(), which is not thread-safe.

Backward compability notes

  • The names of the Auth classes have been changed to comply with FuelPHP coding standards (Auth_Login_Simpleauth instead of Auth_Login_SimpleAuth), this can cause a class-not-found error if you have extended an Auth class in your application.
  • The ORM validation_observer now has multiple events. Do not define it without specifying which events to call, as it would cause validation to be called twice!
  • The Orm behaviour with regards to relation assignments has been changed. Now, when you do an unset(), a set to NULL or array(), or you assign a new value, the previous relation will be unset. Regardless of whether you had fetched that relation or not. This might impact your application if you have used this 'bug' as a shortcut to adding additional objects to an existing relation!

Removed code (because it was deprecated in v1.5 or earlier)

  • Orm: find() and find(null) functionality is now removed. Use query() instead.

Code deprecated in v1.6 (to be removed in the next release)

  • ViewModel: when determining the name of the ViewModel class to load, it will search for classes with and without the 'View_' prefix. This behaviour is deprecated, as of the next release ViewModel classes MUST be in classes/view, and MUST be prefixed with 'View_'.

Security related

  • The default security filters have been removed from the core configuration, to allow you to define your own security filters. Note: if you're migration from previous versions and relied on this default config, make sure your app config file has the default security filters defined!

System changes

  • The Markdown library has been upgraded to 1.2.6.
  • The cache option in the global configuration now correctly caches finder paths to speedup file lookups.
  • Controller methods can now return 'false' or 'array()' as valid values, for use in HMVC requests.
  • Exceptions in shutdown event are now properly caught and handled.

Specific classes

  • Agent: will now re-use an expired download if a new browscap file could not be downloaded.
  • Arr: New search method allows you to search for values in array structures, and get the (dot-notated) key returned.
  • Arr: New unique method allows you to de-dup an array. Like array_unique(), but this one supports objects and closures, and doesn't sort the source array first.
  • Arr: New sum method allows you to sum up specific values in a multi-dimensional array structure.
  • Asset: now generates the correct Asset URL when using a CDN.
  • Controller_Rest: now allows auth checks using a controller method (avoids before() or router() hacks).
  • DB: new identifier method allows you to properly quote an identifier for use in custom queries.
  • DB: the Database_Transaction class that was already deprecated in v1.2 has been removed. All drivers support transactions natively.
  • DButil: now supports the keyword "PRIMARY KEY" on field updates.
  • Cache: index mechanism has been refactored. Dependency checking now works properly when using APC, Memcached or Redis backends.
  • Error: a new configuration option allows you to render already generated output to be shown in error messages via the 'prior output' link, instead of the HTML.
  • File: create_dir method now works properly on Windows.
  • Form: select now doesn't use inline css to generate optgroups unless needed.
  • Fieldset: fixed generation of invalid labels.
  • Html: anchor method now generates URL's without a trailing slash.
  • Input: uri method now works properly on Windows.
  • Lang: delete method now works properly when passing a $group value.
  • Pagination: now generates the last link correctly.
  • Profiler: DB query profiling now includes a stack trace for every query to make it easier to find it in your code.
  • Router: now supports protocol specific routes (http/https) in verb based route notation.
  • Upload: has been rewritten to use the FuelPHP v2 composer library.
  • Viewmodel: now calls before before rendering the view, instead of when constructing the object.
  • Viewmodel: ViewModel class name is now correctly determined from the passed view name.
  • Viewmodel: Will now look in the global namespace for the ViewModel class if called from a module and not found in the module namespace.

Packages

  • Auth: Class names have been modified to match FuelPHP coding standards.
  • Auth: update_user now verifies if the new email address is unique before updating it.
  • Auth: Number of PBKDF2 iterations can now be configured in the auth config file.
  • Auth: Multiple concurrent user logins can now be configured through the driver configuration file.
  • Auth: Auth login drivers now set 'updated_at' correctly.
  • Auth: new get method allows unified access to all user properties.
  • Auth: new groups method which returns the list of all defined groups.
  • Auth: new roles method which returns the list of all defined roles.
  • Auth: new 'Ormauth' driver set that uses the database through ORM as datastore.
  • Auth: Package now contains migrations for both Simpleauth and Ormauth.
  • Auth: New 'Simple2Orm' task can migrate your existing Simpleauth config to Ormauth.
  • Email: Attachments can now be named.
  • Log: The Log package, introduced in 1.5 as a temporary solution, has been removed again.
  • Oil: Fixed redirect loop in the generated admin backend code.
  • Oil: Improved exception handling and reporting.
  • Oil: Added support for ORM soft-delete models.
  • Oil: Modified the scaffolding templates to work better with bootstrap.
  • Oil: New commandline options for PHPunit allow for more granular testing and logging.
  • Orm: Validation observer now supports 'before_insert' and 'before_update'.
  • Orm: Now correctly resets foreign keys if cascade_delete is false.
  • Orm: Added view support to count(), min() and max() queries.
  • Orm: min() and max() now return integers instead of strings.
  • Orm: Added temporal support (data versioning).
  • Orm: You can now test for existence of EAV attributes using isset().
  • Orm: Validation observer can now validate on insert and update too.
  • Orm: It is now allowed for models to have a FK as part of the PK.
  • Orm: You can now order a many_many result on an attribute in the through table.
  • Orm: You can now pass custom (non-column) data when forging a new model object.
  • Orm: Current relations are now properly unset when using unset() or a new assignment.
  • Orm: from_array now returns $this so you can chain on it.
  • Orm: from_array now allows you to load custom data.
  • Orm: from_array now allows you to load related objects from a multidimensional array.
  • Orm: Several speed improvements in Observer_Typing.
  • Orm: Observer_Typing float conversions are now locale aware.
  • Orm: Observer_Typing now uses property defaults on null values if defined.
  • Orm: Observer_Typing can now handle MySQL '0000-00-00 00:00:00' datetime values.
  • Orm: new from_cache method allows you to enable/disable object caching on a query.
  • Orm: 'join on' now works correctly as documented.
  • Orm: 'order_by' now works correctly when a subquery is generated.
  • Orm: is_changed now does loose-typing, so 1 => '1' doesn't trigger an update query anymore.
  • Parser: Added support for mthaml (HamlTwig)
  • Parser: Switched to using Composer for smarty, mustache, mthaml and twig template engines.
  • Parser: Markdown has been upgraded to 1.2.6.

v1.5

Full List of core changes since 1.4

Important fixes, changes, notes. Read them carefully.

  • The "Undefined constant MYSQL_ATTR_COMPRESS" issue that pops up under certain conditions has been fixed.
  • It has been reported that under certain circumstances there might be issues with serialized data stored in the Auth user table, field "profile_fields", and the "payload" field in the sessions table. It is strongly advised to define those columns as "blob" to avoid these issues.
  • A new Log package has been introduced in preparation for the transition to 2.0, which replaces the Log class.

Backward compability notes

  • Uri::to_assoc() no longer throws an exception with uneven segments, but returns null as value of the last segment
  • ORM Model::find() no longer accepts null as only parameter. If you want to use that, you are now REQUIRED to also pass the options array (or an empty array).
  • Sessions have been refactored, all validation and validation data has been moved server side. Because of this, pre-1.5 sessions are not longer compatible.
  • The Log class has been removed and replaced by the log package. If you have extended the Log class in your application, you will have to extend \Log\Log instead, and check the compatibility of your changes. If they are about logging to other locations, you might want to look into the Monolog stream handlers instead.

Removed code (because it was deprecated in v1.4 or earlier)

  • ORM Model::find() can no longer be used to construct queries using method chaining. Use Model::query() instead.

System changes

  • Controller_Hybrid: Now sets the correct content-type header on empty responses.
  • Controller_Rest: Now sets the correct content-type header on empty responses.

Specific classes

  • Agent: Will now honour 301/302 redirects when trying to fetch the browscap file.
  • Arr: New filter_recursive method, a recursive version of PHP's array_filter() function.
  • Debug: dump() method now html encodes string variables.
  • Debug: dump() and inspect() can now be styled using CSS (a classname has been added to the div).
  • Fieldset: New set_tabular_form() method allows creation of one-to-many forms.
  • Fieldset: New get_tabular_form() method to check if a fieldset defines a tabular form.
  • Image: New flip() method for vertical/horizontal image flipping.
  • Inflector: friendly_title() now has an option to deal with non-ascii characters.
  • Inflector: pluralize() now has an count parameter to return a singular value if the count is 1.
  • Migrate: Now allows you to define the DB connection to be used for migrations in the global migrations config file.
  • Model_Crud: Now has a $_write_connection property to support master/slave database setups.
  • Mongo_Db: Will now log it's queries to the profiler if enabled.
  • Mongo_Db: Now has a method get_cursor() to directly get a mongodb cursor.
  • Pagination: Now support pagination using a Query String variable.
  • Pagination: Now has support for first/last page links.
  • Response: Will now add a "Content-Length" header when generating the output.
  • Session: Now correctly erases the session cookie on a destroy.
  • Session: Now silently (re)creates the session if data is present by no session is created.
  • Session: Cookie encryption can now be disabled using a session configuration key.
  • Session: Session cookie now only contains the session id. Validation now happens with server-side data.
  • Session: New configuration key expire_flash_after_get controls get_flash() expiration.
  • Session: get_flash() now has to override the configured flash variable expiration rules.
  • Session: set_flash() now has to partial array dot-notation support.
  • Uri: to_assoc() now accepts a start parameter allowing you to skip leading segments.
  • Validation: Now has a new built-in rule 'numeric_between' allowing you to specify a range.
  • Database_Query_Builder_Join: Now supports both AND and ON chaining of join condition.

Packages

  • Orm: Supports the new tabular form fieldset in it's models.
  • Orm: find() options array now has support for 'group_by'.
  • Orm: New Model_Soft implements soft-delete functionality (thanks to Steve West).
  • Orm: from_array() can now also populate related objects.
  • Orm: Model now has a $_write_connection property to support master/slave database setups.
  • Oil: oil install now installs packages without 'fuel_' prefix too.
  • Oil: scaffolding now supports subdirectories.
  • Oil: Now has a config file that allows you to configure the location of phpunit.
  • Oil: Now has a task fromdb that can generate models, migrations, scaffolding or admin from an existing database.
  • Parser: Twig driver has been updated to work with Twig v1.12.0.

v1.4

Full List of core changes since 1.3

Important fixes or changes

  • fixed DB class error about missing PDO::MYSQL_ATTR_COMPRESS constant
  • you are now REQUIRED to set a correct php timezone. The FuelPHP default value of 'UTC' has been removed, as it would cause date conversion errors that are difficult to find. Most notable, you will have issues with session and cookie expiration.
  • ALL default configuration has been moved to core/config. Only use the app/config folder for application specific overrides of default values, or for custom configuration.

Backward compability notes

This release features a new Pagination class that isn't completely backward compatible with the API from previous versions. We have put a lot of effort in emulating the old behaviour of the class, but as PHP doesn't support magic getters/setters for static properties, you'll have to replace those in your code manually when you upgrade to v1.4. The required changes can be found in the documentation.

Removed code (because it was deprecated in v1.3)

  • Removed "auto_encode_view_data" config key, deprecated in v1.2
  • Fuel: Removed Fuel::add_module(), deprecated in v1.2. Use Module::load() instead.
  • Fuel: Removed Fuel::module_exists(), deprecated in v1.2. Use Module::exists() instead.
  • Theme: Removed $theme->asset(), deprecated in v1.2. Use $theme->asset_path() instead.
  • Theme: Removed $theme->info(), deprecated in v1.2. Use $theme->get_info() instead.
  • Theme: Removed $theme->all_info(), deprecated in v1.2. Use $theme->load_info() instead.
  • Orm\Model : Removed $model->values(), deprecated in v1.3. Use $model->set() instead.

Code deprecated in v1.4 (to be removed in the next release)

  • Redis: Redis::instance() will no longer create new objects. Use Redis::forge() for that.
  • Orm\Model: Using the find() method without parameters is deprecated. Use query() instead.

System changes

  • Config and Lang loading with forced reload now bypasses the file cache and always reload.
  • Controller_Hybrid: Is now fully hybrid, with support for get/post methods, and no longer restricted to ajax calls when returning json.
  • Fieldset, Form and Validation now have full support for input tags using array notation.
  • Input and Route now support a new configuration key routing.strip_extension to control wether or not the extension must be stripped from the URI.
  • Lang: fixed double loading of language files when the active and fallback language are the same.
  • Pagination: Class completely rewritten, now with instance and template support.
  • Uri: Has improved extension processing, and now handles dots in URI parameters correctly.
  • The active language is now a per-request setting instead of a global setting. Changing it in an HMVC request will no longer affect the language setting of the parent request.

Specific classes

  • Arr: New filter_suffixed() method to filter an array on key suffix.
  • Arr: New remove_suffixed() method to remove keys from an array based on key suffix.
  • Asset: DOCROOT can now be specified as the asset root path (by using "").
  • Controller_Rest: Now allows you to specify a basenode when returning XML.
  • DB: select() now has an option to reset previous selects.
  • DB: Added error_info() to return information about the last error that occurred.
  • DB: join() can now be used without conditions for a full join.
  • DB: group_by() now supports passing an array of columns.
  • Fieldset: New enable()/disable() methods to control which fields will be build.
  • Fieldset: New get_name() method allows retrieval of the fieldset object name.
  • Fieldset: set_config() and get_config() now support dot-notation for accessing config values.
  • Finder: Fixed PHP notices after removing a finder search path.
  • Format: Added JSONP support.
  • FTP: Now supports a timeout on the connect.
  • Image: Fixed forcing an image extension when using ImageMagick.
  • Inflector: friendly_title() now has the option not to filter non-latin characters.
  • Input: Fixed skipping IP validation when reserved_IP ranges were excluded.
  • Lang: Now supports multiple languages concurrently. Loaded files for a given language code will no longer be overwritten when you switch the active language.
  • Lang: load() method now also returns the loaded group on subsequent calls.
  • Markdown: Has been upgraded to v1.2.5.
  • Migrate: Fixed PHP notice when a non-existent package was specified.
  • Migrate: An up or down migration can now be rejected by returning false.
  • Migrate: Added support for processing out-of-sequence migrations.
  • Redis: Now has a forge() method to create multiple instances.
  • Redis: Added support for Redis authentication.
  • Response: If the body contains an array it will be converted to a string representation before outputting it.
  • Response: redirect() now supports wildcards in the URL.
  • Router: Re-introduced support for routing using URI extensions.
  • Session: Fixed passing a session cookie via POST to allow access to the session by flash objects.
  • Session: Added support for dot_notation to get_flash().
  • Session: Fixed flash variables not being stored when retrieved in the same request.
  • Session: Fixed session key data not available for new sessions until after a page reload.
  • Str: Now has an is_xml() method.
  • Theme: Is now module aware, and can prefix view paths with the current module name.
  • Upload: process() now throws an exception if $_FILES does not exist (due to missing form enctype)
  • Uri: New segment_replace() method allows for replacement of wildcards by current segments.
  • View: get() now returns all variables set when no variable name is given.
  • Viewmodel: get() now returns all variables set when no variable name is given.

Packages

  • Auth: No changes.
  • Email: Added a Noop dummy driver, which can be used to prevent test emails going out.
  • Oil: Added "generate TASK" option to generate task classes.
  • Oil: Added support for Viewmodels to scaffolding.
  • Oil: Fixed errors on false results in the console.
  • Oil: Added support for "drop_{field}from{table}" to migrations.
  • Oil: oil -v now also displays the current environment setting.
  • Oil: New --singular option to force the use of singular names in scaffolding.
  • Orm: Fixed PK overwrite issue when PK is not auto_increment.
  • Orm: Observer_Slug now supports the before_update trigger.
  • Orm: Added support for filter conditions to the model through the $_conditions property.
  • Orm: Fixed incorrect sequence of multiple order_by() clauses.
  • Orm: Implemented full support for partial selects.
  • Orm: Fixed circular reference problem when using to_array() with included relations that self reference.
  • Orm: get_one now uses rows_limit() instead of limit() when set.
  • Orm: Model objects now support custom properties
  • Orm: Added support for custom properties to to_array()
  • Orm: is_changed() now deals better with null values.
  • Orm: Introduced support for EAV containers (emulation of EAV via one or more related tables)
  • Orm: get_diff() now deals better with unset relations.
  • Orm: Relations of new objects can now be fetched if the FK is known.
  • Orm: Added support for group_by().
  • Parser: forge() functionality now equals that of View::forge().
  • Parser: Markdown has been upgraded to v1.2.5.

v1.3

Full List of core changes since 1.2

Removed code (because it was deprecated in v1.2)

  • Controller: Deprecated $response property has been removed from all base controller classes. All controller actions now HAVE TO return their results, either a Response object, or something that can be cast to string. If you are still on pre v1.2 controller code, your application will NO LONGER work after the upgrade to v1.3.

Code deprecated in v1.3 (to be removed in v1.4)

  • Orm: Model method values() has been deprecated. Use set() instead.

Security related

  • PHPSecLib: Has been updated to v0.2.2.
  • HTMLawed: Has been updated to v1.1.12.

System changes

  • Debug_: You can now modify the default display behaviour of dump() through Debug::$js_toggle_open.
  • Upload: Now allows you to set custom messages in validation callbacks.
  • Config: Config::load now always returns the loaded configuration.
  • Pagination: Now uses anchors for all pagination enties, which allows for better styling.

Specific classes

  • Arr: Arr::pluck has been added.
  • Arr: Arr::remove_prefixed has been added.
  • Arr: Arr::insert_assoc has been added.
  • Asset: Has been updated to work better on Windows.
  • Asset: Asset::find_file has been added.
  • Asset: Asset::add_type has been added.
  • DB: DB::in_transaction has been added.
  • DB: Added support for compressed MySQL connections through the new compress config key.
  • Error: PHP notices/warnings/errors are now caught and thrown as an Exception.
  • Event: The Event class has been converted to be instance based.
  • Fieldset: You can now choose to overwrite existing options when using set_options.
  • File: download() has been made to work when shutdown events are defined that set headers.
  • Image: New option on load() to force a file extension.
  • Format: CSV file handling has been improved.
  • Log: Now supports custom log levels.
  • Log: Now allows you to configure an array of specific log levels to log.
  • Migrate: Now supports multiple package paths.
  • Mongo_Db: Mongo_Db::get_collection has been added.
  • Pagination: Added attrs keys to the configuration to define custom anchor attributes.
  • Redis: Added support for connection timeouts through the new timeout config key.
  • Str: Str::starts_with has been added.
  • Str: Str::ends_with has been added.
  • Str: Str::is_json has been added.
  • Str: Str::is_html has been added.
  • Str: Str::is_serialized has been added.

Packages

  • Auth: get_profile_fields() now allows you to fetch a single profile field.
  • Email: New NoOp email driver allows testing without sending emails out.
  • Oil: Now returns a non-zero exit code on failures.
  • Oil: Added support for PHPunit clover, text and phpformat Code Coverage methods.
  • Orm: New model method register_observer() and unregister_observer() to define new observers at runtime.
  • Orm: Added support for where and order_by clauses to relation conditions.
  • Orm: set() method has been updated to provide the same API as Model_Crud.
  • Orm: PK's are now typecast on retrieval if a type has been defined in the properties.
  • Orm: Update query code has been improved for better support of PostgreSQL.
  • Parse: Smarty driver now supports the plugin_dir path.

v1.2

Full List of core changes since 1.1

Removed code (because it was deprecated in v1.1)

  • All factory() methods. The have been replaced by forge().
  • Agent::is_mobile(). Replaced by is_mobiledevice().
  • Arr::element(). Replaced by get().
  • Arr::elements(). Replaced by get().
  • Arr::replace_keys(). Replaced by replace_key().
  • Controller::render(). Is no longer used as actions need to return a Response object now.
  • Database_Connection::transactional(). Was already a NOOP.
  • DB::transactional(). Called Database_Connection::transactional().
  • Fieldset::errors(). Replaced by error().
  • Fieldset::repopulate(). Undocumented parameter was removed, functionality is offered by populate().
  • Fuel::find_file(). Replaced by Finder::search().
  • Fuel::list_files(). Replaced by Finder::instance()->list_files().
  • Fuel::add_path(). Was used by find_file(), no longer needed.
  • Fuel::get_paths(). Was used by find_file(), no longer needed.
  • Fuel::add_package(). Replaced by Package::load().
  • Fuel::remove_package(). Replaced by Package::unload().
  • Fuel_Exception class. Replaced by FuelException.
  • Input::get_post(). Replaced by param().
  • Lang::line(). Replaced by get().
  • Request404Exception class. Is replaced by HttpNotFoundException.
  • Uri properties $uri and $segments are now protected. Use Uri::get() and Uri::get_segment() or Uri::get_segments().
  • Validation::errors(). Replaced by error().
  • Viewmodel property $_template. Is replaced by $_view.
  • Viewmodel::set_template(). Replaced by set_view().

Code deprecated in v1.2 (to be removed in v1.3)

  • Pagination: Class will be removed and replaced by a new Paginate class.
  • Fuel::add_module(). Is replaced by Module::load().
  • Fuel::module_exists(). Is replaced by Module::exists().
  • Theme::asset(). Replaced by asset_path().
  • Theme::info(). Replaced by get_info().
  • Theme::all_info(). Replaced by load_info().

Security related

  • Security class now requires you to define the security.output_filter application config setting. An exception is thrown if it isn't present.
  • Security::htmlentities() now defaults to use ENT_QUOTES instead of ENT_COMPAT as flag. This is configurable in the second argument for the method and the default can be overwritten in config as security.htmlentities_flags.

System changes

  • Controller: action methods, or the controllers after() method if present, now must return a Response object.
  • Controller: before() and after() methods are now optional, as documented.
  • Controller_Hybrid: combines Controller_Template and Controller_Rest in a single base controller for mixed HTTP and REST responses.
  • Controller_Rest: added a fallback to "action_" when no HTTP method action is found.
  • Controller_Rest: you can now define custom HTTP status codes.
  • Controller_Template: the $auto_render setting has been removed, to prevent rendering return whatever you want to use instead.
  • Database: The PDO driver now supports list_columns().
  • Module: new Module class to load or unload modules.
  • Uri: the URL extension is no longer part of the URI. A new extension() method allows you to fetch it.
  • Request: Request_Curl now properly deals with succesful requests that return a 4xx or 5xx HTTP status.
  • Request: Request_Curl and Request_Soap now supports returning header information. A get_headers() has been added to fetch them manually.
  • Router: can now be configured to treat URI's without regards to case.

Specific classes

  • Arr: Arr::to_assoc() now throws a BadMethodCallException on bad input.
  • Arr: Arr::assoc_to_keyval() now requires all parameters and first parameter must be an array or implement Iterator.
  • Arr: Added reverse_flatten(), is_assoc() and insert_before_key() methods.
  • Arr: Added in_array_recursive() to do a recursive in_array() lookup.
  • Asset: Separated into the static front (Asset) and dynamic instance (Asset_Instance).
  • Asset: Separated into the static front (Asset) and dynamic instance (Asset_Instance).
  • Asset: css(), js() and img() methods are now chainable.
  • Asset: you can now specify a URL as location, for CDN support.
  • Asset: new fail_silently config value allows you to skip missing assets.
  • Cli: now supports ANSICON on Windows for colored commandline output.
  • Config: is now driver based to support php, ini, yaml and json type configs.
  • Config: now allow you to load a file by FQFN.
  • Cookie: all cookie data can now be fetched like Input class does.
  • Date: All fuel notices have been replaced by UnexpectedValueExceptions.
  • Date: On windows an extra fallback has been added for the create_from_string() method.
  • Date: new display_timezone()' and get_timezone_abbr()`, and changes to support working with multiple timezones.
  • DB: cache() now has the option not to cache empty resultsets.
  • DB: where() do now support closures to specify the where clause.
  • DB: Update now supports limit() and order_by().
  • DB: now tries to reconnect when a disconnected DB connection is detected.
  • DButil: create_database() now supports 'IF NOT EXIST'.
  • DButil: Better support for the CONSTRAINT keyword.
  • DButil: new add_foreign_key() and drop_foreign_key() methods.
  • Event: shutdown events are now also executed after exit and die statements.
  • Fieldset: added set_fieldset_tag() to define the fieldset tag. Fieldset: added add_before() and add_after() methods to insert a new field before/after a specific field.
  • Fieldset_Field: added add_description() method and {description} tag to templates.
  • Fieldset_Field: added add_error_message() method to create error message overwrites per field.
  • File: download() now allows you to continue processing after calling it.
  • Form: Separated into the static front (Form) and dynamic instance (Form_Instance).
  • Inflector: now supports Hungarian accepted characters when converting to ascii.
  • Input: method() now supports the X-HTTP-Method-Override header.
  • Input: new json() and xml() methods to fetch json or xml from the HTTP request body.
  • Lang: load() method now supports overwriting when merging language files.
  • Lang: now allow you to load a file by FQFN.
  • Lang: is now driver based to support php, ini, yaml and json type language files.
  • Lang: language files can now be saved (as php, ini, yaml or json) using save().
  • Migrate: now tracks individual migrations, so they don't have to have a sequence number anymore.
  • Model_Crud: now supports created_at and updated_at fields, like ORM\Model does.
  • Model_Crud: now has full callback support.
  • Model_Crud: you can now run validation separately (::validates) and skip validation when saving a model.
  • Profiler: profiler logging methods are now NO-OP's when the profiler is not loaded.
  • Profiler: now writes it's output under the page content, instead of using an overlay.
  • Session: Added session task to create and remove sessions table.
  • Session: New sessions are not saved until there is data present in the session.
  • Theme: Separated into the static front (Theme) and dynamic instance (Theme_Instance).
  • Theme: now supports installation outside the docroot (for views).
  • Theme: now uses the Asset class to load theme assets.
  • Theme: instances now support templates, template partials and partial chrome templates.
  • Validation: You can now disable fallback to global input using the 'validation.global_input_fallback' config setting.

Packages

  • Auth: Auth login drivers no have a validate_user method to validate a user/password without setting up a logged-in session.
  • Auth: SimpleAuth SimpleUserUpdateExceptions are now numbered to be able to identify the exact error after catching the exception.
  • Email: Now handles SMTP timeouts properly.
  • Email: You can now specify the return address.
  • Email: Now handles BCC lists correctly when using SMTP.
  • Email: Respects new lines in alt body better.
  • Email: You can now specify the return address.
  • Oil: Use phpunit.xml from APPPATH if present when running unit tests.
  • Oil: Reinstated oil package command to install packages from git repositories.
  • Oil: You can define the environment the command has to run in using the -env commandline switch.
  • Oil: Scaffolding now supports both Model_Crud and Orm\Model.
  • Oil: Scaffolding now supports adding created-at and updated-at.
  • Oil: Scaffolding now supports skipping the creation of a migration file using -no-migration.
  • Oil: There is now a core task to generate the table for the database session store.
  • Orm: New model method is_fetched() checks if relation data is fetched without triggering a new query.
  • Orm: Validation section of the properties has a new key skip to indicate the field should not be validated.

v1.1

Full List of core changes since 1.0.1

System changes

  • Deprication of Request::show_404(), replaced with throw new HttpNotFoundException that has a handle method to show the 404
  • Support for handle() method that is run when an exception isn't caught before Error::exception_handler() catches it.
  • Support for special _404_ route now in public/index.php thus no longer part of the core but still supported as a 'official default'
  • Closures are now also supported in routes, thus routing to a Closure instead of a controler/method uri. Also added support for any type of callable in Route extensions you write yourself.
  • Closure support in all getters & setters: if you get a value and also input a default the default can also be a Closure and you'll get the result of that. For setters the input can also be a closure and the result of the Closure will be set. (except for View::set() as one might want to pass a closure to the View)
  • Moved the Environment setting from the app/config/config.php file to the app/bootstrap.php file.
  • All factory() methods have been renamed to forge(). This name better states the method's function. The factory() methods are still there for backwards compatibility, but are deprecated and will log warning messages when used.
  • The $this->response Response object is now deprecated. Your action methods should return either a string, View object, ViewModel object or a Response object.
  • Added the fuel/app/vendor directory to the default install.
  • You can now have an unlimited number of sub-directories for your controllers. (e.g. classes/controller/admin/users/groups.php with a class name of Controller_Admin_Users_Groups would be at site.com/admin/users/groups)
  • There is no longer a default controller for directories. It used to be that going to something like site.com/admin would bring up Controller_Admin_Admin in classes/controller/admin/admin.php. Now you must place that controller at it's expected location classes/controller/admin.php with a name of Controller_Admin.
  • A Controller::after() method now gets passed the response of the controller, it must return that response (or modified) as well.
  • Added new function get_real_class() to which you can pass a classname and it will return the actual class, to be used on classes of which you're not sure whether it is an alias or not.
  • Module routes are prepended to the routes array when Fuel detects the fist URI segment as a module, therefor parsing them before an (:any) route in the app config.
  • Config is now environment aware and allows partial/full overwriting of the base config from subdirectories in the config dir named after the environment.
  • Added a new Theme class. It allows you to easily add Theme support to your applications.
  • Fuel_Exception has been renamed to FuelException
  • Fuel::find_file() and related methods are now deprecated. Use the Finder class instead (e.g. Finder::search()).
  • Migrations are now supported in Modules and Packages
  • Routing has 3 new shortcuts:
    • :almun matches all utf-8 alphabetical and numeric characters
    • :num matches all numeric characters.
    • :alpha matches all utf-8 alphabetical characters
  • Put the Autoloader class into Fuel\Core to allow extending it, it must now be required in the app bootstrap file which is also the location where you must require your own extension.

Security related

  • Added Fuel's own response object class Fuel\Core\Response to default whitelist in app/config/config.php of objects that aren't encoded on output by the View when passed.
  • The security.auto_encode_view_data config option in app/config/config.php has been renamed to security.auto_filter_output.
  • stdClass was part of the default whitelisted classes from output encoding, this was a bug and it has been removed.

Specific classes

  • Arr: Added methods Arr::get(), Arr::set() and Arr::prepend().
  • Arr: Arr::element() and Arr::elements() have been deprecated. Use the new Arr::get() instead.
  • Database: Using transactions will no longer prevent exceptions, exceptions are thrown and should be handled by the dev. The Database_Transaction class has been deprecated as it has little use because of this change.
  • File: File::read_dir() (and related methods on Area and Directory handler) now return dirnames with directory separator suffix
  • Fieldset_Field: Parsing of validation rules has been moved from Fieldset_Field::add_rule() to Validaton::_find_fule(), from the outside the method still works the same but notices for inactive rules are now only shown when running the validation.
  • Form: Added inline error reporting, which must first be switched on in config and will replace an {error_msg} tag
  • Form: New default form template which puts it inside a table.
  • Fuel: Added Fuel::value() which checks if the given value is a Closure, and returns the result of the Closure if it is, otherwise, simply the value.
  • Image: No longer throws Fuel_Exception for any type of exception but instead RuntimeException, InvalidArguementException and OutOfBoundsException where appropriate.
  • Input: Input::post(null) doesn't work to get full post array anymore, just Input::post() without params - same for all other Input methods
  • Input: Input::get_post() has been deprecated and replaced by Input::param(). It now also includes PUT and DELETE variables.
  • Input / Uri: Uri::detect() moved to Input::uri() as it is part of the input and thus should be part of the input class
  • Request: You can now also do external requests through the Request class, for now only a curl driver: Request::forge('http//url', 'curl') or Request::forge('http//url', array('driver' => 'curl', 'method' => 'post', 'params' => array()).
  • Validation: Validation::errors() is depricated and replaced by singular form Validation::error() to be more in line with other class methods
  • Validation: New 3rd parameter added to Validation::run() that allows adding callables for the duration of the run.
  • View: The view class has been refactored and works much better now. Output filtering is vastly improved.
  • View: View::capture() has been split into two protected instance methods: process_file() and get_data(). You will need to update your View class extensions.
  • View: View::$auto_encode has been removed. It has been replaced but auto_filter, which is per-view instance.
  • ViewModel: Refactored the class internals to work more transparently with the View.
  • ViewModel: Deprecated $this->_template and renamed it to $this->_view.
  • ViewModel: Updated to work with the refactored View class. Added $this->bind().
  • ViewModel: Deprecated $this->set_template() and renamed it to $this->set_view().
  • Html: Removed (not deprecated) the following methods: Html::h(), Html::br(), Html::hr(), Html::nbs(), Html::title(), Html::header(). You should simply write the HTML yourself.
  • Config: Added Config file drivers for PHP, INI, JSON and Yaml. They are detected by file extension (e.g. Config::load('foo.yml') will load and parse the Yaml).

Packages

  • Auth: Renamed default table name from simpleusers to users.
  • Auth: Added config options for DB connection and table columns used for fetching the user.
  • Auth: Removed default config for groups & roles in simpleauth.php config file, only commented out examples left.
  • Orm: Lots of tweaks to Observer_Validation related to changes to Validation & Fieldset_Field classes. Also changed it to only save properties that are actually changed.
  • Orm: The ValidationFailed thrown when the Observer_Validation fails now includes a reference to the Fieldset instance that failed: $valfailed->get_fieldset();
  • Orm: Added support for changing the type of join used when fetching relations, example: Model_Example::query()->related('something', array('join_type' => 'inner'))->get();
  • Orm: Observers are no longer singleton but one instance per model with per model settings, check docs for more info.
  • Parser: Added Parser package to the default install.
  • Parser: Mustache is now part of the Parser package by default. Version 0.7.1.
  • Email: The Email package is added.

v1.0

Core

Full Changelog

Auth

Full Changelog

Oil

Full Changelog

Orm

Full Changelog

v1.0-RC3

Core

Full Changelog

Auth

Full Changelog

Oil

Full Changelog

Orm

Full Changelog

v1.0-RC2.1

Core

  • Fixed a security issue where the URI was not being properly sanitized.

v1.0-RC2

Core

  • oil refine install now makes the config directory writable. (Dan Horrigan)
  • Added auto-id to select fields (Kelly Banman)
  • Fixed typo in ::analyze_table (Frank de Jonge)
  • replaced the regex that processes :segment in the Route class. closes #33. (Harro Verton)
  • Closes #31: logic error caused the Crypt class to update the config when nothing is changed. (Harro Verton)
  • Fixed up XML output so that singular versions of basenode names are used when a numeric value is provided as a key.XML doesn't like numeric keys and item, item, item is boring. Also moved formatting logic out of the REST library. (Phil Sturgeon)
  • Added Format::to_php(). (Phil Sturgeon)
  • Updated Form config file to work with the Form class we've had for the past 3 months (oops). Fixes #93 (Jelmer Schreuder)
  • Fixes #115: Form::button() now produces a <button> tag instead of <input> (Harro Verton)
  • Fixed #116: Throw an error if File::update can't open the file for write (Harro Verton)
  • Added a check to File::open_file() to make sure $resource is a valid resource before we attempt to flock() (Harro Verton)
  • Fixed badly named variable in profiler. (Phil Sturgeon)
  • Show full file paths in the Install task. No security concern if you're already in the terminal. (Phil Sturgeon)
  • Fixed bug in \Date::create_from_string() where the date produced would always be exactly one month behind the actual date. (Ben Corlett)
  • updated the Crypt class to make the generation of the random keys more secure (Harro Verton)
  • fixed error in Fuel::find_file(), causing a PHP notice on repeated finds (Harro Verton)
  • The DBUtil class now respects the table prefix if set (Fixes #103). (Dan Horrigan)
  • If an empty string is passed to Format::factory('', 'xml') it will no longer error, just return an empty array. (Phil Sturgeon)
  • Added PHPSecLib to vendor to provide encryption features if no crypto is available in PHP. (Harro Verton)
  • Rewritten the crypto class to use AES256 encryption, and a HMAC-SHA256 tamper validation hash. (Harro Verton)
  • Added Redis to the bootstrap. (Jelmer Schreuder)
  • Made Inflector::camelize() return camelcased result again but the Inflector::classify() won't use it anymore and still respect underscores. (Jelmer Schreuder)
  • Allow setting labels as array including attributes instead of just tring in form->add (Jeffery Utter)
  • Fix Date class. strptime returns years since 1900 not 1901. Dates were a year in the future. (Jeffery Utter)
  • Options wasn't being passed when adding a radio.. thus it wasn't making all the separate fields. (Jeffery Utter)
  • fixes bug #96: advanced regex must use non greedy match to properly match segments (Harro Verton)
  • fixes bug #99: PHP notice due to not-initialized property (Harro Verton)
  • Using memory_get_peak_usage() instead of memory_get_usage() for more reliable memory reporting. (Jelmer Schreuder)
  • Form generation: Fixed issue with "type" attribute set for textareas and selects. Also prevented empty for="" attributes by ignoring null values. (Jelmer Schreuder)
  • Moved page link creation into separate method for more flexibility (Kelly Banman)
  • fixed broken database profiling (Harro Verton)
  • Input::real_ip() now returns "0.0.0.0" if IP detection fails (Harro Verton)
  • Bugfix: hidden inputs created with the Fieldset class caused unending loops. (Jelmer Schreuder)
  • Fixed a bug that caused the image library to refuse all image types. (Alexander Hill)
  • Corrected typos in the image class. (Alexander Hill)
  • Fuel::find_file() now caches files found per request URI, instead of a global cache. (Harro Verton)
  • Fixed a bug in the response constructor. Response body was not setting. (Dan Horrigan)
  • Bugfix: Fieldset::build() didn't match Form::build() for which it should be an alias. (Jelmer Schreuder)
  • Changed Controller_Rest formatting methods from private to protected so they can be extended (Tom Arnfeld)
  • Improved the Fieldset::repopulate() method to also take a Model or array instead of using the POST values. Will accept any array, ArrayAccess instance, Orm\Model or object with public properties. (Jelmer Schreuder)

Auth

  • Fixed an issue with the casing of the Simple-driver classnames. (Jelmer Schreuder)
  • Fixed small bug in Auth check method. (Jelmer Schreuder)
  • Bugfix: ACL rights merging went wrong because the base was a string instead of an array. (Jelmer Schreuder)

Oil

  • Updated scaffolding to work better with the new ORM package. Fix #81.
  • Suppress the error message for PHPUnit in oil, if it can't load the file from include it should just error as usual. (Phil Sturgeon)
  • Fixed PHPUnit, said it wasn't installed when it was. (Phil Sturgeon)
  • Fix #85: Scaffolding still referred to ActiveRecord instead of Orm. (Phil Sturgeon)

Orm

  • Added to_array() method to export current object as an array. Improved ArrayAccess and Iterable implementation to work with relations. (Jelmer Schreuder)
  • Finished the unfinished __clone() method. (Jelmer Schreuder)
  • Fixes #84 - now an exception is thrown when an invalid Model classname is given to a relation. (Jelmer Schreuder)
  • Implemented __isset() and __unset() magic methods for Orm\Model (Jelmer Schreuder)
  • Moved Query object creation into its own method to allow the more accurate Model_Example::query()->where()->get(). (Jelmer Schreuder)
  • order_by() didn't return $this with array input. (Jelmer Schreuder)
  • Fixed issue with constructing new models without adding properties. (Jelmer Schreuder)