Skip to content

Changelog v1.8.0 hotfix 4

Jump to bottom
Harro Verton edited this page Jan 15, 2017 · 2 revisions

Security related

  • [SEC-CORE-007]: Filenames in ImageMagick were passed to exec() without proper escaping.
  • VENDORPATH is now also stripped from generated profiler and error output, to prevent path exposure.

The the website for more information about reported security issues and their status.

System changes

  • Fuel now uses version 1.4.0 of the PHP-Markdown composer package.

Specific classes

  • Asset: [BUG-FIX]: The "always_resolve" config should only apply to local assets.
  • Asset: [BUG-FIX]: Make sure a passed data type is not overwritten.
  • DB: [BUG-FIX]: PDO attributes passed on in the "attrs" config key are no longer ignored.
  • DB: [FEATURE]: You can now use DB::expr() and sub-queries as argument for a join().
  • DB: [FEATURE]: DB::expr() and sub-queries now properly support defined table aliases.
  • Cli: [FEATURE]: CLI scripts now exit with exit code 1 on fatal errors.
  • File: [BUG-FIX]: Additional checks have been added to prevent possible errors when creating new directories concurrently.
  • File: [BUG-FIX]: Fixed issues with creating new directories on Windows.
  • File: [FEATURE]: When copying a file, its permissions are now copied as well.
  • Input: [FEATURE]: Input now supports variables posted as "multipart/form-data".
  • Input: [FEATURE]: Input is no longer defined globally, but per request. This allows you to set input variables on HMVC requests.
  • Input: [FEATURE]: Optional values are now stripped from the "Content-Type".
  • Migrate: [FEATURE]: A new configuration key "flush_cache" allows you to flush all cache after a migration has run.
  • Pagination: [BUG-FIX]: Specifying a non-existent uri-segment no longer throws an error.
  • Presenter: [FEATURE]: You can now use the set_view() method to change views on an already instantiated Presenter.
  • Profiler: [FEATURE]: You can now overload the HEIGHT, DETAILS, BOTTOM and SHOWONLOAD javascript variables in your application to control initial behaviour of the profiler.
  • Profiler: [FEATURE]: A new "log_profile_data" configuration key allows profile data to be written to a file.
  • Profiler: [BUG-FIX]: Database profile data is no longer generated when profiling is disabled in the config.
  • Redis_Db: [BUG-FIX]: Fixed infinite loop when the connection got lost while writing to the database.
  • Request: [BUG-FIX]: Strip attributes from content-type response header, to make sure the mime-type matches correctly when setting a response.
  • Session: [BUG-FIX]: The session handler code has been updated to support PHP7.x.
  • Str: [BUG-FIX]: truncate() now handles self-closing HTML tags properly.
  • Validation: [BUG-FIX]: The validate() method now supports array dot-notation to directly access posted array data.

Packages

  • Auth: [BUG-FIX] Fixed PHP notice error when a user object doesn't have a group attached.

  • Auth: [FEATURE] Added group validation to the Auth_User model definition.

  • Auth: [BUG-FIX] Fixed not being able to overload "table_columns" in your app's Auth configuration.

  • Email: [BUG-FIX] The "return-path" is now correctly set in the SMTP driver.

  • Email: [BUG-FIX] Make sure the SMTP connection is correctly terminated after errors.

  • Email: [BUG-FIX] Added validation for file attachments.

  • Email: [BUG-FIX] The "QUIT" command response is made optional, some SMTP servers don't respond but disconnect immediately.

  • Oil: [FEATURE] You can now add a CRLF to console writes to produce multi-line output.

  • Oil: [BUG-FIX] Fixed dumping objects to the console when they have circular references.

  • Orm: [FEATURE] Added support for "HAVING" in the ORM query builder.

  • Orm: [FEATURE] The soft-delete ORM model now has support for "before_purge" and "after_purge" events.

  • Orm: [BUG-FIX] The restore of soft-deleted singular relations has been fixed.

  • Orm: [FEATURE] You can now use DB::expr() as an order_by() clause.

  • Orm: [BUG-FIX] The related_class() now returns the correct information when using short relation notation.

  • Orm: [BUG-FIX] The diff() now uses the same comparison logic for "int" and "bool" as is_changed().

  • Orm: [FEATURE] New get_pk_assoc() method returns an assoc array with the primary keys and their values.

  • Parser: [FEATURE] Added support for Twig v2.x.

  • Parser: [BUG FIX] The extension class for Smarty has been added to the default configuration.

  • Parser: [BUG FIX] You can now overload an already defined extension in your app's parser config file.

  • Parser: [FEATURE] You can now access the Security methods js_fetch_token and js_set_token from Twig templates.

  • Parser: [BUG FIX] The default extension for haml files has been changed to '.haml', extensions have to be unique.

Clone this wiki locally