Hi everyone, Agavi 1.0.5 RC1 is now available for download at http://www.agavi.org/ and through the http://pear.agavi.org/ channel.
There are quite a few changes in this release, so I'll quote from the RELEASE_NOTES: > This release improves the robustness of AgaviFormPopulationFilter especially > for XHTML and HTML5, and fixes several issues. The database adapters for > ext/mysql, ext/mysqli and ext/pdo (when used with MySQL connections) now also > prevent potentially unsafe setting of connection encodings. > > AgaviFormPopulationFilter can now recover from various non-fatal parse > errors, such as unknown tags or malformed markup in HTML parsing mode, and > undefined entities in XML parsing mode. > This marks an end to issues with non-XML entities like " " in XML > parsing mode, and allows the use of HTML5 elements (which libxml does not > know yet) in HTML parsing mode (i.e. without using the XML serialization of > HTML5). > Instead of a boolean true or false, the configuration parameter > "ignore_parse_errors" now takes the possible values "LIBXML_ERR_NONE" > (equivalent to boolean false), "LIBXML_ERR_WARNING" (quite useless), > "LIBXML_ERR_ERROR" (the new default) and "LIBXML_ERR_FATAL" (equivalent to > boolean true). FPF will suppress errors and continue operation if the errors > encountered during parsing do not exceed the configured maximum ignore level. > In the event of a fatal error, such as malformed markup in XML parsing mode, > FPF will silently abort execution if "LIBXML_ERR_FATAL" is configured, as > fatal errors are not recoverable. In all other cases, FPF will throw an > exception or recover from the error, depending on the configured ignore level > and the highest error level encountered during parsing. > The new default ignore level "LIBXML_ERR_ERROR" means that users will see > significantly fewer errors during development; it also means, however, that > in HTML parsing mode in particular, well-formedness errors may remain > unnoticed. For this reason, FPF will continue to log errors (if logging is > enabled), and map the error level of the parse error (LIBXML_ERR_WARNING, > LIBXML_ERR_ERROR or LIBXML_ERR_FATAL) to the error level of the logging > system (AgaviILogger::WARN, AgaviILogger::ERROR or AgaviILogger::FATAL). As a > consequence, the "logging_severity" configuration parameter has been removed. > > AgaviZendclouddocumentserviceDatabase is a database adapter for Zend > Framework's Zend_Cloud_DocumentService. It has a convenience interface > mirroring most of the Zend_Cloud_DocumentService_Adapter functions in such a > way that the collection/domain/database name does not have to be passed to > every call. The collection name can then be configured in databases.xml. > > AgaviMysqlDatabase, AgaviMysqliDatabase and AgaviPdoDatabase now throw errors > when attempting to use a statement like "SET NAMES utf8" as an initialization > query, since the respective client libraries (libmysql or mysqlnd) will not > be aware of this changed character set. For the usual connection encodings > like "latin1" or "utf8", this is not a problem, but in combination with > multi-byte character sets that use bytes without the most significant bit set > in multi-byte character sequences (such as GBK or Big5), this may result in > incorrectly quoted strings, which could ultimately result in vulnerabilities > in applications. > For AgaviMysqlDatabase and AgaviMysqliDatabase, the simple fix is to remove > the "SET NAMES" query from "init_queries" and use the new option "charset" > instead. For AgaviPdoDatabase, a similar approach (specifying the charset in > the DSN) works for PHP version 5.3.6 and newer, but in older versions of PHP, > the PDO MySQL driver ignores the "charset" option in the DSN. If your my.cnf > configuration file specifies "latin1" and you simply switch to UTF-8 using > "SET NAMES utf8", this is no problem, but for some charsets, this may result > in the quoting issues mentioned above. This is why AgaviPdoDatabase requires > you to set "warn_mysql_charset" to false in such environments. With this flag > explicitly disabled, it will also be possible to use "SET NAMES" init queries > again, but be advised that this is at your own risk. You may mitigate the > risks by using native prepared statements (disable > PDO::ATTR_EMULATE_PREPARES), but this will not affect calls to PDO::quote() > or prepared statements where this flag has been overridden. > > Passing an empty string as the scheme in the options array when generating a > URL with AgaviWebRouting will now produce a protocol-relative URL starting > with "//". This is useful for generated content embedded by third party sites > that use both normal and secured HTTP transports. > > AgaviMysqlSessionStorage and AgaviPdoSessionStorage have improved update and > insert behaviors for MySQL that should eliminate occasional non-critical > "exception thrown without a stack frame" errors on shutdown when no session > data (including the timestamp) was modified. > > AgaviCreoleDatabase, AgaviCreoleSessionStorage and support for Propel > versions older than 1.3 in AgaviPropelDatabase have been marked deprecated > and are slated for removal in Agavi 1.1. > > The recommended URL rewrites in Apache .htaccess files have been adjusted > once more to disable the DirectorySlash directive. > > X-Forwarded-Proto style HTTPS indicators as used on Amazon's Elastic Load > Balancers are now supported for the "HTTPS" data source key in > AgaviWebRequest. > > The timezone database has been updated to 2011g. A final release will follow shortly if no show-stoppers are found. Have a great week, David
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Agavi Dev Mailing List [email protected] http://lists.agavi.org/mailman/listinfo/dev
