Hi all, with the last release announcement of ZF 1.12.8 we didn't place enough attention on the PR #418 (https://github.com/zendframework/zf1/pull/418). This PR can introduces a potential BC break if your code uses complex SQL statements (for example using sub-functions).
I did this PR to improve the security advisory ZF2014-04 ( http://framework.zend.com/security/advisory/ZF2014-04) because we received some security report on that. I changed the regular expression of the order(), from() and group() functions to be more restrictive, unfortunately this change can break some codes. To fix potential BC break you can use the Zend_Db_Expr() in from(), group() or oder() functions, in case your SQL doesn't work after the upgrade to ZF 1.12.8. For instance, this is a case where the PR #418 breaks a SQL statement: ORDER BY DATE_FORMAT( FROM_UNIXTIME( u.expires )) ASC You should use: order(new Zend_Db_Expr('DATE_FORMAT( FROM_UNIXTIME( u.expires )) ASC')) instead of order('DATE_FORMAT( FROM_UNIXTIME( u.expires ))'). We just updated the release announcement of 1.12.8 including this information: http://framework.zend.com/blog/zend-framework-1-12-8-released.html and in the release tag of github: https://github.com/zendframework/zf1/releases/tag/release-1.12.8 I apologize for this potential BC break and for having forgotten to inform about it during the last release of ZF1, it was my fault. Regards, Enrico Zimuel -- Enrico Zimuel Senior PHP Engineer | [email protected] Team | http://apigility.orgZend Framework Team | http://framework.zend.comZend Technologies Ltd.http://www.zend.com
