Yii Framework 2 Change Log ========================== 2.0.15.1 March 21, 2018 ----------------------- - Bug #15931: `yii\db\ActiveRecord::findOne()` now accepts column names prefixed with table name (cebe) 2.0.15 March 20, 2018 --------------------- - Bug #15688: (CVE-2018-7269): Fixed possible SQL injection through `yii\db\ActiveRecord::findOne()`, `::findAll()` (analitic1983, silverfire, cebe) - Bug #15878: Fixed migration with a comment containing an apostrophe (MarcoMoreno) 2.0.14.2 March 13, 2018 ----------------------- - Bug #15776: Fixed slow MySQL constraints retrieving (MartijnHols, berosoboy, sergeymakinen) - Bug #15783: Regenerate CSRF token only when logging in directly (samdark) - Bug #15792: Added missing `yii\db\QueryBuilder::conditionClasses` setter (silverfire) - Bug #15801: Fixed `has-error` CSS class assignment in `yii\widgets\ActiveField` when attribute name is prefixed with tabular index (FabrizioCaldarelli) - Bug #15804: Fixed `null` values handling for PostgresSQL arrays (silverfire) - Bug #15817: Fixed support of deprecated array format type casting in `yii\db\Command::bindValues()` (silverfire) - Bug #15822: Fixed `yii\base\Component::off()` not to throw an exception when handler does not exist (silverfire) - Bug #15829: Fixed JSONB support in PostgreSQL 9.4 (silverfire) - Bug #15836: Fixed nesting of `yii\db\ArrayExpresiion`, `yii\db\JsonExpression` (silverfire) - Bug #15839: Fixed `yii\db\mysql\JsonExpressionBuilder` to cast JSON explicitly (silverfire) - Bug #15840: Fixed regression on load fixture data file (leandrogehlen) - Bug #15858: Fixed `Undefined offset` error calling `yii\helpers\Html::errorSummary()` with the same error messages for different model attributes (FabrizioCaldarelli, silverfire) - Bug #15863: Fixed saving of `null` attribute value for JSON and Array columns in MySQL and PostgreSQL (silverfire) - Bug: Fixed encoding of empty `yii\db\ArrayExpression` for PostgreSQL (silverfire) - Bug: Fixed table schema retrieving for PostgreSQL when the table name was wrapped in quotes (silverfire) 2.0.14.1 February 24, 2018 -------------------------- - Bug #15318: Fixed `session_name(): Cannot change session name when session is active` errors (bscheshirwork, samdark) - Bug #15678: Fixed `resetForm()` method in `yii.activeForm.js` which used an undefined variable (Izumi-kun) - Bug #15692: Fix `yii\validators\ExistValidator` to respect filter when `targetRelation` is used (developeruz) - Bug #15693: Fixed `yii\filters\auth\HttpHeaderAuth` to work correctly when pattern is set but was not matched (bboure) - Bug #15696: Fix magic getter for `yii\db\ActiveRecord` (developeruz) - Bug #15707: Fixed JSON retrieving from MySQL (silverfire) - Bug #15708: Fixed `yii\db\Command::upsert()` for Cubrid/MSSQL/Oracle (sergeymakinen) - Bug #15724: Changed shortcut in `yii\console\controllers\BaseMigrateController` for `comment` option from `-c` to `-C` due to conflict (Izumi-kun) - Bug #15726: Fix ExistValidator is broken for NOSQL (developeruz) - Bug #15728, #15731: Fixed BC break in `Query::select()` method (silverfire) - Bug #15742: Updated `yii\helpers\BaseHtml::setActivePlaceholder()` to be consistent with `activeLabel()` (edwards-sj) - Enh #15716: Added `disableJsonSupport` to MySQL and PgSQL `ColumnSchema`, `disableArraySupport` and `deserializeArrayColumnToArrayExpression` to PgSQL `ColumnSchema` (silverfire) - Enh #15716: Implemented `\Traversable` in `yii\db\ArrayExpression` (silverfire) - Enh #15760: Added `ArrayAccess` support as validated value in `yii\validators\EachValidator` (silverfire) 2.0.14 February 18, 2018 ------------------------ - Bug #8983: Only truncate the original log file for rotation (matthewyang, developeruz) - Bug #9342: Fixed `yii\db\ActiveQueryTrait` to apply `indexBy` after relations population in order to prevent excess queries (sammousa, silverfire) - Bug #11401: Fixed `yii\web\DbSession` concurrency issues when writing and regenerating IDs (samdark, andreasanta, cebe) - Bug #13034: Fixed `normalizePath` for windows network shares that start with two backslashes (developeruz) - Bug #14135: Fixed `yii\web\Request::getBodyParam()` crashes on object type body params (klimov-paul) - Bug #14157: Add support for loading default value `CURRENT_TIMESTAMP` of MySQL `datetime` field (rossoneri) - Bug #14276: Fixed I18N format with dotted parameters (developeruz) - Bug #14296: Fixed log targets to throw exception in case log can not be properly exported (bizley) - Bug #14484: Fixed `yii\validators\UniqueValidator` for target classes with a default scope (laszlovl, developeruz) - Bug #14604: Fixed `yii\validators\CompareValidator` `compareAttribute` does not work if `compareAttribute` form ID has been changed (mikk150) - Bug #14711: (CVE-2018-6010): Fixed `yii\web\ErrorHandler` displaying exception message in non-debug mode (samdark) - Bug #14811: Fixed `yii\filters\HttpCache` to work with PHP 7.2 (samdark) - Bug #14859: Fixed OCI DB `defaultSchema` failure when `masterConfig` is used (lovezhl456) - Bug #14903: Fixed route with extra dashes is executed controller while it should not (developeruz) - Bug #14916: Fixed `yii\db\Query::each()` iterator key starts from 1 instead of 0 (Vovan-VE) - Bug #14980: Fix looping in `yii\i18n\MessageFormatter` tokenize pattern if pattern is invalid (uaoleg, developeruz) - Bug #15031: Fixed incorrect string type length detection for OCI DB schema (Murolike) - Bug #15046: Throw an `yii\web\HeadersAlreadySentException` if headers were sent before web response (dmirogin) - Bug #15122: Fixed `yii\db\Command::getRawSql()` to properly replace expressions (hiscaler, samdark) - Bug #15142: Fixed array params replacing in `yii\helpers\BaseUrl::current()` (IceJOKER) - Bug #15169: Fixed translating a string when NULL parameter is passed (developeruz) - Bug #15194: Fixed `yii\db\QueryBuilder::insert()` to preserve passed params when building a `INSERT INTO ... SELECT` query for MSSQL, PostgreSQL and SQLite (sergeymakinen) - Bug #15229: Fixed `yii\console\widgets\Table` default value for `getScreenWidth()`, when `Console::getScreenSize()` can't determine screen size (webleaf) - Bug #15234: Fixed `\yii\widgets\LinkPager` removed `tag` from `disabledListItemSubTagOptions` (SDKiller) - Bug #15249: Controllers in subdirectories were not visible in commands list (IceJOKER) - Bug #15270: Resolved potential race conditions when writing generated php-files (kalessil) - Bug #15300: Fixed "Cannot read property 'style' of undefined" error at the error screen (vitorarantes) - Bug #15301: Fixed `ArrayHelper::filter()` to work properly with `0` in values (hhniao) - Bug #15302: Fixed `yii\caching\DbCache` so that `getValues` now behaves the same as `getValue` with regards to streams (edwards-sj) - Bug #15317: Regenerate CSRF token if an empty value is given (sammousa) - Bug #15320: Fixed special role checks in `yii\filters\AccessRule::matchRole()` (Izumi-kun) - Bug #15322: Fixed PHP 7.2 compatibility of `FileHelper::getExtensionsByMimeType()` (samdark) - Bug #15353: Remove side effect of ActiveQuery::getTablesUsedInFrom() introduced in 2.0.13 (terales) - Bug #15355: Fixed `yii\db\Query::from()` does not work with `yii\db\Expression` (vladis84, silverfire, samdark) - Bug #15356: Fixed multiple bugs in `yii\db\Query::getTablesUsedInFrom()` (vladis84, samdark) - Bug #15380: `FormatConverter::convertDateIcuToPhp()` now converts `a` ICU symbols to `A` (brandonkelly) - Bug #15407: Fixed rendering rows with associative arrays in `yii\console\widgets\Table` (dmrogin) - Bug #15432: Fixed wrong value being set in `yii\filters\RateLimiter::checkRateLimit()` resulting in wrong `X-Rate-Limit-Reset` header value (bizley) - Bug #15440: Fixed `yii\behaviors\AttributeTypecastBehavior::$attributeTypes` auto-detection fails for rule, which specify attribute with '!' prefix (klimov-paul) - Bug #15462: Fixed `accessChecker` configuration error (developeruz) - Bug #15494: Fixed missing `WWW-Authenticate` header (developeruz) - Bug #15522: Fixed `yii\db\ActiveRecord::refresh()` method does not use an alias in the condition (vladis84) - Bug #15523: `yii\web\Session` settings could now be configured after session is started (StalkAlex, rob006, daniel1302, samdark) - Bug #15536: Fixed `yii\widgets\ActiveForm::init()` for call `parent::init()` (panchenkodv) - Bug #15540: Fixed `yii\db\ActiveRecord::with()` unable to use relation defined via attached behavior in case `asArray` is enabled (klimov-paul) - Bug #15553: Fixed `yii\validators\NumberValidator` incorrectly validate resource (developeruz) - Bug #15621: Fixed `yii\web\User::getIdentity()` returning `null` if an exception had been thrown when it was called previously (brandonkelly) - Bug #15628: Fixed `yii\validators\DateValidator` to respect time when the `format` property is set to UNIX Epoch format (silverfire, gayHacker) - Bug #15644: Avoid wrong default selection on a dropdown, checkbox list, and radio list, when a option has a key equals to zero (berosoboy) - Bug #15658: Fixed `yii\filters\auth\HttpBasicAuth` not to switch identity, when user is already authenticated and identity does not get changed (silverfire) - Bug #15662: Fixed `yii\log\FileTarget` not to create log directory during init process (alexeevdv) - Enh #3087: Added `yii\helpers\BaseHtml::error()` "errorSource" option to be able to customize errors display (yanggs07, developeruz, silverfire) - Enh #3250: Added support for events partial wildcard matching (klimov-paul) - Enh #5515: Added default value for `yii\behaviors\BlameableBehavior` for cases when the user is guest (dmirogin) - Enh #6844: `yii\base\ArrayableTrait::toArray()` now allows recursive `$fields` and `$expand` (bboure) - Enh #7640: Implemented custom data types support. Added JSON support for MySQL and PostgreSQL, array support for PostgreSQL (silverfire, cebe) - Enh #7988: Added `\yii\helpers\Console::errorSummary()` and `\yii\helpers\Json::errorSummary()` (developeruz) - Enh #7996: Short syntax for verb in GroupUrlRule (schojniak, developeruz) - Enh #8092: ExistValidator for relations (developeruz) - Enh #8527: Added `yii\i18n\Locale` component having `getCurrencySymbol()` method (amarox, samdark) - Enh #8752: Allow specify `$attributeNames` as a string for `yii\base\Model` `validate()` method (developeruz) - Enh #9137: Added `Access-Control-Allow-Method` header for the OPTIONS request (developeruz) - Enh #9253: Allow `variations` to be a string for `yii\filters\PageCache` and `yii\widgets\FragmentCache` (schojniak, developeruz) - Enh #9771: Assign hidden input with its own set of HTML options via `$hiddenOptions` in activeFileInput `$options` (HanafiAhmat) - Enh #10186: Use native `hash_equals` in `yii\base\Security::compareString()` if available, throw exception if non-strings are compared (aotd1, samdark) - Enh #11611: Added `BetweenColumnsCondition` to build SQL condition like `value BETWEEN col1 and col2` (silverfire) - Enh #12623: Added `yii\helpers\StringHelper::matchWildcard()` replacing usage of `fnmatch()`, which may be unreliable (klimov-paul) - Enh #13019: Support JSON in SchemaBuilderTrait (zhukovra, undefinedor) - Enh #13425: Added caching of dynamically added URL rules with `yii\web\UrlManager::addRules()` (scriptcube, silverfire) - Enh #13465: Added `yii\helpers\FileHelper::findDirectories()` method (ArsSirek, developeruz) - Enh #13618: Active Record now resets related models after corresponding attributes updates (Kolyunya, rob006) - Enh #13679: Added `yii\behaviors\CacheableWidgetBehavior` (Kolyunya) - Enh #13814: MySQL unique index names can now contain spaces (df2) - Enh #13879: Added upsert support for `yii\db\QueryBuilder`, `yii\db\Command`, and `yii\db\Migration` (sergeymakinen) - Enh #13919: Added option to add comment for created table to migration console command (mixartemev, developeruz) - Enh #13996: Added `yii\web\View::registerJsVar()` method that allows registering JavaScript variables (Eseperio, samdark) - Enh #14043: Added `yii\helpers\IpHelper` (silverfire, cebe) - Enh #14254: add an option to specify whether validator is forced to always use master DB for `yii\validators\UniqueValidator` and `yii\validators\ExistValidator` (rossoneri, samdark) - Enh #14355: Added ability to pass an empty array as a parameter in console command (developeruz) - Enh #14488: Added support for X-Forwarded-Host to `yii\web\Request`, fixed `getServerPort()` usage (si294r, samdark) - Enh #14538: Added `yii\behaviors\AttributeTypecastBehavior::typecastAfterSave` property (littlefuntik, silverfire) - Enh #14546: Added `dataDirectory` property into `BaseActiveFixture` (leandrogehlen) - Enh #14568: Refactored migration templates to use `safeUp()` and `safeDown()` methods (Kolyunya) - Enh #14638: Added `yii\db\SchemaBuilderTrait::tinyInteger()` (rob006) - Enh #14643: Added `yii\web\ErrorAction::$layout` property to conveniently set layout from error action config (swods, cebe, samdark) - Enh #14662: Added support for custom `Content-Type` specification to `yii\web\JsonResponseFormatter` (Kolyunya) - Enh #14732, #11218, #14810, #10855: It is now possible to pass `yii\db\Query` anywhere, where `yii\db\Expression` was supported (silverfire) - Enh #14806: Added $placeFooterAfterBody option for GridView (terehru) - Enh #15024: `yii\web\Pjax` widget does not prevent CSS files from sending anymore because they are handled by client-side plugin correctly (onmotion) - Enh #15047: `yii\db\Query::select()` and `yii\db\Query::addSelect()` now check for duplicate column names (wapmorgan) - Enh #15076: Improve `yii\db\QueryBuilder::buildColumns()` to throw exception on invalid input (hiscaler) - Enh #15120: Refactored dynamic caching introducing `DynamicContentAwareInterface` and `DynamicContentAwareTrait` (sergeymakinen) - Enh #15135: Automatic completion for help in bash and zsh (Valkeru) - Enh #15216: Added `yii\web\ErrorHandler::$traceLine` to allow opening file at line clicked in IDE (vladis84) - Enh #15219: Added `yii\filters\auth\HttpHeaderAuth` (bboure) - Enh #15221: Added support for specifying `--camelCase` console options in `--kebab-case` (brandonkelly) - Enh #15221: Added support for the `--