Release notes
Version 1.3.0
This version does not include the examples. It is meant to run on both php4 and php5. Click
here to try it out.
This version does not include pntUnit. For security reasons the framework will no longer be shipped together
with development tools like pnt/unit. Please visit the Forum
if you want pntUnit to be made available as a seperate download.
Remarks for use with existing applications
Becuase of php4 copying objects that are passed or assigned by value, phpPeanuts generally uses a variable references
to pass and assign objects. Variable references are quite straigtforward as long as the variables that are referenced
really exist and references are handled consequently as references. If references are assigned op passed by value
and vice versa the risk of Reference Anomalies
exists. To avoid them, applications running on 1.3.beta2 and higher should allways assign and pass primitive values,
arrays and StringConverters by value unless there is a specific need to pass by reference (Check framework functions
that (may) return objects to see if they return by reference or by value). Formerly the framework was passing arrays
and StringConverters by reference, existing applications that did the same need to be adapted to avoid anomalies.
To help developers to avoid reference anomalies php 4.4 and 5.1 and up trigger notifications with respect to
passing and assigning references. Although these notifications can not allways be avoided, it is a good idea to
check your application for these notifications. For this reason PntErrorHandler no longer suppresses them. To make
them show up you need to set your ErrorHandlers reportingLevel to E_ALL. See classSite.php for an example. If you
need to suppress reference notifications generated by your application, see classErrorHandler for an example.
What's new
Since 1.3.rc1
Since 1.3.beta3
- SessionBasesScout bug fixed. This bug was introduced in 1.3 beta2.
- a series of changes to make semi-automated checking for risks of php injection and system-level command execution
easier
- Several minor bugfixes and changes, see changes.txt.
Since 1.3 beta2
- PntPage::getConvert now supports paths
- many E_NOTICE "Only variable references should be returned by reference" (php 4.4 and 5.1 and up)
fixed (not all, see 'known bugs')
- Added new Comparator 'NOT LIKE' to SqlFilters and Searchpage advanced search
- Several minor changes, see changes.txt.
Since phpPeanuts 1.3.beta1a
- Added Print buttons to reports
- Many notifications "Only variable references should be returned by reference" eliminated
- PntErrorHandler now allways dies on fatal errors, even if they are not reported.
- PntErrorHandler support added for E_RECOVERABLE_ERROR. Behaves like php: die() if this kind of error occurs.
If you do not want it to die(), copy the dieIfFatal function to ErrorHandler and modify it there.
- PntPage::includeSkin now protected against include exploits*
- mysql_real_escape_string now used for escaping SQL parameters
- error logging now by default on PHP's system logger**
- Several other security improvements and small bugfixes, see changes.txt.
* measure to protect application developers. The framework itself does and did not not use unchecked request
data for includeSkin.
** php-writable files (including an error log file) on a webserver are considered a security risk. Assumes you
want to avoid that risk.
Since phpPeanuts 1.3.beta1
- Inspect.php fixed include exploit; unserialize by default disabled
Since phpPeanuts 1.2.0
- NtoMRelationDialogWidget looks like a normal DialogWidget, but instead of opening an ObjectDialog it
will open an ObjectNtoMDialog that looks much like an ObjectMtoNPropertyPage.
- ObjectEditDetailsDialog allows to quickly create new objects in response to a 'New' button added to
Object(MtoN)Dialoog and ObjectMtoNPropertyPage.
- ArchDate is a ValueObject (google for the patter) representing archaelological dates back to 50e9 bC.
These can be stored as strings in a database, sorted by the database and selected using < etc.
- PntSqlJoinFilter can now be used to search for values navigating over 1 to m and m to n relationships
(the last requires a path of three steps). A remark must be made that the combination of JOIN and GROUP BY it uses,
if not optimized very well by the database, can be slow on large tables (simple search makes it vary easy to combine
many filters, combining many filters navigating x to m relationships may not be a good idea)
- PntMarkedItemsCollector was factored out from ObjectDeleteMarkedAction makes it easy to collect the
peanuts corresponding to items in an ItemTable from your own Action or Page class.
- SearchPage sorting.
The sorting is done server side and will support multiple sort criteria. The user can set the sort criterium by
clicking on a columnheader, or throough a dialog that supports multiple sort criteria. Each criterium can be selected
from the same list of filters as shown in the advanced search and can be set Ascending or descending.
- SelectWidget can now be used for options of primitve types and is used for non-compulsory boolean
properties to allow selection of null value.
- some refactoring and small changes, see changes.txt.
Portablility
This version is meant to run on both php4 and php5, the last with zend.ze1_compatibility_mode = On as well as
Off. On php5 the code will not be free of E_STRICT notifications.
If you want your application code to be portable too it has to follow certain rules:
- only use php4 syntax, keywords and functions,
- allways assign or pass objects by explicit variable reference (&),
- use the functions from classes/pnt/php4Functions.php and php5Functions.php where applicable,
- don't change the zend.ze1 compatibilty mode after php5Functions.php has been included, it will not dynamically
adapt to such a change.
Like phpPeanuts, code that follows these rules should be able to run with equal behavior without modification
on both platforms, and on php5 with both zend.ze1 compatibility settings. However, there may still be differences
in areas of php that phpPeanuts does not use. This may require some further wrapper functions to be added.
For object oriented application frameworks like phpPeanuts php5 is a much better platform than php4. However,
some people are still using php4 as their deployment platform because some website hosting accounts do not yet
support php5. PhpPeanuts versions 1.x will be compatible with php4. Next major version of phpPeanuts will be for
php5 only.
Known bugs and limitations
- not tested with php5.1. Because most of the the problems that where where found with php5.2 are solved it is
assumed it will work with 5.1 too.
- With php 4.4 and 5.2.0 (documentation suggests the same will happen with 5.1) phpPeanuts still triggers some
notifications "Only variable references should be returned by reference": When a function that returns
a PntError it is not first put into a variable. As this kind of error handling is not perfornance-critical we do
not consider these notifications enough of a problem to delay this release.
- With php4.4 and 5.2.0 (documentation suggests the same will happen with 5.1) phpPeanuts still triggers notifications
"Only variables should be assigned by reference". Because of polymorphisms and our coding rule to pass
objects by reference but pass primitive values and arrays by value it is practically impossible to get rid of all
of these.
- Column mappings may not be consequently
applied. If you need to set a columnName different to the propertyName on an PropertyDescriptor, test your applications
database persistence functionality thouroughly. (we don't use this feature ourselves. If someone is using it, please
report on how it works and on bugs, otherwise this may never be resolved).
- Reference Anomalies: Before the
generic workaround was applied (introduced in 1.1 beta 1, released dd 16-11-2004), use of references by phpPeanuts
occasionally made uninitialized php variables or associations arbitrarily hold values that seemed to come from
another variable. This rarily happened and since the generic workaround it did not happen again until the changes
where made to get rid of reference notifications. Read the "remarks for use with existing applications"
to avoid them. Do not use phpPeanuts for mission critical applications.
- Though the framework has a class that is pointed to become the database abstraction layer, there is still quite
some code that does not delegate to this layer, but will clearly have to delegate if phpPeanuts has to work on
other databases.
- produces E_STRICT notifications on php5 (see under portability).