1
0
Fork 0
XDCCParser-Global/smarty/RELEASE_NOTES

429 lines
19 KiB
Plaintext
Raw Normal View History

2013-08-06 08:08:35 -07:00
2.6.7
-----
Those using Smarty with security enabled: a hole was found that allowed PHP code to be executed from within a template file. This has been fixed and you are engouraged to upgrade immediately. Note that this hole does NOT affect the security of your web server or PHP applications, only the ability for someone editing a template to execute PHP code. Other changes in this release can be found in the NEWS file.
2.5.0
-----
Very minor adjustments since RC2, see the NEWS file for details.
2.5.0-RC2
---------
Many fixes since the RC1 release. This one is as close to production quality as
they come, so this will be the last release before 2.5.0. The SGML documentation
files have also been removed from the tarball. If you want them, get them from
the CVS repository.
2.5.0-RC1
---------
Release Candidate 1. All $smarty vars can now be dynamic, such as
$smarty.get.$foo. A new class function get_function_object() gets you a
reference to an assigned object, useful within your own custom functions.
append() can now merge as well as append with a third optional attribute. A new
class function get_config_vars() was added, and get_template_vars() can now be
used to get individual vars. Full variable syntax is now supported within
double quotes via a backtick (`) syntax. Files created by smarty are now
written to a tmp file then renamed to avoid file lock retention. html_radios,
html_checkboxes, html_table, html_image, nl2br functions added, see the NEWS
file for full details.
2.4.2
-----
Another point release. Added support for dynamic object reference syntax
($foo->$bar), support for full variable syntax within quotes ("$foo[0].bar"),
and other minor fixes. See the NEWS file for full details.
2.4.1
-----
This is basically a point release, cleaning up a few things caught
in the 2.4.0 release. See the NEWS file for full details.
2.4.0
-----
Smarty now supports the ability to access objects within the templates. Two
methods are available, one which closely follows Smartys conventions, and
another that follows more traditional object syntax for those familiar with
PHP.
The internal compiling engine has also undergone some major work. The regex
parsing was rewritten to be much more strict, more secure and more
maintainable. Config files are now compiled, which can speed up pages quite a
bit that use config files extensively. Assigned variables are no longer
extracted to PHP namespace, saving an extract call for every template. There is
now support for applying modifiers to static values and functions. You can now
access constants with $smarty.const.VAR. See the NEWS file for complete
changes.
2.3.1
-----
The mtime on compiled files will now match the source files, in the case where
the source file may not get the current timestamp, recompiling will still work
as expected. Proper support for open_basedir has been added, so Smarty should
work correctly in safe mode. Added a few new features such as textformat block
function, strip variable modifier and optgroup support for html_options. Also
other minor bug fixes, see the Change Log.
2.3.0
-----
Smarty now has a {debug} template function that brings up the debugging console
right where {debug} is called, regardless of $debugging settings. This works a
little different than turning on $debugging in the sense that it shows all the
template variables available at the time {debug} is called, including local
scope vars. It does not show the templates names however, since this
executed during runtime of the template.
You can now supply an expire time when clearing cache or compile files. This is
mostly useful for removing stale files via the API.
Plugins now stop execution upon error, instead of outputting a warning and
continuing.
Two new API functions, assign_by_ref() and append_by_ref() were added. They
allow assigning template variables by reference. This can make a significant
performance gain, especially if you are assigning large arrays of data. PHP 5.0
will do this implicitly, so these functions are basically workarounds.
Several misc bug fixes, see the Change Log for information.
2.2.0
-----
Smarty now allows an array of paths for the $plugin_dir class variable. The
directories will be searched in the order they are given, so for efficiency keep
the most-used plugins at the top. Also, absolute paths to the plugin directories are
more efficient than relying on the PHP include_path.
Cache files can now be grouped with the cache_id. See the documentation under
the new "Caching" section for details. compile_id also respects the same
grouping syntax. The cache/compile file structure changed, so be sure to clear
out all your cache and compile files when upgrading Smarty. Also if you are
using PHP-accelerator, restart apache. I've seen some quirky things happen if
the phpa files do not get cleared (known issue with phpa and parent
class-member changes, so just clear 'em.)
Smarty now correctly respects the PHP include_path for $template_dir, $compile_dir,
$cache_dir, $config_dir and $plugin_dir. Be aware that relying on the
include_path is an overhead, try to use absolute pathnames when possible
(or relative to working directory.)
Documentation has been updated and rearranged a bit. Most notably, the
installation instructions are completely revamped, and a new Caching section
explains Smarty's caching in detail along with the new grouping functionality.
Many misc. bug fixes and enhancements, see the full ChangeLog (NEWS file) for
details.
2.1.1
-----
There was a bug with template paths and the include_path, this has been fixed.
Also register_outputfilter() did not work, this is fixed. A new template
function named "cycle" has been added to the distribution, nice for cycling
through a list (or array) of values.
2.1.0
-----
This release has quite a few new features and fixes. Most notable are the
introduction of block functions, so you can write plugins that work on a block
of text with {func}{/func} notation. Also output filters were added, so you can
apply a function against the output of your templates. This differs from the
postfilter function, which works on the compiled template at compile time, and
output filters work on the template output at runtime.
Many other features and bug fixes are noted in the NEWS file.
2.0.1
-----
This is a point release, fixing a few bugs and cleaning things up. A plugin
was renamed, the dash "-" was removed from compiled template and cached file
names. If you're upgrading, you might want to clear them out first. See the
ChangeLog for details.
2.0.0
-----
This release is a huge milestone for Smarty. Most notable new things are a
plugin architecture, removal of PEAR dependency, and optimizations that
drastically improve the performance of Smarty in most cases.
The plugin architecture allows modifiers, custom functions, compiler functions,
prefilters, postfilters, resources, and insert functions to be added by
simply dropping a file into the plugins directory. Once dropped in, they are
automatically registered by the template engine. This makes user-contributed
plugins easy to manage, as well as the internal workings of Smarty easy to
control and customize. This new architecture depends on the __FILE__ constant,
which contains the full path to the executing script. Some older versions of
PHP incorrectly gave the script name and not the full filesystem path. Be sure
your version of PHP populates __FILE__ correctly. If you use custom template
resource functions, the format of these changed with the plugin architecture.
Be sure to update your functions accordingly. See the template resource section
of the documentation.
The PEAR dependancy was removed from Smarty. The Config_File class that comes
with Smarty was actually what needed PEAR for error handling which Smarty didn't
use, but now everything is self-contained.
Performance improvements are graphed on the benchmark page, you will see that
overall performance has been sped up by as much as 80% in some cases.
Smarty-cached pages now support If-Modified-Since headers, meaning that if a
cached template page has not changed since the last request, a "304 Not
Modified" header will be sent instead of resending the same page. This is
disabled by default, change the setting of $cache_modified_check.
1.5.2
-----
Mostly bug fixes, added a default template resource handler.
1.5.1
-----
Critical bug fix release. If you use caching, you'll need to upgrade.
1.5.0
-----
Several feature enhancements were made to this version, most notably the
{foreach ...} command which is an alternative to {section ...} with an easier
syntax for looping through a single array of values. Several functions were
enhanced so that the output can be automatically assigned to a template
variable instead of displayed (assign attribute). Cache files can now be
controlled with a custom function as an alternative to the built-in file based
method. Many code cleanups and bug fixed went into this release as well.
1.4.6
-----
The behavior with caching and compile_check has been slightly enhanced. If
caching is enabled AND compile_check is enabled, the cache will immediately get
regenerated if _any_ involved template or config file is updated. This imposes
a slight performance hit because it must check all the files for changes, so be
sure to run live sites with caching enabled and compile_check disabled for best
performance. If you update a template or config file, simply turn on
compile_check, load the page, then turn it back off. This will update the cache
file with the new content. This is accomplished by maintaining a list of
included/loaded templates and config files at the beginning of the cache file.
Therefore it is advisable to remove all cache files after upgrading to 1.4.6
(although not absolutely necessary, old cache files will regenerate)
The debug console now has script timing and array values printed. You MUST
update your debug.tpl file with this version of Smarty. Also, the new debug.tpl
will not work with older versions of Smarty.
1.4.5
-----
Mostly bug fixes and minor improvements. Added compile id for separate compiled
versions of the same script. The directory format and filename convention for
the files in templates_c has changed, so you may want to remove all of the
existing ones before you upgrade.
1.4.4
-----
A few bug fixes, new section looping attributes and properties, debugging
console function for control via URL, and overLib integration and access
to request variables from within the template.
1.4.3
-----
This release has a few bug fixes and several enhancements. Smarty now supports
template security for third-party template editing. These features disallow the
ability for someone to execute commands or PHP code from the template language.
Smarty also now has a built-in debugging console, which is a javascript pop-up
window that displays all the included template names and assigned variables.
1.4.2
-----
This was mostly one bug fix with variable scoping within included templates
and a few documentation changes and updates. See the ChangeLog file for full
details.
1.4.1
-----
It seems that the EX_LOCK logic from the previous release didn't fix all the
problems with windows platforms. Hopefully this one does. It basically
disables file locking on windows, so there is a potential that two programs
could write over the same file at the same time, fyi.
The reset is minor bug fixes, please refer to the ChangeLog file.
1.4.0
-----
IMPORTANT NOTICE
Smarty now has a new syntax for accessing elements within section loops. The
new syntax is easier to use and nicely handles data structures of any
complexity. Consequently, this breaks the old syntax.
Here is an example of the syntax change:
old syntax:
{$sec1/sec2/sec3/customer.phone}
new syntax:
{$customer[$sec1][$sec2][$sec3].phone}
The section names used to come first, followed by the variable name. Now the
variable name always comes first, followed by the section names in brackets.
You can access variable indexes anywhere, depending on how you passed the
variables in.
To fix your current templates, we have provided a script that will adjust the
syntax for you. Located in misc/fix_vars.php, run this script from the the
command line, giving each template as an argument. Be sure to use absolute
pathnames, or pathnames relative to the executing script. Probably the easiest
way to do this is to copy the fix_vars.php script into your template directory
and run 'php -q fix_vars.php *.tpl' Be sure you have proper write permission,
and backup your scripts first to be safe! The examples in the 1.4.0
documentation have been updated to reflect the changes.
cd /path/to/templates
cp /path/to/fix_vars.php .
find . -name "*.tpl" -exec php -q ./fix_vars.php {} \;
NEW AND IMPROVED COMPILATION PROCESS
Smarty 1.4.0 also has a new compilation process. Instead of compiling all the
templates up front, it now compiles them at runtime. This has several
advantages. First of all, there is no longer a need to have a single template
directory. You can now have arbitrary template sources, such as multiple
directories or even database calls. This also speeds the performance of Smarty
when $compile_check is enabled, since it is only checking the template that is
being executed instead of everything found in the template directory. The
$tpl_file_ext is no longer needed, but kept for backward compatability.
Templates can now be named anything you like with any extension.
MINOR FIXES
A workaround for LOCK_EX on Windows systems was added, and changed a couple of
file permissions for better security on public servers.
$show_info_header is now defaulted to false instead of true. This header causes
problems when displaying content other than HTML, so now you must explicitly
set this flag to true to show the header information (or change the default in
your copy of Smarty.)
Documentation is written in docbook format. I updated the docbook -> HTML
generating software & style-sheets, and consequently the examples are no longer
in a different background color. If anyone wants to contribute a better
stylesheet or help with documentation, drop me a line. <monte at ohrt dot com>
CHANGES/ENHANCEMENTS/UPDATES
date_format, html_select_date and html_select_time used to require a unix
timestamp as the format of the date passed into the template. Smarty is now a
bit smarter at this. It will take a unix timestamp, a mysql timestamp, or any
date string that is parsable by strtotime, such as 10/01/2001 or 2001-10-01,
etc. Just give some formats a try and see what works.
Smarty now has template prefilters, meaning that you can run your templates
through custom functions before they are compiled. This is good for things like
removing unwanted comments, keeping an eye on words or functionality people are
putting in templates, translating XML -> HTML, etc. See the register_prefilter
documentation for more info.
Another addition are the so-called compiler functions. These are custom
functions registered by the user that are executed at compilation time of the
template. They can be used to inject PHP code or time-sensitive static content
into the compiled template.
The run-time custom functions are now passed the Smarty object as the second
parameter. This can be used, for example, to assign or clear template variables
from inside the custom function.
clear_compile_dir() was added for clearing out compiled versions of your
templates. Not something normally needed, but you may have a need for this if
you have $compile_check set to false and you periodically update templates via
some automated process. As of 1.4.0, uncompiled templates _always_ get
compiled regardless of $compile_check setting, although they won't be checked
for recompile if $compile_check is set to false.
You can now refer to properties of objects assigned from PHP by using the '->'
symbol and specifying the property name after it, e.g. $foo->bar.
{php}{/php} tags were added to embed php into the templates. Not normally
needed, but some circumstances may call for it. Check out the "componentized
templates" tip in the documentation for an example.
{capture}{/capture} and {counter} functions were added. See the documentation
for a complete description and examples.
UPGRADE NOTES
The format of the files created in the $compile_dir are now a bit different.
The compiled template filename is the template resource name url-encoded.
Therefore, all compiled files are now in the top directory of $compile_dir.
This was done to make way for arbitrary template resources. Each compiled
template also has a header that states what template resource was used to
create it. From a unix command prompt, you can use "head -2 *" to see the first
two lines of each file.
When upgrading to 1.4.0, you will want to clear out all your old files in the
$compile_dir. If you have $compile_check set to false and the compiled template
does not yet exist, it will compile it regardless of this setting. This way you
can clear out the $compile_dir and not worry about setting $compile_check to
true to get the inital compilation under way.
1.3.2
-----
Smarty now has (an optional) header prepended to the output of the Smarty
templates. This displays the Smarty version and the date/time when the page was
generated. This is useful for debugging your cache routines, and purely
informational so there is evidence that the page was generated by Smarty. Set
$show_info_header to false to disable it.
{config_load ...} performance was tuned by placing the loaded variables into a
global array, so basically a config file is read from the file system and
placed into a php array structure only once, no matter how many times it is
called in any of the templates. The scope of the loaded variables has changed a
bit as well. Variables loaded by config_load used to be treated as global
variables, meaning that parent templates (templates that included the current
template) could see them. Now the default behavior is such that loaded
variables are only visible by the current template and child templates (all
templates included after the {config_load ...} is called.) To mimic the
original behavior, provide the attribute "global=yes" like so: {config_load
file="mystuff.conf" global=yes}. Now when you load in mystuff.conf, the
variables will be visible to parent templates (merged with any existing config
variables.)
A formatting attribute was added to the {math ...} function, adding the ability
to control the format of the output. Use the same formatting syntax as the PHP
function sprintf().
{html_select_time ...} was added, a custom function that works much like
{html_select_date ...} except it displays time elements instead of dates.
A few custom modifiers were added: count_characters, count_words,
count_sentences, count_paragraphs. All pretty self-explanatory.
/* vim: set et: */