timble / kodekit Goto Github PK

See:

• http://fideloper.com/etags-and-optimistic-concurrency-control
• http://labs.unacast.com/2016/04/08/best-practices-for-concurrency-control-in-rest-apis/
• http://scriptin.github.io/2014-08-30/restful-http-concurrency-optimistic-locking.html
• http://ibuildings.nl/blog/2013/07/etags-uninitiated-pt2

Query variables in the route present in the action tag of GET forms get always appended to the form regardless of the fact that they might already be there in the first place.

The result is having the the same input more than once on the next request. This can cause problems since depending on the order that they get sent (the last one overrides any precedent ones).

Fix by adding an extra check that will avoid adding hidden inputs if a selector already exists for that variable in the form.

If a listbox is created out of thousands of entities they are all fetched at the same time resulting in memory limit errors.

Instead, fetch results 100 by 100 and gradually build the options array.

Note: this removes the 'unique' property of the listbox helper which made duplicate values appear only once in listboxes. However this was not a particularly helpful option since it could be problematic when you have more than one entity using the same title.

See joomlatools/joomlatools-framework#17

Breaking changes:

• Controller action methods need to use the concrete a ControllerContext as typehint. To refactor your code change ControllerContextInterface to ControllerContext or ControllerContextModel
• Dispatcher action methods need to use the concrete a DispatcherContext as typehint. To refactor your code change DispatcherContextInterface to DispatcherContext

invokeCommandCallback in ControllerAbstract allows for executing ANY private or protected method on the object: https://github.com/timble/kodekit/blob/master/code/controller/abstract.php#L156 without any check that the relevant callback is genuine. This should probably have some way of validating that the callback is valid.

Underscores in object identifiers are stripped out breaking the convention as per documentation: https://www.joomlatools.com/developer/framework/essentials/naming-conventions/#underscores-in-file-names

See also: #24

See joomlatools/joomlatools-framework#19

KControllerToolbarDecorator doesn't pass the required parameter $chain though KCommandHandlerAbstract doesn't use the 2nd argument $chain

• Move getRoute() into a routable behaviour
• Make ViewAbstract class properties private
• Add getMimetype() method to ViewInterface
• Handling route escaping transparently

Breaking changes:

• The View class properties are now private. To migrate your code use the getter methods as defined in ViewInterface

See: https://github.com/diversen/http-send-file/blob/master/sendfile.php#L145

References:

• http://php.net/manual/en/function.connection-aborted.php
• http://php.net/manual/en/function.ignore-user-abort.php

Add the 's' modified to properly match and replace statements over multiple lines.

See also: #24

Right now it skips attributes with no values. For example <foo bar="baz" no-value> does not parse no-value as an attribute.

• Implement filters using a behaviour approach
• Implement helpers using a behaviour approach
• Move loading logic into render() method and remove loadString() and loadFile()
• Add generic template filter to allow mixing different template types in the same template.

Breaking changes:

1. TemplateInterface::loadString() and loadFile() methods have been removed and the arguments of the render() method have changed. To migrate remove calls to loadString() and loadFile() and add the content or url as the first argument to render() call.
2. A helper no longer has a getTemplate() method. The TemplateBehaviorHelperable::invokeHelper() method passes the template object as the second parameter to the helper method being invoked.
3. A filter no longer has a getTemplate() method. The TemplateBehaviorFilterable::filter() method passes the template object as the second parameter.
4. ktml:block elements are considered foreign elements accoording to the html5 standard. Foreign elements need to have self-closing start tags when used without content. To migrate add a self-closing tag to empty ktml:block elements.

Do not pass the $template object to the template helper method to allow them to be used easily outside of the content of a template or view.

Breaking changes:

• The paginator helper link() method has been renamed to page() and the paginator.pagination now has a 'url' config option that needs to be used to create the url for each page. To migrate your code all template calls to the paginator should include array('url' => route());
• The grid.sort helper now has a 'url' config option that needs to be used to create the url for sorting. To migrate your code all template calls to the grid.sort should include array('url' => route());

Make it possible to dump any Object and prevent recursion and deep nesting.

References:

• http://php.net/manual/en/language.oop5.magic.php#language.oop5.magic.debuginfo
• http://php.net/manual/en/function.var-dump.php

Commas can be used in query strings to separate values.

Add a getComponentInfo() method to the object boostrapper to be able to retrieve the component info from the component.json file.

Note: during the development of this issue the bootstrapper implementation has also been further optimised.

Implement a generic FilesystemLocator and refactor the translator and template locators to use it.

Breaking change: Resource paths are now url's and need to be parseable using parse_url.

• Fully qualified translation paths are formatted as : com:foo/en_US.[yaml]
• Fully qualified template paths are formatted as : com:foo/view/layout.format[.engine]

Fully qualified template paths used in import() methods need to be updated to follow the new format.

Always let the view fetch the model data. In case this is not required an extending view can override the _fetchData() method to provide it's own implementation.

Breaking changes:

• If you do not want a view to auto-matically fetch data from the model you need to override the _fetchData() method.

• Improve toolbar data handling. Pass the toolbar data to the toolbar helper as an array and not as a json string. Encode the array in the helper and inject it in the data as attributes.
• Improve the ControllerToolbarCommandInterface. Add additional methods

Breaking change:

1. Specific command data is now passed through the new 'data' attribute. Commands need to be updated by moving the data array out of the attribs array.
2. The command data is unboxed when passed, each command handler method no longer received a 'command' config option but received the command options directly.

Todo:

The default type for the toolbar dialog command has been changed to 'ajax'. The ajax dialog is currently not styled. Default styling needs to be added.

Syncs joomlatools/joomlatools-framework#54

Implement the specification pattern to make it easier to manage and reuse specific business rules. We use this in joomlatools/support.joomlatools.com to mostly manage subscription and download rules. Examples and implementation can be found in ticket joomlatools/support.joomlatools.com#866.

Links:

• http://martinfowler.com/apsupp/spec.pdf
• https://lostechies.com/chrismissal/2009/09/11/using-the-specification-pattern-for-querying/
• https://github.com/mbrevda/SpecificationPattern
• https://github.com/cakper/specification
• http://marcaube.ca/2015/05/specifications

Allow to remove a config option by searching the array.

Following the idea that you should be able to get all the data through the controller, it kind of makes sense to add a count action to the controller either directly or through a countable controller behavior. This makes the API cleaner to document and explain.

See:

• https://support.joomlatools.com/forums/topic/6896-get-total-number-of-documents-for-a-given-query

See joomlatools/joomlatools-framework#29

Explicitly setting Accept-Ranges: none when Accept-Ranges is not defined gives problems with Nginx Proxy-Caching mechanism.

Sync with joomlatools/joomlatools-framework#55

HTTP security headers are a new standard for increasing security by communicating to the browser certain things that should be allowed or not. Most of these could be controlled via the framework.

Headers:

• Strict-Transport-Security
• Content-Security-Policy
• Public-Key-Pins
• X-Frame-Options
• X-XSS-Protection
• X-Content-Type-Options

Background:

• https://www.keycdn.com/blog/http-security-headers/
• https://securityheaders.io/
• http://c0nrad.io/blog/csp.html

Add a new StringEscaper package to improve escaping in strings in different contexts.

Inspiration: https://github.com/zendframework/zend-escaper

Add getLanguage() method to localizable behaviors and add a 'language' function to the template.

• Move text property routing into routable ViewBehaviorRoutable
• Move sparse fields handling into ModelBehaviorSparsable

The EventMixin interface is not used by the framework do not mix it automatically in controller, view and model.

See: https://github.com/select2/select2/releases/tag/4.0.2

Do not extend ModelEntityComposite and DatabaseRowsetAbstract from ObjectSet, instead compose the objectset as private class property.

Breaking changes:

• If you are extending from ObjectSet you can no longer access the 'data' property. To migrate your code use the API instead.
• ModelEntityComposite::toArray() no longer flattens the whole entity collection it only returns a array representation of the current entity. To migrate your code, use iterator_to_array if you want to get a array representation of the all entities in the collection, or traverse through the collection.
• DatabaseRowsetAbstract::toArray() no longer flattens the whole entity collection it only returns a array representation of the current entity. To migrate your code, use iterator_to_array if you want to get a array representation of the all entities in the collection, or traverse through the collection.
• Both ModelEntityComposite and DatabaseRowsetAbstract no longer have an top() method. To migrate your code remove the top() method. The composable pattern will ensure that you always get the current entity returned.

Refactor the ClassLoader and ObjectManager and remove singletons. Instead store an instance of the class loader in the object manager and store an instance of the object manager in 'Kodekit'. Allow to set the debug and the cache through objects methods instead of setting them in the constructor.

Additionally add support for callStatic() to proxy static calls to the Kodekit class to the ObjectManager, eg Kodekit::getObject('com:foo.controller.bar');

See: http://php.net/manual/en/language.errors.php7.php

Move the vcard view to the users component in the platform

• Remove onException event. Register the 'fail' dispatcher method directly with the exception handler.
• Add a eventable behavior to emit events

Right now the object locator can only be retrieved by it's name, which represents the type, eg 'com'. For clarity it would be better if you could do $manager->getLocator('component') too.

To prevent issues with Varnish do not try to flush the complete stream to php://output if the response is not streamable, instead just echo the content of the stream to the output buffer.

See: http://jsonapi.org/format/#fetching-sorting
See: http://www.rubydoc.info/github/Neson/api_helper/master/APIHelper/Sortable

Breaking changes:

• The 'direction' model state has been removed. To migrate your code sort fields need to be prepended with '-' to signal a descending sort direction.

See: http://php.net/manual/pl/function.ob-end-clean.php#103817

Take note that if you change zlib output compression setting in
between ob_start and ob_end_clean or ob_end_flush, 
you will get an error:
ob_end_flush() failed to delete buffer zlib output compression

• Implement dispatcher decoration by forwarding to one or more stacked controllers
• Implement view decoration by forwarding to one or more stacked templates
• Improve the decorator filter allow to specific element and attributes to be set

Breaking change: The Library\ViewTemplate no longer automatically adds the 'decorator' filter. To migrate: add the decorator filter if the dispatcher decoratable behavior is not used.

• Remove find() method
• Add parseIndentifier() method
• Make locate() method final

Add support for window.location to the redirects and fallback on meta-refresh only when client has no javascript capabilities.

See: https://en.wikipedia.org/wiki/Meta_refresh

HttpUrl implements a custom path encoding mechanism which does not properly escape the path. Refactor HttpUrl and harden it using rawurlencode() instead of a urlencode() or custom path encoding.

Note: since PHP5.3 rawurlencode comforms to rfc3986. (more info)

Prompt entires for select boxes are now scattered all over the place. optionlist supports it for only select2 at the moment.

Make the support universal by automatically adding the prompt entry to the options list.

See joomlatools/joomlatools-framework#22

See joomlatools/joomlatools-framework#26

When a row is re-ordered with a positive change, other rows' ordering data is not properly updated.

Add a isMixedMethod() method to Object class and make the _mixed_method class property private.

Improve the ClassLoader performance by implementing a namespace => locator map. Create the mapping on the fly when the class => path is being resolved.