Release Notes: For improved security, the Synchronizer Token Pattern is now followed for referrer tokens in all URLs, ActionTickets now use hashed random tokens with timeout, only parameterized SQL queries are used (may be emulated), Parameterized queries are emulated for the old MySql driver, and PntValidationExceptions are thrown on invalid request data which should never be produced by applications.
Release Notes: For improved security, the complete code of the abstact user interfaces has been reviewed and improved to protect against cross site scripting. All request variables including cookies and server variables are now validated, character sets are specified explicitly, string conversion no longer propagates erroneous values, the X-Frame-Options header is supported, and Ajax requests are limited to the host the page originates from. Other improvements are a domain specific language style API for navigational queries, and easier Ajax requests to parts, subparts, and widgets.
Release Notes: This version was fully adapted to PHP 5. Specifically, ESTRICT standards are followed, variable references are no longer used to pass objects, and exceptions are used and handled. Flexibility was increased, with more seperate parts, paths for editing, a widget factory, and general functions override. Recusive object copying and menu highlighting were added.
Release Notes: Adapted to PHP 5.3. Subdirectories with classes can now be placed on arbitrary locations. The selection report page now shows the number of unique values for columns with non-numeric values. Some minor bugs were solved.
Release Notes: A database column mapping specification was added for use with existing databases. AJAX support, a user authorization API on the application and type levels, cross site scripting and request forgery prevention, and a database abstraction with direct support for MySQL and SQLite 2 and support for other databases through a PDO interface (PHP5 only) were added. The CRUD actions now use database transactions and they support cascaded deletion and protection against deletion if dependents exist. A user administration and authentication plugin is now avaliable separately.
Release Notes: Some bugs were fixed in the FilterFormPart (used by SearchPages), which resulted from cross site scripting prevention.
Release Notes: Support was added for user authorization on the application and type level, cross site scripting and request forgery prevention, cascaded delete, protection against delete if dependents exist, the use of database transactions, database abstraction with direct support for MySQL and SqlLite 2 databases and other databases through the PDO interface (requires PHP5). A user administration and authentication plugin is avaliable separately.
Release Notes: A scouting bug was fixed and several security improvements were made. The code was adapted to pass a semi-automated security check.
Release Notes: Many errors of the form E_NOTICE "Only variable references should be returned by reference" (in PHP 4.4 and 5.1 and up) were fixed. The new "NOT LIKE" comparator was added to SqlFilters. An advanced search was added.