Releases: trongate/trongate-framework
Improved form helpers and full integration with Trongate MX
This release introduces a variety of improvements and fixes to Trongate's form helper functions. The most significant changes are:
-
A FIX to the form_button() function. Previously, this was incorrectly rendering a button with a type of 'submit'.
-
A CHANGE to the workings of the post() function. When you pass a second argument of 'true' (boolean) to the post() function, string cleaning now involves simple trimming with normalization of excessive spacing.
-
The validation class now invokes the post() function when set_rules is called. This eliminates the disjointed process where validation would evaluate one version of a posted variable while the database potentially inserted or updated a different version.
**IMPORTANT: Please update the following folders after installing this release:
- public/js
- public/css**
Corrections and Improved Post Helper Function
Release Notes
[1.1.0] - 2024-09-01
Corrections
The function now returns an empty string ('') instead of NULL if a field is not found.
License files have now been updated to prevent infinite 'update framework' requests from the Desktop App.
Enhancements
- Improved
post()
Function: Thepost()
function has been updated to handle both traditional form-encoded POST data and JSON payloads. This enhancement provides greater flexibility and simplifies the process of retrieving and cleaning POST data.
Changes
-
Dot Notation for Nested Fields: The
post()
function now supports dot notation for accessing nested fields in JSON data. This allows you to retrieve values from nested structures with ease. For example,post('user_data.address.street')
will access thestreet
field insideaddress
underuser_data
. -
Default Return Value: The function now returns an empty string (
''
) if the specified field is not found in the POST data. This change provides a more predictable and useful default value compared toNULL
. -
JSON Data Handling: JSON payloads are now automatically parsed and cached for subsequent calls. If JSON decoding fails, an exception is thrown, ensuring that errors are properly handled and reported.
New Features
- Sanitization and Cleaning: When the
$clean_up
parameter is set totrue
, the function will:- Trim: Remove leading and trailing whitespace from string values.
- Sanitize: Apply
htmlspecialchars()
to convert special characters to HTML entities, protecting against XSS attacks. - Type Conversion: Convert numeric strings to integers or floats based on their content.
- Recursive Sanitization: Apply sanitization recursively to all string elements within arrays.
Example Usage
// Retrieve raw POST data
$username = post('username');
// Retrieve sanitized and potentially converted POST data
$age = post('age', true);
// Example with type conversion
$price = post('price', true);
// If POST data contains '19.99', $price will be float(19.99)
// If POST data contains '20', $price will be int(20)
// Handling JSON data
$jsonData = post('user_data');
// If POST contains JSON like '{"name": "John", "age": 30}',
// $jsonData will be an array(['name' => 'John', 'age' => 30])
// Handling nested JSON data
$street = post('user_data.address.street', true);
// If POST contains JSON like '{"user_data": {"address": {"street": "123 Main St"}}}',
// $street will be "123 Main St" (sanitized)
Corrected And Improved Post() Function
Release Notes
[1.1.0] - 2024-09-01
Correction
The function now returns an empty string ('') instead of NULL if a field is not found.
Enhancements
- Improved
post()
Function: Thepost()
function has been updated to handle both traditional form-encoded POST data and JSON payloads. This enhancement provides greater flexibility and simplifies the process of retrieving and cleaning POST data.
Changes
-
Dot Notation for Nested Fields: The
post()
function now supports dot notation for accessing nested fields in JSON data. This allows you to retrieve values from nested structures with ease. For example,post('user_data.address.street')
will access thestreet
field insideaddress
underuser_data
. -
Default Return Value: The function now returns an empty string (
''
) if the specified field is not found in the POST data. This change provides a more predictable and useful default value compared toNULL
. -
JSON Data Handling: JSON payloads are now automatically parsed and cached for subsequent calls. If JSON decoding fails, an exception is thrown, ensuring that errors are properly handled and reported.
New Features
- Sanitization and Cleaning: When the
$clean_up
parameter is set totrue
, the function will:- Trim: Remove leading and trailing whitespace from string values.
- Sanitize: Apply
htmlspecialchars()
to convert special characters to HTML entities, protecting against XSS attacks. - Type Conversion: Convert numeric strings to integers or floats based on their content.
- Recursive Sanitization: Apply sanitization recursively to all string elements within arrays.
Example Usage
// Retrieve raw POST data
$username = post('username');
// Retrieve sanitized and potentially converted POST data
$age = post('age', true);
// Example with type conversion
$price = post('price', true);
// If POST data contains '19.99', $price will be float(19.99)
// If POST data contains '20', $price will be int(20)
// Handling JSON data
$jsonData = post('user_data');
// If POST contains JSON like '{"name": "John", "age": 30}',
// $jsonData will be an array(['name' => 'John', 'age' => 30])
// Handling nested JSON data
$street = post('user_data.address.street', true);
// If POST contains JSON like '{"user_data": {"address": {"street": "123 Main St"}}}',
// $street will be "123 Main St" (sanitized)
Enhanced post() Function with JSON Support
We're excited to announce a significant enhancement to the Trongate framework's post()
function. This update brings improved flexibility and modernizes our approach to handling POST data, all while maintaining our commitment to stability and backward compatibility.
What's New?
The post()
function now seamlessly handles both traditional form-encoded data and JSON payloads. This means you can now use post()
to retrieve data from API requests that send JSON, in addition to its existing capabilities with form submissions.
Key Benefits
- Enhanced Flexibility: Work with both form data and JSON payloads using the same familiar function.
- API-Ready: Easily handle data from modern, JSON-based API requests.
- Simplified Development: No need to change your approach based on the incoming data type -
post()
handles it all. - Future-Proof: As web development trends towards more API-driven approaches, your Trongate applications are ready.
- Maintained Security: Our existing sanitization and type conversion features now extend to JSON data as well.
Stability: Our Top Priority
We understand the importance of stability in your projects. That's why we've implemented this enhancement in a way that doesn't break existing code. If you're currently using post()
with form-encoded data, your code will continue to work exactly as it did before.
How It Works
The enhanced post()
function automatically detects whether the incoming request contains form-encoded data or a JSON payload. It then processes the data accordingly, allowing you to retrieve values using the same syntax you're already familiar with. Importantly, the optional second argument for sanitization continues to work for both form-encoded and JSON data.
// Works with both form data and JSON payloads
$user_name = post('user_name'); // Raw data
$user_age = post('user_age', true); // Sanitized data
// Handling nested JSON data
$user_address = post('user_address'); // Raw nested data
$user_street = post('user_address.street', true); // Sanitized nested data
// If JSON payload is:
// {
// "user_name": "John Doe",
// "user_age": "30",
// "user_address": {
// "street": "123 Main St",
// "city": "Townsville"
// }
// }
// $user_name will be "John Doe"
// $user_age will be 30 (integer)
// $user_address will be ['street' => '123 Main St', 'city' => 'Townsville']
// $user_street will be "123 Main St" (sanitized)
Corrections to get_data_from_db() and post()
This commit restores our original get_data_from_db() method.
Over the last few weeks, we had switched to a newer syntax, but it proved difficult to work with and caused issues for our code generator. Additionally, we have fixed the post() helper function, which was erroneously returning NULL values instead of empty strings when a targeted posted variable was not found.
Fixed form_file_select function glitch and new Trongate MX attributes
Introduced 'mx-during-request' and 'mx-after-swap' attributes to enhance user experience in Trongate MX. The 'mx-during-request' controls the appearance of elements during AJAX requests, while 'mx-after-swap' allows executing JavaScript functions after content swaps. Refactored app.js to add a feature that closes open modals when clicking outside of them (which was surprisingly tricky!). Special thanks to our very own Godfather of Speed Coding, Dafa, for fixing the recent glitch with the form_submit() helper method. Everything's smooth and running perfectly now!
ALSO, this update includes a fix for the form_file_select() form helper function.
New Trongate MX Features & Form Submit Fix
Introduced 'mx-during-request' and 'mx-after-swap' attributes to enhance user experience in Trongate MX. The 'mx-during-request' controls the appearance of elements during AJAX requests, while 'mx-after-swap' allows executing JavaScript functions after content swaps. Refactored app.js to add a feature that closes open modals when clicking outside of them (which was surprisingly tricky!). Special thanks to our very own Godfather of Speed Coding, Dafa, for fixing the recent glitch with the form_submit() helper method. Everything's smooth and running perfectly now!
New Features, Improvements, Fixes and Enhancements
Version: 1.3.3055
A great deal has happened between versions 1.3.3054 and 1.3.3055:
We have introduced new helper functions, such as extract_content().
Corrections have been made regarding how child assets are served.
All form_helper() functions have been refactored.
There are various improvements to Trongate MX, including new attributes like mx-remove.
Everything new discussed in the docs, and you’ll be pleased to know there are no breaking changes!
Community Fixes and New Helper Functions
This update fixes one or two imperfections that were identified and resolved by beautiful members of our community. We also have one or two new helper functions, such as extract_content(). Check the docs for full details at: https://trongate.io/docs/trongate-api-reference.
PLEASE NOTE: Automatic framework updates carried out via the Desktop App will NOT add Trongate Pages or Trongate MX. Automatic updates ONLY switch the 'engine' folder. Developers who wish to use the latest version of either Trongate Pages or Trongate MX are advised to download a fresh and latest version of the Trongate framework. If you wish to add Trongate MX or Trongate Pages to an existing project, the advice is to get the latest version of those modules from a new Trongate installation. Also, copy and paste public/js/trongate-mx.js and public/css/trongate.css. Finally, you are encouraged to add a tag to the HEAD section of your templates if you plan on using Trongate Pages or Trongate MX.
v1.3.3053 Security Enhancements
This release introduces a new sanitize_file_path function within the Core class to enhance security.
This function resolves and validates file paths to ensure they are within allowed base directories, preventing directory traversal attacks.
Updated the serve_vendor_asset and serve_module_asset methods to utilize this new function, adding an extra layer of protection against unauthorized access to sensitive files. These improvements fortify the framework's security, ensuring safe file handling and mitigating potential vulnerabilities. Enjoy the enhanced robustness and peace of mind with Trongate framework v1.3.3053.