Cool - great to see it ready for sf 1.3 On Wed, 28 Oct 2009 18:49:21 +0100, Tom Boutell <t...@punkave.com> wrote:
> > Version 1.1.0 of sfDoctrineApplyPlugin has been released. > > Two important changes you need to understand before upgrading: > > 1. A security improvement. Previously usernames and full names were > not validated apart from their length. Now usernames are required to > contain only "word characters" (letters, digits and underscores), and > full names may still contain a wide range of characters but never > these: > > < > & | > > The first three should be self-explanatory: full names are now safe to > echo unescaped. Many devs probably weren't doing that, but I suspect > that most devs were echoing usernames unescaped (they are validated to > be safe in most systems). So they will definitely want this upgrade. > > We have provided a task to clean up existing usernames and full names. > This task produces a report to help you inform any users who need to > be notified that their username has changed: > > ./symfony sfDoctrineApply:clean-names > > 2. sfDoctrineApplyPlugin now uses Zend Mail. We are using it because > at the time we made the decision to switch, SwiftMail had not yet been > taken under Fabien's wing, our other plugins already required Zend, > SwiftMail 3.0 had been terminated and we didn't want to require two > external libraries where one would do. > > This change requires a few modifications to your app.yml if you are > specifying an alternate mailer. If you are using the default mailer > you will not need to make changes, apart from installing Zend if you > do not already have it (for instance, for search). > > Today, of course, we know that SwiftMail is blessed by Fabien and will > be included in Symfony 1.3. So I understand if you find this change a > little odd. However, you can easily override our use of Zend Mail by > subclassing the sfApply controller class in your application. > > * * * > > "Why did you forbid | in full names?" > > We forbade | because it is part of our favorite microformat for lists > of unambiguous full names in sfGuard apps: > > John Doe (jdoe) | Jane Smith (jsmith) | John Doe (jdoe2) > > This is handy when passing lists of users as form fields etc. and > allows for nifty progressive enhancement stuff on the client side. > -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en -~----------~----~----~----~------~----~------~--~---