429 lines
18 KiB
Text
429 lines
18 KiB
Text
|
2.6.7
|
||
|
-----
|
||
|
|
||
|
Those using Smarty with security enabled: a hole was found that allowed PHP code to be executed from within a template file. This has been fixed and you are engouraged to upgrade immediately. Note that this hole does NOT affect the security of your web server or PHP applications, only the ability for someone editing a template to execute PHP code. Other changes in this release can be found in the NEWS file.
|
||
|
|
||
|
2.5.0
|
||
|
-----
|
||
|
|
||
|
Very minor adjustments since RC2, see the NEWS file for details.
|
||
|
|
||
|
2.5.0-RC2
|
||
|
---------
|
||
|
|
||
|
Many fixes since the RC1 release. This one is as close to production quality as
|
||
|
they come, so this will be the last release before 2.5.0. The SGML documentation
|
||
|
files have also been removed from the tarball. If you want them, get them from
|
||
|
the CVS repository.
|
||
|
|
||
|
2.5.0-RC1
|
||
|
---------
|
||
|
|
||
|
Release Candidate 1. All $smarty vars can now be dynamic, such as
|
||
|
$smarty.get.$foo. A new class function get_function_object() gets you a
|
||
|
reference to an assigned object, useful within your own custom functions.
|
||
|
append() can now merge as well as append with a third optional attribute. A new
|
||
|
class function get_config_vars() was added, and get_template_vars() can now be
|
||
|
used to get individual vars. Full variable syntax is now supported within
|
||
|
double quotes via a backtick (`) syntax. Files created by smarty are now
|
||
|
written to a tmp file then renamed to avoid file lock retention. html_radios,
|
||
|
html_checkboxes, html_table, html_image, nl2br functions added, see the NEWS
|
||
|
file for full details.
|
||
|
|
||
|
2.4.2
|
||
|
-----
|
||
|
Another point release. Added support for dynamic object reference syntax
|
||
|
($foo->$bar), support for full variable syntax within quotes ("$foo[0].bar"),
|
||
|
and other minor fixes. See the NEWS file for full details.
|
||
|
|
||
|
2.4.1
|
||
|
-----
|
||
|
|
||
|
This is basically a point release, cleaning up a few things caught
|
||
|
in the 2.4.0 release. See the NEWS file for full details.
|
||
|
|
||
|
2.4.0
|
||
|
-----
|
||
|
|
||
|
Smarty now supports the ability to access objects within the templates. Two
|
||
|
methods are available, one which closely follows Smartys conventions, and
|
||
|
another that follows more traditional object syntax for those familiar with
|
||
|
PHP.
|
||
|
|
||
|
The internal compiling engine has also undergone some major work. The regex
|
||
|
parsing was rewritten to be much more strict, more secure and more
|
||
|
maintainable. Config files are now compiled, which can speed up pages quite a
|
||
|
bit that use config files extensively. Assigned variables are no longer
|
||
|
extracted to PHP namespace, saving an extract call for every template. There is
|
||
|
now support for applying modifiers to static values and functions. You can now
|
||
|
access constants with $smarty.const.VAR. See the NEWS file for complete
|
||
|
changes.
|
||
|
|
||
|
2.3.1
|
||
|
-----
|
||
|
|
||
|
The mtime on compiled files will now match the source files, in the case where
|
||
|
the source file may not get the current timestamp, recompiling will still work
|
||
|
as expected. Proper support for open_basedir has been added, so Smarty should
|
||
|
work correctly in safe mode. Added a few new features such as textformat block
|
||
|
function, strip variable modifier and optgroup support for html_options. Also
|
||
|
other minor bug fixes, see the Change Log.
|
||
|
|
||
|
2.3.0
|
||
|
-----
|
||
|
|
||
|
Smarty now has a {debug} template function that brings up the debugging console
|
||
|
right where {debug} is called, regardless of $debugging settings. This works a
|
||
|
little different than turning on $debugging in the sense that it shows all the
|
||
|
template variables available at the time {debug} is called, including local
|
||
|
scope vars. It does not show the templates names however, since this
|
||
|
executed during runtime of the template.
|
||
|
|
||
|
You can now supply an expire time when clearing cache or compile files. This is
|
||
|
mostly useful for removing stale files via the API.
|
||
|
|
||
|
Plugins now stop execution upon error, instead of outputting a warning and
|
||
|
continuing.
|
||
|
|
||
|
Two new API functions, assign_by_ref() and append_by_ref() were added. They
|
||
|
allow assigning template variables by reference. This can make a significant
|
||
|
performance gain, especially if you are assigning large arrays of data. PHP 5.0
|
||
|
will do this implicitly, so these functions are basically workarounds.
|
||
|
|
||
|
Several misc bug fixes, see the Change Log for information.
|
||
|
|
||
|
|
||
|
2.2.0
|
||
|
-----
|
||
|
|
||
|
Smarty now allows an array of paths for the $plugin_dir class variable. The
|
||
|
directories will be searched in the order they are given, so for efficiency keep
|
||
|
the most-used plugins at the top. Also, absolute paths to the plugin directories are
|
||
|
more efficient than relying on the PHP include_path.
|
||
|
|
||
|
Cache files can now be grouped with the cache_id. See the documentation under
|
||
|
the new "Caching" section for details. compile_id also respects the same
|
||
|
grouping syntax. The cache/compile file structure changed, so be sure to clear
|
||
|
out all your cache and compile files when upgrading Smarty. Also if you are
|
||
|
using PHP-accelerator, restart apache. I've seen some quirky things happen if
|
||
|
the phpa files do not get cleared (known issue with phpa and parent
|
||
|
class-member changes, so just clear 'em.)
|
||
|
|
||
|
Smarty now correctly respects the PHP include_path for $template_dir, $compile_dir,
|
||
|
$cache_dir, $config_dir and $plugin_dir. Be aware that relying on the
|
||
|
include_path is an overhead, try to use absolute pathnames when possible
|
||
|
(or relative to working directory.)
|
||
|
|
||
|
Documentation has been updated and rearranged a bit. Most notably, the
|
||
|
installation instructions are completely revamped, and a new Caching section
|
||
|
explains Smarty's caching in detail along with the new grouping functionality.
|
||
|
|
||
|
Many misc. bug fixes and enhancements, see the full ChangeLog (NEWS file) for
|
||
|
details.
|
||
|
|
||
|
2.1.1
|
||
|
-----
|
||
|
|
||
|
There was a bug with template paths and the include_path, this has been fixed.
|
||
|
Also register_outputfilter() did not work, this is fixed. A new template
|
||
|
function named "cycle" has been added to the distribution, nice for cycling
|
||
|
through a list (or array) of values.
|
||
|
|
||
|
2.1.0
|
||
|
-----
|
||
|
|
||
|
This release has quite a few new features and fixes. Most notable are the
|
||
|
introduction of block functions, so you can write plugins that work on a block
|
||
|
of text with {func}{/func} notation. Also output filters were added, so you can
|
||
|
apply a function against the output of your templates. This differs from the
|
||
|
postfilter function, which works on the compiled template at compile time, and
|
||
|
output filters work on the template output at runtime.
|
||
|
|
||
|
Many other features and bug fixes are noted in the NEWS file.
|
||
|
|
||
|
|
||
|
2.0.1
|
||
|
-----
|
||
|
|
||
|
This is a point release, fixing a few bugs and cleaning things up. A plugin
|
||
|
was renamed, the dash "-" was removed from compiled template and cached file
|
||
|
names. If you're upgrading, you might want to clear them out first. See the
|
||
|
ChangeLog for details.
|
||
|
|
||
|
2.0.0
|
||
|
-----
|
||
|
|
||
|
This release is a huge milestone for Smarty. Most notable new things are a
|
||
|
plugin architecture, removal of PEAR dependency, and optimizations that
|
||
|
drastically improve the performance of Smarty in most cases.
|
||
|
|
||
|
The plugin architecture allows modifiers, custom functions, compiler functions,
|
||
|
prefilters, postfilters, resources, and insert functions to be added by
|
||
|
simply dropping a file into the plugins directory. Once dropped in, they are
|
||
|
automatically registered by the template engine. This makes user-contributed
|
||
|
plugins easy to manage, as well as the internal workings of Smarty easy to
|
||
|
control and customize. This new architecture depends on the __FILE__ constant,
|
||
|
which contains the full path to the executing script. Some older versions of
|
||
|
PHP incorrectly gave the script name and not the full filesystem path. Be sure
|
||
|
your version of PHP populates __FILE__ correctly. If you use custom template
|
||
|
resource functions, the format of these changed with the plugin architecture.
|
||
|
Be sure to update your functions accordingly. See the template resource section
|
||
|
of the documentation.
|
||
|
|
||
|
The PEAR dependancy was removed from Smarty. The Config_File class that comes
|
||
|
with Smarty was actually what needed PEAR for error handling which Smarty didn't
|
||
|
use, but now everything is self-contained.
|
||
|
|
||
|
Performance improvements are graphed on the benchmark page, you will see that
|
||
|
overall performance has been sped up by as much as 80% in some cases.
|
||
|
|
||
|
Smarty-cached pages now support If-Modified-Since headers, meaning that if a
|
||
|
cached template page has not changed since the last request, a "304 Not
|
||
|
Modified" header will be sent instead of resending the same page. This is
|
||
|
disabled by default, change the setting of $cache_modified_check.
|
||
|
|
||
|
|
||
|
1.5.2
|
||
|
-----
|
||
|
|
||
|
Mostly bug fixes, added a default template resource handler.
|
||
|
|
||
|
|
||
|
1.5.1
|
||
|
-----
|
||
|
|
||
|
Critical bug fix release. If you use caching, you'll need to upgrade.
|
||
|
|
||
|
|
||
|
1.5.0
|
||
|
-----
|
||
|
|
||
|
Several feature enhancements were made to this version, most notably the
|
||
|
{foreach ...} command which is an alternative to {section ...} with an easier
|
||
|
syntax for looping through a single array of values. Several functions were
|
||
|
enhanced so that the output can be automatically assigned to a template
|
||
|
variable instead of displayed (assign attribute). Cache files can now be
|
||
|
controlled with a custom function as an alternative to the built-in file based
|
||
|
method. Many code cleanups and bug fixed went into this release as well.
|
||
|
|
||
|
|
||
|
1.4.6
|
||
|
-----
|
||
|
|
||
|
The behavior with caching and compile_check has been slightly enhanced. If
|
||
|
caching is enabled AND compile_check is enabled, the cache will immediately get
|
||
|
regenerated if _any_ involved template or config file is updated. This imposes
|
||
|
a slight performance hit because it must check all the files for changes, so be
|
||
|
sure to run live sites with caching enabled and compile_check disabled for best
|
||
|
performance. If you update a template or config file, simply turn on
|
||
|
compile_check, load the page, then turn it back off. This will update the cache
|
||
|
file with the new content. This is accomplished by maintaining a list of
|
||
|
included/loaded templates and config files at the beginning of the cache file.
|
||
|
Therefore it is advisable to remove all cache files after upgrading to 1.4.6
|
||
|
(although not absolutely necessary, old cache files will regenerate)
|
||
|
|
||
|
The debug console now has script timing and array values printed. You MUST
|
||
|
update your debug.tpl file with this version of Smarty. Also, the new debug.tpl
|
||
|
will not work with older versions of Smarty.
|
||
|
|
||
|
|
||
|
1.4.5
|
||
|
-----
|
||
|
|
||
|
Mostly bug fixes and minor improvements. Added compile id for separate compiled
|
||
|
versions of the same script. The directory format and filename convention for
|
||
|
the files in templates_c has changed, so you may want to remove all of the
|
||
|
existing ones before you upgrade.
|
||
|
|
||
|
|
||
|
1.4.4
|
||
|
-----
|
||
|
|
||
|
A few bug fixes, new section looping attributes and properties, debugging
|
||
|
console function for control via URL, and overLib integration and access
|
||
|
to request variables from within the template.
|
||
|
|
||
|
|
||
|
1.4.3
|
||
|
-----
|
||
|
|
||
|
This release has a few bug fixes and several enhancements. Smarty now supports
|
||
|
template security for third-party template editing. These features disallow the
|
||
|
ability for someone to execute commands or PHP code from the template language.
|
||
|
Smarty also now has a built-in debugging console, which is a javascript pop-up
|
||
|
window that displays all the included template names and assigned variables.
|
||
|
|
||
|
|
||
|
1.4.2
|
||
|
-----
|
||
|
|
||
|
This was mostly one bug fix with variable scoping within included templates
|
||
|
and a few documentation changes and updates. See the ChangeLog file for full
|
||
|
details.
|
||
|
|
||
|
|
||
|
1.4.1
|
||
|
-----
|
||
|
|
||
|
It seems that the EX_LOCK logic from the previous release didn't fix all the
|
||
|
problems with windows platforms. Hopefully this one does. It basically
|
||
|
disables file locking on windows, so there is a potential that two programs
|
||
|
could write over the same file at the same time, fyi.
|
||
|
|
||
|
The reset is minor bug fixes, please refer to the ChangeLog file.
|
||
|
|
||
|
|
||
|
1.4.0
|
||
|
-----
|
||
|
|
||
|
IMPORTANT NOTICE
|
||
|
|
||
|
Smarty now has a new syntax for accessing elements within section loops. The
|
||
|
new syntax is easier to use and nicely handles data structures of any
|
||
|
complexity. Consequently, this breaks the old syntax.
|
||
|
|
||
|
Here is an example of the syntax change:
|
||
|
|
||
|
old syntax:
|
||
|
{$sec1/sec2/sec3/customer.phone}
|
||
|
|
||
|
new syntax:
|
||
|
{$customer[$sec1][$sec2][$sec3].phone}
|
||
|
|
||
|
The section names used to come first, followed by the variable name. Now the
|
||
|
variable name always comes first, followed by the section names in brackets.
|
||
|
You can access variable indexes anywhere, depending on how you passed the
|
||
|
variables in.
|
||
|
|
||
|
To fix your current templates, we have provided a script that will adjust the
|
||
|
syntax for you. Located in misc/fix_vars.php, run this script from the the
|
||
|
command line, giving each template as an argument. Be sure to use absolute
|
||
|
pathnames, or pathnames relative to the executing script. Probably the easiest
|
||
|
way to do this is to copy the fix_vars.php script into your template directory
|
||
|
and run 'php -q fix_vars.php *.tpl' Be sure you have proper write permission,
|
||
|
and backup your scripts first to be safe! The examples in the 1.4.0
|
||
|
documentation have been updated to reflect the changes.
|
||
|
|
||
|
cd /path/to/templates
|
||
|
cp /path/to/fix_vars.php .
|
||
|
find . -name "*.tpl" -exec php -q ./fix_vars.php {} \;
|
||
|
|
||
|
NEW AND IMPROVED COMPILATION PROCESS
|
||
|
|
||
|
Smarty 1.4.0 also has a new compilation process. Instead of compiling all the
|
||
|
templates up front, it now compiles them at runtime. This has several
|
||
|
advantages. First of all, there is no longer a need to have a single template
|
||
|
directory. You can now have arbitrary template sources, such as multiple
|
||
|
directories or even database calls. This also speeds the performance of Smarty
|
||
|
when $compile_check is enabled, since it is only checking the template that is
|
||
|
being executed instead of everything found in the template directory. The
|
||
|
$tpl_file_ext is no longer needed, but kept for backward compatability.
|
||
|
Templates can now be named anything you like with any extension.
|
||
|
|
||
|
MINOR FIXES
|
||
|
|
||
|
A workaround for LOCK_EX on Windows systems was added, and changed a couple of
|
||
|
file permissions for better security on public servers.
|
||
|
|
||
|
$show_info_header is now defaulted to false instead of true. This header causes
|
||
|
problems when displaying content other than HTML, so now you must explicitly
|
||
|
set this flag to true to show the header information (or change the default in
|
||
|
your copy of Smarty.)
|
||
|
|
||
|
Documentation is written in docbook format. I updated the docbook -> HTML
|
||
|
generating software & style-sheets, and consequently the examples are no longer
|
||
|
in a different background color. If anyone wants to contribute a better
|
||
|
stylesheet or help with documentation, drop me a line. <monte at ohrt dot com>
|
||
|
|
||
|
CHANGES/ENHANCEMENTS/UPDATES
|
||
|
|
||
|
date_format, html_select_date and html_select_time used to require a unix
|
||
|
timestamp as the format of the date passed into the template. Smarty is now a
|
||
|
bit smarter at this. It will take a unix timestamp, a mysql timestamp, or any
|
||
|
date string that is parsable by strtotime, such as 10/01/2001 or 2001-10-01,
|
||
|
etc. Just give some formats a try and see what works.
|
||
|
|
||
|
Smarty now has template prefilters, meaning that you can run your templates
|
||
|
through custom functions before they are compiled. This is good for things like
|
||
|
removing unwanted comments, keeping an eye on words or functionality people are
|
||
|
putting in templates, translating XML -> HTML, etc. See the register_prefilter
|
||
|
documentation for more info.
|
||
|
|
||
|
Another addition are the so-called compiler functions. These are custom
|
||
|
functions registered by the user that are executed at compilation time of the
|
||
|
template. They can be used to inject PHP code or time-sensitive static content
|
||
|
into the compiled template.
|
||
|
|
||
|
The run-time custom functions are now passed the Smarty object as the second
|
||
|
parameter. This can be used, for example, to assign or clear template variables
|
||
|
from inside the custom function.
|
||
|
|
||
|
clear_compile_dir() was added for clearing out compiled versions of your
|
||
|
templates. Not something normally needed, but you may have a need for this if
|
||
|
you have $compile_check set to false and you periodically update templates via
|
||
|
some automated process. As of 1.4.0, uncompiled templates _always_ get
|
||
|
compiled regardless of $compile_check setting, although they won't be checked
|
||
|
for recompile if $compile_check is set to false.
|
||
|
|
||
|
You can now refer to properties of objects assigned from PHP by using the '->'
|
||
|
symbol and specifying the property name after it, e.g. $foo->bar.
|
||
|
|
||
|
{php}{/php} tags were added to embed php into the templates. Not normally
|
||
|
needed, but some circumstances may call for it. Check out the "componentized
|
||
|
templates" tip in the documentation for an example.
|
||
|
|
||
|
{capture}{/capture} and {counter} functions were added. See the documentation
|
||
|
for a complete description and examples.
|
||
|
|
||
|
UPGRADE NOTES
|
||
|
|
||
|
The format of the files created in the $compile_dir are now a bit different.
|
||
|
The compiled template filename is the template resource name url-encoded.
|
||
|
Therefore, all compiled files are now in the top directory of $compile_dir.
|
||
|
This was done to make way for arbitrary template resources. Each compiled
|
||
|
template also has a header that states what template resource was used to
|
||
|
create it. From a unix command prompt, you can use "head -2 *" to see the first
|
||
|
two lines of each file.
|
||
|
|
||
|
When upgrading to 1.4.0, you will want to clear out all your old files in the
|
||
|
$compile_dir. If you have $compile_check set to false and the compiled template
|
||
|
does not yet exist, it will compile it regardless of this setting. This way you
|
||
|
can clear out the $compile_dir and not worry about setting $compile_check to
|
||
|
true to get the inital compilation under way.
|
||
|
|
||
|
|
||
|
1.3.2
|
||
|
-----
|
||
|
|
||
|
Smarty now has (an optional) header prepended to the output of the Smarty
|
||
|
templates. This displays the Smarty version and the date/time when the page was
|
||
|
generated. This is useful for debugging your cache routines, and purely
|
||
|
informational so there is evidence that the page was generated by Smarty. Set
|
||
|
$show_info_header to false to disable it.
|
||
|
|
||
|
{config_load ...} performance was tuned by placing the loaded variables into a
|
||
|
global array, so basically a config file is read from the file system and
|
||
|
placed into a php array structure only once, no matter how many times it is
|
||
|
called in any of the templates. The scope of the loaded variables has changed a
|
||
|
bit as well. Variables loaded by config_load used to be treated as global
|
||
|
variables, meaning that parent templates (templates that included the current
|
||
|
template) could see them. Now the default behavior is such that loaded
|
||
|
variables are only visible by the current template and child templates (all
|
||
|
templates included after the {config_load ...} is called.) To mimic the
|
||
|
original behavior, provide the attribute "global=yes" like so: {config_load
|
||
|
file="mystuff.conf" global=yes}. Now when you load in mystuff.conf, the
|
||
|
variables will be visible to parent templates (merged with any existing config
|
||
|
variables.)
|
||
|
|
||
|
A formatting attribute was added to the {math ...} function, adding the ability
|
||
|
to control the format of the output. Use the same formatting syntax as the PHP
|
||
|
function sprintf().
|
||
|
|
||
|
{html_select_time ...} was added, a custom function that works much like
|
||
|
{html_select_date ...} except it displays time elements instead of dates.
|
||
|
|
||
|
A few custom modifiers were added: count_characters, count_words,
|
||
|
count_sentences, count_paragraphs. All pretty self-explanatory.
|
||
|
|
||
|
/* vim: set et: */
|