Jul 11
Permalink

Agavi 1.0.6 RC1 released!

We’re happy to announce that the first release candidate for version 1.0.6 is now available for download at agavi.org and through the PEAR channel.

This release adds a database adapter for Doctrine 2, a renderer for the Twig template engine, a native session storage for ext/sqlsrv and various enhancements such as support for Smarty 3 in the existing renderer and extended configuration abilities for the Doctrine 1 database adapter.

Doctrine 2 support was added, both for the ORM (AgaviDoctrine2ormDatabase) and the DBAL (AgaviDoctrine2dbalDatabase) libraries. The ORM adapter can optionally utilize a pre-configured DBAL connection instead of specifying connection details itself. Both adapters allow for easy extensibility with custom logic by exposing a prepareConfiguration() and a prepareEventManager() method that can be used to customize the configuration and the event manager, respectively. The API documentation for both classes contains a detailed list of all options; a typical ORM adapter configuration would look similar to this:

<database name="master" class="AgaviDoctrine2ormDatabase">
    <ae:parameter name="connection">
        <ae:parameter name="driver">pdo_mysql</ae:parameter>
        <ae:parameter name="host">127.0.0.1</ae:parameter>
        <ae:parameter name="user">root</ae:parameter>
        <ae:parameter name="dbname">test</ae:parameter>
    </ae:parameter>
    <ae:parameter name="configuration">
        <ae:parameter name="metadata_driver_impl_argument">%core.model_dir%/Entities</ae:parameter>
    </ae:parameter>
</database>

An example cli-config.php file demonstrating how to integrate Agavi with the Doctrine command line utilities can be found in etc/database/doctrine2.

The database adapter for Doctrine 1 now allows basic configuration of cache drivers for result and query caches, and added the ability to specify the class to use as the connection event listener - this allows a custom implementation to be used, where more advanced logic can be executed in the preConnect() event handler method, which is useful for modifying the connection or manager objects in ways not supported through configuration options.

It is now possible to use ext/sqlsrv as a session storage via AgaviSqlsrvSessionStorage as an alternative to interfacing with Microsoft SQL Server via PDO. The session table’s data column must be of type “varbinary”.

The Twig template engine is supported through AgaviTwigRenderer; includes and inheritance lookups are performed on the current directory first by default before falling back to the main template directory. The lookup sequence is configurable. The renderer will also attempt to load a localized template from a locale subdirectory first before picking a generic one if the template that initiated the include or extension was a localized template.

AgaviSmartyRenderer received minor adjustments to support Smarty 3 without triggering deprecation notices.

The Sample App now uses the regular “web” context to serve the WSDL for the product service; the WSDL contents can now be retrieved through the URL /products.wsdl.

The timezone database was updated to version 2011h.

A complete list of changes in this release can be found in the CHANGELOG. Please take it for a spin and report any issues before we release a final version soon!

Jun 16
Permalink

Agavi 1.0.5 released!

The final version of Agavi 1.0.5 is now available at www.agavi.org and through the PEAR channel.

A small number of fixes and changes have made it in since 1.0.5 RC1; the most important one is compatibility with PHPUnit 3.5.

To support PHPUnit 3.5, we had to drop support for PHPUnit 3.4 since a few backwards-incompatible changes were made that we could not work around. Your tests should not be affected, but your run-tests.php will likely need an adjustment to use PHP_CodeCoverage_Filter::getInstance()->addDirectoryToBlacklist() instead of the now-removed PHPUnit_Util_Filter::addDirectoryToFilter().

As always, CHANGELOG and RELEASE_NOTES will be happy to tell you all the details.

Another 1.0.6 release is planned soon with a few minor additions on the road to Agavi 1.1, which has made good progress over the last few weeks.

Jun 06
Permalink

Agavi 1.0.5 RC1 released!

Agavi 1.0.5 RC1 is now available for download at www.agavi.org and through the PEAR channel.

There are quite a few changes in this release, so I’ll quote from the RELEASE_NOTES:

This release improves the robustness of AgaviFormPopulationFilter especially for XHTML and HTML5, and fixes several issues. The database adapters for ext/mysql, ext/mysqli and ext/pdo (when used with MySQL connections) now also prevent potentially unsafe setting of connection encodings.

AgaviFormPopulationFilter can now recover from various non-fatal parse errors, such as unknown tags or malformed markup in HTML parsing mode, and undefined entities in XML parsing mode. This marks an end to issues with non-XML entities like “&nbsp;” in XML parsing mode, and allows the use of HTML5 elements (which libxml does not know yet) in HTML parsing mode (i.e. without using the XML serialization of HTML5). Instead of a boolean true or false, the configuration parameter “ignore_parse_errors” now takes the possible values “LIBXML_ERR_NONE” (equivalent to boolean false), “LIBXML_ERR_WARNING” (quite useless), “LIBXML_ERR_ERROR” (the new default) and “LIBXML_ERR_FATAL” (equivalent to boolean true). FPF will suppress errors and continue operation if the errors encountered during parsing do not exceed the configured maximum ignore level. In the event of a fatal error, such as malformed markup in XML parsing mode, FPF will silently abort execution if “LIBXML_ERR_FATAL” is configured, as fatal errors are not recoverable. In all other cases, FPF will throw an exception or recover from the error, depending on the configured ignore level and the highest error level encountered during parsing. The new default ignore level “LIBXML_ERR_ERROR” means that users will see significantly fewer errors during development; it also means, however, that in HTML parsing mode in particular, well-formedness errors may remain unnoticed. For this reason, FPF will continue to log errors (if logging is enabled), and map the error level of the parse error (LIBXML_ERR_WARNING, LIBXML_ERR_ERROR or LIBXML_ERR_FATAL) to the error level of the logging system (AgaviILogger::WARN, AgaviILogger::ERROR or AgaviILogger::FATAL). As a consequence, the “logging_severity” configuration parameter has been removed.

AgaviZendclouddocumentserviceDatabase is a database adapter for Zend Framework’s Zend_Cloud_DocumentService. It has a convenience interface mirroring most of the Zend_Cloud_DocumentService_Adapter functions in such a way that the collection/domain/database name does not have to be passed to every call. The collection name can then be configured in databases.xml.

AgaviMysqlDatabase, AgaviMysqliDatabase and AgaviPdoDatabase now throw errors when attempting to use a statement like “SET NAMES utf8” as an initialization query, since the respective client libraries (libmysql or mysqlnd) will not be aware of this changed character set. For the usual connection encodings like “latin1” or “utf8”, this is not a problem, but in combination with multi-byte character sets that use bytes without the most significant bit set in multi-byte character sequences (such as GBK or Big5), this may result in incorrectly quoted strings, which could ultimately result in vulnerabilities in applications. For AgaviMysqlDatabase and AgaviMysqliDatabase, the simple fix is to remove the “SET NAMES” query from “init_queries” and use the new option “charset” instead. For AgaviPdoDatabase, a similar approach (specifying the charset in the DSN) works for PHP version 5.3.6 and newer, but in older versions of PHP, the PDO MySQL driver ignores the “charset” option in the DSN. If your my.cnf configuration file specifies “latin1” and you simply switch to UTF-8 using “SET NAMES utf8”, this is no problem, but for some charsets, this may result in the quoting issues mentioned above. This is why AgaviPdoDatabase requires you to set “warn_mysql_charset” to false in such environments. With this flag explicitly disabled, it will also be possible to use “SET NAMES” init queries again, but be advised that this is at your own risk. You may mitigate the risks by using native prepared statements (disable PDO::ATTR_EMULATE_PREPARES), but this will not affect calls to PDO::quote() or prepared statements where this flag has been overridden.

Passing an empty string as the scheme in the options array when generating a URL with AgaviWebRouting will now produce a protocol-relative URL starting with “//”. This is useful for generated content embedded by third party sites that use both normal and secured HTTP transports.

AgaviMysqlSessionStorage and AgaviPdoSessionStorage have improved update and insert behaviors for MySQL that should eliminate occasional non-critical “exception thrown without a stack frame” errors on shutdown when no session data (including the timestamp) was modified.

AgaviCreoleDatabase, AgaviCreoleSessionStorage and support for Propel versions older than 1.3 in AgaviPropelDatabase have been marked deprecated and are slated for removal in Agavi 1.1.

The recommended URL rewrites in Apache .htaccess files have been adjusted once more to disable the DirectorySlash directive.

X-Forwarded-Proto style HTTPS indicators as used on Amazon’s Elastic Load Balancers are now supported for the “HTTPS” data source key in AgaviWebRequest.

The timezone database has been updated to 2011g.

As usual, the CHANGELOG has a comprehensive list of all changes. A final release will follow shortly if no show-stoppers are found.

Dec 19
Permalink

Agavi 1.0.4 released!

The final version of Agavi 1.0.4 is now available, our biggest maintenance release yet!

You can download it at agavi.org or install it via the pear.agavi.org PEAR channel.

Here is a summary of the most important changes over 1.0.3 (for a full list, please refer to the RELEASE_NOTES and CHANGELOG files):

  • Support for the Windows Azure platform
  • AgaviXsltRenderer
  • AgaviDoctrineDatabase lazy initialization
  • Logging enhancements
  • AgaviBooleanValidator and other validation improvements and fixes
  • Updated timezone database and Schematron implementation
  • PHPUnit is no longer bundled with Agavi
  • Resolves compatibility problems with Phing 2.4.4 due to a BC break
  • Improved exception rendering
  • New rewrites in the default .htaccess files

The ability to extract subpatterns in AgaviRegexValidator introduced in 1.0.4 RC1 has been modified, please see the associated ticket for details.

The next release will be 1.0.5 with a bunch of enhancements as detailed earlier this week; an RC should be out before the end of this year.

Happy holidays to you and your families!

Dec 14
Permalink

Agavi 1.0.4 RC1 released!

It’s been quite a while since our last release, so we’re happy to announce the availability of Agavi 1.0.4 RC1, our biggest maintenance release yet!

You can download it at agavi.org or install it via the pear.agavi.org PEAR channel.

Here is a summary of the most important changes in this release (for a full list, please refer to the RELEASE_NOTES and CHANGELOG files):

  • Support for the Windows Azure platform
  • AgaviXsltRenderer
  • AgaviDoctrineDatabase lazy initialization
  • Logging enhancements
  • AgaviBooleanValidator and other validation improvements and fixes
  • Updated timezone database and Schematron implementation
  • PHPUnit is no longer bundled with Agavi
  • Resolves compatibility problems with Phing 2.4.4 due to a BC break
  • Improved exception rendering

Please test this version thoroughly and report any issues. If there aren’t any major roadblocks, a final release should follow in a few days.

Version 1.0.5 is also being planned already and will feature a few enhancements such as support for the Doctrine 2, Smarty 3 and Twig libraries as well as more lenient parsing of forms by FPF in both HTML and XHTML mode.

Apr 16
Permalink

Agavi 1.0.3 released!

Agavi 1.0.3 has just been released and can be downloaded at agavi.org.

Only very few changes were done since RC1, so I’ll once more leave it to the RELEASE_NOTES to list the most important changes:

This maintenance release fixes a number of issues over Agavi 1.0.2 and features a few minor enhancements.

Several issues and inconsistencies have been fixed in AgaviNumberValidator and AgaviDecimalFormatter::parse(). Parsing behavior is now consistent with the NumberFormatter implementations of ICU and ext/intl. No integer overflow occurs when checking against min and max values, and the validator accepts non-strings as input. Exporting of the validated value is now possible, in which case the original argument is not mutated. Please note that the “number” validator shortcut definition specifies “int” as the default value for the “type” parameter. No value for “type” will automatically lead to integer or float values, depending on the size of the number in the input string. A cast to the specified type is now automatically performed if no “cast_to” parameter is given.

All file validators now perform case-insensitive checks against the list of allowed file extensions, which may now also be a parameter array instead of a space-separated list of values.

This release bumps the minimum required version of Phing to 2.4.0; this was necessary to fix some bugs with the build system that were next to impossible to fix for both 2.3 and 2.4 (which drastically changed some internals structures) at the same time.

An issue relating to the behavior of DOM in PHP 5.1.12 and PHP 5.2.3 has been addressed. Running Agavi 1.0.3 might be necessary under certain circumstances when using these versions of PHP.

A couple of minor fixes have been made to the routing; most notably, overwriting of routes in other <ae:configuration> blocks now always works as expected, even when using implied routes.

Some default code templates have been updated; most notably, caching configuration files now explicitly disable caching, as otherwise, Actions that do not use a View would be cached automatically.

The timezone database has been updated to version 2010h.

For a full list of changes, please refer to the CHANGELOG.

Apr 13
Permalink

Agavi on the Azure Platform

The next release of Agavi will have initial support for running applications on the Microsoft Windows Azure platform, as well as a database adapter for the new ext/sqlsrv driver to communicate with Microsoft SQL Server and support for the IIS7 web server, which now finally has a very nice rewrite module.

As always with these kind of features, the biggest task was getting to know the platform and its components. I spent a good amount of time setting up the necessary tools, learning the finer details of Azure deployment, researching on how the load balancing worked, finding the right rewrite rules for IIS and bending ext/sqlsrv to my will.

In Agavi itself, you will merely find a new session storage class (for cloud-based sessions), a new database adapter class to talk to MSSQL, and some minor modifications to the web request and routing implementations to deal with IIS7’s URL decoding behavior. The latter is still a work in progress, and requires a lot of testing since unfortunately, Apache/IIS/lighttpd/… all have vastly different behavior especially when it comes to URL decoding.

All of these updates will be in Agavi 1.0.4; I plan on releasing 1.0.3 as a final first (it’s been out there long enough in RC state now).

Expect a blog post with examples on how to get your Agavi app up and running on Azure very soon; especially with the Toolkit for Eclipse, it’s a remarkably convenient way of testing and deploying your applications on a cloud infrastructure. And there will, of course, be another article with a wrap-up of last week’s Jump In Camp.

Apr 07
Permalink

Jump In! Camp

Jump In! Developers’ Camp has started today at a beautiful resort near Zürich, Switzerland. Over the next three days, we’ll have workshops focusing on the topics of cloud computing, the Microsoft Azure platform. There are quite a bunch of fellow Open Source developers here, and it’ll be exciting to sit together and hack away on various features.

For Agavi, this means that work will be done this week on native support for the Azure cloud computing platform, support for IIS7 and the new SQL Server Driver for PHP. I’m also hoping to get some support in for the table and queue stores the Azure platform offers, although that will require a lot work on the new storage subsystem planned for Agavi 1.1 that will be difficult to squeeze into the next three days.

In addition to that, I’ve been working on support for both input types (finally!) and a new security infrastructure that decouples authentication and authorization and will allow you, among other things, to access validated request data, so you can for instance implement an ACL subsystem to perform authorization checks directly on your business objects.

I’ll blog several updates over the next few days, so stay tuned!

– David

Mar 22
Permalink

Agavi 1.0.3 RC1 released!

Agavi 1.0.3 RC1 is ready for testing and can be downloaded at www.agavi.org.

I’ll quote right from the release notes to give you an overview of the most important changes. Please help us test this release thoroughly!

This maintenance release fixes a number of issues over Agavi 1.0.2 and features a few minor enhancements.

Several issues and inconsistencies have been fixed in AgaviNumberValidator and AgaviDecimalFormatter::parse(). Parsing behavior is now consistent with the NumberFormatter implementations of ICU and ext/intl. No integer overflow occurs when checking against min and max values, and the validator accepts non-strings as input. Exporting of the validated value is now possible, in which case the original argument is not mutated. Please note that the “number” validator shortcut definition specifies “int” as the default value for the “type” parameter. No value for “type” will automatically lead to integer or float values, depending on the size of the number in the input string. A cast to the specified type is now automatically performed if no “cast_to” parameter is given.

All file validators now perform case-insensitive checks against the list of allowed file extensions, which may now also be a parameter array instead of a space-separated list of values.

This release bumps the minimum required version of Phing to 2.4.0; this was necessary to fix some bugs with the build system that were next to impossible to fix for both 2.3 and 2.4 (which drastically changed some internals structures) at the same time.

An issue relating to the behavior of DOM in PHP 5.1.12 and PHP 5.2.3 has been addressed. Running Agavi 1.0.3 might be necessary under certain circumstances when using these versions of PHP.

A couple of minor fixes have been made to the routing; most notably, overwriting of routes in other blocks now always works as expected, even when using implied routes.

Some default code templates have been updated; most notably, caching configuration files now explicitly disable caching, as otherwise, Actions that do not use a View would be cached automatically.

The timezone database has been updated to version 2010f.

For a full list of changes, please refer to the CHANGELOG.

Mar 09
Permalink

Agavi at ConFoo

The beacon of hope that is Agavi is carried to Montréal this week, where the ConFoo Web Tech conference takes place.

David will be giving a talk on Agavi, and although we know that some of you will be there to watch it live, all those who couldn’t make it to Montréal (it’s a lovely city, so consider attending next year) need not despair, as at least the slides, and possibly also a recording of the talk will be posted after the conference.

If you’re there in person, make sure to catch a seat in one of the front rows so you can be first in line after the talk to grab one of the Agavi t-shirts that made the long journey to Canada.