Slim 2
https://github.com/slimphp/Slim
- Update unit tests for JSON decoding session cookie data
- Update build status indicator in README file
- Escape HTML in PrettyExceptions message and stack trace
- Fixes object injection vulnerability in SessionCookie.php
- Added new HTTP status codes
- Added default HTTP request port for Google App Engine
- Improved URI parsing
- Miscellaneous improvements
You can review commits at https://github.com/slimphp/Slim/commits/master
redirectTo
You can now use redirectTo
when you want to redirect to a named route. redirectTo
is a shortcut for redirect(urlfor(..))
$app->get('/', function () {})->name('home');
$app->get('/home', function () use ($app) {
$app->redirectTo('home');
});
Route::via() and Route::appendHttpMethods()
Allow passing array of methods to via()
and appendHttpMethods()
$app->get('/', function () {
echo "This route only available on GET and POST requests";
})->via(array('GET', 'POST'));
Other Changes
- Fix failed test because of hardcoded directory separator on Windows
- Add PHP 5.6 to Travis CI tests
- Added how to run Slim on Google App Engine/Cloud Platform to the README.markdown
- Lazy-initialize callables in
\Slim\Route::setCallable()
- Fix
\Slim\Http\Util::parseCookie()
for cookie values that contain "=" - Improved debug stack trace output
- Allow default values for
\Slim\Http\Request::params()
- Fix
X-Forwarded-For
header detection - Require
phpunit
as Composer dev dependency - Improve controller method name detection in
\Slim\Route::setCallable()
- Re-merge commits from a mistakenly-deleted earlier branch
- Add (string) cast in encodeSecureCookie call to
hash_hmac
- Routes can be case-insensitive based on a config setting.
- Try running unit tests on HHVM
Class controllers
You may now use a controller class instance as a callback for your Slim app routes.
$app->get('/hello/:name', '\Greeting:sayHello');
In this example, when the app receives a request for "/hello/Josh", it will instantiate class \Greeting
and pass the value "Josh" into its sayHello
method.
Note that we separate the class name and the class method with a single ":" colon. This is a unique syntax used by Slim to implement this functionality. Do not confuse this with the "::" syntax used for static method calls.
Request parameter defaults
When fetching request data with the \Slim\Http\Request
object's get()
, post()
, put()
, patch()
, or delete()
methods, you can define the default value you want if the requested data is not available. For example:
$app->get('/books', function () use ($app) {
$value = $app->request->get('genre', 'fiction');
});
In this example, we expect the HTTP request to have a URL query parameter genre
. If this query parameter does not exist, we will use "fiction" as the default value.
View Template Data
You may now pass data into a view template with \Slim\View::display()
and \Slim\View::fetch()
.
// Fetch a rendered template into a variable
$renderedTemplate = $app->view->fetch('my-template.php', ['foo' => 'bar']);
// Echo a rendered template to the output buffer
$app->view->display('my-template.php', ['foo' => 'bar']);
Other Changes
- Remove mcrypt dependency
- Add PHP 5.5 to Travis CI tests
- Improve typehinting with popular PHP IDEs
- Ensure application view template directory is defined on view construction
- Add HTTP 418 status code to
\Slim\Http\Response
Fix a regression with \Slim\Environment
path parsing. This regression affected developers relying on Apache Aliases or filesystem symlinks.
HipHop VM users must now explicitly define the SCRIPT_NAME
server variable in their HHVM configuration file, at least until HipHop VM sets this server variable correctly on its own.
This is a maintenance release and remains backward-compatible with Slim 2.* applications.
- Let
\Slim\Flash
implementCountable
- Fix
\Slim\Middleware\PrettyExceptions
error when custom Log defined - Omit response body for HEAD requests
- Add HHVM compatibility
This is a maintenance release with several bug fixes and improvements. All changes are backwards compatible with existing Slim 2.x applications.
- Remove encryption concerns from
\Slim\Middleware\SessionCookie
middleware - Fix HTTP method override detection via
X-HTTP-Method-Override
header - Fix padding removal in
\Slim\Http\Util::decrypt
- Prevent XEE attack vector in
\Slim\Middleware\ContentTypes::parseXml
- Fix
\Slim\Slim::urlFor
when used with escaped regular expression characters
- Add
\Slim\Slim::_isset
and\Slim\Slim::__unset
methods - Add
CONTRIBUTING
file - Add
\Slim\Helper\Set::protect
method to store Closure values that should not be invoked - Fix encrypted cookie expiration time during serialization into HTTP header
- Fix Last-Modified and Expires header date format
- Fix
\Slim\View::setData
so that it protects Closures used as template variables
- Added route groups
- Added resource locator
- Added HTTP PATCH method support
- Added new
\Slim\Helper\Set
interface - Fixed XSS exploit in
\Slim\Slim::urlFor
method - Simplified default error handler
\Slim\Slim::handleErrors
- Removed
\Slim\Middleware\PrettyExceptions
when not in debug mode - Let HTTP headers retain
HTTP_
prefix if present - Added
\Slim\Helper\Set
interface to\Slim\Http\Headers
and\Slim\Http\Cookies
- Updated
\Slim\Slim
so thatenvironment
,request
,response
,router
,log
, andview
are public properties. - Updated
\Slim\Http\Request
and\Slim\Http\Response
so thatheaders
andcookies
are public properties that implement\Slim\Helper\Set
. - Added
\Slim\Http\Response
methodssetStatus()
,getStatus()
,setBody()
,getBody()
, andgetLength()
- Updated
\Slim\Http\Response
object so that its cookies and headers are not serialized and encrypted until the very end of the app lifecycle. - Updated
\Slim\Log
with PSR-3 interface - Deprecated
\Slim\Log::warn()
, replaced with\Slim\Log::warning()
- Deprecated
\Slim\Log::fatal()
, replaced with\Slim\Log::critical()
- Deprecated
\Slim\Http\Request
methodscookies()
andheaders()
- Deprecated
\Slim\Http\Response
methodsheaders()
,header()
,length()
,body()
,status()
- Deprecated
\Slim\Http\Response
interfacesArrayAccess
,Countable
, andIteratorAggregate