CakePHP 3.0.6 和 CakePHP 发布,这两个是维护版本,包括重要的安全更新。 RequestHandlerComponent 有一个漏洞可以通过特定的请求创建一个拒绝服务攻击。 RequestHandlerComponent 利用 Xml::build()可以读取本地文件。强烈建议所有应用使用 RequestHandlerComponent 升级,或者禁用 XML 解析有效负载: // In a controller's beforeFilter$this->RequestHandler->addInputType('xml', function() { return []; }); CakePHP 3.0.6 的其他改进 FormHelper::radio() now correctly generates ID attributes for radio buttons with multibyte values. Inflector::humanize() and Inflector::underscore() work correctly with UTF8 characters now. URLs in FormHelper:ostLink() are no longer double encoded. PaginatorHelper::numbers() now supports the url option. Error.trace is now respected when logging exceptions. The Entity accessors cache introduced in 3.0.3 has been removed. It caused a number of issues and didn't greatly improve performance. EntityTrait::getOriginal() and EntityTrait::extractOriginal() not return values that were initially null. Empty query expressions used in association query builders no longer cause invalid SQL to be generated. CakePHP 2.6.6 的其他改进 FormHelper::radio() now correctly generates ID attributes for radio buttons with multibyte values. Inflector::humanize() and Inflector::underscore() work correctly with UTF8 characters now. 更多内容请看发行说明:CakePHP 3.0.6 和 CakePHP 2.6.6。 CakePHP是一个运用了诸如ActiveRecord、Association Data Mapping、Front Controller和MVC等著名设计模式的快速开发框架。该项目主要目标是提供一个可以让各种层次的PHP开发人员快速地开发出健壮的Web应用,而 又不失灵活性。主要特性: 基于MVC架构 视图支持Ajax 内置校验框架 提供应用程序的基础模块和CRUD 代码自动生成功能 提供处理session,request,security的组件 灵活的视图缓存功能 面向对象 无需配置:只要安装好数据库 兼容PHP4和PHP5。 CakePHP 2.6.6/3.0.6 发布,重要安全更新!下载地址
