Releases: ingenerator/php-utils
Update MysqlSession: strict session IDs, new internal implementation
The updated hander solves a couple of edge cases where the session data could be written but not read if using the wrong hash. This would for example occur if an attacker attempted to overwrite and existing session, or if the hash salt changed during a user's session. The new handler uses strict session mode and custom handler logic to validate the session ID, including checking the hash, and issues a new session ID if it is invalid. The updated logic is also more performant at the database as sessions are only INSERTed on creation and subsequently UPDATEd, rather than the previous INSERT...ON DUPLICATE KEY UPDATE. **Note that ->initialise() now sets the session.use_strict_mode ini value as it is required for proper operation. This should be set anyway, and is only relevant to the handler (of which there can be only one) so this is not considered to be true global state or a breaking change.
Static Asset URL provider
Add StaticAssetUrlProvider to provide simple cache-busted local URLs for CSS etc in local dev or remote (e.g. cloud storage / s3) urls in production.
Allow DeploymentConfig->map() to return values in standalone environment
Allow DeploymentConfig->map() to return values in standalone environment
This brings the standalone closer to the behaviour of other environments, except that it will continue to return null if there is nothing mapped (where other environments will throw). ->read continues to return null in standalone in every case. Note that standalone will now return a value if there's one mapped for any (*) - which is a minor breaking change to the behaviour of the standalone environment.
Deployment config and string encoding support
- Add Base64Url StringEncoding helper class - like base64, but with entirely websafe characters for URLs etc
- Add JSON StringEncoding helper class - safe json parsing, encoding and prettifying with sane defaults
- Add DeploymentConfig sub-package for loading (and, optionally, decrypting) runtime environment configuration
Allow asserting that StoppedMockClock never slept
Merge pull request #13 from ingenerator/1.0/allow-assert-not-slept Allow asserting that the StoppedMockClock never slept
First major release
Package was stable at 0.2.0 release first major version
Support php 7.2
- Drop support for php < 7.2
- Run test suite against php 7.2
Update StoppedMockClock to support newer phpunit (use namespaced assert class) and add unit tests.
Merge pull request #10 from ingenerator/0.1/feat/mock-clock Update StoppedMockClock to support newer phpunit and add unit tests.
Add AbstractArrayRepository
Merge pull request #6 from ingenerator/0.1/abstract-array-repo Add AbstractArrayRepository
Adds MySQL session storage handler
Merge pull request #5 from ingenerator/add-mysql-session-handler Add MySQL session handler