| forms | by dg | netteForms: bumped vitest and @vitest/ui to ^4.1.7 | | | |
| forms | by dg | netteForms: restructured package, includes UMD and ESM (BC break) | | | |
| forms | by dg | netteForms: removed distribution files (BC break) | | | |
| forms | by dg | Latte: {formContext}, {formPrint} & {formClassPrint) are deprecated | | | |
| forms | by dg | BaseControl::$disabled is bool, added $disabledChoices | | | |
| forms | by dg | Container::getControls() returns list instead of iterator with names (BC break) | | | |
| forms | by dg | Container: only Control/Container can be added to form (BC break) | | | |
| forms | by dg | added type hints (BC break) | | | |
| forms | by dg | removed deprecated CsrfProtection control and related code Deleted CsrfProtection class, its tests, ProtectorId constant, and validation message.
The addProtection() method now only triggers a deprecation warning. | | | |
| forms | by dg | added #[\Deprecated] attributes and trigger_error() to deprecated members | | | |
| forms | by dg | removed deprecated stuff | | | |
| forms | by dg | opened 4.0-dev | | | |
| forms | by dg | FormNode: {form detached name} for layouts that nest other forms HTML forbids nested <form> tags — browsers discard the inner <form>
and pollute the outer form with the orphaned inputs (breaking _do and
friends). When a layout needs to embed a component that renders its
own form (e.g. a datagrid in a sidebar), `detached` mode emits an
empty <form>...</form> at the opening position and links each control
rendered via {input}/{label}/n:name back to it using the HTML5
`form="frm-<name>"` attribute (applied lazily in Runtime::item()),
so inputs submit to the form regardless of where they live in the DOM.
Throws InvalidStateException when detached is used with a non-Form
Container or when the form has no id (which would silently produce
form="" and break submission). | | | |
| forms | by dg | FormNode: {form scope name} as alternative to {formContext name} The scope keyword (placed before the form name) makes {form} skip the
<form> tag emission while still pushing the form on the stack, so
{input}/{label}/{inputError} resolve against it. Semantically identical
to {formContext}, but stays with the canonical {form} tag. | | | |
| forms | by dg | FormNode: deprecate missing comma before {form} arguments The {form name attr=val} syntax (no comma between the name and the
attributes) was tolerated. Trigger E_USER_DEPRECATED when a token
follows the name without a comma, pointing to the offending column.
The form still compiles — this only nudges users toward the canonical
{form name, attr=val} so future syntax extensions can use bare
keywords next to the name unambiguously. | | | |
| forms | by dg | component/model 4 WIP | | | |
| forms | by dg | Container::getControls() does not use deprecated parameters | | | |
| forms | by dg | addSubmit() added $onSubmit parameter | | | |
| forms | by dg | ChoiceControl, MultiChoiceControl: extracted getItem() method | | | |
| forms | by dg | RadioList, CheckboxList: getControlPart() and getLabelPart() throw exception for invalid key | | | |
| forms | by dg | Container::setValues() and setDefaults() accepts iterable|stdClass (BC break) | | | |
| forms | by dg | deprecated protection using CSRF token Protection using Sec-Fetch and Origin headers is comprehensive, as they cannot be spoofed even if there is an XSS vulnerability on the server | | | |
| forms | by dg | better protection against CSRF using Sec-Fetch headers | | | |
| forms | by dg | Latte: rewritten Runtime as non-static class | | | |
| forms | by dg | requires Latte 3.1 | | | |
| forms | by dg | removed support for Latte 2 | | | |
| forms | by dg | removed compatibility for old class names | | | |
| forms | by dg | removed deprecated stuff | | | |
| forms | by dg | deprecated some magic properties (BC break) | | | |
| forms | by dg | composer: increased dependencies versions | | | |
| forms | by dg | requires PHP 8.3 | | | |
| forms | by dg | opened 3.3-dev | | | |