2.3 Migration Guide
CakePHP 2.3 is a fully API compatible upgrade from 2.2. This page outlines
the changes and improvements made in 2.3.
An application can now easily define CACHE and LOGS,
as they are conditionally defined by CakePHP now.
- FileEngine is always the default cache engine. In the past a number of people
had difficulty setting up and deploying APC correctly both in cli + web.
Using files should make setting up CakePHP simpler for new developers.
- Configure::write(‘Cache.viewPrefix’, ‘YOURPREFIX’); has been added to core.php
to allow multiple domains/languages per setup.
- A new property AuthComponent::$unauthorizedRedirect has been added.
- For default true value user is redirected to referrer URL upon authorization failure.
- If set to a string or array user is redirected to that URL.
- If set to false a ForbiddenException exception is thrown instead of redirecting.
- A new authenticate adapter has been added to support blowfish/bcrypt hashed
passwords. You can now use Blowfish in your $authenticate array to
allow bcrypt passwords to be used.
- AuthComponent::redirect() has been deprecated.
Use AuthComponent::redirectUrl() instead.
- PaginatorComponent now supports the findType option. This can be used to
specify what find method you want used for pagination. This is a bit easier
to manage and set than the 0’th index.
- PaginatorComponent now throws a NotFoundException when trying to access a page
which is out of range (i.e. requested page is greater than total page count).
- SecurityComponent now supports the unlockedActions option. This can be used to
disable all security checks for any actions listed in this option.
- RequestHandlerComponent::viewClassMap() has been added, which is used to map a type
to view class name. You can add $settings['viewClassMap'] for automatically setting
the correct viewClass based on extension/content type.
- The server shell was added. You can use this to start the PHP5.4
webserver for your CakePHP application.
- Baking a new project now sets the application’s cache prefix to the name of
- nld is now the default locale for Dutch as specified by ISO 639-3 and dut its alias.
The locale folders have to be adjusted accordingly (from /Locale/dut/ to /Locale/nld/).
- Albanian is now sqi, Basque is now eus, Chinese is now zho, Tibetan is now bod,
Czech is now ces, Farsi is now fas, French is now fra, Icelandic is now isl,
Macedonian is now mkd, Malaysian is now msa, Romanian is now ron, Serbian is now srp
and Slovak is now slk. The corresponding locale folders have to be adjusted, as well.
- CakePlugin::load() can now take a new ignoreMissing option. Setting it to true will
prevent file include errors when you try to load routes or bootstrap but they don’t exist for a plugin.
So essentially you can now use the following statement which will load all plugins and their routes and
bootstrap for whatever plugin it can find::
CakePlugin::loadAll(array(array('routes' => true, 'bootstrap' => true, 'ignoreMissing' => true)))
- Configure::check() was added. This method works the same as
- ConfigReaderInterface::dump() was added. Please ensure any custom readers you have now
implement a dump() method.
- The $key parameter of IniReader::dump() now supports keys like PluginName.keyname
similar to PhpReader::dump().
- CakeBaseException was added, which all core Exceptions now extend. The base exception
class also introduces the responseHeader() method which can be called on created Exception instances
to add headers for the response, as Exceptions don’t reuse any response instance.
- Support for the biginteger type was added to all core datasources, and
- Support for FULLTEXT indexes was added for the MySQL driver.
- Model::find('list') now sets the recursive based on the max
containment depth or recursive value. When list is used with
- Model::find('first') will now return an empty array when no records are found.
- Missing validation methods will always trigger errors now instead of
only in development mode.
- TLS/SSL support was added for SMTP connections.
- CakeResponse::file() was added.
application/rss+xml now also send the application charset.
- The contentDisposition option was added to
CakeEmail::attachments(). This allows you to disable the
Content-Disposition header added to attached files.
- HttpSocket now verifies SSL certificates by default. If you are
using self-signed certificates or connecting through proxies you may need to
use some of the new options to augment this behavior. See
Handling SSL certificates for more information.
- HttpResponse was renamed to HttpSocketResponse. This
avoids a common issue with the HTTP PECL extension. There is an
HttpResponse class provided as well for compatibility reasons.
- MediaView is deprecated, and you can use new features in
CakeResponse to achieve the same results.
- Serialization in Json and Xml views has been moved to _serialize()
- beforeRender and afterRender callbacks are now being called in Json and Xml
views when using view templates.
- View::fetch() now has a $default argument. This argument can
be used to provide a default value should a block be empty.
- View::prepend() has been added to allow prepending content to
- XmlView now uses the _rootNode view variable to customize the
top level XML node.
- View::elementExists() was added. You can use this method to check
if elements exist before using them.
- View::element() had the ignoreMissing option added. You can
use this to suppress the errors triggered by missing view elements.
- View::startIfEmpty() was added.
- The doctype for layout files in the app folder and the bake templates in the
cake package has been changed from XHTML to HTML5.
- New property Helper::$settings has been added for your helper setting. The
$settings parameter of Helper::__construct() is merged with
- FormHelper::select() now accepts a list of values in the disabled
attribute. Combined with 'multiple' => 'checkbox', this allows you to
provide a list of values you want disabled.
- FormHelper::postLink() now accepts a method key. This allows
you to create link forms using HTTP methods other than POST.
- When creating inputs with FormHelper::input() you can now set the
errorMessage option to false. This will disable the error message display,
but leave the error class names intact.
- The FormHelper now also adds the HTML5 required attribute to your input
elements based on validation rules for a field. If you have a “Cancel” button
in your form which submits the form then you should add 'formnovalidate' => true
to your button options to prevent the triggering of validation in HTML. You
can also prevent the validation triggering for the whole form by adding
'novalidate' => true in your FormHelper::create() options.
- FormHelper::input() now generates input elements of type tel
and email based on field names if type option is not specified.
- HtmlHelper::getCrumbList() now has the separator,
firstClass and lastClass options. These allow you to better control
the HTML this method generates.
- A core fixture for the default cake_sessions table was added. You can use
it by adding core.cake_sessions to your fixture list.
- CakeTestCase::getMockForModel() was added. This simplifies getting
mock objects for models.
- Support for bcrypt
was added. See the Security::hash() documentation for more
information on how to use bcrypt.
- ObjectCollection::attached() was deprecated in favor of the new
method ObjectCollection::loaded(). This unifies the access to the
ObjectCollection as load()/unload() already replaced attach()/detach().