2.5 Migration Guide¶

SchemaShell¶

• The create and update subcommands now have a yes option. The yes option allows you to skip the various interactive questions forcing a yes reply.

CompletionShell¶

• The CompletionShell was added. It aims to assist in the creation of autocompletion libraries for shell environments like bash, or zsh. No shell scripts are included in CakePHP, but the underlying tools are now available.

AuthComponent¶

• loggedIn() is now deprecated and will be removed in 3.0.

• When using ajaxLogin, AuthComponent will now return a 403 status code instead of a 200 when the user is un-authenticated.

CookieComponent¶

• CookieComponent can use the new AES-256 encryption offered by Security. You can enable this by calling CookieComponent::type() with ‘aes’.

RequestHandlerComponent¶

• RequestHandlerComponent::renderAs() no longer sets Controller::$ext. It caused problems when using a non default extension for views.

AclComponent¶

• ACL node lookup failures are now logged directly. The call to trigger_error() has been removed.

Scaffold¶

• Dynamic Scaffold is now deprecated and will be removed in 3.0.

App¶

• App::pluginPath() has been deprecated. CakePlugin::path() should be used instead.

CakePlugin¶

• CakePlugin::loadAll() now merges the defaults and plugin specific options as intuitively expected. See the test cases for details.

EventManager¶

Events bound to the global manager are now fired in priority order with events bound to a local manager. This can cause listeners to be fired in a different order than they were in previous releases. Instead of all global listeners being triggered, and then instance listeners being fired afterwards, the two sets of listeners are combined into one list of listeners based on their priorities and then fired as one set. Global listeners of a given priority are still fired before instance listeners.

CakeEmail¶

• Email addresses in CakeEmail are now validated with filter_var by default. This relaxes the email address rules allowing internal email addresses like root@localhost for example.

• You can now specify layout key in email config array without having to specify template key.

CakeRequest¶

• CakeRequest::addDetector() now supports options which accepts an array of valid options when creating param based detectors.

• CakeRequest::onlyAllow() has been deprecated. As replacement a new method named CakeRequest::allowMethod() has been added with identical functionality. The new method name is more intuitive and better conveys what the method does.

CakeSession¶

• Sessions will not be started if they are known to be empty. If the session cookie cannot be found, a session will not be started until a write operation is done.

Router¶

• Router::mapResources() accepts connectOptions key in the $options argument. See Custom REST Routing for more details.

Debugger¶

• Debugger::dump() and Debugger::log() now support a $depth parameter. This new parameter makes it easy to output more deeply nested object structures.

Hash¶

• Hash::insert() and Hash::remove() now support matcher expressions in their path selectors.

File¶

• File::replaceText() was added. This method allows you to easily replace text in a file using str_replace.

Folder¶

• Folder::addPathElement() now accepts an array for the $element parameter.

Security¶

• Security::encrypt() and Security::decrypt() were added. These methods expose a very simple API to access AES-256 symmetric encryption. They should be used in favour of the cipher() and rijndael() methods.

Validation¶

• The third param for Validation::inList() and Validation::multiple() has been modified from $strict to $caseInsensitive. $strict has been dropped as it was working incorrectly and could easily backfire. You can now set this param to true for case insensitive comparison. The default is false and will compare the value and list case sensitive as before.

• $mimeTypes parameter of Validation::mimeType() can also be a regex string. Also now when $mimeTypes is an array it’s values are lowercased.

FileLog¶

• CakeLog does not auto-configure itself anymore. As a result log files will not be auto-created anymore if no stream is listening. Please make sure you got at least one default engine set up if you want to listen to all types and levels.

ExceptionRenderer¶

The ExceptionRenderer now populates the error templates with “code”, “message” and “url” variables. “name” has been deprecated but is still available. This unifies the variables across all error templates.

View¶

• $title_for_layout is deprecated. Use $this->fetch('title'); and $this->assign('title', 'your-page-title'); instead.

• View::get() now accepts a second argument to provide a default value.

FormHelper¶

• FormHelper will now generate file inputs for binary field types now.

• FormHelper::end() had a second parameter added. This parameter lets you pass additional properties to the fields used for securing forms in conjunction with SecurityComponent.

• FormHelper::end() and FormHelper::secure() allow you to pass additional options that are turned into attributes on the generated hidden inputs. This is useful when you want to use the HTML5 form attribute.

• FormHelper::postLink() now allows you to buffer the generated form tag instead of returning it with the link. This helps avoiding nested form tags.

PaginationHelper¶

• PaginatorHelper::sort() now has a lock option to create pagination sort links with the default direction only.

ScaffoldView¶

• Dynamic Scaffold is now deprecated and will be removed in 3.0.