Components received a similar treatment to helpers and behaviors,
Component is now the base class for components. Read more about the
RequestHandler was heavily refactored due to the introduction of
CakeRequest. These changes allowed for some new features to be
introduced as well.
CookieComponent now supports HTTP only cookies. You can enable
their use by setting
$this->Cookie->httpOnly = true;. Having HTTP only
cookies will make them inaccessible from the browser.
Security Component CSRF separation
CakePHP has had CSRF protection since 1.2. For 2.0 the existing CSRF has a new
more paranoid mode, and is its own standalone feature. In the past CSRF features
were coupled with form tampering safe-guards. Developers often disabled
validatePost in order to do dynamic forms, disabling the CSRF protection at the
same time. For 2.0 CSRF checking has been separated from form tampering giving
you greater control.
For more information see CSRF protection
You can now alias helpers, components and behaviors to use your class instead of
a different one. This means that you can very easily make a
and not need to replace every instance of
$this->Html in your views. To do
this, pass the ‘className’ key along with your class, like you would with
public $helpers = array(
'Html' => array(
'className' => 'MyHtml'
Similarly, you can alias components for use in your controllers:
public $components = array(
'Email' => array(
'className' => 'QueueEmailer'
Calls to the Email component would call the QueueEmailer component instead.
Finally, you can alias behaviors as well:
public $actsAs = array(
'Containable' => array(
'className' => 'SuperContainable'
Because of the way 2.0 utilizes collections and shares them across the
application, any classes you alias will be used throughout your application.
Whenever your application tries to access the alias, it will access your class.
For instance, when we aliased the Html helper in the example above, any helpers
that use the Html helper or elements that load the Html helper, will use MyHtml