phillipsdata / minphp-bridge Goto Github PK

Minphp/Form was updated to not be backward-compatible when no token key is set. This is the default behavior. i.e., when instantiating a new Form object and using it without setting a CSRF token key. This behavior works fine in minPHP 0.x for the form component, but no longer.

The Minphp/Form was updated to change a null token key to either the form action property, or the request URI, during form creation (Form::create) and verifying (Form::verifyCsrfToken), respectively.

An issue arises where the form token key cannot be verified, such as:

• JavaScript changing the form action attribute after form creation
• AJAX requests POSTed to a URL whose CSRF token cannot be re-used from an existing form on the page due to a change in the form's action

For backward compatibility, the bridge's Form helper should set a CSRF token key on construction.

The Dispatcher makes a call to method_exists($ctrl, $action) to check whether the given action exists on the controller, otherwise it throws an exception. However, this does not allow for controllers to implement the magic methods __call or __callStatic to handle actions/autoloading dynamically.

Consider updating this to check whether the method_exists or is_callable.

Note: if a class implements __call then is_callable will always be true, which I think is the desired behavior, i.e., route the action to the specific controller to determine what it should do via __call.

The Session constructor calls its private static variable $session as
$this->session
instead of
self::$session

The bridge creates a wrapper for components and helpers from minphp for backward compatibility with existing applications that use minphp 0.x. The components and helpers used by minphp no longer need to be included in minphp 0.x due to this bridge.

The issue is that minphp 0.x components, like the Form, Html, or Session, and the bridge's wrappers for these are only used if the source files do not exist. This is opposite from the desired behavior. i.e., use the bridge's corresponding wrappers even if the minphp 0.x components exist on the filesystem, and only fallback to the old minphp 0.x components if the bridge wrappers don't exist (which should never happen anyway).

The Dispatcher class assumes controllers have a preAction method. However, it simply checks whether the given controller is a class. There could be a matching class loaded that is not a controller, and thus does not have a preAction method. The result is an exception:

Call to undefined method MyClass::preAction()

The controller should have the preAction method to be considered a controller and should throw an exception otherwise.

php7 adds the Error class as well as Exception, so both could be thrown.

The bridge explicitly requires the Exception type as an argument, which is incompatible with php7 in cases where Error could be thrown. The Exception argument type must be dropped and both Exception (php5) and Throwable (php7) must be supported in order to support both php5 and php7.

The namespace:

Minphp\Html\Pagination

is incorrect. The correct namespace is:

Minphp\Pagination\Pagination

When a plugin controller in plugins/myplugin/controllers/myplugin is requested via the URI myplugin/myplugin the autoloader attempts to load the class from controllers/myplugin.php instead of plugins/myplugin/controllers/myplugin.php

This is because Dispatcher::dispatch() initializes the class as just the class name Myplugin, so there's no plugin context available there.

The bridge uses minphp-session, but the following issue is encountered:
phillipsdata/minphp-session#16

The bridge's session component must not call Session::setOptions while the session is active. It will need to be updated once the issue above with minphp-session has been resolved.

minphp/session v1.1.0 was added to support setting cookies--functionality previously possible in minphp 0.x.

The bridge should take advantage of minphp/session v1.1 to implement backward-compatible behavior with minphp 0.x.

v3 of minphp/record is being released in order to support customizable table character set and collation, as well as defaulting to utf8mb4. minphp/bridge should be updated to pull in this version.

Fatal errors should be handled by the bridge gracefully, but always generate the text 'Undefined variable: e' on a white page.

This appears to occur because UnknownException::setFatalErrorHandler calls Dispatcher::raiseError with an undefined variable $e, rather than an instance of Exception.

The Dispatcher currently only sets an exception's error message to the error view when raising an error. While this is useful, it does not give us any information to work with in determining offending file, or line of code, etc.

The error itself (the exception) should be set to the error view. It should be up to the view itself what information to display.