| security | by dg | IdentityHandler: make getGuestIdentity() a regular interface method (BC break) Promotes the optional @method to a required method, so User no longer needs method_exists() to call it. BC break: existing IdentityHandler implementations must now declare getGuestIdentity(). | | | |
| security | by dg | User: deprecated magic properties (BC break) | | | |
| security | by dg | SimpleIdentity: uses __serialize & __unserialize | | | |
| security | by dg | Identity -> SimpleIdentity Identity class must exist as an alias in order to read it from session | | | |
| security | by dg | IIdentity: added return typehint (BC break) | | | |
| security | by dg | removed deprecated IAuthenticator (BC break) | | | |
| security | by dg | used PHP 8.2 features | | | |
| security | by dg | uses nette/http 4 | | | |
| security | by dg | requires PHP 8.3 | | | |
| security | by dg | opened 4.0-dev | | | |
| security | by dg | added CLAUDE.md | | | |
| security | by dg | Identity: use ctype_digit for stricter numeric ID detection | | | |
| security | by dg | fixed compatibility with nette/http 3.4 Since nette/http 3.4 SessionSection::setExpiration() parses its argument via
Helpers::expirationToSeconds(), where a bare numeric string is taken as a
relative number of seconds and an empty string throws. Passing the absolute
timestamp as (string) therefore broke: a null expiration produced '' and threw,
and a real timestamp triggered the absolute-timestamp deprecation. Pass null
when unset and an '@'-prefixed timestamp otherwise, which is parsed as an
absolute, timezone-independent time. | | | |
| security | by dg | readonly properties | | | |
| security | by dg | phpstan.neon: narrow ignore | | | |
| component-model | by dg | added CLAUDE.md | | | |
| component-model | by dg | Component: attached handles are called top-down (ancestor → descendant) (BC break) Implementation handles tree mutations during listener execution:
- Listeners can modify tree (remove self, siblings, parent)
- Validity check before processing children
- Deduplication prevents calling same listener twice
- Reentry guard prevents infinite loops | | | |
| component-model | by dg | removed Nette\SmartObject usage (BC break) | | | |
| component-model | by dg | Container::addComponent() added typehint (BC break) | | | |
| component-model | by dg | Container::getComponents() parameters removed (BC break) | | | |
| component-model | by dg | removed deprecated stuff | | | |
| component-model | by dg | composer: increased dependencies versions | | | |
| component-model | by dg | requires PHP 8.3 | | | |
| component-model | by dg | opened 4.0-dev | | | |
| component-model | by dg | cs | | | |
| http | by dg | deprecated wip | | | |
| http | by dg | removed samesite check using cookie (BC break) | | | |
| http | by dg | IRequest, IResponse: added typehints, unification (BC break) | | | |
| http | by dg | SessionSection: removed $warnOnUndefined (BC break) | | | |
| http | by dg | Response: passing 0 as the expiration to setCookie() is deprecated 0 historically meant a session cookie; null now expresses that explicitly.
0 is still accepted for BC but emits a deprecation notice. | | | |
| http | by dg | silently deprecated methods trigger E_USER_DEPRECATED | | | |
| http | by dg | removed deprecated stuff | | | |
