Nette Documentation Preview

syntax
Upgrading
*********


Upgrading to Version 3.3
========================

- the automatic CSRF protection switched from `isSameSite()` to `isFrom(FetchSite::SameOrigin)` and became stricter: requests coming from subdomains no longer pass
- thanks to that, `addProtection()` is no longer needed, because the automatic protection covers the same cases; omit it in new forms and feel free to remove it from the existing ones

Why tokens in the session are no longer necessary is explained in the article [Quarter Century of CSRF |https://blog.nette.org/en/quarter-century-of-csrf].


Upgrading to Version 3.1
========================

- `getValues()` returns only the validated controls; if you need the values of all controls regardless of validation, use the new method `getUntrustedValues()`
- the `$values` passed to the `onSuccess` and `onClick` handlers likewise contain only the validated controls
- standalone forms are automatically protected against CSRF by a cookie with the SameSite flag; you can allow submission from another origin using `allowCrossOrigin()`
- the `Form::URL` rule now completes a missing protocol with `https` instead of `http`
- `Form::addImage()` was renamed to `addImageButton()`
- `Checkbox::getSeparatorPrototype()` was renamed to `getContainerPrototype()`
- forms no longer create the `$_form` variable in templates

More about these changes in the article [News in Nette Forms 3.1 |https://blog.nette.org/en/news-in-nette-forms-3-1].


Upgrading to Version 3.0
========================

- all form controls are optional by default now (this change was introduced in Nette 2.4), so you can remove `setRequired(false)`
- be sure to update `netteForms.js` to version 3 (`npm install nette-forms`)
- `ChoiceControl::$checkAllowedValues` and `MultiChoiceControl::$checkAllowedValues` have been replaced by the method `checkDefaultValue()`


Upgrading to Version 2.4
========================

- if a control has a rule via `addRule()` (i.e. it is effectively mandatory), you must also mark it as mandatory via `setRequired()`; also, `setRequired(false)` now makes the control optional, which replaces `addCondition($form::FILLED)` branches
- the validators `Form::EMAIL`, `URL` and `INTEGER` automatically change the HTML `type` attribute to `email`, `url`, and `number` respectively
- negative validation rules are deprecated; the alternative for `~Form::FILLED` is `Form::BLANK`, and `~Form::EQUAL` can be replaced with `Form::NOT_EQUAL`
- the internal parameter `do` is now sent via POST as `_do` to avoid a collision
- the internal underscored variables such as `$_form` are deprecated
- remember to update `netteForms.js`


Upgrading to Version 2.3
========================

- internal filtering methods such as `Nette\Forms\Controls\TextBase::filterFloat` were removed
- internal validation methods such as `TextBase::validateFloat` were moved to `Nette\Forms\Validator`, as was `Rules::$defaultMessages`
- Buttons and Hidden fields are generated without an HTML ID; if you want an ID, set it via `setHtmlId()`
- RadioList items are generated without an ID too; you can enable it via `$radioList->generateId = true`
- filters added via `TextBase::addFilter()` are processed during validation, and you can now add filters to conditions: `$input->addCondition(...)->addFilter(...)`

Upgrading

Upgrading to Version 3.3

  • the automatic CSRF protection switched from isSameSite() to isFrom(FetchSite::SameOrigin) and became stricter: requests coming from subdomains no longer pass
  • thanks to that, addProtection() is no longer needed, because the automatic protection covers the same cases; omit it in new forms and feel free to remove it from the existing ones

Why tokens in the session are no longer necessary is explained in the article Quarter Century of CSRF.

Upgrading to Version 3.1

  • getValues() returns only the validated controls; if you need the values of all controls regardless of validation, use the new method getUntrustedValues()
  • the $values passed to the onSuccess and onClick handlers likewise contain only the validated controls
  • standalone forms are automatically protected against CSRF by a cookie with the SameSite flag; you can allow submission from another origin using allowCrossOrigin()
  • the Form::URL rule now completes a missing protocol with https instead of http
  • Form::addImage() was renamed to addImageButton()
  • Checkbox::getSeparatorPrototype() was renamed to getContainerPrototype()
  • forms no longer create the $_form variable in templates

More about these changes in the article News in Nette Forms 3.1.

Upgrading to Version 3.0

  • all form controls are optional by default now (this change was introduced in Nette 2.4), so you can remove setRequired(false)
  • be sure to update netteForms.js to version 3 (npm install nette-forms)
  • ChoiceControl::$checkAllowedValues and MultiChoiceControl::$checkAllowedValues have been replaced by the method checkDefaultValue()

Upgrading to Version 2.4

  • if a control has a rule via addRule() (i.e. it is effectively mandatory), you must also mark it as mandatory via setRequired(); also, setRequired(false) now makes the control optional, which replaces addCondition($form::FILLED) branches
  • the validators Form::EMAIL, URL and INTEGER automatically change the HTML type attribute to email, url, and number respectively
  • negative validation rules are deprecated; the alternative for ~Form::FILLED is Form::BLANK, and ~Form::EQUAL can be replaced with Form::NOT_EQUAL
  • the internal parameter do is now sent via POST as _do to avoid a collision
  • the internal underscored variables such as $_form are deprecated
  • remember to update netteForms.js

Upgrading to Version 2.3

  • internal filtering methods such as Nette\Forms\Controls\TextBase::filterFloat were removed
  • internal validation methods such as TextBase::validateFloat were moved to Nette\Forms\Validator, as was Rules::$defaultMessages
  • Buttons and Hidden fields are generated without an HTML ID; if you want an ID, set it via setHtmlId()
  • RadioList items are generated without an ID too; you can enable it via $radioList->generateId = true
  • filters added via TextBase::addFilter() are processed during validation, and you can now add filters to conditions: $input->addCondition(...)->addFilter(...)