aurora framework

File Release Notes and Changelog

Release Name: 20071208

Notes:
from now on aurora uses yaml for config-files resulting in
yml extensions. i converted every xml file by hand, updated
the python script and hopefully did not forget something.
xml has not been dropped - it co-exists with yaml for
config-files. so compatibility should not be broken.

attention:
this release fixes a little slip-thru-hole where an
sql-injection can occur. i found it while inputting an sql
command ( count(*); ) into a search-field during testing
our shop for security. the coder did not sanitize the
user-input and used it directly in a db call. sadly even
here it went right thru and produced an sql-error.
as a last resort i decided to implement a little routine
which tries to catch malicous strings and escapes them
properly. but this is not 100% secure - one should
always check users input before doing anything else.

Changes:
- db
  - applied a fix against sql-injection
  - added method for changing charset on-the-fly
- model
  - fixed a bug with finding models
  - added drop_empty_values switch to __toArray methods where mutliple
    entries reside
  - added possibility to resolve links using the __toArray method
  - catch no __toId object in __validate
- template
  - added template-structure-cache using fcache
  - filter contains now also accepts arrays
  - the set statement now supports filters
- translation
  - added caching for translation files
- web
  - added rule url-include off
  - added yaml support to url-dispatchers output-filter
    ( indent=2, wordwrap=false )
- auth
  - added check whether hook is callable and die if not
- core
  - fixed a bug in config.ext
  - added quiet var to hide all messages
  - added support for yaml ( using Spyc ) for config files
  - converted all xml files to yml ( xml stays being supported! )