Upgrading
Upgrading to Version 3.3
- the automatic CSRF protection switched from
isSameSite()toisFrom(FetchSite::SameOrigin)and became stricter: requests coming from subdomains no longer pass - thanks to that,
addProtection()is no longer needed, because the automatic protection covers the same cases; omit it in new forms and feel free to remove it from the existing ones
Why tokens in the session are no longer necessary is explained in the article Quarter Century of CSRF.
Upgrading to Version 3.1
getValues()returns only the validated controls; if you need the values of all controls regardless of validation, use the new methodgetUntrustedValues()- the
$valuespassed to theonSuccessandonClickhandlers likewise contain only the validated controls - standalone forms are automatically protected against CSRF by a cookie with the SameSite flag; you can allow submission from
another origin using
allowCrossOrigin() - the
Form::URLrule now completes a missing protocol withhttpsinstead ofhttp Form::addImage()was renamed toaddImageButton()Checkbox::getSeparatorPrototype()was renamed togetContainerPrototype()- forms no longer create the
$_formvariable in templates
More about these changes in the article News in Nette Forms 3.1.
Upgrading to Version 3.0
- all form controls are optional by default now (this change was introduced in Nette 2.4), so you can
remove
setRequired(false) - be sure to update
netteForms.jsto version 3 (npm install nette-forms) ChoiceControl::$checkAllowedValuesandMultiChoiceControl::$checkAllowedValueshave been replaced by the methodcheckDefaultValue()
Upgrading to Version 2.4
- if a control has a rule via
addRule()(i.e. it is effectively mandatory), you must also mark it as mandatory viasetRequired(); also,setRequired(false)now makes the control optional, which replacesaddCondition($form::FILLED)branches - the validators
Form::EMAIL,URLandINTEGERautomatically change the HTMLtypeattribute toemail,url, andnumberrespectively - negative validation rules are deprecated; the alternative for
~Form::FILLEDisForm::BLANK, and~Form::EQUALcan be replaced withForm::NOT_EQUAL - the internal parameter
dois now sent via POST as_doto avoid a collision - the internal underscored variables such as
$_formare deprecated - remember to update
netteForms.js
Upgrading to Version 2.3
- internal filtering methods such as
Nette\Forms\Controls\TextBase::filterFloatwere removed - internal validation methods such as
TextBase::validateFloatwere moved toNette\Forms\Validator, as wasRules::$defaultMessages - Buttons and Hidden fields are generated without an HTML ID; if you want an ID, set it via
setHtmlId() - RadioList items are generated without an ID too; you can enable it via
$radioList->generateId = true - filters added via
TextBase::addFilter()are processed during validation, and you can now add filters to conditions:$input->addCondition(...)->addFilter(...)