Twig 1.13.1 is out and contains some minor bug fixes:
Twig 1.13.0 has just been released. It contains nice speed optimizations for the escaping filter. Here is the full changlog:
{{ array[false] }} behaves the same as echo $array[false]; (equals $array[0])I’ve just released Twig 1.12.3 which contains a security vulnerability fix.
Your application is affected if you are using Twig_Loader_Filesystem for
loading Twig templates but only if you are using non-trusted template names
(names provided by a end-user for instance).
When affected, it is possible to go up one directory for the paths configured in your loader.
For instance, if the filesystem loader is configured with /path/to/templates
as a path to look for templates, you can force Twig to include a file stored
in /path/to by prepending the path with /../ like in {% include
"/../somefile_in_path_to" %}
Note that using anything else (like ../somefile, /../../somefile, or
../../somefile) won’t work and you will get a proper exception.
All versions of Twig are affected.
If you cannot upgrade, you can apply the following patch:
https://github.com/fabpot/Twig/commit/3d19a2eed53570776af313593aaeb5ad62cf4980.diff
I want to thank Rick Prent who reported the issue and provided a fix for it.
As a quick remember, you can check your projects using Composer for vulnerability issues with the SensioLabs Security Checker.
I’ve just released Twig 1.12.2:
I’ve just released Twig 1.12.1. It removed a backward compatibility break that was introduced in Twig 1.12.0. It also adds two small features:
{{ some_string[:2] }}Twig 1.12.0 is has just been released. You can read more about the new features in a previous blog post. Since RC1, we have fixed a couple of bugs and introduce the verbatim tag as an alias to the existing raw tag.
The first release candidate for Twig 1.12.0 has just been released. This version introduces a lot of nice enhancements that should simplify the way developers and web designers work with Twig.
You can extend Twig by creating an extension or by calling method directly on the Twig environment. Let’s see how you can create a new function.
Until now, it was a bit cumbersome and quite limited; you were able to map a Twig function to a PHP function or to a method from a Twig extension class (and depending on which you choose, you need to use a specific class):
$twig->addFunction('some_function', new Twig_Function_Function('some_function'));
$twig->addFunction('some_function', new Twig_Function_Method($extension, 'someMethod'));
As of 1.12, you can use any valid PHP callable, and everything is managed by one class:
$twig->addFunction(new Twig_SimpleFunction('some_function', 'some_function'));
$twig->addFunction(new Twig_SimpleFunction('some_function', array($extension, 'someMethod')));
$twig->addFunction(new Twig_SimpleFunction('some_function', function () { /* ... */ }));
When defining a macro, you can now set default values for all arguments
instead of relying on the default filter:
{# before #}
{% macro input(name, value, type, size) %}
<input type="{{ type|default('text') }}" name="{{ name }}" value="{{ value|default('')|e }}" size="{{ size|20 }}" />
{% endmacro %}
{# after #}
{% macro input(name, value = "", type = "text", size = 20) %}
<input type="{{ type }}" name="{{ name }}" value="{{ value|e }}" size="{{ size }}" />
{% endmacro %}
Some functions and filters in Twig have a long list of arguments and remembering their order and their meaning is not easy. You can now use named arguments to make things easier and more explicit:
{# before #}
{{ data|convert_encoding('UTF-8', 'iso-2022-jp') }}
{# after #}
{{ data|convert_encoding(from='iso-2022-jp', to='UTF-8') }}
A new include
function has been introduced to simplify the including of other files when
passing multiple options:
{# before #}
{% sandbox %}
{% include 'page.html' ignore missing %}
{% endsandbox %}
{# after #}
{{ include('page.html', sandboxed = true, ignore_missing = true) }}
The ternary operator syntax has been extended to simplify some common use cases:
{# standard syntax #}
{{ foo ? 'yes' : 'no' }}
{# extended syntaxes as of Twig 1.12 #}
{{ foo ?: 'no' }} is the same as {{ foo ? foo : 'no' }}
{{ foo ? 'yes' }} is the same as {{ foo ? 'yes' : '' }}
As always, everything should be backward compatible, meaning that all your existing templates will still work as before. Of course, if that’s not the case, report it as soon as possible so that we can fix the regressions before the 1.12.0 final is released later this week.
Twig 1.11.1 is a maintenance release where the following bugs have been fixed:
I’m very happy to announce the immediate availability of Twig 1.11.
As with any new release, the documentation has been improved for existing features, and two new recipes have been published: Using a Database to store Templates and Using different Template Sources. I have also added a new section to explain how blocks work in Twig.
In 1.11, you can now import a template from a string thanks to the template_from_string function (this was probably one the of most often asked feature on the mailing-list).
Of course, we have fixed some bugs too:
And last, but not the least, the performance of the exception management has been greatly improved, especially when using the Twig loader chain.
Twig 1.10.3 has just been released. This version fixes a regression introduced in 1.10.2, and adds a new filter to split strings.
