Maintenance release

This release mainly brings updates to third-party components.

Security fixes:

• None

New components:

• None

New features:

• Use immutable caching with immutable in Cache-Control header
• Add query parameters when loading AMD modules, so that updates of Bower/NPM packages and system modules will result in actual files reloading on frontend

Updates:

• New upstream version of Composer
• New upstream version of html5sortable
• Custom version of Alameda rebased against latest upstream version
• wp-cli/php-cli-tools rebased against latest upstream version
• Polymer and WebComponents.js rebased against latest upstream versions
• TinyMCE rebased against latest stable release
• HTML Purifier

Fixes and small improvements:

• System:
  • Windows doesn't like start in files/directories names, let's fix this
  • Move built-in AMD modules list from zz1.alameda-setup.ls to backend event handler
  • Added readme information about Polymer build used in CleverStyle Framework
• Http server
  • Increase react/http dependency version

Deprecations:

• None

Possible partial compatibility breaking (very unlikely, but still possible):

• None

Dropped backward compatibility:

• None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Improved AMD modules support and public cache

This release brings a number of small tweaks and improvements, the most noticeable being related to frontend.

First frontend improvement is about RequireJS/Alameda support being improved by generating more advanced packages configs instead of simple paths (lodash-amd can now be used without issues). Also custom version of Alameda is now used in order to support some not completely valid modules, that might appear in the wild (this is better than not supporting those at all).

Second frontend improvement is about how framework stores frontend cache: now everything is copied into public cache directory, so that it is possible to process all necessary assets (including images, fonts, etc) by just traversing files in this single directory.

As usual, there are other small improvements, more tests, updated documentation and updated third-party components to their latest versions.

Security fixes:

• None

New components:

• None

New features:

• Improved RequireJS support with generating packages configs instead of just paths for Bower/NPM packages (enables using packages like lodash-amd with multiple components inside)
• System/Page/requirejs event extended to also expose possibility to add RequireJS packages
• Prefer non-minified files for RequireJS when assets compression is not used
• Added custom version of Alameda that allows to load more packages that can be found in the wild even if they are technically broken (readme file added with details about this)
• Added cs.ui.prompt() method as nice looking replacement for window.prompt()
• Update tooltip contents as tooltip property on element gets updated
• Content-based files naming in public cache
• All images, fonts and other stuff used in CSS files are now copied into public cache directory, so that post-processing might be executed on single directory
• Added support for paths that are relative to the root of the website (these were previously considered absolute) in CSS processing
• Nested CSS imports are now also processed even if they have media query associated with them
• It is almost 2017 and HTTP/2 is here, let's stop inlining any resources in CSS except plain CSS

Updates:

• New upstream version of Font Awesome
• New upstream version of autosize
• New upstream version of Composer
• New upstream version of html5sortable
• New upstream version of Prism
• New upstream version of PHPMailer
• New upstream version of Polymer (still with Shady DOM removed)
• New upstream release of HybridAuth
  • New HybridAuth providers:
    • Amazon
    • Strava
• New version of TinyMCE (current git version)

Fixes and small improvements:

• System:
  • Use newer APCu version with PHP7 on Travis CI
  • Stop using parse_url() function
  • There are no methods for getting information about executed queries in 6.x, so now we can do some simplifications
  • Framework doesn't support installation into subdirectory, so lets remove path from URL in installer
  • Optimized translation processing for cs.Language on frontend by not creating functions for keys that don't need to support formatting
  • Tiny UI fix for button appearance after normalize update
  • Tiny builder fix
  • In installed framework store original license.txt under license-cleverstyle-framework.txt
  • Tiny fix for the issue that causes system update impossible in UI
  • webcomponents/webcomponentsjs#642 applied on top of minified WebComponents.js
  • Hide implementation details of callbacks in cs.ui.* methods - no need for consumers to know that it happened because of click on a button
  • Tiny UI tweak in administration, option doesn't have any effect without assets compression
  • Fix for relative paths to scripts in assets cache without vulcanization
  • Run quick tests on Travis CI using HHVM
  • Use Phar version of htmlpurifier: it is bigger, but works under HHVM
  • Return empty string instead of string with 0 when casting cs\False_class to string
  • mysqli_result::get_result() method might not be implemented (see https://secure.php.net/manual/en/mysqli-stmt.get-result.php#refsect1-mysqli-stmt.get-result-mysqlnd and facebook/hhvm#2368), so let's make hands dirty and reimplement everything without it
  • Also some black magic is used as workaround for facebook/hhvm#6229
  • More tests added to test some edge cases
  • Require quick HHVM tests in Travis CI for successful result
  • Small refactoring, public cache directory might be swapped when necessary during \cs\Page\Assets\Cache construction
  • As https://bugs.xdebug.org/view.php?id=1322 is resolved, we can unlock tests coverage tracking for more code
  • Docs update
  • FTP paths support removed from CSS processing (not likely to be used anyway)
• Composer:
  • Do not clean Composer's home directory, allow it to keep cache there
• Composer assets
  • Increase fxp/composer-asset-plugin dependency version

Deprecations:

• Third argument in cs\Page\Assets_processing::html() method now accepts directory instead of file, but until 7.x keeps compatibility with old syntax

Possible partial compatibility breaking (very unlikely, but still possible):

• 3rd argument added to the method \cs\Page\Assets_processing::css()

Dropped backward compatibility:

• None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

No old browsers, polished API and interfaces, better security

First of all - there is an important security update - xap() function now has brand new implementation and is secure (while previous implementation, unfortunately, was not).

New major release breaks a lot of small things, which was necessary to make system more consistent like following:

• there was cache/database//storage engines, databases types and storage connections - now they are all just drivers
• includes are renamed to assets (as it is much more common naming)

This release also drops support for IE (partial IE11 support is provided by Old IE module) as well as old versions of all major browsers except 2 latest stable versions.

Some secondary features like temporary users blocking and blocking visitors that failed to enter correct credentials in sign in form few times - these features can be implemented with modules with much more options than built-in primitive support had.

There was a lot of new performance tweaks (simple page rendering is easily under 1ms with PHP7, asynchronous translations on frontend), a lot of fixes and new tests were added (77%+ for system in general, but real coverage is even better, some tests are excluded from code coverage because of https://bugs.xdebug.org/view.php?id=1322) as well as updated documentation.

The last thing to note is that CleverStyle Framework can now be translated on Transifex: https://www.transifex.com/cleverstyle/cleverstyle-framework

Overall, this is the best release to date, give it a try!

Security fixes:

• HTML Purifier bundled with system, xap() function reimplemented with the same syntax as before using HTML Purifier as the backend

New components:

• None

New features:

• Translations on frontend are now asynchronous in production mode and their cache is separated from regular CSS/JS/HTML cache (which are now language-independent)
• Improved JS minifier - can now avoid template strings, but will process code before first and after last template string (also backticks in comments are not a problem anymore)
• Added support for nested query parameters in cs.api()
• New backend events added:
  • api/System/profile/sign_in/before
  • api/System/profile/sign_in/success
  • api/System/profile/sign_in/error
• Implemented sorting for multilingual fields in cs\CRUD_helpers trait
• Use patched version of wp-cli/php-cli-tools that contains support for nicer syntax for colorizing output (wp-cli/php-cli-tools#100)

Updates:

• New upstream version of UPF
• Normalize is now based on normalize.css 5.0.0 (dropped IE support, only 2 latest stable versions of major browsers supported)
• New upstream release of HybridAuth.
  • New HybridAuth providers:
    • Dataporten
    • HumanitarianId
    • Pinterest
    • Weibo
• New upstream version of Polymer (still with Shady DOM removed)

Fixes and small improvements:

• System:
  • Fix for incorrect order of construct() / INIT_STATE_METHOD methods calls when classes are interconnected
  • Fix for edge cases in cs\Config multilingual settings
  • Simplified cs.Event implementation - should be easier to read and understand
  • sprintf.js moved to AMD modules and is not loaded unconditionally anymore
  • Small simplification, no need to print messages, since they will be shown to user during sign in process anyway
  • Clean the whole cache on system update
  • Few TODOs removed, since ready callback will not be available in Polymer 2.x anyway
  • Move few checks to interpreter
  • Limit uploading to SourceForge to 2 minutes timeout in Travis CI (otherwise it fails to upload code coverage to Scrutinizer)
  • Tiny tweak (ensure headers property is always an array in cs\Response)
  • Includes map always have indexed arrays with consistent keys on the last level
  • Tiny tweak - no need to iterate through cookies if there is no cookies in list
  • Small simplification - glob() can replace get_files_list() with simpler syntax
  • Replace few conditions with single regular expression
  • Do not ignore attachments errors when sending email
  • No need for require_once in autoloader
  • Create simple autoloader for HTMLPurifier
  • Following traits converted into standalone classes:
    • cs\Page\Includes\Cache
    • cs\Page\Includes\Collecting
    • cs\Page\Includes\RequireJS
  • Only register request-file stream wrapper when needed
  • Use html instead of :root for forward compatibility with Polymer 2.x
  • Utility functions array_map_arguments() and array_map_arguments_bool() added
  • Small simplifications using new functions
  • Users deletion is now done in transaction to keep user groups, permissions and user itself in sync
  • Remove comments from translations files
  • Added link to Transifex project for translation
  • Added documentation about structures used in JSON files for public cache
• Composer:
  • Added ezyang/htmlpurifier to Composer module as package bundled with system
• Shop:
  • Shop module migrated to using sprintf.js as AMD module
  • Fix for items search in Shop module (caused by changes in cs\CRUD, which now uses server-side prepared statements instead of placeholders)
  • Various small fixes in Shop module
  • Small hack for item page in Shop module in browsers without native Shadow DOM support (caused by webcomponents/webcomponentsjs#112)
• Static pages:
  • Administration pages in Static pages module moved to Controller
  • Small fix for categories creation in Static pages module
  • Categories and pages manipulation all on frontend through API
  • Add menu item to conveniently go back to categories list
  • Show pages and categories in alphabetical order
  • Do not use pages structure anymore, use simple mapping of full path to id instead
• TinyMCE:
  • Allow to hide cs-editor and friends with hidden attribute
  • Small fix on top of minified TinyMCE

Deprecations (will be dropped right after release):

• None (major release)

Possible partial compatibility breaking (very unlikely, but still possible):

• None (major release)

Dropped backward compatibility:

• All deprecated functionality was dropped
• Dropped update support from System versions older than previous release, the same for all components
• IE10 and Safari 8- support dropped entirely
• IE11 support moved from system to Old IE module
• Removed block_until column from users table and corresponding functionality (it has very limited and might be implemented by modules if necessary)
• Removed storing result of sign in process and related functionality (can be achieved with new events)
• Removed support for inline CSS/JS/HTML in cs\Page\Includes (it can be added manually, not used by core and generally not a very good idea)
• Engines renamed to drivers (including configuration options)
• Storage connection renamed to storage driver
• Database type renamed to database driver
• Global url_by_source() and source_by_url() functions removed, their implementation was moved to Local storage driver
• cs\CRUD_helpers now always using system language and doesn't allow to specify language directly
• storage/pcache directory moved to storage/public_cache
• Backend event renamed from admin/System/general/optimization/clean_pcache to admin/System/general/optimization/clean_public_cache
• Contents of includes/map.json file moved into meta.json under assets key
• Assets is more common naming in the wild than includes, so all includes directories, related code renamed to assets
• Changed structure of optimized map in public cache

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Better consistency and minor frontend optimizations

This release is a small incremental update over previous release.

Release is primarily focused on improving tests coverage (76%+ for system in general) and small inconsistencies tweaks as well as usual set of bug fixes.
There were also some minor performance improvements on frontend (translations initialization, icons and tooltips rendering).

This is likely to be the last release of 5.x branch, see you in 6.x world:)

Security fixes:

• None

New components:

• None

New features:

• Added convenient property cs\Request::$regular_path

Updates:

• New upstream version of Composer

Fixes and small improvements:

• System:
  • Always set Content-Type header to application/json for API requests
  • Added convenient do_api_request() method for usage in tests
  • Only set Content-Language header for regular pages
  • Unnecessary validation already present in cs\User\Profile removed from API controller
  • Simplifications and small tweaks in cs\Request\Route
  • Do not forbid API access for users by default (this is really wrong)
  • Allow to set login to own email (corresponding tests added)
  • Support tricky situation when login was equal to email and then email changed, now login will be updated to new email as well
  • Fixed behavior of master-slave mirror selection in cs\DB class
  • Performance improvement in cs-icon element and in cs-unresolved feature
  • Reduce painting when showing tooltip
  • Use modern syntax of @apply
  • Improved performance of cs.Language initialization
  • Fix for email hash left in cache after user deletion
  • Fix for failed sign ins registration because of incorrect DB indexes
  • Small tweaks to sign in API
  • Simplify installer in order to not specify default values explicitly
  • Update cs\Config\Options to be usable even if system is not installed
  • Optimize modules list rendering
  • System/Page/rebuild_cache event doesn't actually have key parameter
  • Some HTML files converted to Pug
• Content
  • Use passive event listener in Content module in order to improve scrolling performance

Deprecations:

• None

Possible partial compatibility breaking (very unlikely, but still possible):

• cs-icon now only supports either one or two icons, but not more

Dropped backward compatibility:

• None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Strict mode MySQL, better multilingual search

This release is a small incremental update over previous release.

Major changes are SQLite support in Blogs module, using strict mode for MySQL database and real search for multilingual columns in cs\CRUD_helpers trait (previously it didn't take into account some multilingual features).

Other smaller changes include XSS protection improvements with newer UPF version, lots of simplifications and refactoring, many more tests were added or extended (74%+ for system in general).

Security fixes:

• XSS protection improvements in UPF

New components:

• None

New features:

• System/Request/routing_replace/after event extended to allow changing route_path and route_ids in event handler
• Allow to specify more parameters than needed for prepared statement
• True search even in multilingual columns in cs\CRUD_helpers trait
• Added SQLite support in Blogs module
• New backend events added:
  • System/Language/change/before
  • System/Language/change/after
  • System/Language/load (replaces System/general/languages/load)

Updates:

• New upstream version of UPF with fixes for stored XSS
• New upstream version of alameda
• New version of TinyMCE

Fixes and small improvements:

• System:
  • Fix for cs\CRUD_helpers trait
  • Try calling OPTIONS/CLI method handler if available instead of collecting available methods manually
  • Fix for nested paths not being included in permissions check
  • Corrected documentation about XHR, since jQuery is not used there anymore
  • Always add X-Requested-With header when making API requests
  • Added pagination tests for cs\CRUD_helpers
  • Tiny fix for prepared statements conversion in PostgreSQL engine (when number of statements > 1)
  • Added documentation about SQL compatibility and conversion done to support this compatibility
  • Use server-side prepared statements in cs\CRUD and cs\CRUD_helpers traits
  • Return boolean value from non-select query with prepared statements in MySQLi DB engine
  • Handle nicely non-indexed arrays of parameters for prepared statements
  • Refactoring in cs\CRUD_helpers trait
  • Small tweaks to builder
  • Small fix for autoloader when working with aliases
  • Fix for arguments parsing in CLI interface
  • Replace CREATE TABLE IF NOT EXISTS with CREATE TABLE in installation MySQL scheme to ensure DB was empty before installation
  • Fix for non-unique index for SQLite DB scheme
  • Small installer fix (expert switch didn't work)
  • Fix for packages dependencies conflicts not always printed
  • Return false gracefully when prepared statement preparation fails
  • cs\DB\_Abstract::queries_count() method added for getting number of made SQL queries
  • Do not Push resources if they were pushed already
  • Simplification and small fix for FileSystem cache engine
  • Typo in translations
  • Tiny UI improvement
  • Simplified external usage of multilingual options from cs\Config class - now they do not differ externally from other options
  • cs\Config\Options class added as centralized source of information about each core option: option type, default value, supported values or ranges, whether option is password or is multilingual
  • cs\Config is now responsible itself for checking and formatting options according to defined rules (using cs\Config\Options)
  • Do not generate unnecessary content in <head> sections with multilingual meta information for API, administration interface and CLI
  • get_core_ml_text() and set_core_ml_text() functions are not used anymore
  • Jade files refactored to Pug
  • Never create guest session when deleting one (new session will be created on demand anyway)
  • Do not remove session cookie if session in cookie doesn't match session being deleted
  • Small fix for potential memory exhaustion when deleting large amount of user sessions - fetch and delete sessions one by one
  • Some redundant checks removed in sessions processing
  • Stop using TIME constant as the source of current time
  • Run database upgrade scripts in transactions
  • Fix for $L->clang property being undefined (because of getting property second time inside of getting it for the first time with empty cache)
  • Reduce ambiguity of events handlers registration when working with multiple requests under Http server
  • Fix for multilingual cs\Config options not following language when working with multiple requests under Http server
  • Simplifications incs\Language class
  • Removed redundant code from cs\Language class
  • INIT_STATE_METHOD method is now called after constructor, rather than before, which actually makes much more sense
  • Fix for multilingual options might not be processed in cs\Config in API requests, since cs\Language was not used otherwise
  • cs\Config::core() method added
  • Administration settings API simplified a lot and now relies on data normalization in cs\Config (url and cookie_domain options are now return as is, in form of arrays, rather than strings)
  • Small fix for cs\modules\System\Packages_dependencies class when handling updates from too old versions
  • Small tweak for cs\modules\System\Packages_manipulation (do not remove installer file when update failed)
  • Getting array of properties decoupled into new trait cs\Properties_getter
  • Common packages extraction code in cs\modules\System\Packages_manipulation decoupled into separate method
• Http server:
  • Http server is now using CLI interface for starting server
• TinyMCE:
  • Incorrect functionality removed from TinyMCE module

Deprecations:

• cs\DB\_Abstract::query() and cs\DB\_Abstract::queries() methods are now deprecated
• Deprecated backend events:
  • System/general/languages/load (replaced with System/Language/load)
• Deprecated functions (they do nothing now, since cs\Config handles everything itself):
  • get_core_ml_text()
  • set_core_ml_text()

Possible partial compatibility breaking (very unlikely, but still possible):

• MySQL strict SQL mode is now enforced! (some modules failed to install with strict SQL mode and have been corrected)
• Potentially partially breaking change: for consistency $Config->core['name'] renamed into $Config->core['site_name']

Dropped backward compatibility:

• None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Lighter frontend

This release is a small incremental update over previous release.

Major improvements are focused on decreasing frontend overhead:

• added possibility to disable Web Components support (with all related features) if it is not needed
• added asynchronous interface for translations (translations will only be loaded when actually used), but under the hood they are synchronous till 6.x to avoid BC break

Small but handy improvements done for CSS/JS minifiers, important fixes for TinyMCE editor and Web Components polyfill (not upstreamed yet).

On backend side there is improved code coverage (96%+ for core directory, 66%+ for system in general).
Added support for native server-side prepared statements in database interfaces in addition to already present client-side placeholders.

Last thing worth mentioning is support for upcoming PHP 7.1.

Security fixes:

• None

New components:

• None

New features:

• Added support for server-side prepared statements
• cs.Language.ready() method added, will be used in upcoming asynchronous translations loading, returns Promise
• cs.Polymer.behaviors.Language behavior is now ready for cs.Language being asynchronous
• Added optimization option to disable Web Components usage, only available for advanced users (Administration > General > System > Simple mode of administration == Off)
• All components and system ported to asynchronous translations interface on frontend
• CSS minified improvements:
  • added support for @import url(...) in addition to @import ...
  • added support for CSS imports with media queries
• JS minified improvement:
  • added support to ES2015 template strings (minifier does nothing in this case to avoid breaking good code)

Updates:

• Rebased Polymer against new upstream version 1.6.1, patch accepted upstream
• Git version of WebComponents.js with webcomponents/webcomponentsjs#589 on top

Fixes and small improvements:

• System:
  • Old already removed from docs event actually removed from code
  • Update APCu version for Travis CI
  • Add PHP 7.1 in Travis CI and make it mandatory for test to succeed
  • cs.Language implementation rewritten (more code, but require less brain power to read)
  • cs.Polymer.behaviors.Language implementation rewritten (more code, but require less brain power to read)
  • Polymer-related files moved into own directory
  • Use single quotes where possible
  • Small fixes and docs update for cs\CRUD_helpers trait
  • Small fixes for cs\CRUD trait
  • Unnecessary condition removed in cs\Page class
  • Simplified and normalized structure of dependencies determination results
  • Simplified structure for dependent packages
  • Improved tests coverage, small fixes, optimizations and docs updates

Deprecations (will be dropped right after release):

• Synchronous use of cs.Language is deprecated and will be removed in 6.x

Possible partial compatibility breaking (very unlikely, but still possible):

• None

Dropped backward compatibility:

• None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Better consistency

Small incremental release on top of last major update.
Release improves consistency in builder/installer and some interfaces, have significantly code coverage (>90% for core system classes).

Nothing major this time.

Security fixes:

• None

New components:

• None

New features:

• Allow any host in Docker demo

Updates:

• New upstream version of phpt-tests-runner
• New upstream Promise polyfill
• New upstream version of autosize
• New version of TinyMCE

Fixes and small improvements:

• System:
  • Add .htaccess files in storage directory to core files in builder, so that they'll be updated with system update
  • Remove mentioning Storage.php from builder
  • Reload page on module enabling, disabling and uninstallation
  • Fix for potential redirect use wih specially created subdomain
  • Fix for inheriting translations from core language, that was broken in 1183976
  • Installer is now covered by code coverage analysis (not 100%, but mostly)
  • Add nightly PHP to Travis CI, but allow it to fail
  • Use native code coverage merging
  • PHP_SAPI constant usage changed to php_sapi_name() function usage, which is easier to wrap in tests
  • Smaller code coverage overhead (bug bigger data file)
  • Lighter integration of code coverage into installer
  • Fix for instantiating classes from cs\custom namespace which do not extend original class
  • Fix for multiple class extension
  • Many tests added
  • Only compute code coverage on PHP 7.0
  • Tiny fix for bug found under PHP Nightly
  • Fix for Docker demo
  • Small fix for nav bar in administration
  • icon property on cs-button renamed to icon-before, icon property is still supported and will be, now it is just an alias to icon-before
  • Declare public visibility on methods explicitly
  • Clean upstream version of PHPMailer without any modifications is used
  • Tiny fix in mail settings in administration interface
  • Use smtp port in cs\Mail class directly as is
  • Small fix in cs\Mail class
  • Mark more tests as slow
  • Refactoring and simplifications in cs\Storage class
  • New constants:
    • cs\Storage::CONNECTIONS_ACTIVE
    • cs\Storage::CONNECTIONS_SUCCESSFUL
    • cs\Storage::CONNECTIONS_FAILED
  • Small refactorings and fixes

Deprecations (will be dropped right after release):

• cs\Storage\_Abstract::move_uploaded_file() method deprecated and is just an alias to ::copy() now

Possible partial compatibility breaking (very unlikely, but still possible):

• cs\modules\System\Packages_manipulation::move_uploaded_file_to_tmp() method removed as unused, it remained from pre-API-based administration interface
• cs\Mail doesn't extend PHPMailer class anymore, but rather uses it internally
• cs\DB::CONNECTIONS_ALL constant renamed into CONNECTIONS_MASTER
• cs\DB::CONNECTIONS_MIRRORS constant renamed into CONNECTIONS_MIRROR
• cs\DB::get_connections_list() method now requires first argument to be specified explicitly
• cs\Storage::get_connections_list() method now requires first argument to be specified explicitly, also requires arguments to be cs\Storage::CONNECTIONS_* constants

Dropped backward compatibility:

• All features that were deprecated in last release and kept for smooth upgrade were removed
• Removed possibility to upgrade from older versions than latest release
• SimpleImage module removed, hacks in it were not actually used anywhere, so better use upstream version from Composer, it will not make any practical difference

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Focus on quality

This release is primarily focused on code quality with significantly increased tests coverage.

Another aspect is rectifying framework's API by removing redundant elements (like plugins, blocks templates, users contacts, some methods and properties), blocks and modules now moved to project root similarly to themes.

The last noteworthy aspect is slightly improved minimal request overhead, which improves page rendering under mod_php or php-fpm as well as under Http server (which can render pages in almost 0.5 ms).

This is the first release of 5.x series, so it brings some BC-breaks, as well as removed all functionality declared as deprecated in any previous release.

Security fixes:

• None

New components:

• Psr7 (decoupled into optional module from system core)

New features:

• Added serving static files in framework itself (without external web-server)
• Backend events added:
  • System/Request/routing_replace/before
  • System/Request/routing_replace/after

Updates:

• Normalize is now based on normalize.css 4.2.0
• New upstream version of PHPT-Tests-Runner
• New upstream version of autosize
• New upstream version of Composer

Fixes and small improvements:

• System:
  • Use element.matches() instead of element.tagName
  • Fixes for session data setting and deletion
  • Fix for making API requests for non-authorized user (essentially, initial sign in)
  • Updated Nginx config sample without compression headers
  • Small fix for streams in multiple files uploads as streams
  • Do not handle and request data and/or files for GET, HEAD and OPTIONS requests
  • Keep correct independent position in uploaded files that are opened multiple times
  • Docker image updated to newer base phusion/baseimage as well as using PHP7
  • Multiple DB query always returns boolean result
  • Print error messages to stderr in CLI mode
  • Fixes and small improvements for CSS minifier
  • Small fixes and improvements for processing nested HTML imports
  • Correct support for Forwarded HTTP header per spec
  • Improved HHVM support in some edge cases with errors
  • Fix for making multiple API calls on frontend: request body was sent where it shouldn't
  • Small fix for headers initialization in cs\Response::init_with_typical_default_settings() method
  • Small fix for REQUEST_URI decoding in cs\Request\Server trait
  • Stop using ETags for improved caching
  • Stop setting the same headers multiple times
  • Multiple .htaccess files are added to installation distributive instead of creating them in core/bootstrap.php
  • Fix permission for cli
  • More lightweight Language initialization, delays loading of translations until really needed
  • Website name is now added to Page::instance()->Title only right before page rendering (affects only manual changing of this property), which allows to avoid loading translations completely for certain requests
  • Only set Content-Language header for multilingual setups
  • Do not render title when interface turned off
  • Many tweaks and small fixes
• Deferred tasks
  • Hide deferred tasks from menu
• Http server
  • Fix for serving streams in Http server module
• HybridAuth
  • Contacts integration removed from HybridAuth module
  • Small fix in HybridAuth module when no providers enabled

Deprecations (will be dropped right after release):

• None (major release)

Possible partial compatibility breaking (very unlikely, but still possible):

• Minor potential BC-break (very unlikely), cs\Text::get() signature has changed and implementation largely simplified
• Request initialization should not happen after Response initialization, since exit might happen during Request initialization and there is a need for response to be ready by that time

Dropped backward compatibility:

• All deprecated functionality was dropped
• Dropped update support from System versions older than previous release, the same for all components
• jQuery was removed from system (including jQuery configuration)
• Plugins support removed with all corresponding backend and frontend events, UI elements, API and documentation.
• Removed backend events:
  • System/App/construct
  • admin/System/components/plugins/enable/before
  • admin/System/components/plugins/enable/after
  • admin/System/components/plugins/disable/before
  • admin/System/components/plugins/disable/after
  • admin/System/components/plugins/update/before
  • admin/System/components/plugins/update/after
  • System/User/get_contacts
  • System/Request/routing_replace
• Removed frontend events:
  • admin/System/components/plugins/disable/before
  • admin/System/components/plugins/disable/after
  • admin/System/components/plugins/enable/before
  • admin/System/components/plugins/enable/after
  • admin/System/components/plugins/update/before
  • admin/System/components/plugins/update/after
• ENGINES constant removed
• Contacts support removed from system
• Blocks templates removed together with corresponding configuration, UI elements, constants, files and documentation
• Major backward-compatibility break: blocks and modules moved to the root of the project (system tries to make sure process goes smooth by correcting fs.json files and creating temporary symlinks in original locations).
• Also events with components/ in their name have lost this suffix, for instance, admin/System/components/modules/default become admin/System/modules/default
• Do not compress minified files i public cache, this should be better done by web/proxy server (also resolves problems with setting headers on some configurations)
• cs\Text::search() method removed as unused
• Dropped support for calling DB::instance()->$db_index, DB::instance()->$db_index(), Storage::instance()->$storage_index
• Dropped support for calling database methods directly on DB::instance() objects, now explicit getting database with DB::instance()->db() or DB::instance()->db_prime() is required
• Psr7 support moved from system core to new Psr7 module
• cs\Response::$protocol property removed as unused
• clanguage_en removed from translations and events as redundant
• cs\Page::set_theme() function removed

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Better testing

This release is primarily focused on improving code quality of system core and testing.
Code coverage analysis was added into testing process, it helps to figure out which areas require more attention than others.

There are small fixes and improvements, but nothing major. However, there are some deprecations that will be removed in future 5.x release.

This release is likely to be the last one from 4.x series.

Security fixes:

• None

New components:

• None

New features:

• Code coverage analysis added to tests
• Add support for /index.php-prefixed requests
• Add support setting event handlers using scripts in custom directory
• Quick tests added that can be executed autonomously and concurrently

Updates:

• New upstream version of UPF
• New upstream version of PHPT-Tests-Runner
• New upstream version of Composer
• New upstream version of Polymer (Native custom CSS properties are not used yet because of Polymer.updateStyles() is not compatible with it yet)

Fixes and small improvements:

• System:
  • Change website protocol to https
  • Added support for multiple return values from methods when mocking objects in tests
  • Bind $this and static in mocked object's closures
  • Make autoloader ready for CACHE being not defined
  • Make cli file executable on system installation
  • Small tweaks for builder tests
  • Added badge with tests coverage
  • Small tweaks to autoloader and installer
  • Tiny refactoring in cs\Event class
  • Small fixes in cs\CRUD trait
  • Small fixes in cs\Key class
  • Fix for false return value was not working correctly in cs\Event::once()
  • Fixes for password restoration
  • Fix for closed site sign in
  • Allow overriding system core files constants upfront
  • Fixes for groups permissions inheritance and consistency of getting/setting user's groups
  • NOTE: User's groups priority has changed order in administration: now each next group have higher priority than previous
  • Control memory cache for user's permissions the same way as user's data
  • Fixes for user's permissions inheritance
  • Fix for infinite loop in cs\Language class
  • Improved sessions deletion
  • Small fixes and simplifications in cs\User\Profile trait
• Blockchain payment
  • Change blockchain payment functionality from payment to payment/blockchain, that will allow installation of multiple payment systems at the same time
• Blogs:
  • Small fix, Blogs module didn't use proper namespace for Json ld module
  • UI fix for editable area during posts addition or editing
  • Add language prefix to post edit URL so that it wouldn't confuse users in multilingual setup
• Composer assets:
  • Increase fxp/composer-asset-plugin dependency version

Deprecations:

• ENGINES constant is deprecated now
• User's contacts deprecated in system core
• Templates for blocks are deprecated now

Possible partial compatibility breaking (very unlikely, but still possible):

• None

Dropped backward compatibility:

• None

Latest builds on downloads page (details about installation process) or download source code and build it yourself

Less jQuery, less plugins

This release contains incremental improvements and bug fixes over last major release with 2 important changes.

The first significant change is that jQuery is not used by system core and many components, it is still around, but will be removed in 5.x, so it is time to explicitly define dependency on jQuery NPM package and use it as AMD module exclusively.

The seconds change is deprecation of plugins in favor of using modules only. Plugins were always simpler version of modules and didn't bring any substantial benefit, while added a lot of complexity.
While migrating from plugins to modules you might want to disable simple administration mode temporarily (Administration > General > System :: Simple mode of administration) and ignore dependency conflicts while you disable/remove plugin and install/enable corresponding module.

Security fixes:

• None

New components:

• None

New features:

• System doesn't use jQuery anymore
• cs.api function added on frontend for convenient calls to API without dependency on jQuery
• cs.ui.alert() now returns promise
• cs.ui.confirm() also returns promise if ok_callback was not specified
• Standalone version of html5sortable added alongside with previously available
• All existing plugins converted into modules, since plugins are deprecated

Updates:

• Stable version of jQuery 3.0

Fixes and small improvements:

• System:
  • Added check for origin header
  • Small fix for getting permission for API
  • Fixed focus in sign in and password restoration modals
  • Fix for password changing on frontend
  • Fix for block deletion
  • Set selected property on cs-select during initialization from value property
  • Small fix for labels, when active property is set before element is attached to DOM
  • Fix for incorrect error message during failed API request on frontend
  • Support trailing slashes in administration pages
  • Return numeric user's groups ids
  • Fix jQuery version in packages, since * causes problems
• Blockchain payment
  • Small important fix for Blockchain payment module
  • Use NPM package with jQuery-independent QR code generator
• Blogs:
  • Stop using jQuery in Blogs module
• Comments:
  • Stop using jQuery in Comments module
• Composer:
  • Stop using jQuery in Composer module
• Content:
  • Stop using jQuery in Content module
• Disqus:
  • Disqus conflict with Shadow DOM polyfill was resolved, so hack is not needed anymore
• Feedback:
• Fotorama
  • Added AMD support to fotorama
  • Fotorama plugin now depends on Composer assets and NPM package jQuery
• Old IE
  • Dataset polyfill added to Old IE plugin
• Photo gallery:
  • Photo gallery consumes jQuery only as AMD module, declares dependency on corresponding NPM package and Composer assets plugin
• Shop:
  • Shop consumes jQuery only as AMD module, declares dependency on corresponding NPM package and Composer assets plugin
  • Shop module uses jQuery-free html5sortable from latest system version
• Static pages
  • Stop using jQuery in Static pages module
• TinyMCE:
  • Specify display: on editor elements
• Uploader:
  • Stop using jQuery in Uploader module (but still support jQuery objects if passed as argument)

Deprecations:

• jQuery is now deprecated in system core, but is still around till 5.x
• Plugins are deprecated, but still fully supported and will be removed in 5.x

Possible partial compatibility breaking (very unlikely, but still possible):

• Partially breaking change: second argument in cs.file_upload()'s error callback is now regular XHR object, rather than jqXHR

Dropped backward compatibility:

• All features that were deprecated in last release and kept for smooth upgrade were removed
• Removed possibility to upgrade from older versions than latest release

Latest builds on downloads page (details about installation process) or download source code and build it yourself