Последнии сообщения форума
Всего: 294 Коммитов в репозитории |
Отфильтровано: 294 Коммиты |
Страница: 1 / 30
Сегодня (26.02.2026)
Docs: update project documentation to reflect recent changes
Synchronize all project docs with the current state of SLAED CMS 6.3.
Five files updated: README, UPGRADING, CONTRIBUTING, SECURITY, TEMPLATES.
Core changes:
1. README.md:
• Update migration badge from 70% to 75%
• Remove "Frontend modules ~35% remaining" (all 26 modules complete)
2. UPGRADING.md:
• Add Breaking Changes: config/rewrite.php removed, $confu['anonym'] removed,
setConfigFile() reserved guard, getConfig() skip list
• Update Version History status to ~75%, add three new Major Changes items
3. CONTRIBUTING.md:
• Expand language constants [!IMPORTANT] block with placement rule
(language/*.php for public, admin/language/*.php for admin-only)
• Add "Config Files -> Reserved Config Files" section with table
4. SECURITY.md:
• Add NDJSON format note to Logging & Error Handling section
• Add "Config Write Protection" block (setConfigFile guard + getConfig skip)
5. docs/TEMPLATES.md:
• Add "SEO Placeholder Variables" section documenting all 14 setHead() placeholders
([homeurl], [site], [logo], [loc], [time], [mtime], [title], [desc],
[img], [ctitle], [type], [url], [headline], [author])
Benefits:
• Documentation accurately reflects the current codebase
• Contributors have clear guidance on language constant placement
• Reserved config file rules are documented
Technical notes:
• docs/TESTS.md and CODE_OF_CONDUCT.md required no changes
Five files updated: README, UPGRADING, CONTRIBUTING, SECURITY, TEMPLATES.
Core changes:
1. README.md:
• Update migration badge from 70% to 75%
• Remove "Frontend modules ~35% remaining" (all 26 modules complete)
2. UPGRADING.md:
• Add Breaking Changes: config/rewrite.php removed, $confu['anonym'] removed,
setConfigFile() reserved guard, getConfig() skip list
• Update Version History status to ~75%, add three new Major Changes items
3. CONTRIBUTING.md:
• Expand language constants [!IMPORTANT] block with placement rule
(language/*.php for public, admin/language/*.php for admin-only)
• Add "Config Files -> Reserved Config Files" section with table
4. SECURITY.md:
• Add NDJSON format note to Logging & Error Handling section
• Add "Config Write Protection" block (setConfigFile guard + getConfig skip)
5. docs/TEMPLATES.md:
• Add "SEO Placeholder Variables" section documenting all 14 setHead() placeholders
([homeurl], [site], [logo], [loc], [time], [mtime], [title], [desc],
[img], [ctitle], [type], [url], [headline], [author])
Benefits:
• Documentation accurately reflects the current codebase
• Contributors have clear guidance on language constant placement
• Reserved config file rules are documented
Technical notes:
• docs/TESTS.md and CODE_OF_CONDUCT.md required no changes
Chore: update .gitignore plans path from plans/ to docs/plans/
The plans directory was moved under docs/ to better organize
project planning files alongside other documentation.
Core changes:
1. .gitignore:
• Change 'plans/' to 'docs/plans/'
Technical notes:
• No functional change to the codebase
project planning files alongside other documentation.
Core changes:
1. .gitignore:
• Change 'plans/' to 'docs/plans/'
Technical notes:
• No functional change to the codebase
Chore: add FUNC_FILE access guard and copyright header to reserved config stubs
The three reserved config stubs (system.php, header.php, chmod.php)
previously returned null to signal they are not config arrays. Replace
with an explicit die() guard consistent with other protected system
files, and add the standard SLAED copyright header.
Core changes:
1. config/system.php, config/header.php, config/chmod.php:
• Add copyright header (Author, Copyright, License, Website)
• Replace 'return null' with: if (!defined('FUNC_FILE')) die('Illegal file access')
Benefits:
• Consistent access protection across all restricted files
• Standard SLAED file header present in all config stubs
Technical notes:
• Files remain excluded from getConfig() merge via skip list in core/system.php
• die() guard prevents direct HTTP access if .htaccess rules are misconfigured
previously returned null to signal they are not config arrays. Replace
with an explicit die() guard consistent with other protected system
files, and add the standard SLAED copyright header.
Core changes:
1. config/system.php, config/header.php, config/chmod.php:
• Add copyright header (Author, Copyright, License, Website)
• Replace 'return null' with: if (!defined('FUNC_FILE')) die('Illegal file access')
Benefits:
• Consistent access protection across all restricted files
• Standard SLAED file header present in all config stubs
Technical notes:
• Files remain excluded from getConfig() merge via skip list in core/system.php
• die() guard prevents direct HTTP access if .htaccess rules are misconfigured
Chore: rename content module admin info files to 2-letter locale codes
Rename admin info HTML files in modules/content/admin/info/ from full
language names to 2-letter locale codes, matching the convention used
in other modules (news, pages, etc.).
Core changes:
1. modules/content/admin/info/ (6 renames):
• english.html -> en.html
• french.html -> fr.html
• german.html -> de.html
• polish.html -> pl.html
• russian.html -> ru.html
• ukrainian.html -> uk.html
Benefits:
• Consistent file naming across all module admin info directories
• Aligns with the 2-letter locale code convention (en, de, fr, pl, ru, uk)
Technical notes:
• File contents are preserved as-is
• Admin panel loads info files by locale code; old names were unused
language names to 2-letter locale codes, matching the convention used
in other modules (news, pages, etc.).
Core changes:
1. modules/content/admin/info/ (6 renames):
• english.html -> en.html
• french.html -> fr.html
• german.html -> de.html
• polish.html -> pl.html
• russian.html -> ru.html
• ukrainian.html -> uk.html
Benefits:
• Consistent file naming across all module admin info directories
• Aligns with the 2-letter locale code convention (en, de, fr, pl, ru, uk)
Technical notes:
• File contents are preserved as-is
• Admin panel loads info files by locale code; old names were unused
Chore: remove config/rewrite.php and update admin editor info pages
The rewrite.php file contained regex-based URL transformation rules
managed through the admin editor. This functionality has been superseded:
URL rewriting is now controlled exclusively by $conf['rewrite'] and
server-level .htaccess rules. All include() calls and the rewrite()
function were removed from the codebase in a prior cleanup.
Core changes:
1. config/rewrite.php:
• File deleted (122 lines of legacy regex rewrite rules)
2. admin/info/editor-*.html (6 language files):
• Remove "System SEF" tab description (referencing config/rewrite.php)
• Rename "Server SEF" tab to "Apache rules" for clarity
Benefits:
• Removes dead code with no callers
• Admin editor UI reflects the actual available tabs
• Reduces confusion between PHP-level and server-level URL rewriting
Technical notes:
• $conf['rewrite'] config key is preserved; controls mod_rewrite behavior
• .htaccess-based rewriting remains fully functional
managed through the admin editor. This functionality has been superseded:
URL rewriting is now controlled exclusively by $conf['rewrite'] and
server-level .htaccess rules. All include() calls and the rewrite()
function were removed from the codebase in a prior cleanup.
Core changes:
1. config/rewrite.php:
• File deleted (122 lines of legacy regex rewrite rules)
2. admin/info/editor-*.html (6 language files):
• Remove "System SEF" tab description (referencing config/rewrite.php)
• Rename "Server SEF" tab to "Apache rules" for clarity
Benefits:
• Removes dead code with no callers
• Admin editor UI reflects the actual available tabs
• Reduces confusion between PHP-level and server-level URL rewriting
Technical notes:
• $conf['rewrite'] config key is preserved; controls mod_rewrite behavior
• .htaccess-based rewriting remains fully functional
Security: add getConfig() skip list and setConfigFile() reserved guard
Protect reserved config files from being merged into $conf via getConfig()
or accidentally overwritten via setConfigFile(). Three files serve system
injection purposes (not config arrays) and must be excluded from glob merge.
Core changes:
1. getConfig() (core/system.php):
• Replace single local.php check with explicit $skip array
• Skip list: local.php, system.php, header.php, chmod.php
2. setConfigFile() (core/system.php):
• Add static $reserved guard at function entry point
• Reserved: system.php, header.php, chmod.php, local.php
• Calls with reserved filenames return silently without writing
Benefits:
• Prevents accidental overwrite of system injection files
• Eliminates false config merges from null-returning reserved files
• Explicit skip list is self-documenting
Technical notes:
• config/system.php, header.php, chmod.php return null by design
• config/local.php provides per-environment overrides, must not be merged
• Backward compatible: existing callers are unaffected
or accidentally overwritten via setConfigFile(). Three files serve system
injection purposes (not config arrays) and must be excluded from glob merge.
Core changes:
1. getConfig() (core/system.php):
• Replace single local.php check with explicit $skip array
• Skip list: local.php, system.php, header.php, chmod.php
2. setConfigFile() (core/system.php):
• Add static $reserved guard at function entry point
• Reserved: system.php, header.php, chmod.php, local.php
• Calls with reserved filenames return silently without writing
Benefits:
• Prevents accidental overwrite of system injection files
• Eliminates false config merges from null-returning reserved files
• Explicit skip list is self-documenting
Technical notes:
• config/system.php, header.php, chmod.php return null by design
• config/local.php provides per-environment overrides, must not be merged
• Backward compatible: existing callers are unaffected
Refactor: replace $confu['anonym'] with _ANONYM language constant
Remove the configurable anonymous user name ($confu['anonym']) and
replace it with the static language constant _ANONYM defined in all
six root language files. This eliminates a config option that had no
practical need for per-site customization.
Core changes:
1. Language files (language/*.php — 6 files):
• Add define("_ANONYM", "...") between _AND and _ANSWER in all 6 languages
* en: "Guest", ru: "Гость", de: "Gast", fr: "Invité", pl: "Gość", uk: "Гість"
2. Admin language files (admin/language/*.php — 6 files):
• Remove define("_ANONYMOUSNAME", "...") from all 6 files
3. Config and core (config/users.php, core/admin.php, core/security.php, core/user.php):
• Remove 'anonym' key from config/users.php
• Replace all $confu['anonym'] with _ANONYM
4. Admin modules (modules/*/admin/index.php — 10 modules + account):
• Remove anonym form field from modules/account/admin/index.php
• Replace $confu['anonym'] with _ANONYM in 10 module admin files
5. Block (blocks/block-user_info.php):
• Replace $confu['anonym'] with _ANONYM
Benefits:
• Simplifies configuration (removes non-essential option)
• Consistent anonymous name via i18n constant system
• _ANONYM resides in language/*.php (globally loaded, not admin-only)
Technical notes:
• _ANONYM is defined in language/*.php, not admin/language/*.php
• core/security.php: collapsed $anon initialization into substr(_ANONYM, 0, 25)
replace it with the static language constant _ANONYM defined in all
six root language files. This eliminates a config option that had no
practical need for per-site customization.
Core changes:
1. Language files (language/*.php — 6 files):
• Add define("_ANONYM", "...") between _AND and _ANSWER in all 6 languages
* en: "Guest", ru: "Гость", de: "Gast", fr: "Invité", pl: "Gość", uk: "Гість"
2. Admin language files (admin/language/*.php — 6 files):
• Remove define("_ANONYMOUSNAME", "...") from all 6 files
3. Config and core (config/users.php, core/admin.php, core/security.php, core/user.php):
• Remove 'anonym' key from config/users.php
• Replace all $confu['anonym'] with _ANONYM
4. Admin modules (modules/*/admin/index.php — 10 modules + account):
• Remove anonym form field from modules/account/admin/index.php
• Replace $confu['anonym'] with _ANONYM in 10 module admin files
5. Block (blocks/block-user_info.php):
• Replace $confu['anonym'] with _ANONYM
Benefits:
• Simplifies configuration (removes non-essential option)
• Consistent anonymous name via i18n constant system
• _ANONYM resides in language/*.php (globally loaded, not admin-only)
Technical notes:
• _ANONYM is defined in language/*.php, not admin/language/*.php
• core/security.php: collapsed $anon initialization into substr(_ANONYM, 0, 25)
Refactor: modernize all front-end modules to PHP 8.4 standards
Apply full PHP 8.4 modernization across all 26 front-end modules.
Each module receives type-safe function signatures, setHead() for SEO
metadata, prepared SQL with named placeholders, getVar() for all user
input, and setFoot() replacing legacy foot() calls.
Core changes:
1. SEO and head output (all modules):
• Replace head($conf['defis'].' '._MODULE) with setHead(['title' => _MODULE])
• Replace foot() with setFoot()
2. SQL queries (all modules):
• Convert string-concatenated queries to prepared statements
• Add PREFIX_DB constant to all table references
3. Input handling (all modules):
• Replace $_GET/$_POST direct access with getVar()
• Add type hints to all function parameters and return types
4. Template variables (all modules):
• Fix placeholder syntax: 'title' => ... to '{%title%}' => ...
• Use setTemplateBasic() / setTemplateWarning() exclusively
5. Anonymous user display (faq, files, forum, help, jokes, links,
media, news, pages, search, shop, whois, account):
• Replace $confu['anonym'] with _ANONYM constant
Benefits:
• Full PHP 8.4 compatibility across all public-facing modules
• Eliminates SQL injection attack surface in 26 modules
• Consistent anonymous user display via _ANONYM constant
• Uniform SEO metadata via setHead()
Technical notes:
• modules/forum/index.php: largest single-module change (~1469 lines)
• modules/news/index.php: second largest (~566 lines)
• All 26 front-end modules now fully modernized (100% complete)
Each module receives type-safe function signatures, setHead() for SEO
metadata, prepared SQL with named placeholders, getVar() for all user
input, and setFoot() replacing legacy foot() calls.
Core changes:
1. SEO and head output (all modules):
• Replace head($conf['defis'].' '._MODULE) with setHead(['title' => _MODULE])
• Replace foot() with setFoot()
2. SQL queries (all modules):
• Convert string-concatenated queries to prepared statements
• Add PREFIX_DB constant to all table references
3. Input handling (all modules):
• Replace $_GET/$_POST direct access with getVar()
• Add type hints to all function parameters and return types
4. Template variables (all modules):
• Fix placeholder syntax: 'title' => ... to '{%title%}' => ...
• Use setTemplateBasic() / setTemplateWarning() exclusively
5. Anonymous user display (faq, files, forum, help, jokes, links,
media, news, pages, search, shop, whois, account):
• Replace $confu['anonym'] with _ANONYM constant
Benefits:
• Full PHP 8.4 compatibility across all public-facing modules
• Eliminates SQL injection attack surface in 26 modules
• Consistent anonymous user display via _ANONYM constant
• Uniform SEO metadata via setHead()
Technical notes:
• modules/forum/index.php: largest single-module change (~1469 lines)
• modules/news/index.php: second largest (~566 lines)
• All 26 front-end modules now fully modernized (100% complete)
Refactor: migrate remaining front modules to setHead/setFoot; add h1 for view mode in templates
Complete the head()/foot() → setHead()/setFoot() migration for the last
nine front-end modules, and update both basic.html templates to render
the article title as <h1> when in single-view mode and <h3> in list mode.
Core changes:
1. pages/index.php → setHead(seo); setFoot()
2. recommend/index.php → setHead(); setFoot()
3. rss/index.php → setHead(); setFoot()
4. search/index.php → setHead(); setFoot()
5. shop/index.php → setHead(seo); setFoot()
- Pass title, desc, img, time, ctitle, author
6. sitemap/index.php → setHead(); setFoot()
7. users/index.php → setHead(); setFoot()
8. voting/index.php → setHead(seo); setFoot()
9. whois/index.php → setHead(); setFoot()
10. templates/default/basic.html and templates/lite/basic.html:
• Wrap title in {%if is_view%}<h1>…</h1>{%else%}<h3>…</h3>{%endif%}
* Single-article view uses semantically correct <h1> for SEO
* List views retain <h3> for visual hierarchy
Benefits:
• All front-end modules now use the unified SEO-aware setHead() API
• Templates emit correct heading hierarchy — <h1> on detail pages
improves Schema.org headline alignment and core-web-vitals LCP
Technical notes:
• head()/foot() aliases can be removed in a future cleanup pass
• {%if is_view%} is evaluated by the template engine; no PHP changes needed
• Backward compatible: basic.html change is purely additive
nine front-end modules, and update both basic.html templates to render
the article title as <h1> when in single-view mode and <h3> in list mode.
Core changes:
1. pages/index.php → setHead(seo); setFoot()
2. recommend/index.php → setHead(); setFoot()
3. rss/index.php → setHead(); setFoot()
4. search/index.php → setHead(); setFoot()
5. shop/index.php → setHead(seo); setFoot()
- Pass title, desc, img, time, ctitle, author
6. sitemap/index.php → setHead(); setFoot()
7. users/index.php → setHead(); setFoot()
8. voting/index.php → setHead(seo); setFoot()
9. whois/index.php → setHead(); setFoot()
10. templates/default/basic.html and templates/lite/basic.html:
• Wrap title in {%if is_view%}<h1>…</h1>{%else%}<h3>…</h3>{%endif%}
* Single-article view uses semantically correct <h1> for SEO
* List views retain <h3> for visual hierarchy
Benefits:
• All front-end modules now use the unified SEO-aware setHead() API
• Templates emit correct heading hierarchy — <h1> on detail pages
improves Schema.org headline alignment and core-web-vitals LCP
Technical notes:
• head()/foot() aliases can be removed in a future cleanup pass
• {%if is_view%} is evaluated by the template engine; no PHP changes needed
• Backward compatible: basic.html change is purely additive
Refactor: migrate front modules batch 2 to setHead/setFoot and prepared SQL
Migrate nine front-end modules (forum, help, jokes, links, main, media,
money, news, order) from head()/foot() to setHead()/setFoot(), pass SEO
metadata via the new API, and fix remaining raw SQL interpolation with
named placeholders.
Core changes:
1. forum/index.php:
• head() → setHead(seo); foot() → setFoot()
• Pass title, desc, img, time, ctitle, author to setHead()
2. help/index.php:
• head() → setHead(seo); foot() → setFoot()
3. jokes/index.php:
• head() → setHead(seo); foot() → setFoot()
4. links/index.php:
• head() → setHead(seo); foot() → setFoot()
5. main/index.php:
• head() → setHead(); foot() → setFoot()
• Remove unused \$confn / \$confrs locals
6. media/index.php:
• head() → setHead(seo); foot() → setFoot()
7. money/index.php:
• head() → setHead(); foot() → setFoot()
8. news/index.php:
• head() → setHead(seo); foot() → setFoot()
• SQL: category WHERE clause uses named placeholders (:ncat1, :ncat_re, :ncat2)
• catid IN() list uses intval() cast to prevent injection
• \$admin_file → \$afile global alignment
9. order/index.php:
• head() → setHead(seo); foot() → setFoot()
Benefits:
• SEO data (title, author, img, time) flows cleanly through setHead() API
• Eliminates remaining raw SQL string interpolation in news category queries
• Consistent global naming (\$afile) across module layer
Technical notes:
• news/index.php catid IN() uses intval() map — safe for any array content
• Functional behavior preserved in all nine modules
money, news, order) from head()/foot() to setHead()/setFoot(), pass SEO
metadata via the new API, and fix remaining raw SQL interpolation with
named placeholders.
Core changes:
1. forum/index.php:
• head() → setHead(seo); foot() → setFoot()
• Pass title, desc, img, time, ctitle, author to setHead()
2. help/index.php:
• head() → setHead(seo); foot() → setFoot()
3. jokes/index.php:
• head() → setHead(seo); foot() → setFoot()
4. links/index.php:
• head() → setHead(seo); foot() → setFoot()
5. main/index.php:
• head() → setHead(); foot() → setFoot()
• Remove unused \$confn / \$confrs locals
6. media/index.php:
• head() → setHead(seo); foot() → setFoot()
7. money/index.php:
• head() → setHead(); foot() → setFoot()
8. news/index.php:
• head() → setHead(seo); foot() → setFoot()
• SQL: category WHERE clause uses named placeholders (:ncat1, :ncat_re, :ncat2)
• catid IN() list uses intval() cast to prevent injection
• \$admin_file → \$afile global alignment
9. order/index.php:
• head() → setHead(seo); foot() → setFoot()
Benefits:
• SEO data (title, author, img, time) flows cleanly through setHead() API
• Eliminates remaining raw SQL string interpolation in news category queries
• Consistent global naming (\$afile) across module layer
Technical notes:
• news/index.php catid IN() uses intval() map — safe for any array content
• Functional behavior preserved in all nine modules
