Журнал изменений

Removes the fixed width from .sl-block-sidebar, trims padding and background gradient from .sl-admin-sidebar, removes margin/padding from .sl-admin-content, and adjusts .sl-admin-content-inner and .sl-toolbar spacing for a cleaner fluid layout.

Core changes:

1. Admin sidebar block (theme.css — .sl-block-sidebar):
2. Removed width: 275px; block now sizes via its flex/grid parent
3. Admin sidebar column (theme.css — .sl-admin-sidebar):
4. padding: 13px 11px 15px 11px → 8px 0px
5. Removed multi-stop background gradient (now inherits parent bg)
6. Admin content area (theme.css — .sl-admin-content):
7. Removed margin: 8px 6px 15px 0
8. Removed padding: 0 0 15px 0
9. Admin content inner (theme.css — .sl-admin-content-inner):
10. padding: 0 var(--sl-space-lg) 15px → 0px 0px 0px 8px
11. Toolbar (theme.css — .sl-toolbar):
12. margin: 0 10px 0 5px → 0 0 0 12px

Benefits: - Sidebar width adapts to container; no overflow on narrow viewports - Content area padding controlled at inner level, not duplicated on outer

Technical notes: - No new CSS classes; all changes are targeted property updates - No HTML structure changes required

Adds filterConst() to the Template compiler pipeline so that {{ _UPPER_SNAKE }} tokens are compiled into defined()-guarded PHP echoes instead of being silently dropped or mishandled by filterEcho(). Documents the new syntax in TEMPLATES.md.

Core changes:

1. Template compiler (core/classes/template.php — filterConst()):
2. Matches {{ _NAME }} where NAME is UPPER_SNAKE with _ prefix, 1-11 chars
3. Compiles to: <?= defined('_NAME') ? $this->getSafe(_NAME) : ''; ?>
4. Runs before filterEcho() so constant tokens are consumed first
5. Negative lookahead/lookbehind prevents matching {{{ _RAW }}} raw tags
6. Docs (docs/TEMPLATES.md):
7. Added one-line entry for {{ _CONST }} syntax under the runtime features list

Benefits: - Language constants can be used directly in .html fragment files - Compiled output is cache-safe: defined() checked at render time, not compile time - No change to existing {{ var }} or {{{ raw }}} behavior

Technical notes: - Regex: /(?<!\{)\{\{\s([A-Z][A-Z0-9]{0,10})\s\}\}(?!\})/ - getSafe() HTML-escapes the constant value before output - filterConst() is inserted before filterEcho() in the compile() pipeline

Adds getStatExtPanel() which reads fields 8-16 from the statistic log, aggregates them across all rows of the selected archive or current period, and renders an inline dashboard with ring charts, bar charts, and an hourly hit chart. Panel is appended after the existing statistic table.

Core changes:

1. getStatExtPanel() (admin/modules/statistic.php):
2. Reads days.log + statistic.log (current) or an archive file

3. Aggregates counter fields 8-12, 14-16 via getCounterField() and sums the 24-slot hours field (index 13)

4. Ring charts (SVG): Human Traffic %, Mobile Share %, Return Depth %, Search Share % — 4-up grid, responsive 2-col on narrow viewports

5. Bar charts (2-col grid): Browsers, OS, Devices, Countries, Refcat, New/Returning, Depth, Duration — sorted by count, preserves order where a canonical key order is specified (Devices, Refcat, etc.)

6. Hourly hits bar chart (SVG, 24 bars, x-axis labels every 3 hours)
7. Falls back to a plain "not available" notice when field 8 is absent
8. statistic() (admin/modules/statistic.php):
9. Added echo getStatExtPanel($file) after the existing statistic table

Benefits: - One-screen overview of browser/device/geo/session metrics per period - No extra DB queries; reads the same log files as the existing counter - Inline <style> scoped to sl-statx-* classes; no theme.css modifications needed

Technical notes: - Ring chart: uses SVG stroke-dashoffset on a r=38 circle (circumference 238.76) - Bar chart labels truncated at 120px via CSS text-overflow - getStatExtPanel() uses CSS custom properties from the admin theme (--bg, --line, --shadow, --soft, --muted, --blue2, --green, --purple, --orange)

Extends updateStatsTrack() to collect per-hit UA breakdowns, GeoIP country, referral category, hourly distribution, and sliding session state (new/returning, depth, duration). All new data is written as additional pipe-separated fields (indices 8-16) appended to the existing statistic.log line format.

Core changes:

1. UA parser (core/system.php — getAgentInfo()):

2. Detects browser (Chrome, Firefox, Edge, Opera, Safari, IE), OS (Windows, Android, iOS, macOS, Linux), and device (desktop, mobile, tablet, bot)

3. Bot detection via UA regex; guest===1 always maps to Bot
4. Counter field helpers (core/system.php):
5. getCounterField(): parses "key:count,key:count" field into a map
6. updateCounterField(): increments a key, keeps top-10 + Other overflow bucket
7. Hourly distribution (core/system.php — updateHoursField()):
8. Maintains a 24-slot comma-separated hit count per hour
9. Session tracking (core/system.php — updateSessionState()):
10. File-based sliding window (1800s) keyed by stats_id cookie
11. Tracks first-visit, last-visit, hit depth per session
12. Returns is_new, depth, duration for the current hit
13. Bucket classifiers (core/system.php):
14. getSessionDepthBucket(): maps depth to 1 / 2-3 / 4-7 / 8+
15. getSessionDurationBucket(): maps seconds to <30s / 30s-3m / 3m-15m / 15m+
16. Referral category (core/system.php — getRefCategory()):
17. Classifies referer into direct, search, social, or referrer
18. updateStatsTrack() extended (core/system.php):
19. Gathers agent info, refcat, GeoIP country, session state before write
20. Sets fields [8..16] on the statistic.log line in all three write paths

Benefits: - Rich per-day analytics available without changing the core log file structure - Session tracking uses httponly cookie with 1-year TTL, no DB required - All new fields are backward-compatible (absent = treated as empty)

Technical notes: - stats_id cookie set via setcookie() only when headers not yet sent - Fields 8-16 extend the existing 0-7 statistic.log schema non-destructively - Geoip::getCountry() used only if the Geoip class exists (class_exists check)

Adds four standalone HTML demo files to docs/ for the statistics subsystem: a browser analysis demo, a monitor dashboard, and two etalon/reference variants. These files are design references and are not loaded by the CMS at runtime.

Core changes:

1. Demo files (docs/):
2. statistic-browser-analysis-demo.html — browser/UA analysis visualization
3. statistic-monitor-dashboard.html — statistics monitor dashboard layout
4. statistic-monitor-etalon-demo.html — etalon reference demo
5. statistic-monitor-etalon-v2.html — etalon reference v2

Benefits: - Design references available alongside the codebase for review - No runtime impact; files are not referenced from any CMS module

Technical notes: - Standalone HTML; no CMS dependencies or includes - Located in docs/ which is not served by the web root

Addresses several targeted CSS issues in the admin theme: tightens the tooltip child selector to avoid unintended matches, revises sidebar count badge styling, moves IP/flag rules outside the table context, and replaces the language-link hover background with a filter-based approach.

Core changes:

1. Tooltip selector fix (theme.css):

2. .sl-tip div → .sl-tip > div (and ::after variant) Prevents deep descendant divs inside tooltip content from receiving position:absolute, which broke nested markup

3. Sidebar count badge (theme.css):
4. Count label link color: warning-strong conditional → always primary
5. Removed has([data-sl-toggle-control]) color overrides on anchor

6. Count value span: added explicit bg-subtle background and border-strong border instead of inheriting from the danger/warning context

7. Danger badge: removed background fill; uses border-strong + warning-strong text
8. .sl-menu-list-image: border removed for sl_block_1 and sl_block_2 sidebar blocks
9. IP / flag layout (theme.css):

10. Removed .sl-table-list-sort parent scope from .sl-col-ip, .sl-geo-flag, .sl-geo-flag img, .sl-col-ip a — rules now apply globally

11. .sl-geo-flag: added justify-content: center
12. IP link min-height and line-height: 16px → 24px (matches flag image height)
13. Menu grid link (theme.css):
14. Default state: removed background: bg-soft (now transparent/inherited)
15. Hover: bg changed from primary-tint to bg-soft
16. Language hover (theme.css):
17. Removed background-color hover on .sl-admin-language-link
18. Added filter: brightness(1.08) on hover for subtle brightness effect
19. Set explicit background: transparent on both states
20. Sort table tbody th padding (theme.css):
21. Added rules for tbody th padding to match td spacing in .sl-table-list-sort

Benefits: - Tooltip no longer bleeds position styles into nested content - Sidebar badges visually consistent regardless of warning/normal state - Flag + IP link correctly aligned outside table-only context

Technical notes: - All changes are additive CSS tweaks; no HTML structure changes - No new CSS class names introduced

Replaces raw content_html strings and ad-hoc row_attr usage in the database admin table with the typed column flags already used across other admin tables. Adds is_summary and is_no_sort flags to the table-cells and table-row fragments.

Core changes:

1. Admin database module (admin/modules/database.php):

2. Data rows: all cells now carry typed flags (is_col_id, is_col_count, is_col_date, is_col_actions) and use has_content_text/content_text where HTML escaping is safe

3. Summary row: replaced bold span content_html cells with typed cells; uses is_summary to render <th> instead of <td>

4. Summary row: replaced raw row_attr='data-sort-method="none"' with is_no_sort
5. Table head: all columns carry typed flags; removed is_fixed from table call
6. Table cells fragment (templates/admin/fragments/table-cells.html):

7. Added is_summary branch: when true renders <th> elements instead of <td> for the summary/totals row, preserving all class and attribute logic

8. Table row fragment (templates/admin/fragments/table-row.html):
9. Added is_no_sort: when true emits data-sort-method="none" on the <tr>
10. Removed support for raw row_attr (no longer needed after this migration)

Benefits: - Summary row styled as <th> for semantic correctness and proper sort exclusion - Column widths controlled by CSS class flags, not fixed table layout - Consistent with other admin tables; no more ad-hoc row_attr strings

Technical notes: - is_fixed removed from database table; column sizing now via CSS col-* classes - is_summary and is_no_sort are additive fragment flags; no other tables affected

Adds the missing getUserSessionAdminInfo case to the go=5 AJAX dispatcher in index.php and updates the update_query in getUserSessionAdminInfo() to include the correct go value and a CSRF token, preventing open-endpoint access.

Core changes:

1. AJAX dispatcher (index.php):
2. Added case 'getUserSessionAdminInfo': getUserSessionAdminInfo() to go=5 block
3. Admin session info (core/system.php):

4. update_query changed from 'go=1&op=getUserSessionAdminInfo' to 'go=5&op=getUserSessionAdminInfo&token='.getSiteToken()

Benefits: - AJAX endpoint is CSRF-protected via token parameter - Route correctly uses the go=5 admin-AJAX block instead of go=1

Technical notes: - getSiteToken() generates the per-session CSRF token used project-wide - No change to the HTML output or polling behavior

Adds the GeoLite2 Country and ASN binary database files to storage/geoip/. These files are read directly by the pure-PHP MMDB parser in core/classes/geoip.php.

Core changes:

1. Country database (storage/geoip/country.mmdb):
2. GeoLite2-Country MMDB, ~8.9 MB
3. ASN database (storage/geoip/asn.mmdb):
4. GeoLite2-ASN MMDB, ~12 MB

Benefits: - GeoIP lookups work out of the box without a separate download step - Both country and ASN resolution available immediately after clone

Technical notes: - Files are binary MMDB format, read via file_get_contents() and cached - Web access blocked by storage/geoip/.htaccess (deny from all) - Database files should be updated periodically from maxmind.com

Updates the two directory protection files in storage/geoip/ to remove trailing newlines and condense index.html to a single-line redirect. Deletes templates/admin/images/misc/sprite.png which is no longer referenced.

Core changes:

1. Storage protection (storage/geoip/.htaccess):
2. Removed trailing newline (content unchanged: deny from all)
3. Storage index (storage/geoip/index.html):
4. Condensed to single-line HTML with meta-refresh redirect to slaed.net
5. Removed multi-line doctype/head/body boilerplate
6. Admin image cleanup (templates/admin/images/misc/sprite.png):
7. Deleted; file is no longer used after icon migration to SVG/Bootstrap-Icons

Benefits: - Consistent with project-wide one-liner protection file convention - Removes orphaned binary asset from admin theme

Technical notes: - No functional changes to directory access control - sprite.png was the last remaining PNG in templates/admin/images/misc/