Чтение RSS каналов

Журнал изменений

Фильтр и поиск

Всего: 500 Доступных коммитов | Отфильтровано: 500 Коммиты | Страница: 1 / 50
Сегодня (02.04.2026)
Refactor: migrate admin modules and content module to new fragment API
Автор: Eduard Laas | Дата: 17:41 02.04.2026

Update security.php, database.php, and modules/content/admin/index.php to use the canonical input/label-hint/table/edit-tip fragments and add CSRF token verification to all mutating operations in the security module.

Core changes:

  1. Security module CSRF hardening (admin/modules/security.php):
  2. bansave(), passsave(), configsave(), delete(): add checkSiteToken() guard at function entry; render _TOKENMISS alert and return early on failure

  3. All delete action URLs now include &token=getSiteToken() query parameter
  4. banlist() ban-add form: hidden token field added via getTplHiddenInput()
  5. passwd() form: hidden token field added
  6. config() configsave form: hidden array now passed to config-div.html loop
  7. Fragment migration (admin/modules/security.php):
  8. getTplAdminHintLabel() → $tpl->getHtmlFrag('label-hint', [...]) for IP/CIDR, admin file, and dump-skip labels

  9. getTplTextInput() → $tpl->getHtmlFrag('input', [...]) for blocker_cookie and afile text inputs

  10. Database module (admin/modules/database.php):
  11. getHtmlFrag('admin-input', [...]) → getHtmlFrag('input', [...]) for both submit buttons in dump()

  12. Content module (modules/content/admin/index.php):
  13. content(): list view migrated from getTplAdminTableHead/getTplAdminTableRow to $tpl->getHtmlFrag('table', [...]) with head array of column descriptors

  14. Row rendering migrated to getHtmlFrag('table-row') + getHtmlFrag('table-row-content')
  15. Action menu migrated to getHtmlFrag('edit-tip', [...]) with CSRF token on delete URL
  16. Title cell migrated to getHtmlFrag('title-tip', ['items' => [...]]) + cutstr()
  17. add(): form rows converted to array-based descriptor format; input/label-hint fragments used for title and RSS URL fields; getTplRefreshTimeSelect() for refresh select; getTplAddDateTime() for date picker; fields_in() replaced by getTplAddFieldRows(); body preview replaced by getTplPreviewContent()

  18. Field input normalised: getVar('post', 'field[]', 'raw') + filterFields()

Benefits: - CSRF coverage extended to all mutating security module operations - Consistent fragment usage eliminates module-specific HTML builders - content/add form now uses the same add-div layout as other modules

Technical notes: - checkSiteToken() added to bansave (ids 1/2/3), passsave, configsave, delete - config-div.html hidden loop expects array of ['nameattr', 'valueattr'] maps - field[] input now read as raw array and normalised via filterFields()

Refactor: migrate ad_save(), preview(), and cutstr() to new helper API
Автор: Eduard Laas | Дата: 17:40 02.04.2026

Update three core utility functions in core/system.php to delegate to the canonical helper functions introduced in helpers.php, removing inline HTML construction and aligning with the array-based template API.

Core changes:

  1. ad_save() (core/system.php):
  2. Replaced inline <select>/<input> HTML with getTplSaveAction()
  3. Passes name, valu, op, noprev as array; logic for preview/delete options is now in getTplSaveAction() and save-action-item.html

  4. preview() (core/system.php):
  5. Replaced manual filterMarkdown + getHtmlPart('preview') call with getTplPreviewContent()
  6. Renamed $textc parameter to $field to match the field-string convention used by getTplPreviewContent() and getTplViewFieldRows()

  7. Returns empty string when all inputs are blank (handled by getTplPreviewContent)
  8. cutstr() (core/system.php):
  9. Replaced if/elseif/elseif chain for $end selection with match expression

Benefits: - ad_save() and preview() are now pure data-passthrough wrappers - Eliminates duplicate HTML logic between system.php and the new helpers - cutstr() match expression is more idiomatic PHP 8+

Technical notes: - preview() signature change: $textc → $field; all call sites already pass field strings - No behaviour change for any of the three functions

Refactor: add shared template helper functions to core/helpers.php
Автор: Eduard Laas | Дата: 17:40 02.04.2026

Introduce six reusable helper functions that build admin and frontend HTML from prepared data structures and canonical fragments, replacing inline HTML construction scattered across modules.

Core changes:

  1. getTplAddFieldRows() (core/helpers.php):
  2. Parses module field definitions from $conf['fields'][$mod]
  3. Returns array of ['label_html', 'field_html'] rows for add-div layout
  4. Dispatches to add-field fragment for text(1), textarea(2), select(3)
  5. Delegates to getTplAddDateTime() for date(5) and datetime(4) types
  6. getTplAddDateTime() (core/helpers.php):
  7. Renders a date/datetime-local picker paired with a hidden canonical value field
  8. Uses static counter for unique IDs across multiple instances on one page
  9. Returns add-datetime fragment HTML
  10. getTplRefreshTimeSelect() (core/helpers.php):
  11. Renders a fixed-interval <select> (15m/30m/1h/5h/10h/24h)
  12. Uses refresh-select-time fragment; defaults to 3600 when value is empty/zero
  13. getTplViewFieldRows() (core/helpers.php):
  14. Renders read-only labelled rows from field string + module field definitions
  15. Applies filterMarkdown+filterReplaceText for textarea(2) type fields
  16. Returns view-field fragment HTML per visible field
  17. getTplPreviewContent() (core/helpers.php):
  18. Assembles full preview block: title, body_a, body_b, field rows
  19. Uses getHtmlPart('preview-content') for page-level layout
  20. Returns empty string when all inputs are blank
  21. getTplSaveAction() (core/helpers.php):
  22. Renders save/delete/preview <select> + hidden op + submit button
  23. Accepts name, valu, op, noprev keys; conditionally includes delete/preview options
  24. Uses save-action + save-action-item fragments

Benefits: - Centralises HTML assembly logic; modules only supply data arrays - Eliminates repeated inline HTML for date pickers, field loops, and save controls - Consistent escaping and fragment usage across all call sites

Technical notes: - getTplAddFieldRows() uses filterFields() to normalise array field input - getTplAddDateTime() relies on add-datetime fragment with hidden_id/picker_id pair - getTplSaveAction() replaces the ad_save() inline HTML builder in core/system.php

Refactor: add canonical fragments and replace legacy template set
Автор: Eduard Laas | Дата: 17:40 02.04.2026

Introduce a complete set of shared, reusable admin fragments that replace the old module-specific ones, and rename preview pages to preview-content across all four themes to align with the new getTplPreviewContent() API.

Core changes:

  1. New admin fragments (templates/admin/fragments/):
  2. input.html — generic <input> with optional maxlength, placeholder, required
  3. label-hint.html — label with inline hint text
  4. edit-tip.html — action menu with view/edit/delete links (replaces inline action builders)
  5. table.html — full <table> wrapper with optional head array or raw head_html
  6. table-row.html — <tr> wrapper with optional class/attr
  7. table-row-content.html — content module table row cells (id, title, date, reads, status, actions)
  8. title-tip-item.html — single item inside a sl_tip nav tooltip
  9. view-field.html — labelled read-only field for preview pane
  10. add-field.html — dynamic form field (text, textarea, select) for module field definitions
  11. add-div.html, add-div-row.html, add-div-item.html, add-div-hidden.html — add-form layout
  12. add-datetime.html — date/datetime picker with hidden canonical value field
  13. refresh-select-time.html — interval select (15m…24h)
  14. save-action.html, save-action-item.html — save/delete/preview select + submit button
  15. navi-tabs-wrap.html, config-div-hidden.html — supporting layout helpers
  16. Updated fragments:
  17. config-div.html — hidden inputs now rendered via {% for item in hidden %} loop
  18. title-tip.html — supports content_html, content, items array, and label_text modes
  19. Deleted legacy fragments:
  20. admin-input.html, admin-hint-label.html — replaced by input.html, label-hint.html
  21. admin-table.html, admin-table-row.html — replaced by table.html, table-row.html
  22. admin-content-add-rows.html, admin-content-list-row.html — replaced by generic equivalents
  23. Preview pages/partials renamed across all themes (admin, default, lite, simple):
  24. preview.html → preview-content.html (page + partial)
  25. CSS additions (system.css for admin/default/lite, theme.css for simple):
  26. Add .sl-preview-, .sl-add-, .sl-save-action styling for new fragment layouts

Benefits: - Eliminates module-specific fragment duplication across admin and content modules - Uniform fragment API (array-based data) matches PHP helper function signatures - preview-content name now matches getTplPreviewContent() and getHtmlPart() call sites

Technical notes: - Deleted fragments had no remaining callers after prior refactor commits - config-div.html hidden loop requires array of ['nameattr', 'valueattr'] maps - title-tip.html is backward-compatible: all four variable modes are supported

Refactor: rename admin helpers to getTpl* and purge misplaced fragments
Автор: Eduard Laas | Дата: 00:14 02.04.2026

Rename legacy admin helper functions to follow the getTpl* naming convention across core/admin.php, completing the function-rename pass started in previous refactor commits. Remove ~210 frontend fragment files that were erroneously tracked under templates/admin/fragments/.

Core changes:

  1. Function renames (core/admin.php):
  2. adminFlagBox() → getTplAdminFlagBox()
  3. adminDeleteAction() → getTplDeleteAction()
  4. adminLinkAction() → getTplLinkAction()
  5. adminAjaxAction() → getTplAdminAjaxAction()
  6. adminTitleTip() → getTplAdminTitleTip()
  7. adminTitleTipLabel() → getTplAdminTipLabel()
  8. adminNoteLabel() → getTplAdminNoteLabel()
  9. adminMoveControls() → getTplAdminMoveControls()
  10. adminMenuItems() → getTplAdminActionMenu()
  11. adminCategoryRow/Table → getTplAdminCategoryRow/Table()
  12. adminBlockRow/Table → getTplAdminBlockRow/Table()
  13. adminFilesRow/Table → getTplAdminFilesRow/Table()
  14. adminFilePreview() → getTplAdminFilePreview()
  15. adminDangerText() → getTplAdminDangerText()
  16. Module fix (admin/modules/newsletter.php):
  17. Added missing $token to global declaration
  18. Fragment cleanup (templates/admin/fragments/):
  19. Removed ~210 frontend fragments (account/, forum/, shop/, voting/, editor/, media/, whois/*, etc.) that do not belong in admin/fragments/

  20. Modified link-btn.html (minor tweak)

Benefits: - All admin rendering helpers now share the getTpl* prefix — consistent API - Removes dead template files that were never loaded by the admin layer - Reduces template directory noise by ~210 files

Technical notes: - All call sites in core/admin.php updated atomically — no external callers - Deleted fragments were not referenced by admin code; frontend uses its own template directories

Вчера (01.04.2026)
Refactor: migrate all admin modules to array-based row descriptors
Автор: Eduard Laas | Дата: 23:49 01.04.2026

Replace string-concatenation pattern ($rows .= getTplAdminFormRow(...)) with array descriptors ($rows[] = ['label_html' => ..., 'field_html' => ...]) across all 18 admin modules; getTplAdminRowsTable() now renders arrays internally, eliminating per-module fragment rendering calls.

Core changes:

  1. Row rendering (core/helpers.php):
  2. getTplAdminRowsTable() extended to accept array|string * array items dispatched to admin-form-row / admin-form-wide / raw_html * string path preserved for backward compat

  3. Admin modules (admin/modules/*.php):
  4. All 18 modules converted: $rows string → $rows[] array descriptors
  5. adminInfoRow() call sites renamed to getTplAdminInfoRow() (core/admin.php)
  6. Fragments (templates/admin/fragments/):
  7. Added: config-div, config-div-row, config-div-item, config-div-content
  8. Added: admin-menu-item, admin-lang-switch-item, bootstrap-icon
  9. Removed: 24 obsolete per-module inline fragments (security, database, messages, newsletter, referers, scheduler, lang, uploads, form-conf, etc.)

  10. CSS (templates/admin/assets/css/system.css):
  11. +96 lines of admin UI styles supporting new fragment layout

Benefits: - Removes ~330 lines of net HTML/PHP, centralises row rendering in one helper - Obsolete one-off fragments eliminated, reducing template surface area - Consistent data-driven API for admin form construction across all modules

Technical notes: - getTplAdminRowsTable() remains backward compatible with string input - Deleted fragments were not referenced anywhere outside their own modules - No changes to public-facing templates or user-facing logic

Refactor: update module call sites to use auto-token CSRF and canonical fragments
Автор: Eduard Laas | Дата: 15:29 01.04.2026

Remove manual CSRF token passing from all admin module actions and forms now that checkSiteToken() auto-reads the token from the request context. Update getHtmlFrag() calls to use renamed fragments and canonical variable keys.

Core changes:

  1. CSRF token removal from forms and action guards (admin/modules/*.php):
  2. Removed getSiteToken() calls and hidden token inputs from all module forms
  3. Removed explicit checkSiteToken(getVar(...)) guards from save/delete handlers * Token validation still occurs inside checkSiteToken() via getRequestToken()

  4. Affected modules: admins, categories, comments, database, favorites, fields, groups, lang, messages, modules, newsletter, privat, referers, replace, scheduler, statistic, template, uploads

  5. Fragment name updates (admin/modules/*.php, core/admin.php):
  6. admin-action-link → comment-action-link
  7. admin-action-ajax → comment-action-ajax (via getTplAdminAjaxAction)
  8. Added required class/target keys for comment-action-link calls
  9. Core admin updates (core/admin.php):
  10. getAdminBlockList(): add optional $token string param (unused, reserved)
  11. getAdminInfo(): remove manual token check; remove token hidden input from form
  12. System bootstrap (core/system.php):
  13. Minor alignment/cleanup with no behavioral change

Benefits: - Eliminates 30+ boilerplate token-extract-and-check blocks across modules - CSRF protection remains active via centralized getRequestToken() - Consistent fragment naming across all call sites

Technical notes: - Implicit CSRF validation: token must arrive via header or POST/GET param - No change to token generation or scope logic - admin/index.php: CRLF→LF line ending normalization only

Refactor: canonicalize template variable keys and consolidate fragments
Автор: Eduard Laas | Дата: 15:28 01.04.2026

Rename all template variable keys in helper functions to canonical single-word names and eliminate redundant fragment files by merging them into existing general-purpose fragments with conditional params.

Core changes:

  1. Helper variable key renames (core/helpers.php):
  2. getTplAdminFlagBox: css_class→class, label_text→label
  3. getTplAdminNoteLabel: switches to span-btn fragment; label_text→label, title_attr→title
  4. getTplAdminTitleTip: switches to title-tip fragment (was admin-title-tip)
  5. getTplAdminAjaxAction: switches to comment-action-ajax fragment (was admin-action-ajax)
  6. getTplAdminTabOpen: list_class→class, list_id→id
  7. getTplAdminTabLink: is_selected→selected, attrs removed (unused)
  8. getTplAdminInfoCount: count_text→count, css_class→class
  9. getTplAdminTableHead: th-nosort merged into th with nosort=true param
  10. Fragment deletions (all four themes: admin, default, lite, simple):
  11. Deleted: admin-action-ajax.html (replaced by comment-action-ajax)
  12. Deleted: admin-action-link.html (replaced by comment-action-link)
  13. Deleted: admin-note-label.html (replaced by span-btn)
  14. Deleted: admin-title-tip.html (replaced by title-tip)
  15. Deleted: th-nosort.html (merged into th with nosort flag)
  16. Updated: th.html to handle nosort conditional rendering
  17. Updated: admin-security-*.html to match new variable key names

Benefits: - Fewer fragment files to maintain across themes - Consistent single-word key naming convention throughout helpers - th fragment handles both sort and no-sort columns via one template

Technical notes: - Fragment renames are breaking changes for any direct getHtmlFrag() callers - All call sites in admin modules updated in the following commit - No functional HTML output changes

Refactor: add getRequestToken() and smart CSRF token resolution
Автор: Eduard Laas | Дата: 15:28 01.04.2026

Extend the CSRF layer with a dedicated token-reader and a smarter checkSiteToken() that auto-resolves the token from the request context, eliminating the need for callers to pass the token explicitly.

Core changes:

  1. CSRF token reader (core/security.php):
  2. Add getRequestToken(): reads token from X-CSRF-Token header, X-XSRF-Token header, POST param, GET param, $_REQUEST fallback * Priority: header > POST > GET > $_REQUEST * Trims whitespace, returns empty string when absent

  3. CSRF validator (core/security.php):
  4. Change checkSiteToken() signature: $tok defaults to '' (auto-read) * If $tok is empty, calls getRequestToken() automatically * Adds cross-scope fallback: non-ajax scopes also accept global 'ajax' token

Benefits: - Callers no longer need to extract and pass the token manually - HTMX / fetch requests sending X-CSRF-Token header work out of the box - One central place for all token extraction logic

Technical notes: - Backward compatible: callers that still pass $tok explicitly continue to work - Scope fallback is one-way: ajax-scoped checks do not accept scope-specific tokens

Chore: remove templates/shared/ directory from tracking
Автор: Eduard Laas | Дата: 12:44 01.04.2026

The shared/ fallback mechanism was reverted in the previous session. Physical files were already deleted; this commit syncs git tracking to match the filesystem state.

Всего: 500 на 50 страницах по 10 на каждой странице

Хотите опробовать SLAED CMS в действии?

Технологии

PHPMySQLHTML 5CSS 3jQueryjQuery UI

Контакты

  • D-49179, Deutschland
    Ostercappeln, Im Siek 6
  • +49 176 61966679

  • https://slaed.net
Идеи и предложения
Обратная связь