Журнал изменений

Aligns the template with the new PHP-side escaping contract: scalar monitor vars no longer need {{{ }}} (raw). SVG chart title vars switch to {{ }} now that PHP drops htmlspecialchars(). Request & Performance section redistributed so icon rows are balanced left vs right.

Core changes:

1. Scalar var escaping (templates/admin/partials/basic-monitor.html):
2. {{{ cmsver/phpver/mysql }}} → {{ }} in version status block
3. {{{ uptime/osname/servfull/servprot/servname/serverip/servport }}} → {{ }}
4. {{{ diskfree/dskread/dskwrite }}} → {{ }}
5. {{{ lastbackuprun/backupdirsz/cachedirsz/logsdirsz/uploadssz }}} → {{ }}
6. {{{ failedlogins24h/errorlog24h }}} → {{ }}
7. {{{ phpsapi/zend_eng/php_char/memlim/scriptmem/maxtime }}} → {{ }}
8. {{{ postmax/upmax/maxvars/maxfileup/gdver/opcache_* }}} → {{ }}
9. {{{ dbchar/dbtz/dbmaxpack/dbbuffpool/dbconn/dbcurname/dbuser }}} → {{ }}
10. {{{ reqip/mempeak }}} → {{ }}
11. SVG title vars {{{ tip_up/down/cpu/ram }}} → {{ tip_* }}
12. Request & Performance layout:
13. LEFT: Client IP, Request URI (sl-tip), Query String (sl-tip),

    Execution Time, DB Queries — 2 icon rows

• RIGHT: Accept Language (sl-tip), Cookies (sl-tip), User Agent (sl-tip),

     DB Time, Memory Peak — 3 icon rows

• Previously: LEFT had 4 icon rows, RIGHT had 1 → visible asymmetry fixed

Benefits: - No double-escaping; template engine owns the XSS boundary via {{ }} - Request & Performance card visually balanced: 2 vs 3 icon rows - Accept Language / Cookies / User Agent grouped on right (browser headers)

Technical notes: - {{{ }}} retained only for vars that intentionally output HTML fragments (sl-tip HTML from getHtmlFrag): servroot, dbsqlmode, extlist_, req, lastsecurityevent24h, dbissueevent24h, syncurl, status icons

Replaces word-wrap on the monitor value column with proper single-line truncation. sl-tip cells need overflow: visible so the popup and hover scale animation are not clipped; plain cells keep overflow: hidden.

Core changes:

1. Monitor value column (templates/admin/assets/css/theme.css):
2. Replace word-wrap/overflow-wrap with overflow:hidden + text-overflow:ellipsis
3. :has(.sl-tip) override: overflow:visible (popup and icon scale escape clip)

4. .sl-tip inside td: margin-right:4px + vertical-align:middle + top:1px (top:1px corrects 1px vertical offset measured via getBoundingClientRect)

5. .sl-note inside td: display:inline-block + max-width:calc(100% - 26px) enables self-truncation without touching td display or table-layout:fixed

6. Remove .sl-monitor-info-icon rule (class deleted with old fragment)

Benefits: - Label text truncates cleanly at cell boundary in all rows - Popup content never truncated — shows full value on hover/click - Icon and text vertically centered to the pixel across all rows - table-layout:fixed column widths preserved (no flex on td)

Technical notes: - display:flex on td breaks table-layout:fixed in Chrome (td shrinks ~38%) - overflow:hidden on td clips position:absolute popup before JS fires - position:fixed (JS sl-float-open) escapes all ancestor overflow clipping

Replaces the old getTooltipText() / getLogSnippet() approach with the unified sl-tip popup component. PHP no longer does manual escaping or text truncation — the template engine handles escaping via {{ }} and CSS handles visual truncation in the value column.

Core changes:

1. Monitor module (admin/modules/monitor.php):
2. Delete getTooltipText() — replaced by getHtmlFrag('info-tooltip', ...)
3. Delete getLogSnippet() — inlined as preg_replace('/\s+/', ' ', trim())
4. Remove htmlspecialchars() from all scalar monitor vars (template escapes)
5. Remove htmlspecialchars() from SVG chart title vars (tip_up/down/cpu/ram)

6. Replace getTooltipText() calls with getHtmlFrag('info-tooltip', [...]) for: servroot, dbsqlmode, extlist_on/off, all reqXxx vars,

   lastsecurityevent24h, dbissueevent24h

• Add global \$tpl to getMonitorTemplateVars() (required for getHtmlFrag)
• Deleted fragment templates:
• templates/admin/fragments/monitor-info-icon.html (old title= tooltip)
• templates/admin/fragments/monitor-tooltip-text.html (old short+icon)

Benefits: - Single consistent popup component (sl-tip) across the entire admin UI - Popup shows full untruncated content; CSS handles label truncation - No double-escaping risk — template engine owns XSS boundary

Technical notes: - getHtmlFrag('info-tooltip', ...) outputs raw HTML — use {{{ }}} in tpl - Plain scalar vars now use {{ }} (auto-escaped) in template - Log snippet whitespace normalization preserved inline at both call sites

Routine config regeneration after structural changes to global.php. Fingerprint and sitekey are derived values — no manual logic changed.

Core changes:

1. Config fingerprint (config/local.php):
2. base_fingerprint updated to reflect current global.php hash
3. Global config (config/global.php):
4. sitekey rotated as part of standard config refresh cycle

Benefits: - Config integrity check will pass on next bootstrap - No functional or behavioral change

Technical notes: - Fingerprint is computed automatically by the config management tool - sitekey is used for CSRF token generation

Flash messages generated before the admin module head (e.g. save confirmations) were lost because module-head.html had no render point for them. getTplAdminTabs() now passes flash_html and the partial outputs it directly below the tab bar.

Core changes:

1. Admin tab helper (core/helpers.php):
2. Pass flash_html => getFlashHtml() to module-head partial
3. Module head partial (templates/admin/partials/module-head.html):
4. Render {{{ flash_html }}} below tabs when present
5. System (core/system.php):
6. Extract \$time local var before array_replace for readability
7. Fix DB debug text separator: ". Ø" → "/ Ø" (typographic correction)

Benefits: - Flash messages (save/error notices) now always visible after redirect - DB stats panel separator matches the visual design convention

Technical notes: - getFlashHtml() consumes the flash session entry on first call - Separator change is display-only; no data or logic affected

checkPerms() returns a permission-warning banner that must appear above the form. It was incorrectly assigned to \$body, overwriting the form before it was built. Moving it to \$cont ensures the banner is always rendered in the correct position regardless of form output.

Core changes:

1. Auto Links config (modules/auto_links/admin/index.php):
2. \$body = checkPerms(...) → \$cont .= checkPerms(...)
3. \$body = \$tpl->getHtmlPart('form', ...) stays separate
4. Changelog config (modules/changelog/admin/index.php):
5. Same fix in config() function
6. Also removed stale checkPerms() call from changelog() view
7. Contact config (modules/contact/admin/index.php):
8. Same fix pattern

Benefits: - Permission banners now appear above the form, not silently lost - Consistent output-routing across all module config views - No logic change — only output variable assignment corrected

Technical notes: - \$cont accumulates pre-form output; \$body holds the main form HTML - Pattern now matches all other admin module config functions

Introduce a self-contained demo HTML in the project docs folder that showcases candidate hover treatments for Bootstrap-Icons-based controls. The page is intended as a design reference, not as production code.

Core changes:

1. Demo page (docs/icon-hover-gradient-demo.html):

2. Standalone HTML with inline CSS that compares several icon-hover effects (gradients, glow, scale, shimmer)

3. Pulls the existing Bootstrap Icons stylesheet from templates/admin/assets/vendor so the icons render exactly as they do in the admin theme

4. No JavaScript dependencies; the page is fully static

Benefits: - Provides a visual reference when iterating on admin button or icon hover styles without spinning up the full admin shell - Lives under docs/ so it stays out of any production build pipeline

Technical notes: - Pure documentation asset; not linked from runtime templates - Safe to open directly from disk because all styles are inline and the vendor stylesheet uses a relative path - Can be retired later without affecting any shipped feature

Refresh the _meta.base_fingerprint snapshot stored in config/local.php so it reflects the new defaults bundled in config/global.php (refreshed admin logo and rotated site security key). The fingerprint is the local override layer’s view of the upstream default state and must move forward in lockstep.

Core changes:

1. Local configuration meta (config/local.php):

2. Replace _meta.base_fingerprint with the hash that matches the current config/global.php * Prevents the override layer from flagging the new defaults as

stale on first boot

Benefits: - Configuration loader recognises the new baseline immediately - No spurious "defaults changed" indication after pulling the release

Technical notes: - Pure metadata update; no behavior depends on the literal value - Always lands as the final commit in a config-defaults rotation so it reflects the fully-committed upstream state

Replace the bundled default sitekey with a fresh randomized value to keep the shipped baseline distinct from prior releases. The key seeds internal hashing helpers, so rotating the default is a routine hygiene step before tagging a new build.

Core changes:

1. Default configuration (config/global.php):

2. Update sitekey to a new 25-character random value * Replaces the previous default that had been in place across recent

builds

• Restricted to the _meta-style global default; existing

installations keep their own value because `config/local.php`
overrides take precedence

Benefits: - Fresh shipped value reduces risk of accidental cross-environment fixture overlap - Keeps the bundled defaults aligned with the current release

Technical notes: - This change only touches the default in the repository; deployed systems retain whatever value they had configured via local overrides - No code or schema change accompanies the rotation - The matching configuration fingerprint update lands in the next commit so the local-override snapshot reflects the new defaults

Replace the previous logo set (256x73, 512x148, 1024x297) across all four shipped templates with the redrawn 256x79 / 512x157 / 1024x315 variants, point the configured admin logo to the new filename, and upgrade the logo-folder placeholder redirect to HTTPS.

Core changes:

1. Logo binaries (templates/{admin,default,lite,simple}/images/logos):

2. Remove old PNGs: slaed_logo_256x73, slaed_logo_512x148, slaed_logo_1024x297

3. Add new PNGs: slaed_logo_256x79, slaed_logo_512x157, slaed_logo_1024x315 * Updated artwork ships with adjusted vertical proportions (79/157/315

instead of 73/148/297) for cleaner header alignment

1. Configuration default (config/global.php):

2. Switch admin_logo default from slaed_logo_256x73.png to slaed_logo_256x79.png so fresh installs pick up the new asset

3. Folder placeholder (templates/{admin,default,lite,simple}/images/logos/index.html):

4. Update the meta-refresh redirect target from http://www.slaed.net to https://slaed.net * Aligns the placeholder with the live HTTPS canonical URL and

avoids an extra redirect hop

Benefits: - Consistent logo geometry across the four bundled themes - New installs render the refreshed logo without manual config edits - Placeholder pages no longer downgrade to plaintext HTTP

Technical notes: - Existing custom installs that pinned the old filename in their local config keep working because the old asset is no longer referenced; set admin_logo to a custom file as before if needed - No layout, CSS, or template structure changes were required to host the slightly taller artwork