Журнал изменений

Replace the legacy AjaxLoad and ddtabcontent runtime across admin and frontend flows with HTMX-based async interactions and a new shared admin tabs layer. This also completes the tablesorter-to-Tablesort migration, cleans up route and helper naming to match project rules, and finalizes the shared template extraction work for repeated admin HTML builders.

Core changes:

1. Async transport and routing cleanup (index.php, core/system.php, core/user.php, core/admin.php):

2. Replaced legacy AjaxLoad-based endpoints and callers with HTMX-friendly async flows * Renamed async handlers and route ops to rule-compliant names * Fixed shared pager/query generation and CSRF propagation for async requests

3. Updated admin info, favorites, private messages, cart, rating, comment, voting, editor, block, category, upload, and session flows
4. Fixed shared admin fragment responses and account pagination URL encoding
5. Shared admin templates and tabs modernization (core/helpers.php, admin/modules/.php, templates/admin/fragments/):
6. Extracted repeated admin table, form, action, row, input, image, and tab setup HTML into reusable fragments and helpers
7. Replaced the legacy tabs runtime with the new setAdminTabs layer while keeping module rendering stable
8. Removed obsolete admin tab script fragments and legacy tab id contracts
9. Tablesort migration and frontend fragment cleanup (plugins/system/tablesort.min.js, plugins/jquery/jquery.slaed.js, templates/*):
10. Introduced Tablesort as the shared table sorting runtime and removed jquery.tablesorter and jquery.metadata from active use
11. Migrated sortable headers to data-sort-method markers and restored sort state visuals with the existing SLAED CSS contract
12. Converted remaining theme fragments from inline AjaxLoad handlers to HTMX interactions across admin, default, lite, and simple templates

Benefits: - Removes legacy async JavaScript transport and dead sorter dependencies from active runtime code - Centralizes repeated admin HTML patterns in shared fragments with cleaner helper boundaries - Aligns async routes, helpers, and tabs behavior with current naming and template rules

Technical notes: - Adds plugins/system/tablesort.min.js and removes jquery.tablesorter.js, jquery.tablesorter.min.js, and templates/admin/assets/js/jquery.metadata.js - Renames multiple async route ops and helper functions; old legacy route names are no longer preserved - Includes database total-row sort protection, account pager URL normalization, and updated admin/page render coverage

Finalize the remaining runtime cleanup by aligning canonical and template contracts with the active codebase, pruning truly unused language constants, and updating the repository documentation to match the current structure. This also fixes the local Composer wrapper so the standard quality commands run again in this environment.

Core changes:

1. Frontend runtime and templates (core/system.php, templates/default/, templates//pages/message.html):

2. Centralized canonical and public URL handling in the runtime and aligned message/layout rendering with the active template contracts * Added template contract fixes for admin, app, home, preview, and login partial rendering * Corrected changelog partial routes and shared SEO behavior used by setHead()

3. Kept sitemap, Open Graph, and runtime URL generation on the same path
4. Documentation, tests, and language audit (README.md, CONTRIBUTING.md, SECURITY.md, UPGRADING.md, docs/.md, tests/LanguageConstantsUsageTest.php, lang/.php, admin/lang/.php, modules//lang/*.php):
5. Synced project documentation with the current repository structure, runtime, and testing workflow
6. Removed truly unused language constants and fixed the audit to count template constant usage correctly
7. Restored working Composer wrapper behavior and verified composer analyse and composer test in the local environment

Benefits: - Restores passing quality gates for runtime and template changes - Reduces false positives in language constant reporting - Improves documentation accuracy and developer workflow reliability

Technical notes: - No schema migration or history rewrite - Local Composer wrapper now falls back to the PHP 8.4 Composer home when COMPOSER_HOME is unset - Verified with php -l, composer analyse, and composer test

Consolidate repeated admin HTML assembly into shared helper and fragment contracts so admin modules use one consistent rendering path. This reduces inline markup duplication and aligns the migrated admin slices with the current Template runtime.

Core changes:

1. Shared admin helpers (core/admin.php, core/helpers.php):

2. Added reusable admin rendering helpers for color labels, submit buttons, block visibility rows, and shop association tables * Moved block-module discovery into shared helper scope * Replaced repeated inline HTML with fragment-backed rendering paths

3. Normalized helper contracts used by migrated admin modules
4. Admin modules and fragments (admin/modules/.php, modules//admin/index.php, templates/admin/fragments/*):
5. Updated admin modules to call shared helpers instead of building duplicate markup inline
6. Added missing fragment files for block visibility, section headings, submit buttons, color labels, and shop association cells
7. Extended raw-slot documentation to describe the active admin fragment contracts

Benefits: - Reduces duplicated admin markup across modules - Improves maintainability of template-bound admin rendering - Keeps admin migration aligned with the shared Template runtime

Technical notes: - No history rewrite or schema change - Rendering stays backward-compatible at the route level - Changes are limited to admin helper, fragment, and caller integration paths

Eliminate all inline <input type="hidden/text/number"> and <span/div> HTML constructions from PHP across the entire codebase, replacing them with getAdminHidden(), getAdminTextInput(), getAdminNumberInput(), adminFlagBox(), and getAdminHintLabel() helpers. Three new template fragments added to back the new input helpers.

Core changes:

1. New template fragments (templates/admin/fragments/):
2. admin-hidden-input.html, admin-text-input.html, admin-number-input.html
3. New helpers (core/helpers.php):
4. getAdminHidden(), getAdminTextInput(), getAdminNumberInput()
5. getAdminHintLabel(), getAdminLangHint()
6. Admin modules (admin/modules/*.php):
7. All hidden, text and number inputs replaced; hint labels use getAdminHintLabel()
8. Removed redundant htmlspecialchars() wrappers (template escapes values)
9. Module admin pages (modules/*/admin/index.php):
10. All <input type="hidden"> chains replaced with getAdminHidden() calls
11. Frontend modules and blocks:
12. modules/forum, help, money, search — text/number/hidden inputs replaced
13. blocks/block-login.php, block-user_info.php — inputs replaced
14. Core (core/system.php, core/user.php, core/admin.php):
15. ad_save(), datetime(), fields_in(), get_user_search() use helpers

Benefits: - No raw HTML string assembly for form inputs anywhere in PHP - Template layer owns escaping — no scattered htmlspecialchars() calls - Consistent input rendering via single source of truth

Technical notes: - core/system.php:3242 (<input id="recaptcha">) left as-is: id attr not supported by template - <span class="sl_green/red"> in modules.php and security.php left as-is: adminFlagBox() generates <div>, wrong semantics for inline context - docs/RAW_SLOTS_ADMIN.md updated with new fragment entries

Replace raw HTML strings in core utilities, all admin modules, and frontend modules with helper functions and template fragments, completing the project-wide HTML abstraction campaign across ~50 PHP files.

Core changes:

1. New helpers (core/helpers.php):
2. getHtmlScriptSrc(), getHtmlScriptInline() for <script> tags
3. getHtmlCssLink(), getHtmlCssInline() for <link>/<style> tags
4. getHtmlHeadLink() for generic <link> head tags
5. getAdminHidden(), getAdminTextInput(), getAdminNumberInput() for admin inputs
6. getLinkAction(), getDeleteAction(), getExternalAction() for safe link items
7. getMenuItem(), getMenuItems() for frontend action menus
8. core/system.php:

9. All raw <script> patterns replaced: doScript(), doCss(), head links, scheduler, getCaptcha(), datetime(), get_user_search(), SyntaxHighlighter, textarea() editors (TinyMCE, CKEditor, CodeMirror), textarea_code()

10. anti_spam() <script>/<noscript> split via getHtmlScriptInline()
11. File-upload JS block in textarea() migrated
12. Admin modules (admin/modules/.php, modules//admin/index.php):
13. All add_menu('a||b') → adminMenuItems([adminLinkAction(), adminDeleteAction()])
14. All raw <option>/<select> loops → getAdminOption() + getAdminSelect()
15. All language() calls in raw <select> → getAdminSelect('lang', language(...))
16. 150+ new module-specific admin template fragments added
17. Frontend modules:
18. modules/content/index.php: add_menu() + unescaped $title in DelCheck fixed
19. modules/search/index.php: add_menu() + raw <select> in form
20. modules/voting/index.php: add_menu() with delete confirm

Benefits: - PHP controllers free of raw HTML (outside documented raw slots) - XSS vectors in JS confirm dialogs now escaped inside getDeleteAction() - Markup changes no longer require PHP edits in hot paths

Technical notes: - getMenuItems() is the frontend counterpart of adminMenuItems() - getLinkAction/getDeleteAction/getExternalAction use comment-action-* fragments - All changes verified: php -l per file, phpunit OK (6 tests, 9 assertions)

Roots /vendor/, /composer.lock, /composer.phar in .gitignore so only the project-root Composer directory is excluded. This allows frontend vendor assets inside template directories to be tracked in the repo.

Core changes:

1. .gitignore:

2. Changed vendor/, composer.lock, composer.phar to /vendor/, /composer.lock, /composer.phar * Prevents accidental exclusion of template-level asset vendor dirs

3. Template vendor assets (templates/*/assets/vendor/):
4. Added Bootstrap Icons CSS (admin + simple themes)
5. Added Bootstrap bundle JS (simple theme)
6. Added Bootstrap core CSS (simple theme)
7. Added woff2 icon fonts for both themes

Benefits: - Frontend dependencies are now versioned alongside templates - No reliance on CDN or build step for Bootstrap in deployed environments - Consistent asset availability across dev and production

Technical notes: - Assets are pre-built minified files, no build step required - Composer root vendor/ remains excluded as before

Systematic removal of inline HTML from PHP across the entire CMS — all shared and repeated patterns are now rendered through named fragments, leaving only confirmed Sonderfälle (multi-tab JS forms, JS hidden forms) as inline strings.

Core changes:

1. New helper layer (core/helpers.php, core/admin.php):
2. getAdminConfSave() — ddtabcontent conf-save form wrapper
3. getCatForm() — categories tab form wrapper
4. getAccountSearchBox() — collapses 6 identical account search blocks
5. getAdminListForm() — bulk-action list form wrapping getAdminTable()
6. getMoneyCalcForm() — frontend currency calculator form
7. getMetaRefresh() — meta http-equiv refresh tag (applied to 20+ files)
8. getAdminSelect/Option, getAdminForm/Row/Wide, getAdminBox, getAdminTable/Row
9. getAdminInfoBox, getAdminSearchBox, getAdminPlaceholderBox
10. getCatPermRow, getCatTab, getCatTabScript, getCatSubmitRow
11. getBlockViewGrid, getFormAddRow, getFormSubmit, getFormSelect
12. getForumIcon, getForumReplyForm, getContentCard, getContentView
13. adminFlagBox, adminNoteLabel, adminTitleTip, adminDangerText
14. adminMoveControls, adminInfoForm, edit_list
15. Admin fragments (templates/admin/fragments/):

16. 35 new fragments covering table, form, row, select, info, flag, tip, move-controls, edit-list, editor-form, admins CRUD, categories tabs, blocks grid, conf-save, cat-form, list-form, account-search-form

17. Frontend fragments (templates/default|lite|simple/fragments/):
18. content-card, content-view, form-add-row, form-submit, form-select
19. forum-topic-icon, forum-reply-form, meta-refresh, money-calculator-form
20. Identical across all three themes (sync test enforced)
21. Raw slot registry (docs/RAW_SLOTS_ADMIN.md):
22. Documents every {{{ raw }}} slot with origin and escaping rationale
23. Deleted legacy open/close fragment pair across all four themes

Benefits: - Zero raw <form>, <table>, <tr>, <td> strings in module files outside Sonderfälle - All meta http-equiv refresh tags replaced across 20+ frontend modules - Shared patterns reduced to single declaration: account search ×6→1, meta-refresh ×20→1, calculator forms ×3→1 - Fragment inventory is auditable and consistent

Technical notes: - Sonderfälle remain inline: config.php 7-tab, security.php ban forms, uploads config(), scheduler.php JS hidden forms, rss tab form - Search mini-forms inside getAdminSearchBox() are intentionally inline (single-use, already wrapped in the proper helper) - All frontend fragments pass testSharedFrontendFragmentsStayInSyncAcrossThemes

Consolidated 68 atomic micro-fragments into unified fachliche templates. Eliminated action-menu, action-delete, alpha-nav, category-icon/title, rating-bar/like, pager-dots duplicates via merged variants with optional slots. Inlined trivial single-tag fragments (danger-text, note-label, tab-list-close, pager-dots). Updated all callers in core/admin.php and core/system.php accordingly.

Added docs/ADMIN_MIGRATION_PLAN.md as master plan covering Spur 1 fragment consolidation phases 1-5 and Spur 2 module-by-module HTML migration for all 24 admin modules with risk-based batch ordering, helper decision model, raw-slot rules, stop conditions and verification matrix.

Added partials scaffold: blocks/add.html, blocks/edit.html, admin-config-base.html, admin-config-communication.html.

Moves all theme CSS/JS files from theme root and legacy js/ directories into a consistent assets/css/ and assets/js/ layout across all themes, and fixes broken image URL references caused by the deeper file location.

Core changes:

1. Theme asset structure (templates/admin, default, lite, simple):
2. Move CSS files from theme root into assets/css/
3. Move JS files from js/ into assets/js/
4. Move fonts into assets/css/fonts/
5. Remove old root-level and js/ directories
6. CSS image path fix (all theme CSS files):

7. Replace url(images/) with url(../../images/) to correctly resolve paths relative to new assets/css/ location

8. doCss() path resolver (core/system.php):

9. Replace str_replace('../', '') + naive prefix with proper relative path resolution that correctly handles ../ navigation

10. Layout hardcoded script tags (all themes admin.html, lite home.html):

11. Remove redundant hardcoded script tags; files are now auto-loaded via getThemeAssets()

12. modules/shop/index.php:
13. Update theme.css existence check to assets/css/theme.css