Журнал изменений

Eliminate all inline <input type="hidden/text/number"> and <span/div> HTML constructions from PHP across the entire codebase, replacing them with getAdminHidden(), getAdminTextInput(), getAdminNumberInput(), adminFlagBox(), and getAdminHintLabel() helpers. Three new template fragments added to back the new input helpers.

Core changes:

1. New template fragments (templates/admin/fragments/):
2. admin-hidden-input.html, admin-text-input.html, admin-number-input.html
3. New helpers (core/helpers.php):
4. getAdminHidden(), getAdminTextInput(), getAdminNumberInput()
5. getAdminHintLabel(), getAdminLangHint()
6. Admin modules (admin/modules/*.php):
7. All hidden, text and number inputs replaced; hint labels use getAdminHintLabel()
8. Removed redundant htmlspecialchars() wrappers (template escapes values)
9. Module admin pages (modules/*/admin/index.php):
10. All <input type="hidden"> chains replaced with getAdminHidden() calls
11. Frontend modules and blocks:
12. modules/forum, help, money, search — text/number/hidden inputs replaced
13. blocks/block-login.php, block-user_info.php — inputs replaced
14. Core (core/system.php, core/user.php, core/admin.php):
15. ad_save(), datetime(), fields_in(), get_user_search() use helpers

Benefits: - No raw HTML string assembly for form inputs anywhere in PHP - Template layer owns escaping — no scattered htmlspecialchars() calls - Consistent input rendering via single source of truth

Technical notes: - core/system.php:3242 (<input id="recaptcha">) left as-is: id attr not supported by template - <span class="sl_green/red"> in modules.php and security.php left as-is: adminFlagBox() generates <div>, wrong semantics for inline context - docs/RAW_SLOTS_ADMIN.md updated with new fragment entries

Replace raw HTML strings in core utilities, all admin modules, and frontend modules with helper functions and template fragments, completing the project-wide HTML abstraction campaign across ~50 PHP files.

Core changes:

1. New helpers (core/helpers.php):
2. getHtmlScriptSrc(), getHtmlScriptInline() for <script> tags
3. getHtmlCssLink(), getHtmlCssInline() for <link>/<style> tags
4. getHtmlHeadLink() for generic <link> head tags
5. getAdminHidden(), getAdminTextInput(), getAdminNumberInput() for admin inputs
6. getLinkAction(), getDeleteAction(), getExternalAction() for safe link items
7. getMenuItem(), getMenuItems() for frontend action menus
8. core/system.php:

9. All raw <script> patterns replaced: doScript(), doCss(), head links, scheduler, getCaptcha(), datetime(), get_user_search(), SyntaxHighlighter, textarea() editors (TinyMCE, CKEditor, CodeMirror), textarea_code()

10. anti_spam() <script>/<noscript> split via getHtmlScriptInline()
11. File-upload JS block in textarea() migrated
12. Admin modules (admin/modules/.php, modules//admin/index.php):
13. All add_menu('a||b') → adminMenuItems([adminLinkAction(), adminDeleteAction()])
14. All raw <option>/<select> loops → getAdminOption() + getAdminSelect()
15. All language() calls in raw <select> → getAdminSelect('lang', language(...))
16. 150+ new module-specific admin template fragments added
17. Frontend modules:
18. modules/content/index.php: add_menu() + unescaped $title in DelCheck fixed
19. modules/search/index.php: add_menu() + raw <select> in form
20. modules/voting/index.php: add_menu() with delete confirm

Benefits: - PHP controllers free of raw HTML (outside documented raw slots) - XSS vectors in JS confirm dialogs now escaped inside getDeleteAction() - Markup changes no longer require PHP edits in hot paths

Technical notes: - getMenuItems() is the frontend counterpart of adminMenuItems() - getLinkAction/getDeleteAction/getExternalAction use comment-action-* fragments - All changes verified: php -l per file, phpunit OK (6 tests, 9 assertions)

Roots /vendor/, /composer.lock, /composer.phar in .gitignore so only the project-root Composer directory is excluded. This allows frontend vendor assets inside template directories to be tracked in the repo.

Core changes:

1. .gitignore:

2. Changed vendor/, composer.lock, composer.phar to /vendor/, /composer.lock, /composer.phar * Prevents accidental exclusion of template-level asset vendor dirs

3. Template vendor assets (templates/*/assets/vendor/):
4. Added Bootstrap Icons CSS (admin + simple themes)
5. Added Bootstrap bundle JS (simple theme)
6. Added Bootstrap core CSS (simple theme)
7. Added woff2 icon fonts for both themes

Benefits: - Frontend dependencies are now versioned alongside templates - No reliance on CDN or build step for Bootstrap in deployed environments - Consistent asset availability across dev and production

Technical notes: - Assets are pre-built minified files, no build step required - Composer root vendor/ remains excluded as before

Systematic removal of inline HTML from PHP across the entire CMS — all shared and repeated patterns are now rendered through named fragments, leaving only confirmed Sonderfälle (multi-tab JS forms, JS hidden forms) as inline strings.

Core changes:

1. New helper layer (core/helpers.php, core/admin.php):
2. getAdminConfSave() — ddtabcontent conf-save form wrapper
3. getCatForm() — categories tab form wrapper
4. getAccountSearchBox() — collapses 6 identical account search blocks
5. getAdminListForm() — bulk-action list form wrapping getAdminTable()
6. getMoneyCalcForm() — frontend currency calculator form
7. getMetaRefresh() — meta http-equiv refresh tag (applied to 20+ files)
8. getAdminSelect/Option, getAdminForm/Row/Wide, getAdminBox, getAdminTable/Row
9. getAdminInfoBox, getAdminSearchBox, getAdminPlaceholderBox
10. getCatPermRow, getCatTab, getCatTabScript, getCatSubmitRow
11. getBlockViewGrid, getFormAddRow, getFormSubmit, getFormSelect
12. getForumIcon, getForumReplyForm, getContentCard, getContentView
13. adminFlagBox, adminNoteLabel, adminTitleTip, adminDangerText
14. adminMoveControls, adminInfoForm, edit_list
15. Admin fragments (templates/admin/fragments/):

16. 35 new fragments covering table, form, row, select, info, flag, tip, move-controls, edit-list, editor-form, admins CRUD, categories tabs, blocks grid, conf-save, cat-form, list-form, account-search-form

17. Frontend fragments (templates/default|lite|simple/fragments/):
18. content-card, content-view, form-add-row, form-submit, form-select
19. forum-topic-icon, forum-reply-form, meta-refresh, money-calculator-form
20. Identical across all three themes (sync test enforced)
21. Raw slot registry (docs/RAW_SLOTS_ADMIN.md):
22. Documents every {{{ raw }}} slot with origin and escaping rationale
23. Deleted legacy open/close fragment pair across all four themes

Benefits: - Zero raw <form>, <table>, <tr>, <td> strings in module files outside Sonderfälle - All meta http-equiv refresh tags replaced across 20+ frontend modules - Shared patterns reduced to single declaration: account search ×6→1, meta-refresh ×20→1, calculator forms ×3→1 - Fragment inventory is auditable and consistent

Technical notes: - Sonderfälle remain inline: config.php 7-tab, security.php ban forms, uploads config(), scheduler.php JS hidden forms, rss tab form - Search mini-forms inside getAdminSearchBox() are intentionally inline (single-use, already wrapped in the proper helper) - All frontend fragments pass testSharedFrontendFragmentsStayInSyncAcrossThemes

Consolidated 68 atomic micro-fragments into unified fachliche templates. Eliminated action-menu, action-delete, alpha-nav, category-icon/title, rating-bar/like, pager-dots duplicates via merged variants with optional slots. Inlined trivial single-tag fragments (danger-text, note-label, tab-list-close, pager-dots). Updated all callers in core/admin.php and core/system.php accordingly.

Added docs/ADMIN_MIGRATION_PLAN.md as master plan covering Spur 1 fragment consolidation phases 1-5 and Spur 2 module-by-module HTML migration for all 24 admin modules with risk-based batch ordering, helper decision model, raw-slot rules, stop conditions and verification matrix.

Added partials scaffold: blocks/add.html, blocks/edit.html, admin-config-base.html, admin-config-communication.html.

Moves all theme CSS/JS files from theme root and legacy js/ directories into a consistent assets/css/ and assets/js/ layout across all themes, and fixes broken image URL references caused by the deeper file location.

Core changes:

1. Theme asset structure (templates/admin, default, lite, simple):
2. Move CSS files from theme root into assets/css/
3. Move JS files from js/ into assets/js/
4. Move fonts into assets/css/fonts/
5. Remove old root-level and js/ directories
6. CSS image path fix (all theme CSS files):

7. Replace url(images/) with url(../../images/) to correctly resolve paths relative to new assets/css/ location

8. doCss() path resolver (core/system.php):

9. Replace str_replace('../', '') + naive prefix with proper relative path resolution that correctly handles ../ navigation

10. Layout hardcoded script tags (all themes admin.html, lite home.html):

11. Remove redundant hardcoded script tags; files are now auto-loaded via getThemeAssets()

12. modules/shop/index.php:
13. Update theme.css existence check to assets/css/theme.css

Introduces automatic CSS/JS loading for partials and components, shortname resolution for include and component tags, and a restructured asset pipeline in doCss/doScript with vendor subdirectory support.

Core changes:

1. Asset injection system (core/classes/template.php):

2. Add $assets property collecting CSS/JS per render pass * Reset at start of getHtmlPage(), getHtmlPart(), getHtmlFrag() * Reset in finally block of getPageHtml()

3. Add addAssetPath(): registers companion .css/.js files at runtime
4. Add getAssetMarkup(): renders collected tags for standalone output
5. Add mergePageAssets(): injects assets into links/scripts data for layouts
6. Fix evaluation order bug in fallback render path (line 75)
7. Shortname syntax (core/classes/template.php):

8. include and component tags now accept bare names without path or extension * 'header' auto-resolves to 'partials/header.html' * 'modal' auto-resolves to 'partials/modal.html'

9. Asset pipeline (core/system.php):
10. Add getAssetFiles(): resolves config entries as files or directories
11. getThemeAssets(): scan vendor subdirectories two levels deep; deduplicate
12. doCss(): delegate file resolution to getAssetFiles() + getThemeAssets()
13. doScript(): same restructure as doCss
14. Documentation (docs/, CONTRIBUTING.md, UPGRADING.md, admin/info/template/ru.md):
15. Document shortname syntax, smart asset loading and component/slot support
16. Update test list and runtime feature status

Benefits: - Assets are collected centrally and injected into <head> via layout data - No duplicate <link>/<script> tags regardless of how many times a partial is used - Zero runtime I/O overhead: file existence checked only at addAssetPath call - Vendor CSS/JS under assets/vendor/<lib>/<type>/ now auto-loaded

Technical notes: - Asset deduplication uses href/src as array key - Cache hash reverted to theme + path + mtime only (CSS/JS checked at runtime) - Shortname expansion applies only when path has no slash and no .html suffix

Revise the template admin guide to reflect the current architecture: component/slot syntax, corrected cache path, removal of legacy layout tags, and clarified fragment/partials directory roles.

Core changes:

1. Architecture section (admin/info/template/ru.md):
2. Rename title to "Phoenix Template Engine" to match class identity
3. Clarify layouts/partials/fragments roles with updated descriptions
4. Note cache dir: storage/cache/templates/<theme>/
5. State that legacy layouts and {%MODULE%}-style tags are removed

Benefits: - Documentation matches the implemented template system - Developers get accurate directory and directive references

Technical notes: - Russian-language documentation file, no code changes