Align the error page presentation with the removed auto-redirect.
Core changes:
- Error page (templates/lite/pages/message.html):
- Render "<title> - <sitename>" when a page title is set
- Localization (lang/*.php):
- _ERROR_PAGE now invites returning home or using search instead of announcing a redirect (de/en/fr/pl/ru/uk)
Missing content, out-of-range list pagination and access-restricted pages now emit proper 404/403 instead of redirecting or returning 200, so crawlers stop indexing soft-error pages. Error rendering is consolidated into one setError() helper.
Core changes:
- Error helper (core/security.php):
- Add setError(int $code): status via http_response_code(), conditional logging, standard error page
- Drop the meta-refresh auto-redirect from setExit() (soft-404 / WCAG 2.2.1 anti-pattern)
- Route the bootstrap $_GET['error'] handler through setError(), removing the 40-line $http status map
- Frontend modules (modules/*/index.php):
- view(): 404 when the item does not exist
- list/liste(): 404 when a page beyond the first yields no rows
- forum: 404 for out-of-range topic pages and unpublished topics, 403 when category read is denied
- broken()/loading(): 404 on invalid requests
- Module gates (index.php):
- view=1 / view=2 access denials now send 403
Technical notes:
- http_response_code() is HTTP/2-safe; error responses keep Cache-Control: no-store
- Backward compatible; php -l and phpstan clean
Core changes:
- News block (blocks/news.php):
- Initialize $content before the result loop to avoid an undefined variable
- Base styles (templates/lite/assets/css/base.css):
- Fieldset uses margin-top instead of an all-sides margin
Wrap the nickname/password inputs of the user-info block login form in <label> for implicit association, matching the block-login-form fix.
Core changes:
- block-user-info.html:
- Wrap nickname and password inputs in <label>
Remove horizontal scroll across phone, tablet and laptop widths in the lite theme and tidy the touched comments to the project style.
Core changes:
- Footer grid (theme.css):
- Mobile grid tracks use minmax(0, 1fr) and grid items get min-width:0 so content wraps instead of forcing the column wider than the viewport
- Header and side elements (theme.css):
- Login dropdown closed state is position:fixed on mobile so its off-screen box no longer widens the page; the JS-opened state still positions in view
- Demo-line version pane wraps on narrow screens; header version pane is hidden on mobile (duplicate of the demo-line and footer CTA)
- Remove the -30px bleed margins on the logo and header pane that pushed them past both viewport edges on laptops (<=1352px)
- Hide the fixed left-edge idea/feedback tabs on mobile (they overlapped the menu and blocked taps)
- Comments (theme.css):
- Single-line, no trailing period, ASCII per .rules/global.md
Benefits:
- scrollWidth == clientWidth from 320px to 1680px
- No clipped logo, button or footer text; no tap-blocking overlays on mobile
Reserve layout space for the logo, footer wordmark and footer flag, and give the block login/search inputs accessible names, cutting CLS and fixing the Lighthouse "image elements lack width/height" and "form elements must have labels" audits.
Core changes:
- Image dimensions (core/system.php, lite layouts):
- Add getImageBox() to resolve intrinsic [w,h] from an SVG viewBox or via getimagesize
- setHead() passes logo_w/logo_h so the configurable header logo gets a correct width/height
- home.html/app.html: width/height on the header logo, footer wordmark (355x110) and de flag (60x40)
- Form labels (lite fragments):
- block-login-form: wrap nickname/password inputs in <label> for implicit association
- block-search-form: add aria-label to the search input
Benefits:
- Lower CLS from dimensioned images
- Accessible names for login and search controls
Technical notes:
- Logo dimensions are computed server-side so any configured logo stays correct
Document the portable caching strategy for distributors on different servers, splitting the PHP-served bundle from server-served static files and giving ready Apache and nginx configurations.
Core changes:
- Performance reference (docs/PERFORMANCE.md):
- New section on static asset caching and compression
- nginx gzip/expires snippet and font-versioning caveat
- Admin editor help (admin/info/editor/ru.md):
- Caching/compression snippet for the .htaccess tab plus nginx note
Benefits:
- Clear per-server guidance for varied SLAED installations
Re-enable and extend the Apache caching/compression rules so Apache and LiteSpeed installs get sane defaults out of the box; nginx installs use the server-config snippet documented separately.
Core changes:
- Apache fallback (.htaccess):
- Enable mod_deflate for js/css/svg/xml/json/txt (woff2/woff excluded)
Enable mod_expires with per-type TTLs
- images/css/js 30 days, fonts 1 year
- Replace the old flat FilesMatch that missed woff2 and svg
Benefits:
- Cached and compressed static assets on Apache/LiteSpeed by default
Technical notes:
- nginx ignores .htaccess; see docs for the equivalent server config
- Font 1-year TTL is safe once font URLs are versioned
Improve LCP and CLS on the lite theme by preloading the actual hero image of each page, reserving space for static images, and giving the search field an accessible name.
Core changes:
- Conditional LCP preload (templates/lite/index.php, layouts):
getTemplateLcpPreload() emits one preload from an explicit render flag
- main-module slider -> <season>.jpg
- head-content pages -> <season>-cat.jpg
- verified with is_file(); at most one resource per page
- Add {{{ preload }}} slot to home.html and app.html heads
- Layout shift and a11y (layouts, partials/main-slider.html):
- width/height on slider images (1920x440) and footer tech icons (74x74)
- aria-label on the header search input
Benefits:
- Earlier LCP discovery for the season hero background
- Reduced CLS from dimensioned images
- Named search control for assistive tech
Technical notes:
- Preload chosen by page flag at render time, never by HTML regex
- No markup churn to the bi bi-* icon API
Make the CSS/JS bundle URL change on any real content change and let browsers cache it for a year, so repeat visits skip re-downloading unchanged bundles while deploys never serve stale assets.
Core changes:
- Asset fingerprint (core/system.php):
- Add ASSETS_VER constant as an in-code, release-bumped cache key
Include filesize() alongside filemtime() in doCss()/doScript() bits
- invalidates the bundle even if a deploy preserves file mtimes
- Asset response headers (core/classes/cache.php, index.php):
- Add optional immutable flag to Cache::setHeaders()
- Serve the go=asset bundle with max-age=31536000, immutable
Benefits:
- Year-long bundle caching without risk of stale assets
- Portable: works on any server, no web-server config required
Technical notes:
- ASSETS_VER must be bumped on releases that ship changed CSS/JS/fonts
- Backward compatible: setHeaders immutable defaults to false