Журнал изменений

Rewrite root-level and docs/ markdown files to reflect the current codebase state, remove outdated scaffolding instructions, and add a new TEMPLATE_STATUS.md reference for the Template engine migration.

Core changes:

1. Root docs (CONTRIBUTING.md, README.md, SECURITY.md, UPGRADING.md):
2. Removed placeholder setup commands and redundant boilerplate
3. Updated prerequisite lists to match actual PHP and extension requirements
4. Added Template Runtime Guidance section to CONTRIBUTING.md
5. Internal docs (docs/):
6. PRINCIPLES.md — updated to reflect Template class architecture decisions
7. TEMPLATES.md — heavily trimmed; now describes engine API and directory layout
8. TESTS.md — updated test strategy to cover Template bridge PHPUnit suites

9. TEMPLATE_STATUS.md (new) — migration status tracker listing implemented engine features and which admin views are running through the new runtime

Benefits: - Docs match the current codebase rather than an earlier planned state - New contributors get accurate setup and contribution instructions - TEMPLATE_STATUS.md provides a clear handover point for future migration work

Technical notes: - All four root markdown files were significantly shortened (net -2438 lines) - TEMPLATE_STATUS.md is the authoritative reference for migration progress

Cover the full Template engine pipeline and each migrated admin partial with PHPUnit tests, using an in-process bootstrap that sets up a minimal CMS environment without a database or web server.

Core changes:

1. Test bootstrap (tests/Support/ViewTestBootstrap.php):
2. Defines required CMS constants (BASE_DIR, FUNC_FILE, ADMIN_FILE, PREFIX_DB)
3. Instantiates $tpl as Template('admin') for all test suites
4. Provides fixture helpers for creating throwaway template files
5. Admin bridge tests (tests/Unit/Admin*BridgeFlowTest.php):

6. AdminLoginBridgeFlowTest — verifies login and registration partials render with all required named keys and escape HTML entities correctly

7. AdminPreviewBridgeFlowTest — asserts preview partial outputs title and fields
8. AdminSearchboxBridgeFlowTest — confirms searchbox partial renders form input
9. Engine flow tests (tests/Unit/):
10. TemplateBridgeFlowTest — getHtmlPart / getHtmlFrag happy-path and empty-name guard
11. TemplateBridgeFallbackTest — missing file, bad name, and path-traversal attempts
12. ViewBridgeSmokeTest — compiled cache creation, mtime invalidation, include tag

Benefits: - Regression safety for every admin partial migrated from setTemplateBasic() - Engine security assertions block null-byte, dotdot, and symlink bypass attempts - Tests run without a live CMS install using the in-process bootstrap

Technical notes: - PHPUnit 10+ compatible; no database fixtures required - Fixture templates written to sys_get_temp_dir() and cleaned up in tearDown

Delete the shared plugins/bootstrap/ directory now that Bootstrap is bundled inside templates/simple/assets/vendor/bootstrap/ and the default theme carries no Bootstrap dependency at all.

Core changes:

1. Removed (plugins/bootstrap/):
2. bootstrap.min.css, bootstrap.bundle.min.js, bootstrap-icons.min.css
3. fonts/bootstrap-icons.woff2
4. index.html

Benefits: - Eliminates a global shared asset that coupled all themes to one Bootstrap version - Each theme now owns its vendor dependencies explicitly

Technical notes: - simple theme ships an identical Bootstrap copy under assets/vendor/bootstrap/ - Any theme that does not need Bootstrap simply omits the vendor directory

Introduce two starter themes under templates/ implementing the canonical engine directory structure (pages, partials, fragments, layouts, assets), providing reusable error pages, login views, alerts, and layout wrappers.

Core changes:

1. default theme (templates/default/):
2. layouts/bare.html — minimal HTML shell without nav or sidebar
3. pages/error.html — styled error page with title and message slots
4. partials/login.html, login-logged.html, login-without.html — auth views
5. partials/alerts.html — flash message list partial
6. fragments/message.html — inline status fragment
7. simple theme (templates/simple/):
8. layouts/bare.html, layouts/main.html — bare and full-nav layout wrappers
9. pages/error.html — lightweight error page
10. Same partials and fragment set as default
11. assets/css/theme.css, assets/js/theme.js — minimal theme stylesheet and script
12. assets/vendor/bootstrap/ — bundled Bootstrap 5 for this theme only

Benefits: - Demonstrates full engine directory convention for future theme authors - simple theme ships Bootstrap self-contained, not as a global plugin - default theme has no JS/CSS dependency, suitable for lightweight deploys

Technical notes: - Bootstrap vendor files in simple/assets/vendor/ replace the removed global plugin - Both themes use {{ }} / {{{ }}} syntax and {% if/for/include %} engine tags

Move login, registration, searchbox, and preview from flat HTML files into the structured partials/ directory expected by the Template engine, enabling named-key variable injection and HTML auto-escaping.

Core changes:

1. New admin partials (templates/admin/partials/):
2. login.html — form with {{ route }}, {{ nickname }}, {{ password }}, {{ captcha }}
3. registration.html — full registration form with all named fields
4. searchbox.html — search input partial
5. preview.html — preview panel with {{ title }}, {{ fields }}, {{ fieldsa/b/c }}
6. Removed flat templates (templates/admin/):
7. login.html, registration.html, searchbox.html — superseded by partials above
8. These were loaded via setTemplateBasic() which is replaced by getHtmlPart()

Benefits: - Templates now live in the canonical engine directory structure - Variable names are clean identifiers, not {%placeholder%} strings - Auto-escaping via {{ }} protects against XSS in admin views

Technical notes: - preview.html added as a new partial (no previous flat equivalent) - Partials use {{ var }} for escaped output and {{{ var }}} for raw HTML fields

Replace every setTemplateBasic() call with $tpl->getHtmlPart() across admin core and all module admin controllers, converting placeholder-map syntax to named-key arrays and normalising captcha condition logic.

Core changes:

1. Admin core (admin/index.php):
2. login() and preview() use $tpl->getHtmlPart() with named-key arrays
3. Captcha condition simplified to in_array() instead of chained ==
4. Admin modules (admin/modules/*.php):
5. categories, modules, referers, statistic, template, uploads migrated
6. Each search helper and listing function now passes named keys to getHtmlPart()
7. uploads: bulk-edit form and per-file row rendering fully converted
8. Module admin controllers (modules/*/admin/index.php):
9. account, auto_links, search, shop — all setTemplateBasic() calls replaced
10. shop: form helpers (getItemFields, getCategFields) and listing rows migrated

Benefits: - Eliminates string-keyed {%placeholder%} map pattern across 11 files - Template data validated and escaped by the engine, not inline PHP - Consistent API surface for all future admin template additions

Technical notes: - All calls use $tpl->getHtmlPart(name, [key => value]) signature - $tpl declared global inside each function that renders a partial - setTemplateBasic() remains in system.php for non-migrated frontend callers

Add a theme-aware template engine that compiles Jinja-style syntax to cached PHP, replaces setTemplateBasic() for admin and frontend views, and enforces path-traversal safety at every resolution step.

Core changes:

1. Template engine (core/classes/template.php):

2. getHtmlPage() — renders a page with optional layout inheritance * supports {% extends 'layouts/app.html' %} and {% block %}/{% endblock %} * falls back to standalone render when no layout exists

3. getHtmlPart() / getHtmlFrag() — compile and return partials and fragments
4. Compiled PHP cache stored in storage/cache/view/<theme>/ keyed by sha1 hash
5. Syntax compiled: {{ var }} (escaped), {{{ var }}} (raw), {% if/for/include/extends/block %}
6. checkFile() / checkIncl() / checkName() prevent path traversal in all lookups
7. Bootstrap (core/system.php):
8. require_once Template class at startup
9. Instantiate $tpl as Template('admin') or Template($theme) based on ADMIN_FILE
10. Expose via $GLOBALS['tpl'] for access from all module functions
11. Rewrite preview() to use $tpl->getHtmlPart('preview', [...])

Benefits: - Decouples HTML from PHP string interpolation across all admin views - Compiled cache eliminates repeated regex parsing per request - Single validated entry point for all template rendering

Technical notes: - Template files live under templates/<theme>/{pages,partials,fragments,layouts}/ - Cache invalidated automatically when source mtime changes - Backward-compatible: setTemplateBasic() remains available for non-migrated callers

Preserve original default theme as reference archive before rework.

Delete 22 old templates replaced by generic shared versions in the previous refactor (hit-badge, reads-badge, date-badge, back-button, category-image, category-link, admin-menu, whois-result, kasse-box, basic-files-view, basic-links-view) and update shop-kasse-content.

• Merge 22 module-specific templates into 9 generic shared templates: hit-badge, reads-badge, date-badge, back-button, category-image, category-link, admin-menu, whois-result, basic-download-view

• Fix rendering bug in basic-files-view / basic-links-view: pre-render ctitle/cimg/admin/goback before passing to parent template

• Update modules: auto_links, files, links, media, shop, whois
• Archive templates/default/ → templates/default_old/