Официальный сайт SLAED CMS
Журнал изменений
Replace the legacy table profile (account&op=view) with the approved Dense Split composition: identity rail, trust strip, symmetric fact panels, module contribution hub and a tabbed last-activity feed, all rendered from live data in four SQL queries.
Core changes:
- Profile view (modules/account/index.php):
Rebuild view() around template data arrays: role-aware fact panels, trust strip, level progress and group chips
- online status via a subquery in the main user select
- one groups select drives chips, rank fallback and level thresholds
- module hub counts, weighted ratings and favorites in one UNION ALL
- hidden fields keep the localized placeholder for panel symmetry
- profil() reuses the shared feed; the legacy last() helper is removed
- Shared profile helpers (core/user.php):
getProfileModules() maps module tables, icons, rating column pairs and favorites keys in one place
getProfileLastView() renders the per-module activity feed from a single UNION ALL round-trip and respects per-module rating settings
- computed union columns are aliased because a literal 0 column would
otherwise shadow numeric row index 0 under FETCH_BOTH - Theme (templates/lite):
account-profile.html rewritten for the split card; new feed partials account-profile-feed.html and account-profile-feed-list.html
sl-profile-* styles on base.css tokens; chip labels truncate with an ellipsis; dead sl-table-acc-info and sl-user-group-special styles removed
- signature renders as the system blockquote and is visible to everyone
- Feed auto-scroll (plugins/system/slaed.js):
setProfileScrolls clones visible feed entries and animates them with reduced-motion and hover-pause support, re-measuring on tab switches
- Language constants (lang/, modules/account/lang/):
nine ACCOUNT* module constants and the global _LASTACTIVITY in all six locales
Benefits:
- Profile page cost drops from ~17 module queries to 4
- One module map feeds the hub, the feed and future consolidation
- Deferred follow-ups documented in docs/PROFILE-BACKLOG.md
Align every editor surface with the active theme's visual language and add a size-limited base64 embed option to the image dialog. Harden the integration with the vendor engine after three virtual-DOM regressions.
Core changes:
- Theme token contract (templates/*/assets/css/base.css):
field group (--sl-field-*), --sl-color-text-heading, --sl-color-on-dark, --sl-color-primary-hover, --sl-radius-card, --sl-shadow-input canonized; admin defines the field group, lite gains primary-hover
- --sl-field-focus-ring is a color composed as 0 0 0 3px var() in place
- Editor skin vendor alignment (templates/*/assets/editors/toastui/skin.css):
chrome, work area, toolbar states, mode switch, dropdown, popups, buttons, inputs, tabs, table selector, context menu, focus rings, selection, placeholders, md syntax accents and WYSIWYG content colors mapped to tokens
one control standard across all windows: theme font chain (vendor font stack removed), fields 32px/12px/field tokens, buttons 32px/12px, hints 11px; emoji tabs restyled as the popup button pair with primary active
toolbar header painted by the wrapper (rounded corners fixed), md tab bottom border restored, popup pinned to the right edge by CSS instead of the racy JS left assignment
- Image dialog (plugins/editors/toastui/, templates/*/partials/):
three insert modes as theme-owned radios: upload to server (default), attachment thumbnail, and NEW base64 embed into the text with a 32 KB client limit (_EMODE* constants in all six locales)
- file selection uploads automatically (no OK click), drag and drop included
system sl-alert everywhere: upload limits, messages and errors render in an extras strip; file field and hints unified with the file manager
- Vendor virtual-DOM integration hard rules (editor-upload.js):
no foreign DOM inside vendor popups: SLAED nodes live in the extras strip and absolutely positioned blocks raised together with the window
- vendor node text patched via nodeValue, never textContent
popup closing detected by a MutationObserver on the popup style attribute, fixing stuck header strips for guests and async close paths
- Fullscreen (editor-tags.js):
height driven by the engine setHeight('100%') with save/restore, bottom tabs and mode switch stay visible; the 100vh CSS override removed
Benefits:
- Switching a theme now changes the complete editor look including geometry
- Anonymous and privileged flows verified end to end without JS errors
- docs/DATA-URI-SECURITY-PLAN.md records the follow-up server-side hardening
Remove the last visual-contract leak in the editor plugin JS: setMsg() no longer assembles sl-toastui-message-* class names itself and instead clones the theme-owned msg-info/msg-warn template blocks.
Core changes:
- Upload messages (plugins/editors/toastui/assets/editor-upload.js):
setMsg() clones the msg-info/msg-warn <template> from the theme and only fills textContent; the message container keeps no plugin-chosen classes
getWarn() and the inline empty-list branch consolidated into one getMsg() helper used by all message paths
Benefits:
- Theme designers restyle upload messages purely in the theme partial
- One message-building path instead of three
Complete the 'theme owns visuals, plugin owns mechanics' migration: every SLAED-authored visual asset now lives in the theme, plugins keep only logic and versioned vendor engines, and switching a theme changes the entire look.
Core changes:
- Editor asset contract (core/classes/editor.php, plugins/editors/toastui/):
Theme skin moved to templates/<theme>/assets/editors/toastui/skin.css
- loaded by Editor::getThemeSkin() right after the engine CSS
- resolved from the effective editor key after all fallbacks
- deduplicated per theme:key pair, missing declared skin is logged
Dialog markup moved to theme partials editor-toastui-{dialogs,files,templates}.html
- dialogs partial renders window headers via a template loop
- EditorToastTemplate bypass class deleted, standard getHtmlPart() used
Plugin JS builds no markup: emoji panel and file manager clone theme-owned <template> blocks and fill textContent/src/data-* only
Plugin JS renamed to editor-{tags,emoji,upload}.js; dead unminified vendor build toastui-editor.js removed
- Theme structure validator (core/system.php):
checkThemeAssets() checks the canonical structure including editor assets declared in editor manifests
applied on all theme selection paths: user list/save, admin user edit, global config, getTheme() runtime guard
- Avatars (core/user.php, modules/account/index.php, setup/):
- system avatars and presets live in templates/<theme>/images/avatars/
getUserAvatarUrl() resolves presets/system from the active theme and accepts only the canonical presets/<name>.<ext> format
idempotent upgrade migration added to table_update6_3.sql with a PHP-side verification counter in setup
- Icons and tokens (templates/, core/security.php):
- Bootstrap Icons vendor directory renamed to assets/vendor/bootstrap-icons/
canonical token dictionary normalized: primary, bg-soft, text-muted, shadow-panel replace brand-link, surface, muted, shadow-medium everywhere
setExit() uses getThemeAssets() for emergency pages, getThemeCssFiles() and the manual icon CSS include removed
- editor classes renamed to sl-editor-icon- / sl-editor-emoji-
- toolbar icon color now follows --sl-color-text-muted
- img_find() renamed to getThemeImagePath()
Multilingual search (lang/, plugins/editors/toastui/assets/i18n/, templates/admin/assets/js/):
emoji set stored as plain symbols, names and search keywords generated from Unicode CLDR for de/en/fr/pl/ru/uk with localized tooltips
editor labels moved to language constants (_EEMOJI*, _ETABS) in all six locale files
admin icon picker searches by official Bootstrap Icons tags plus CLDR-derived locale term maps, lazy-loaded on first open
Benefits:
- A theme is a complete, replaceable visual package validated on activation
- Editor CSS order is deterministic: engine first, theme skin second
- No innerHTML markup in plugin JS; designers restyle without touching plugins
- Reproducible avatar migration for existing installations
Unify editor dialogs, upload validation, localization, and full-width form layout while keeping Toast UI resources independent from site themes.
Core changes:
- Toast UI editor (plugins/editors/toastui):
- Add unified upload and file-manager dialogs with drag, fullscreen, and attachment modes
- Move editor templates and translations into the plugin
- Upload handling (core and modules):
- Validate file types, dimensions, sizes, and aggregate upload limits
- Surface clear localized upload errors and help text
- Shared interface assets (plugins/bootstrap-icons):
- Consolidate Bootstrap Icons outside individual themes
- Align editor controls, dialog buttons, inputs, and responsive behavior
- Module forms (modules and templates/lite):
- Expand editors and intuitive fields to the available width
- Preserve explicit labels where additional field context is required
- Browser verification (tools/browser-audit.mjs):
- Extend authenticated browser checks for editor and upload workflows
Benefits:
- Consistent editor behavior across themes and modules
- Clearer upload limits and failure messages
- Reduced theme duplication and simpler maintenance
Technical notes:
- Existing CKEditor and TinyMCE drivers load the shared icon assets
- Toast UI templates no longer depend on theme partials
- Existing parser attachment behavior remains compatible
Add a responsive profile redesign showcase centered on the refined Dense Split concept, with complete account details, trust signals, ratings, module activity, and administrative actions.
Core changes:
- User profile showcase (demo/user-profile-2026.html):
- Add sixteen responsive profile design variants based on the lite theme system
- Refine Dense Split with complete user data, trust proofs, rating controls, module statistics, and social and administrative actions
- Add switchable activity feeds with threshold-based auto-scrolling and system chips for dates, ratings, and bookmarks
Benefits:
- Provides a detailed visual foundation for the production profile redesign
- Reuses established theme controls, tokens, icons, and interaction patterns
Technical notes:
- Keeps demo-specific CSS and JavaScript inline in the standalone HTML file
- Does not change backend APIs, database schema, routes, or production templates
- Preserves existing production behavior
Replace the legacy raster avatar gallery with a scalable SVG set and expose the required upload placeholders to version control.
Core changes:
- Default avatar gallery (uploads/avatars/default):
- Replace 54 PNG avatars with 56 SVG avatars
- Refresh guest, user, and deleted fallback artwork
- Upload placeholders (.gitignore):
- Track upload assets and directory index guards
- Add index guards for file and news uploads
Benefits:
- Reduces avatar asset size and improves scaling
- Keeps required upload directory guards in the repository
Technical notes:
- Breaking change: legacy default avatar filenames 01.png through 54.png are removed
- Existing stored references to removed PNG avatars fall back until migrated
Keep the guest user block compact and prevent session-bound tokens from breaking its read-only Live refresh.
Core changes:
- Live session endpoints (index.php):
- Exempt only public read-only session summary and row requests from CSRF validation
- Keep login and state-changing routes protected
- Guest presentation (templates/lite):
- Restore the online chip and correct greeting order
- Smooth guest action hover states and remove artificial vertical gaps
Benefits:
- Prevents intermittent token mismatch alerts during Live refresh
- Keeps the Dense Login layout compact and predictable
Technical notes:
- No database schema changes
- Public session endpoints remain read-only
- Existing protected actions retain CSRF validation
Redesign the user sidebar around the Dense Split layout and carry the selected Live audience behavior into the production template system.
Core changes:
- User and guest states (blocks/user_info.php):
- Add group color, rank image, level progress, compact navigation, and guest login presentation data
- Rebuild the shared user block partial for authenticated and guest sessions
- Live audience summary (core/system.php):
- Add member, bot, and guest percentages for the audience ring
- Preserve popup rows across refreshes and add overflow-aware automatic scrolling with hover and accessibility pauses
- Theme and design labs (templates/lite):
- Consolidate the Dense Split visuals into the Lite theme and shared partials
- Add the selected 2026 demo variants for future comparison
Benefits:
- Provides one consistent user block for guest and authenticated states
- Reuses the existing template, theme, HTMX, and Live UI infrastructure
- Keeps group identity and online audience data visible without increasing block size
Technical notes:
- No database schema or route changes
- Existing user block and session helper interfaces remain backward compatible
Add reusable sharing, favorites, live-status, and modal interactions across frontend and admin views. Consolidate browser behavior and template hooks, refresh localized labels, and replace obsolete UI demos with focused component examples.
Core changes:
- Interactive controls (core/system.php, core/user.php, plugins/system/slaed.js):
Add canonical sharing with QR, copy, and social network actions
- Keep comment and forum links stable across pagination and HTMX updates
- Reuse global confirmation and share dialogs
- Optimize favorite-state rendering and add live refresh controls
- Template integration (templates/admin, templates/lite):
- Add reusable modal, favorite, freshness, live-chip, and share fragments
- Align admin and frontend styles with the consolidated interaction model
- Module and demo coverage (modules, demo, lang):
- Wire sharing and favorite controls into supported content modules
- Synchronize interface labels across all active locales
- Replace outdated demo laboratories with focused UI reference pages
Benefits:
- Consistent interactive behavior across modules and asynchronous updates
- Fewer duplicate controls and database lookups
- Clearer template ownership and reusable frontend primitives
Technical notes:
- No database schema changes
- Existing public routes and module contracts remain compatible