Журнал изменений

Replace raw HTML strings in core utilities, all admin modules, and frontend modules with helper functions and template fragments, completing the project-wide HTML abstraction campaign across ~50 PHP files.

Core changes:

1. New helpers (core/helpers.php):
2. getHtmlScriptSrc(), getHtmlScriptInline() for <script> tags
3. getHtmlCssLink(), getHtmlCssInline() for <link>/<style> tags
4. getHtmlHeadLink() for generic <link> head tags
5. getAdminHidden(), getAdminTextInput(), getAdminNumberInput() for admin inputs
6. getLinkAction(), getDeleteAction(), getExternalAction() for safe link items
7. getMenuItem(), getMenuItems() for frontend action menus
8. core/system.php:

9. All raw <script> patterns replaced: doScript(), doCss(), head links, scheduler, getCaptcha(), datetime(), get_user_search(), SyntaxHighlighter, textarea() editors (TinyMCE, CKEditor, CodeMirror), textarea_code()

10. anti_spam() <script>/<noscript> split via getHtmlScriptInline()
11. File-upload JS block in textarea() migrated
12. Admin modules (admin/modules/.php, modules//admin/index.php):
13. All add_menu('a||b') → adminMenuItems([adminLinkAction(), adminDeleteAction()])
14. All raw <option>/<select> loops → getAdminOption() + getAdminSelect()
15. All language() calls in raw <select> → getAdminSelect('lang', language(...))
16. 150+ new module-specific admin template fragments added
17. Frontend modules:
18. modules/content/index.php: add_menu() + unescaped $title in DelCheck fixed
19. modules/search/index.php: add_menu() + raw <select> in form
20. modules/voting/index.php: add_menu() with delete confirm

Benefits: - PHP controllers free of raw HTML (outside documented raw slots) - XSS vectors in JS confirm dialogs now escaped inside getDeleteAction() - Markup changes no longer require PHP edits in hot paths

Technical notes: - getMenuItems() is the frontend counterpart of adminMenuItems() - getLinkAction/getDeleteAction/getExternalAction use comment-action-* fragments - All changes verified: php -l per file, phpunit OK (6 tests, 9 assertions)

Roots /vendor/, /composer.lock, /composer.phar in .gitignore so only the project-root Composer directory is excluded. This allows frontend vendor assets inside template directories to be tracked in the repo.

Core changes:

1. .gitignore:

2. Changed vendor/, composer.lock, composer.phar to /vendor/, /composer.lock, /composer.phar * Prevents accidental exclusion of template-level asset vendor dirs

3. Template vendor assets (templates/*/assets/vendor/):
4. Added Bootstrap Icons CSS (admin + simple themes)
5. Added Bootstrap bundle JS (simple theme)
6. Added Bootstrap core CSS (simple theme)
7. Added woff2 icon fonts for both themes

Benefits: - Frontend dependencies are now versioned alongside templates - No reliance on CDN or build step for Bootstrap in deployed environments - Consistent asset availability across dev and production

Technical notes: - Assets are pre-built minified files, no build step required - Composer root vendor/ remains excluded as before

Systematic removal of inline HTML from PHP across the entire CMS — all shared and repeated patterns are now rendered through named fragments, leaving only confirmed Sonderfälle (multi-tab JS forms, JS hidden forms) as inline strings.

Core changes:

1. New helper layer (core/helpers.php, core/admin.php):
2. getAdminConfSave() — ddtabcontent conf-save form wrapper
3. getCatForm() — categories tab form wrapper
4. getAccountSearchBox() — collapses 6 identical account search blocks
5. getAdminListForm() — bulk-action list form wrapping getAdminTable()
6. getMoneyCalcForm() — frontend currency calculator form
7. getMetaRefresh() — meta http-equiv refresh tag (applied to 20+ files)
8. getAdminSelect/Option, getAdminForm/Row/Wide, getAdminBox, getAdminTable/Row
9. getAdminInfoBox, getAdminSearchBox, getAdminPlaceholderBox
10. getCatPermRow, getCatTab, getCatTabScript, getCatSubmitRow
11. getBlockViewGrid, getFormAddRow, getFormSubmit, getFormSelect
12. getForumIcon, getForumReplyForm, getContentCard, getContentView
13. adminFlagBox, adminNoteLabel, adminTitleTip, adminDangerText
14. adminMoveControls, adminInfoForm, edit_list
15. Admin fragments (templates/admin/fragments/):

16. 35 new fragments covering table, form, row, select, info, flag, tip, move-controls, edit-list, editor-form, admins CRUD, categories tabs, blocks grid, conf-save, cat-form, list-form, account-search-form

17. Frontend fragments (templates/default|lite|simple/fragments/):
18. content-card, content-view, form-add-row, form-submit, form-select
19. forum-topic-icon, forum-reply-form, meta-refresh, money-calculator-form
20. Identical across all three themes (sync test enforced)
21. Raw slot registry (docs/RAW_SLOTS_ADMIN.md):
22. Documents every {{{ raw }}} slot with origin and escaping rationale
23. Deleted legacy open/close fragment pair across all four themes

Benefits: - Zero raw <form>, <table>, <tr>, <td> strings in module files outside Sonderfälle - All meta http-equiv refresh tags replaced across 20+ frontend modules - Shared patterns reduced to single declaration: account search ×6→1, meta-refresh ×20→1, calculator forms ×3→1 - Fragment inventory is auditable and consistent

Technical notes: - Sonderfälle remain inline: config.php 7-tab, security.php ban forms, uploads config(), scheduler.php JS hidden forms, rss tab form - Search mini-forms inside getAdminSearchBox() are intentionally inline (single-use, already wrapped in the proper helper) - All frontend fragments pass testSharedFrontendFragmentsStayInSyncAcrossThemes

Consolidated 68 atomic micro-fragments into unified fachliche templates. Eliminated action-menu, action-delete, alpha-nav, category-icon/title, rating-bar/like, pager-dots duplicates via merged variants with optional slots. Inlined trivial single-tag fragments (danger-text, note-label, tab-list-close, pager-dots). Updated all callers in core/admin.php and core/system.php accordingly.

Added docs/ADMIN_MIGRATION_PLAN.md as master plan covering Spur 1 fragment consolidation phases 1-5 and Spur 2 module-by-module HTML migration for all 24 admin modules with risk-based batch ordering, helper decision model, raw-slot rules, stop conditions and verification matrix.

Added partials scaffold: blocks/add.html, blocks/edit.html, admin-config-base.html, admin-config-communication.html.

Moves all theme CSS/JS files from theme root and legacy js/ directories into a consistent assets/css/ and assets/js/ layout across all themes, and fixes broken image URL references caused by the deeper file location.

Core changes:

1. Theme asset structure (templates/admin, default, lite, simple):
2. Move CSS files from theme root into assets/css/
3. Move JS files from js/ into assets/js/
4. Move fonts into assets/css/fonts/
5. Remove old root-level and js/ directories
6. CSS image path fix (all theme CSS files):

7. Replace url(images/) with url(../../images/) to correctly resolve paths relative to new assets/css/ location

8. doCss() path resolver (core/system.php):

9. Replace str_replace('../', '') + naive prefix with proper relative path resolution that correctly handles ../ navigation

10. Layout hardcoded script tags (all themes admin.html, lite home.html):

11. Remove redundant hardcoded script tags; files are now auto-loaded via getThemeAssets()

12. modules/shop/index.php:
13. Update theme.css existence check to assets/css/theme.css

Introduces automatic CSS/JS loading for partials and components, shortname resolution for include and component tags, and a restructured asset pipeline in doCss/doScript with vendor subdirectory support.

Core changes:

1. Asset injection system (core/classes/template.php):

2. Add $assets property collecting CSS/JS per render pass * Reset at start of getHtmlPage(), getHtmlPart(), getHtmlFrag() * Reset in finally block of getPageHtml()

3. Add addAssetPath(): registers companion .css/.js files at runtime
4. Add getAssetMarkup(): renders collected tags for standalone output
5. Add mergePageAssets(): injects assets into links/scripts data for layouts
6. Fix evaluation order bug in fallback render path (line 75)
7. Shortname syntax (core/classes/template.php):

8. include and component tags now accept bare names without path or extension * 'header' auto-resolves to 'partials/header.html' * 'modal' auto-resolves to 'partials/modal.html'

9. Asset pipeline (core/system.php):
10. Add getAssetFiles(): resolves config entries as files or directories
11. getThemeAssets(): scan vendor subdirectories two levels deep; deduplicate
12. doCss(): delegate file resolution to getAssetFiles() + getThemeAssets()
13. doScript(): same restructure as doCss
14. Documentation (docs/, CONTRIBUTING.md, UPGRADING.md, admin/info/template/ru.md):
15. Document shortname syntax, smart asset loading and component/slot support
16. Update test list and runtime feature status

Benefits: - Assets are collected centrally and injected into <head> via layout data - No duplicate <link>/<script> tags regardless of how many times a partial is used - Zero runtime I/O overhead: file existence checked only at addAssetPath call - Vendor CSS/JS under assets/vendor/<lib>/<type>/ now auto-loaded

Technical notes: - Asset deduplication uses href/src as array key - Cache hash reverted to theme + path + mtime only (CSS/JS checked at runtime) - Shortname expansion applies only when path has no slash and no .html suffix

Revise the template admin guide to reflect the current architecture: component/slot syntax, corrected cache path, removal of legacy layout tags, and clarified fragment/partials directory roles.

Core changes:

1. Architecture section (admin/info/template/ru.md):
2. Rename title to "Phoenix Template Engine" to match class identity
3. Clarify layouts/partials/fragments roles with updated descriptions
4. Note cache dir: storage/cache/templates/<theme>/
5. State that legacy layouts and {%MODULE%}-style tags are removed

Benefits: - Documentation matches the implemented template system - Developers get accurate directory and directive references

Technical notes: - Russian-language documentation file, no code changes

Update tests to reflect renamed template variables in partials/preview.html and the new required fragment path convention for frontend themes.

Core changes:

1. Variable name update (tests/Unit/AdminPreviewBridgeFlowTest.php):

2. Replace fields/fields1/fields2/fields3 with title_html/body_a/body_b/body_c in all three test scenarios (direct render, missing theme, bridge flow)

3. Required fragment path update (tests/TemplateValidationTest.php):

4. Change required template check from basic.html/title.html to fragments/basic.html/fragments/title.html for frontend themes

Benefits: - Tests reflect the actual template variable contract - Fragment path validation aligned with new theme structure

Technical notes: - No test logic changed, only variable names and path strings updated - All three AdminPreviewBridgeFlow scenarios updated consistently