Журнал изменений

Removes the obfuscated anti_spam() rendering of customer email addresses in the money, order, and shop admin list views, replacing it with a proper clickable mailto link so admins can contact users directly from the table.

Core changes:

1. money/admin/index.php:

2. Email cell: renders info-tooltip + mailto link (subject includes module name _MONEY); removed is_truncate flag from cell and header

3. IP cell: added class_name 'sl-col-ip' for correct column width
4. order/admin/index.php:

5. Email cell: info-tooltip title_html replaces label_text anti_spam; mailto link appended after the tooltip (subject: _ORDER)

6. shop/admin/index.php (partnerinfo):
7. Added is_fixed => true to the partner clients table

Benefits: - Email addresses are directly actionable from the admin list - Consistent pattern with other admin modules (admins, money, order)

Technical notes: - Subject line is URL-encoded with rawurlencode(); site name prefixed - anti_spam() call removed; no backward-compat wrapper needed

Adds data attributes that enable JS-driven column sorting on status cells in the categories and blocks admin tables, and passes the is_col_actions flag through to the functions column so it receives the correct CSS class.

Core changes:

1. getAdminCategoryList() (core/admin.php):

2. Status td: added attr with data-sort-column-key and data-sort value (1 for active, 0 for inactive) to enable tablesort

3. Functions td: added is_col_actions => true
4. Table: added attr data-sl-admin-table="categories"

5. Status th: replaced nosort with sortable data-sort-column-key + data-sort-reverse

6. Functions th: added is_col_actions => true
7. getAdminBlockList() (core/admin.php):

8. Same set of changes applied to the blocks table (status + functions cells and headers, data-sl-admin-table="blocks")

Benefits: - Status columns are now sortable by activation state - Functions column gets correct sl-col-actions width via CSS class

Technical notes: - data-sort is set to '1'/'0' string to match tablesort expectations - data-sort-reverse sorts active items to the top by default

Applies the is_fixed flag to all admin tables that were missing it so column widths are stable, and corrects the swapped active-tab indices in the blocks module add/edit functions.

Core changes:

1. blocks.php:
2. add(): tab index corrected from 3 to 1 (Add tab)
3. edit(): tab index corrected from 1 to 3 (Edit tab)
4. filecode(): inline block path variable, merged redundant alert calls
5. database.php:
6. getSqltable(): added is_fixed => true to inner query-result table
7. database(): added is_fixed => true to the table-list table
8. groups.php:
9. points(): added is_fixed => true to the points table
10. referers.php:
11. referers(): added is_fixed => true to the referrers table
12. security.php:
13. security(): added is_fixed => true to the IP log table
14. banlist(): added is_fixed => true to both ban tables (IP + name)
15. statistic.php:
16. statistic(): added is_fixed => true to the stats table

Benefits: - Consistent column widths across all admin list tables - Active tab now highlights the correct section in blocks module

Technical notes: - is_fixed adds the sl-table-fixed CSS class; no schema change

Replaces the binary Yes/No super-admin flag with a three-tier access indicator (icon + colour), hardens the add/edit form (autocomplete, toggle collapsible, password validation), and fixes several minor rendering regressions introduced in earlier sessions.

Core changes:

1. admins() — list view (admins.php):
2. Column header changed from _SUPERUSER to _ACCESS
3. SQL now also fetches modules column for each admin row
4. Computes $stat tier: 2=superuser, 1=has modules, 0=no access

5. Status cell renders bootstrap-icon shield-fill-check with colour: danger for superuser, success for module access, muted for none

6. data-sort attribute set to $stat so table can sort by access tier
7. mailto subject line includes module name (_MODULESADMIN)
8. add() — edit/add form (admins.php):
9. $check now reads the actual POST mail flag on re-render after error
10. alert() call corrected: uses 'lines' key (was 'messages')
11. Mail template text built with PHP_EOL instead of literal '\n'
12. Password inputs get autocomplete="new-password"

13. _MAIL_SENDE label rendered via span fragment with sl-no-colon class so no unwanted colon appears after the checkbox label

14. Mail textarea collapsible moved from a wrapping div to the div-row level using id + attr (data-sl-toggle-display, style hide/show)

15. save() — persistence (admins.php):
16. Password change detection uses $chg flag (both fields non-empty)
17. Validation: skip password checks when editing without changing pwd

18. $mail suppressed when editing without password change (avoid sending stale password notification)

Benefits: - Visual access tier is immediately scannable in the admin list - Password update is independent of mail notification - Form collapses mail section cleanly without layout artefacts

Technical notes: - filterAdminmods + getAdminModuleNames already existed; no new helpers - Backward compatible: database schema unchanged

Improves the visual layout of alert boxes, table rows, and form fields; extends template fragments with new optional attributes; and fixes the JS toggle helper to respect the data-sl-toggle-display attribute so collapsible div-rows restore the correct display value.

Core changes:

1. theme.css:

2. Alert (.sl-warn/.sl-info): switch to flex layout; icon is static flex item; .sl-alert-content wraps text; removes obsolete absolute positioning and transform

3. Table rows (th/td): unified height: 30px + vertical-align middle
4. sl-col-status: width 52 → 80px, white-space nowrap
5. .sl-div-item-full textarea: added width/box-sizing/min-width rules
6. .sl-div-item-full .sl-collapsible: width 100% min-width 0
7. .sl-no-colon: suppresses the automatic colon after label text
8. sl-col-sent: overflow/text-overflow ellipsis
9. alert.html:

10. Content body is now wrapped in <div class="sl-alert-content"> to integrate with the new flex layout

11. bootstrap-icon.html:
12. Added optional color_attr variable to render inline style color
13. div-row.html:
14. Added optional id and attr pass-through attributes on the wrapper div
15. table.html:
16. Added optional attr pass-through attribute on the <table> element
17. th.html:
18. Added optional attr pass-through attribute on the <th> element
19. info-tooltip.html:
20. Collapsed redundant blank lines; logic unchanged
21. slaed.js (toggleBlock):

22. Read data-sl-toggle-display attribute from target element to determine the correct display value when showing (fallback: 'grid' for sl-div-item/sl-div-grid, 'block' otherwise)

Benefits: - Alert icons no longer shift on narrow viewports - Tables have uniform row height across all admin modules - Fragments are extensible without PHP-side workarounds

Technical notes: - Backward compatible: all new attributes are optional - data-sl-toggle-display="grid" is used by the new collapsible mail section in the admins form

Introduces a new language constant _ACCESS (de: 'Zugriff', en: 'Access', fr: 'Accès', pl: 'Dostęp', ru/uk: 'Доступ') placed alphabetically before the existing _SUPERUSER constant. Used as the column header and checkbox label in the admins module to distinguish plain module access from full super-admin access.

Core changes:

1. All six admin language files (de, en, fr, pl, ru, uk):

2. Added define('_ACCESS', '<translation>') between _SUBCATEGORY and _SUPERUSER so alphabetical ordering is preserved

Benefits: - Enables the admins list to display a distinct 'Access' column header instead of reusing _SUPERUSER for a non-binary indicator - Single-source translation for 'Access' across the whole admin panel

Technical notes: - _SUPERUSER ('Full access') is kept unchanged for backward compat with existing super-admin badge tooltips

The checkbox that grants unrestricted access to all modules was previously labelled 'Full access' in UI and documentation. This commit updates only the help/info pages so the label matches the upcoming constant rename in the codebase.

Core changes:

1. Admin info pages — all six language variants (de, en, fr, pl, ru, uk):

2. Updated label references from 'Full access' / 'Vollzugriff' / 'Полный доступ' / 'Повний доступ' / 'Accès complet' / 'Pełny dostęp' to the shorter 'Access' / 'Zugriff' / 'Доступ' / 'Доступ' / 'Accès' / 'Dostęp' respectively

3. Fixed missing newline at end of file in de, en, fr, pl, uk variants

Benefits: - Documentation stays in sync with the renamed UI label - Consistent terminology across all language variants

Technical notes: - ru.md: heading 'Опция «Полный доступ»' updated to 'Опция «Доступ»' - Columns description updated in ru.md to match new column header - No logic or template changes in this commit

Aligns the template with the new PHP-side escaping contract: scalar monitor vars no longer need {{{ }}} (raw). SVG chart title vars switch to {{ }} now that PHP drops htmlspecialchars(). Request & Performance section redistributed so icon rows are balanced left vs right.

Core changes:

1. Scalar var escaping (templates/admin/partials/basic-monitor.html):
2. {{{ cmsver/phpver/mysql }}} → {{ }} in version status block
3. {{{ uptime/osname/servfull/servprot/servname/serverip/servport }}} → {{ }}
4. {{{ diskfree/dskread/dskwrite }}} → {{ }}
5. {{{ lastbackuprun/backupdirsz/cachedirsz/logsdirsz/uploadssz }}} → {{ }}
6. {{{ failedlogins24h/errorlog24h }}} → {{ }}
7. {{{ phpsapi/zend_eng/php_char/memlim/scriptmem/maxtime }}} → {{ }}
8. {{{ postmax/upmax/maxvars/maxfileup/gdver/opcache_* }}} → {{ }}
9. {{{ dbchar/dbtz/dbmaxpack/dbbuffpool/dbconn/dbcurname/dbuser }}} → {{ }}
10. {{{ reqip/mempeak }}} → {{ }}
11. SVG title vars {{{ tip_up/down/cpu/ram }}} → {{ tip_* }}
12. Request & Performance layout:
13. LEFT: Client IP, Request URI (sl-tip), Query String (sl-tip),

    Execution Time, DB Queries — 2 icon rows

• RIGHT: Accept Language (sl-tip), Cookies (sl-tip), User Agent (sl-tip),

     DB Time, Memory Peak — 3 icon rows

• Previously: LEFT had 4 icon rows, RIGHT had 1 → visible asymmetry fixed

Benefits: - No double-escaping; template engine owns the XSS boundary via {{ }} - Request & Performance card visually balanced: 2 vs 3 icon rows - Accept Language / Cookies / User Agent grouped on right (browser headers)

Technical notes: - {{{ }}} retained only for vars that intentionally output HTML fragments (sl-tip HTML from getHtmlFrag): servroot, dbsqlmode, extlist_, req, lastsecurityevent24h, dbissueevent24h, syncurl, status icons

Replaces word-wrap on the monitor value column with proper single-line truncation. sl-tip cells need overflow: visible so the popup and hover scale animation are not clipped; plain cells keep overflow: hidden.

Core changes:

1. Monitor value column (templates/admin/assets/css/theme.css):
2. Replace word-wrap/overflow-wrap with overflow:hidden + text-overflow:ellipsis
3. :has(.sl-tip) override: overflow:visible (popup and icon scale escape clip)

4. .sl-tip inside td: margin-right:4px + vertical-align:middle + top:1px (top:1px corrects 1px vertical offset measured via getBoundingClientRect)

5. .sl-note inside td: display:inline-block + max-width:calc(100% - 26px) enables self-truncation without touching td display or table-layout:fixed

6. Remove .sl-monitor-info-icon rule (class deleted with old fragment)

Benefits: - Label text truncates cleanly at cell boundary in all rows - Popup content never truncated — shows full value on hover/click - Icon and text vertically centered to the pixel across all rows - table-layout:fixed column widths preserved (no flex on td)

Technical notes: - display:flex on td breaks table-layout:fixed in Chrome (td shrinks ~38%) - overflow:hidden on td clips position:absolute popup before JS fires - position:fixed (JS sl-float-open) escapes all ancestor overflow clipping

Replaces the old getTooltipText() / getLogSnippet() approach with the unified sl-tip popup component. PHP no longer does manual escaping or text truncation — the template engine handles escaping via {{ }} and CSS handles visual truncation in the value column.

Core changes:

1. Monitor module (admin/modules/monitor.php):
2. Delete getTooltipText() — replaced by getHtmlFrag('info-tooltip', ...)
3. Delete getLogSnippet() — inlined as preg_replace('/\s+/', ' ', trim())
4. Remove htmlspecialchars() from all scalar monitor vars (template escapes)
5. Remove htmlspecialchars() from SVG chart title vars (tip_up/down/cpu/ram)

6. Replace getTooltipText() calls with getHtmlFrag('info-tooltip', [...]) for: servroot, dbsqlmode, extlist_on/off, all reqXxx vars,

   lastsecurityevent24h, dbissueevent24h

• Add global \$tpl to getMonitorTemplateVars() (required for getHtmlFrag)
• Deleted fragment templates:
• templates/admin/fragments/monitor-info-icon.html (old title= tooltip)
• templates/admin/fragments/monitor-tooltip-text.html (old short+icon)

Benefits: - Single consistent popup component (sl-tip) across the entire admin UI - Popup shows full untruncated content; CSS handles label truncation - No double-escaping risk — template engine owns XSS boundary

Technical notes: - getHtmlFrag('info-tooltip', ...) outputs raw HTML — use {{{ }}} in tpl - Plain scalar vars now use {{ }} (auto-escaped) in template - Log snippet whitespace normalization preserved inline at both call sites