Последнии сообщения форума
Всего: 300 Коммитов в репозитории | Отфильтровано: 300 Коммиты | Страница: 1 / 30
Сегодня (27.02.2026)
Docs: add filterMarkdown() design spec and parser architecture discussion
Two new design documents capturing the planned Markdown parser and
the architectural decisions for integrating it with bb_decode().
Core changes:
1. Design spec (docs/PARSE.md):
• Full self-contained implementation of filterMarkdown(string $src, bool $safe)
• Anonymous class with 15 private methods (filterBlocks, filterInlines, etc.)
• Covers: ATX/Setext headings, blockquotes, lists, GFM tables, fenced/indented
code, inline code, bold/italic/strike/highlight, links, images, auto-links
• Safe mode: filterText() + filterUrl() for XSS prevention
• Stash-salt mechanism for token collision prevention
• All method and variable names comply with SLAED §5 naming conventions
2. Architecture discussion (docs/DISCUS.md):
• Records session decisions on unified bb_decode/filterMarkdown pipeline
• Three-stage pipeline: server-side BB tags → filterMarkdown() → stash restore
• Three modes: bb (legacy), md (markdown), mixed (both)
• Five pre-implementation decisions documented and agreed
Benefits:
• Preserved design rationale for future contributors
• Clear migration path from legacy bb_decode() to unified parser
• All XSS concerns, mode semantics, and stash protocols specified
Technical notes:
• filterMarkdown() is a pure function: no DB, no config, no side-effects
• bb_decode() remains the orchestrator; [attach]/[usephp] stay outside parser
the architectural decisions for integrating it with bb_decode().
Core changes:
1. Design spec (docs/PARSE.md):
• Full self-contained implementation of filterMarkdown(string $src, bool $safe)
• Anonymous class with 15 private methods (filterBlocks, filterInlines, etc.)
• Covers: ATX/Setext headings, blockquotes, lists, GFM tables, fenced/indented
code, inline code, bold/italic/strike/highlight, links, images, auto-links
• Safe mode: filterText() + filterUrl() for XSS prevention
• Stash-salt mechanism for token collision prevention
• All method and variable names comply with SLAED §5 naming conventions
2. Architecture discussion (docs/DISCUS.md):
• Records session decisions on unified bb_decode/filterMarkdown pipeline
• Three-stage pipeline: server-side BB tags → filterMarkdown() → stash restore
• Three modes: bb (legacy), md (markdown), mixed (both)
• Five pre-implementation decisions documented and agreed
Benefits:
• Preserved design rationale for future contributors
• Clear migration path from legacy bb_decode() to unified parser
• All XSS concerns, mode semantics, and stash protocols specified
Technical notes:
• filterMarkdown() is a pure function: no DB, no config, no side-effects
• bb_decode() remains the orchestrator; [attach]/[usephp] stay outside parser
Refactor: modernize help module — setHead() SEO metadata and is_view flag
Replace bare setHead() call in view() with full SEO metadata block,
and add is_view flag to setTemplateBasic() for h1/h3 template switching.
Requires one additional DB query to fetch title/category/author for the
top-level ticket (pid=0) before the main result loop.
Core changes:
1. SEO metadata — view() (modules/help/index.php):
• Additional SQL query fetches: title, hometext, time, c.title, u.user_name
• setHead() now receives:
* title: ticket title, ctitle: category title
* desc: bb_decode + strip_tags + cutstr(160)
* img: first image from hometext via getImgText()
* time: ticket timestamp, author: user_name or sitename fallback
2. Template flag (modules/help/index.php):
• setTemplateBasic() call extended with if_flag => ['is_view' => !$pid]
* is_view=true for top-level ticket (pid=0) → renders <h1> in template
* is_view=false for replies → renders <h3> as before
Benefits:
• Unique per-ticket <title> and og:* meta for SEO
• Semantic <h1> on ticket detail page via template flag
• No behavior change for listing or reply rendering
Technical notes:
• Extra query runs once per view() call, not per row
• Backward compatibility: full — no DB schema or template engine changes
and add is_view flag to setTemplateBasic() for h1/h3 template switching.
Requires one additional DB query to fetch title/category/author for the
top-level ticket (pid=0) before the main result loop.
Core changes:
1. SEO metadata — view() (modules/help/index.php):
• Additional SQL query fetches: title, hometext, time, c.title, u.user_name
• setHead() now receives:
* title: ticket title, ctitle: category title
* desc: bb_decode + strip_tags + cutstr(160)
* img: first image from hometext via getImgText()
* time: ticket timestamp, author: user_name or sitename fallback
2. Template flag (modules/help/index.php):
• setTemplateBasic() call extended with if_flag => ['is_view' => !$pid]
* is_view=true for top-level ticket (pid=0) → renders <h1> in template
* is_view=false for replies → renders <h3> as before
Benefits:
• Unique per-ticket <title> and og:* meta for SEO
• Semantic <h1> on ticket detail page via template flag
• No behavior change for listing or reply rendering
Technical notes:
• Extra query runs once per view() call, not per row
• Backward compatibility: full — no DB schema or template engine changes
Refactor: modernize forum module — getVar(), setHead() SEO, prepared SQL
Replace raw superglobal access with getVar(), add full SEO metadata to
view() via setHead(), and fix a raw SQL concatenation in status query.
No behavioral changes to listing or form logic.
Core changes:
1. Input handling (modules/forum/index.php):
• $_GET['num'] -> getVar('req', 'num', 'num') in forum() and view()
• $_GET['id'] -> getVar('req', 'id', 'num') in view()
• $_GET['word'] -> text_filter(getVar('req', 'word', 'text')) in view()
• $b initialized as int 0 instead of string ''
2. SEO metadata — view() (modules/forum/index.php):
• setHead() now receives full structured data:
* title: topic title, ctitle: category title
* desc: bb_decode + strip_tags + cutstr(160)
* img: first image from hometext via getImgText()
* time: topic timestamp, author: user_name or sitename fallback
3. SQL security (modules/forum/index.php):
• Status query in view() replaced raw $id concat with named param :id
* 'WHERE id = :id' with ['id' => $id]
Benefits:
• XSS-safe input handling via getVar() type enforcement
• Unique per-topic <title> and og:* meta for SEO
• SQL injection eliminated in status fetch query
Technical notes:
• Backward compatibility: full — no template or DB schema changes
view() via setHead(), and fix a raw SQL concatenation in status query.
No behavioral changes to listing or form logic.
Core changes:
1. Input handling (modules/forum/index.php):
• $_GET['num'] -> getVar('req', 'num', 'num') in forum() and view()
• $_GET['id'] -> getVar('req', 'id', 'num') in view()
• $_GET['word'] -> text_filter(getVar('req', 'word', 'text')) in view()
• $b initialized as int 0 instead of string ''
2. SEO metadata — view() (modules/forum/index.php):
• setHead() now receives full structured data:
* title: topic title, ctitle: category title
* desc: bb_decode + strip_tags + cutstr(160)
* img: first image from hometext via getImgText()
* time: topic timestamp, author: user_name or sitename fallback
3. SQL security (modules/forum/index.php):
• Status query in view() replaced raw $id concat with named param :id
* 'WHERE id = :id' with ['id' => $id]
Benefits:
• XSS-safe input handling via getVar() type enforcement
• Unique per-topic <title> and og:* meta for SEO
• SQL injection eliminated in status fetch query
Technical notes:
• Backward compatibility: full — no template or DB schema changes
Fix: move template.php require_once to core boot sequence in system.php
template.php was loaded inside setThemeInclude() (called per-request
during theme setup), which meant template helpers were unavailable during
early bootstrap before theme selection. Moving the require_once to the
top-level boot block ensures template functions are available as soon
as core/system.php is loaded.
Core changes:
1. Boot sequence (core/system.php):
• Added require_once BASE_DIR.'/core/template.php' after security.php/legacy.php
* Removed duplicate require_once from setThemeInclude()
2. Trailing newline (core/legacy.php):
• Added missing EOF newline
Benefits:
• Template helpers available earlier in request lifecycle
• Eliminates hidden dependency on setThemeInclude() call order
• Consistent require_once placement with other core files
Technical notes:
• No behavior change for standard request flow
• Backward compatibility: full
during theme setup), which meant template helpers were unavailable during
early bootstrap before theme selection. Moving the require_once to the
top-level boot block ensures template functions are available as soon
as core/system.php is loaded.
Core changes:
1. Boot sequence (core/system.php):
• Added require_once BASE_DIR.'/core/template.php' after security.php/legacy.php
* Removed duplicate require_once from setThemeInclude()
2. Trailing newline (core/legacy.php):
• Added missing EOF newline
Benefits:
• Template helpers available earlier in request lifecycle
• Eliminates hidden dependency on setThemeInclude() call order
• Consistent require_once placement with other core files
Technical notes:
• No behavior change for standard request flow
• Backward compatibility: full
Refactor: apply SLAED §5 naming conventions to core/security.php variables
Rename all non-compliant local variables to lowercase-no-underscore format
per refactoring-standards.md §5, and expand $lctx closure to add
cookie/session key truncation with explicit truncation flags.
Core changes:
1. $lctx closure (core/security.php):
• Expanded with per-key truncation: $ck, $cktr, $sk, $sktr, $ctx
* Limits cookie/session key arrays to 50 entries
* Adds cookie_keys_truncated / session_keys_truncated flags when cut
• Renamed: query/post use $q/$p; empty arrays become stdClass for JSON
2. HTTP error handler (core/security.php):
• $http_msg -> $httpmsg
3. error_reporting_log() parameters and locals (core/security.php):
• $error_num -> $errno, $error_var -> $errmsg
• $error_file -> $errfile, $error_line -> $errline
• $level_map -> $levelmap, $php_err -> $phperr
4. error_sql_log() locals (core/security.php):
• $sql_orig -> $sqlorig, $sql_bytes -> $sqlbytes
• $sql_hash -> $sqlhash, $sql_safe -> $sqlsafe
Benefits:
• Consistent naming across entire security layer
• No behavior change — pure rename refactor
Technical notes:
• All renamed variables are local scope only; no public API change
• Backward compatibility: full
per refactoring-standards.md §5, and expand $lctx closure to add
cookie/session key truncation with explicit truncation flags.
Core changes:
1. $lctx closure (core/security.php):
• Expanded with per-key truncation: $ck, $cktr, $sk, $sktr, $ctx
* Limits cookie/session key arrays to 50 entries
* Adds cookie_keys_truncated / session_keys_truncated flags when cut
• Renamed: query/post use $q/$p; empty arrays become stdClass for JSON
2. HTTP error handler (core/security.php):
• $http_msg -> $httpmsg
3. error_reporting_log() parameters and locals (core/security.php):
• $error_num -> $errno, $error_var -> $errmsg
• $error_file -> $errfile, $error_line -> $errline
• $level_map -> $levelmap, $php_err -> $phperr
4. error_sql_log() locals (core/security.php):
• $sql_orig -> $sqlorig, $sql_bytes -> $sqlbytes
• $sql_hash -> $sqlhash, $sql_safe -> $sqlsafe
Benefits:
• Consistent naming across entire security layer
• No behavior change — pure rename refactor
Technical notes:
• All renamed variables are local scope only; no public API change
• Backward compatibility: full
Chore: restructure admin/info help pages into per-module subdirectories
Move admin panel help HTML files from flat naming convention
(module-lang.html) to per-module subdirectory layout (module/lang.html),
improving organization and making locale additions straightforward.
Core changes:
1. Admin info pages (admin/info/):
• Renamed all flat module-lang.html files to module/lang.html layout
* Pattern: admins-ru.html → admins/ru.html
* 22 modules × 6 locales (de, en, fr, pl, ru, uk) reorganized
Benefits:
• Cleaner directory structure per module
• Easier to add new locales without polluting the flat namespace
• Consistent with standard i18n subdirectory conventions
(module-lang.html) to per-module subdirectory layout (module/lang.html),
improving organization and making locale additions straightforward.
Core changes:
1. Admin info pages (admin/info/):
• Renamed all flat module-lang.html files to module/lang.html layout
* Pattern: admins-ru.html → admins/ru.html
* 22 modules × 6 locales (de, en, fr, pl, ru, uk) reorganized
Benefits:
• Cleaner directory structure per module
• Easier to add new locales without polluting the flat namespace
• Consistent with standard i18n subdirectory conventions
Вчера (26.02.2026)
Docs: update project documentation to reflect recent changes
Synchronize all project docs with the current state of SLAED CMS 6.3.
Five files updated: README, UPGRADING, CONTRIBUTING, SECURITY, TEMPLATES.
Core changes:
1. README.md:
• Update migration badge from 70% to 75%
• Remove "Frontend modules ~35% remaining" (all 26 modules complete)
2. UPGRADING.md:
• Add Breaking Changes: config/rewrite.php removed, $confu['anonym'] removed,
setConfigFile() reserved guard, getConfig() skip list
• Update Version History status to ~75%, add three new Major Changes items
3. CONTRIBUTING.md:
• Expand language constants [!IMPORTANT] block with placement rule
(language/*.php for public, admin/language/*.php for admin-only)
• Add "Config Files -> Reserved Config Files" section with table
4. SECURITY.md:
• Add NDJSON format note to Logging & Error Handling section
• Add "Config Write Protection" block (setConfigFile guard + getConfig skip)
5. docs/TEMPLATES.md:
• Add "SEO Placeholder Variables" section documenting all 14 setHead() placeholders
([homeurl], [site], [logo], [loc], [time], [mtime], [title], [desc],
[img], [ctitle], [type], [url], [headline], [author])
Benefits:
• Documentation accurately reflects the current codebase
• Contributors have clear guidance on language constant placement
• Reserved config file rules are documented
Technical notes:
• docs/TESTS.md and CODE_OF_CONDUCT.md required no changes
Five files updated: README, UPGRADING, CONTRIBUTING, SECURITY, TEMPLATES.
Core changes:
1. README.md:
• Update migration badge from 70% to 75%
• Remove "Frontend modules ~35% remaining" (all 26 modules complete)
2. UPGRADING.md:
• Add Breaking Changes: config/rewrite.php removed, $confu['anonym'] removed,
setConfigFile() reserved guard, getConfig() skip list
• Update Version History status to ~75%, add three new Major Changes items
3. CONTRIBUTING.md:
• Expand language constants [!IMPORTANT] block with placement rule
(language/*.php for public, admin/language/*.php for admin-only)
• Add "Config Files -> Reserved Config Files" section with table
4. SECURITY.md:
• Add NDJSON format note to Logging & Error Handling section
• Add "Config Write Protection" block (setConfigFile guard + getConfig skip)
5. docs/TEMPLATES.md:
• Add "SEO Placeholder Variables" section documenting all 14 setHead() placeholders
([homeurl], [site], [logo], [loc], [time], [mtime], [title], [desc],
[img], [ctitle], [type], [url], [headline], [author])
Benefits:
• Documentation accurately reflects the current codebase
• Contributors have clear guidance on language constant placement
• Reserved config file rules are documented
Technical notes:
• docs/TESTS.md and CODE_OF_CONDUCT.md required no changes
Chore: update .gitignore plans path from plans/ to docs/plans/
The plans directory was moved under docs/ to better organize
project planning files alongside other documentation.
Core changes:
1. .gitignore:
• Change 'plans/' to 'docs/plans/'
Technical notes:
• No functional change to the codebase
project planning files alongside other documentation.
Core changes:
1. .gitignore:
• Change 'plans/' to 'docs/plans/'
Technical notes:
• No functional change to the codebase
Chore: add FUNC_FILE access guard and copyright header to reserved config stubs
The three reserved config stubs (system.php, header.php, chmod.php)
previously returned null to signal they are not config arrays. Replace
with an explicit die() guard consistent with other protected system
files, and add the standard SLAED copyright header.
Core changes:
1. config/system.php, config/header.php, config/chmod.php:
• Add copyright header (Author, Copyright, License, Website)
• Replace 'return null' with: if (!defined('FUNC_FILE')) die('Illegal file access')
Benefits:
• Consistent access protection across all restricted files
• Standard SLAED file header present in all config stubs
Technical notes:
• Files remain excluded from getConfig() merge via skip list in core/system.php
• die() guard prevents direct HTTP access if .htaccess rules are misconfigured
previously returned null to signal they are not config arrays. Replace
with an explicit die() guard consistent with other protected system
files, and add the standard SLAED copyright header.
Core changes:
1. config/system.php, config/header.php, config/chmod.php:
• Add copyright header (Author, Copyright, License, Website)
• Replace 'return null' with: if (!defined('FUNC_FILE')) die('Illegal file access')
Benefits:
• Consistent access protection across all restricted files
• Standard SLAED file header present in all config stubs
Technical notes:
• Files remain excluded from getConfig() merge via skip list in core/system.php
• die() guard prevents direct HTTP access if .htaccess rules are misconfigured
Chore: rename content module admin info files to 2-letter locale codes
Rename admin info HTML files in modules/content/admin/info/ from full
language names to 2-letter locale codes, matching the convention used
in other modules (news, pages, etc.).
Core changes:
1. modules/content/admin/info/ (6 renames):
• english.html -> en.html
• french.html -> fr.html
• german.html -> de.html
• polish.html -> pl.html
• russian.html -> ru.html
• ukrainian.html -> uk.html
Benefits:
• Consistent file naming across all module admin info directories
• Aligns with the 2-letter locale code convention (en, de, fr, pl, ru, uk)
Technical notes:
• File contents are preserved as-is
• Admin panel loads info files by locale code; old names were unused
language names to 2-letter locale codes, matching the convention used
in other modules (news, pages, etc.).
Core changes:
1. modules/content/admin/info/ (6 renames):
• english.html -> en.html
• french.html -> fr.html
• german.html -> de.html
• polish.html -> pl.html
• russian.html -> ru.html
• ukrainian.html -> uk.html
Benefits:
• Consistent file naming across all module admin info directories
• Aligns with the 2-letter locale code convention (en, de, fr, pl, ru, uk)
Technical notes:
• File contents are preserved as-is
• Admin panel loads info files by locale code; old names were unused
