Removes the obfuscated anti_spam() rendering of customer email addresses in the money, order, and shop admin list views, replacing it with a proper clickable mailto link so admins can contact users directly from the table.
Core changes:
- money/admin/index.php:
Email cell: renders info-tooltip + mailto link (subject includes module name _MONEY); removed is_truncate flag from cell and header
- IP cell: added class_name 'sl-col-ip' for correct column width
- order/admin/index.php:
Email cell: info-tooltip title_html replaces label_text anti_spam; mailto link appended after the tooltip (subject: _ORDER)
- shop/admin/index.php (partnerinfo):
- Added is_fixed => true to the partner clients table
Benefits: - Email addresses are directly actionable from the admin list - Consistent pattern with other admin modules (admins, money, order)
Technical notes: - Subject line is URL-encoded with rawurlencode(); site name prefixed - anti_spam() call removed; no backward-compat wrapper needed
Adds data attributes that enable JS-driven column sorting on status cells in the categories and blocks admin tables, and passes the is_col_actions flag through to the functions column so it receives the correct CSS class.
Core changes:
- getAdminCategoryList() (core/admin.php):
Status td: added attr with data-sort-column-key and data-sort value (1 for active, 0 for inactive) to enable tablesort
- Functions td: added is_col_actions => true
- Table: added attr data-sl-admin-table="categories"
Status th: replaced nosort with sortable data-sort-column-key + data-sort-reverse
- Functions th: added is_col_actions => true
- getAdminBlockList() (core/admin.php):
Same set of changes applied to the blocks table (status + functions cells and headers, data-sl-admin-table="blocks")
Benefits: - Status columns are now sortable by activation state - Functions column gets correct sl-col-actions width via CSS class
Technical notes: - data-sort is set to '1'/'0' string to match tablesort expectations - data-sort-reverse sorts active items to the top by default
Applies the is_fixed flag to all admin tables that were missing it so column widths are stable, and corrects the swapped active-tab indices in the blocks module add/edit functions.
Core changes:
- blocks.php:
- add(): tab index corrected from 3 to 1 (Add tab)
- edit(): tab index corrected from 1 to 3 (Edit tab)
- filecode(): inline block path variable, merged redundant alert calls
- database.php:
- getSqltable(): added is_fixed => true to inner query-result table
- database(): added is_fixed => true to the table-list table
- groups.php:
- points(): added is_fixed => true to the points table
- referers.php:
- referers(): added is_fixed => true to the referrers table
- security.php:
- security(): added is_fixed => true to the IP log table
- banlist(): added is_fixed => true to both ban tables (IP + name)
- statistic.php:
- statistic(): added is_fixed => true to the stats table
Benefits: - Consistent column widths across all admin list tables - Active tab now highlights the correct section in blocks module
Technical notes: - is_fixed adds the sl-table-fixed CSS class; no schema change
Replaces the binary Yes/No super-admin flag with a three-tier access indicator (icon + colour), hardens the add/edit form (autocomplete, toggle collapsible, password validation), and fixes several minor rendering regressions introduced in earlier sessions.
Core changes:
- admins() — list view (admins.php):
- Column header changed from _SUPERUSER to _ACCESS
- SQL now also fetches modules column for each admin row
- Computes $stat tier: 2=superuser, 1=has modules, 0=no access
Status cell renders bootstrap-icon shield-fill-check with colour: danger for superuser, success for module access, muted for none
- data-sort attribute set to $stat so table can sort by access tier
- mailto subject line includes module name (_MODULESADMIN)
- add() — edit/add form (admins.php):
- $check now reads the actual POST mail flag on re-render after error
- alert() call corrected: uses 'lines' key (was 'messages')
- Mail template text built with PHP_EOL instead of literal '\n'
- Password inputs get autocomplete="new-password"
_MAIL_SENDE label rendered via span fragment with sl-no-colon class so no unwanted colon appears after the checkbox label
Mail textarea collapsible moved from a wrapping div to the div-row level using id + attr (data-sl-toggle-display, style hide/show)
- save() — persistence (admins.php):
- Password change detection uses $chg flag (both fields non-empty)
- Validation: skip password checks when editing without changing pwd
$mail suppressed when editing without password change (avoid sending stale password notification)
Benefits: - Visual access tier is immediately scannable in the admin list - Password update is independent of mail notification - Form collapses mail section cleanly without layout artefacts
Technical notes: - filterAdminmods + getAdminModuleNames already existed; no new helpers - Backward compatible: database schema unchanged
Improves the visual layout of alert boxes, table rows, and form fields; extends template fragments with new optional attributes; and fixes the JS toggle helper to respect the data-sl-toggle-display attribute so collapsible div-rows restore the correct display value.
Core changes:
- theme.css:
Alert (.sl-warn/.sl-info): switch to flex layout; icon is static flex item; .sl-alert-content wraps text; removes obsolete absolute positioning and transform
- Table rows (th/td): unified height: 30px + vertical-align middle
- sl-col-status: width 52 → 80px, white-space nowrap
- .sl-div-item-full textarea: added width/box-sizing/min-width rules
- .sl-div-item-full .sl-collapsible: width 100% min-width 0
- .sl-no-colon: suppresses the automatic colon after label text
- sl-col-sent: overflow/text-overflow ellipsis
- alert.html:
Content body is now wrapped in <div class="sl-alert-content"> to integrate with the new flex layout
- bootstrap-icon.html:
- Added optional color_attr variable to render inline style color
- div-row.html:
- Added optional id and attr pass-through attributes on the wrapper div
- table.html:
- Added optional attr pass-through attribute on the <table> element
- th.html:
- Added optional attr pass-through attribute on the <th> element
- info-tooltip.html:
- Collapsed redundant blank lines; logic unchanged
- slaed.js (toggleBlock):
Read data-sl-toggle-display attribute from target element to determine the correct display value when showing (fallback: 'grid' for sl-div-item/sl-div-grid, 'block' otherwise)
Benefits: - Alert icons no longer shift on narrow viewports - Tables have uniform row height across all admin modules - Fragments are extensible without PHP-side workarounds
Technical notes: - Backward compatible: all new attributes are optional - data-sl-toggle-display="grid" is used by the new collapsible mail section in the admins form
Introduces a new language constant _ACCESS (de: 'Zugriff', en: 'Access', fr: 'Accès', pl: 'Dostęp', ru/uk: 'Доступ') placed alphabetically before the existing _SUPERUSER constant. Used as the column header and checkbox label in the admins module to distinguish plain module access from full super-admin access.
Core changes:
- All six admin language files (de, en, fr, pl, ru, uk):
Added define('_ACCESS', '<translation>') between _SUBCATEGORY and _SUPERUSER so alphabetical ordering is preserved
Benefits: - Enables the admins list to display a distinct 'Access' column header instead of reusing _SUPERUSER for a non-binary indicator - Single-source translation for 'Access' across the whole admin panel
Technical notes: - _SUPERUSER ('Full access') is kept unchanged for backward compat with existing super-admin badge tooltips
The checkbox that grants unrestricted access to all modules was previously labelled 'Full access' in UI and documentation. This commit updates only the help/info pages so the label matches the upcoming constant rename in the codebase.
Core changes:
- Admin info pages — all six language variants (de, en, fr, pl, ru, uk):
Updated label references from 'Full access' / 'Vollzugriff' / 'Полный доступ' / 'Повний доступ' / 'Accès complet' / 'Pełny dostęp' to the shorter 'Access' / 'Zugriff' / 'Доступ' / 'Доступ' / 'Accès' / 'Dostęp' respectively
- Fixed missing newline at end of file in de, en, fr, pl, uk variants
Benefits: - Documentation stays in sync with the renamed UI label - Consistent terminology across all language variants
Technical notes: - ru.md: heading 'Опция «Полный доступ»' updated to 'Опция «Доступ»' - Columns description updated in ru.md to match new column header - No logic or template changes in this commit
Aligns the template with the new PHP-side escaping contract: scalar monitor vars no longer need {{{ }}} (raw). SVG chart title vars switch to {{ }} now that PHP drops htmlspecialchars(). Request & Performance section redistributed so icon rows are balanced left vs right.
Core changes:
- Scalar var escaping (templates/admin/partials/basic-monitor.html):
- {{{ cmsver/phpver/mysql }}} → {{ }} in version status block
- {{{ uptime/osname/servfull/servprot/servname/serverip/servport }}} → {{ }}
- {{{ diskfree/dskread/dskwrite }}} → {{ }}
- {{{ lastbackuprun/backupdirsz/cachedirsz/logsdirsz/uploadssz }}} → {{ }}
- {{{ failedlogins24h/errorlog24h }}} → {{ }}
- {{{ phpsapi/zend_eng/php_char/memlim/scriptmem/maxtime }}} → {{ }}
- {{{ postmax/upmax/maxvars/maxfileup/gdver/opcache_* }}} → {{ }}
- {{{ dbchar/dbtz/dbmaxpack/dbbuffpool/dbconn/dbcurname/dbuser }}} → {{ }}
- {{{ reqip/mempeak }}} → {{ }}
- SVG title vars {{{ tip_up/down/cpu/ram }}} → {{ tip_* }}
- Request & Performance layout:
- LEFT: Client IP, Request URI (sl-tip), Query String (sl-tip),
Execution Time, DB Queries — 2 icon rows- RIGHT: Accept Language (sl-tip), Cookies (sl-tip), User Agent (sl-tip),
DB Time, Memory Peak — 3 icon rows- Previously: LEFT had 4 icon rows, RIGHT had 1 → visible asymmetry fixed
Benefits: - No double-escaping; template engine owns the XSS boundary via {{ }} - Request & Performance card visually balanced: 2 vs 3 icon rows - Accept Language / Cookies / User Agent grouped on right (browser headers)
Technical notes: - {{{ }}} retained only for vars that intentionally output HTML fragments (sl-tip HTML from getHtmlFrag): servroot, dbsqlmode, extlist_, req, lastsecurityevent24h, dbissueevent24h, syncurl, status icons
Replaces word-wrap on the monitor value column with proper single-line truncation. sl-tip cells need overflow: visible so the popup and hover scale animation are not clipped; plain cells keep overflow: hidden.
Core changes:
- Monitor value column (templates/admin/assets/css/theme.css):
- Replace word-wrap/overflow-wrap with overflow:hidden + text-overflow:ellipsis
- :has(.sl-tip) override: overflow:visible (popup and icon scale escape clip)
.sl-tip inside td: margin-right:4px + vertical-align:middle + top:1px (top:1px corrects 1px vertical offset measured via getBoundingClientRect)
.sl-note inside td: display:inline-block + max-width:calc(100% - 26px) enables self-truncation without touching td display or table-layout:fixed
- Remove .sl-monitor-info-icon rule (class deleted with old fragment)
Benefits: - Label text truncates cleanly at cell boundary in all rows - Popup content never truncated — shows full value on hover/click - Icon and text vertically centered to the pixel across all rows - table-layout:fixed column widths preserved (no flex on td)
Technical notes: - display:flex on td breaks table-layout:fixed in Chrome (td shrinks ~38%) - overflow:hidden on td clips position:absolute popup before JS fires - position:fixed (JS sl-float-open) escapes all ancestor overflow clipping
Replaces the old getTooltipText() / getLogSnippet() approach with the unified sl-tip popup component. PHP no longer does manual escaping or text truncation — the template engine handles escaping via {{ }} and CSS handles visual truncation in the value column.
Core changes:
- Monitor module (admin/modules/monitor.php):
- Delete getTooltipText() — replaced by getHtmlFrag('info-tooltip', ...)
- Delete getLogSnippet() — inlined as preg_replace('/\s+/', ' ', trim())
- Remove htmlspecialchars() from all scalar monitor vars (template escapes)
- Remove htmlspecialchars() from SVG chart title vars (tip_up/down/cpu/ram)
Replace getTooltipText() calls with getHtmlFrag('info-tooltip', [...]) for: servroot, dbsqlmode, extlist_on/off, all reqXxx vars,
lastsecurityevent24h, dbissueevent24h- Add global \$tpl to getMonitorTemplateVars() (required for getHtmlFrag)
- Deleted fragment templates:
- templates/admin/fragments/monitor-info-icon.html (old title= tooltip)
- templates/admin/fragments/monitor-tooltip-text.html (old short+icon)
Benefits: - Single consistent popup component (sl-tip) across the entire admin UI - Popup shows full untruncated content; CSS handles label truncation - No double-escaping risk — template engine owns XSS boundary
Technical notes: - getHtmlFrag('info-tooltip', ...) outputs raw HTML — use {{{ }}} in tpl - Plain scalar vars now use {{ }} (auto-escaped) in template - Log snippet whitespace normalization preserved inline at both call sites
