Всего: 166 Коммитов в репозитории |
Отфильтровано: 166 Коммиты |
Страница: 11 / 17
09.12.2025
Fix changelog module configuration save functionality
Fixed configuration persistence issues in the changelog module where
GitHub repository and token values were not being saved correctly.
Changes in admin/modules/changelog.php:
• Fixed global variable: $admin_file → $aroute (consistency)
• Fixed getVar() type for GitHub fields: 'var' → 'text'
• The 'var' type uses isVar() which only allows a-zA-Z0-9_-
• Repository names like 'SLAED-CMS-6.3-Pro' contain dots, which were rejected
• GitHub tokens contain underscores and were being filtered incorrectly
• Type 'text' uses save_text() which preserves special characters
Issue details:
• getVar() with type 'var' calls isVar() function
• isVar() pattern: /[^a-zA-Z0-9_\-]/ rejects dots and many characters
• 'SLAED-CMS-6.3-Pro' was converted to '0' due to dot rejection
• GitHub tokens 'ghp_...' were also filtered incorrectly
Solution:
• Use type 'text' for github_owner, github_repo, and github_token
• save_text() preserves necessary characters while still sanitizing input
• Configuration now saves correctly with full repository names and tokens
This fix enables proper GitHub API integration configuration.
GitHub repository and token values were not being saved correctly.
Changes in admin/modules/changelog.php:
• Fixed global variable: $admin_file → $aroute (consistency)
• Fixed getVar() type for GitHub fields: 'var' → 'text'
• The 'var' type uses isVar() which only allows a-zA-Z0-9_-
• Repository names like 'SLAED-CMS-6.3-Pro' contain dots, which were rejected
• GitHub tokens contain underscores and were being filtered incorrectly
• Type 'text' uses save_text() which preserves special characters
Issue details:
• getVar() with type 'var' calls isVar() function
• isVar() pattern: /[^a-zA-Z0-9_\-]/ rejects dots and many characters
• 'SLAED-CMS-6.3-Pro' was converted to '0' due to dot rejection
• GitHub tokens 'ghp_...' were also filtered incorrectly
Solution:
• Use type 'text' for github_owner, github_repo, and github_token
• save_text() preserves necessary characters while still sanitizing input
• Configuration now saves correctly with full repository names and tokens
This fix enables proper GitHub API integration configuration.
Fix GitHub API authentication and secure token configuration
Fixed GitHub API authorization header format and moved sensitive
configuration to .gitignore for better security practices.
Changes in admin/modules/changelog.php:
• Fixed Authorization header: 'Bearer' → 'token'
• GitHub Personal Access Tokens require 'token' prefix, not 'Bearer'
• 'Bearer' is used for OAuth 2.0 tokens only
Changes in .gitignore:
• Added /config/changelog.php to excluded files
• Prevents committing API tokens and sensitive credentials
• Grouped under new "API tokens and secrets" section
New file: config/changelog.php.example
• Template configuration file without sensitive data
• Users copy to changelog.php and add their own token
• Safe to commit to repository
Security improvement:
• GitHub tokens no longer tracked in version control
• Reduces risk of credential exposure
• Follows best practices for secret management
configuration to .gitignore for better security practices.
Changes in admin/modules/changelog.php:
• Fixed Authorization header: 'Bearer' → 'token'
• GitHub Personal Access Tokens require 'token' prefix, not 'Bearer'
• 'Bearer' is used for OAuth 2.0 tokens only
Changes in .gitignore:
• Added /config/changelog.php to excluded files
• Prevents committing API tokens and sensitive credentials
• Grouped under new "API tokens and secrets" section
New file: config/changelog.php.example
• Template configuration file without sensitive data
• Users copy to changelog.php and add their own token
• Safe to commit to repository
Security improvement:
• GitHub tokens no longer tracked in version control
• Reduces risk of credential exposure
• Follows best practices for secret management
Modernize admin modules and add GitHub integration support
Major refactoring of admin modules with code modernization, security
improvements, and new GitHub API integration for changelog functionality.
## New Features
### GitHub Integration (changelog.php)
Added commits() function to fetch commit history from GitHub API:
• Supports filtering by author, date range, search term
• Complete error handling with detailed HTTP status codes
• Bearer token authentication support
• Configurable commit limit (default: 50)
• Returns structured commit data: hash, author, date, message, files
Configuration added to config/changelog.php:
• github_owner: SLAED-CMS
• github_repo: SLAED-CMS-6.3-Pro
• github_token: API access token
• source: 'github' (local/github toggle)
### New Monitor Module
Added admin/modules/monitor.php (~30KB):
• System monitoring and analytics dashboard
• Real-time performance metrics
• Resource usage tracking
## Module Modernization
### Function Naming Standardization
Unified navigation functions across all modules to generic navi():
• msgNavi() → navi() in messages.php
• privatNavi() → navi() in privat.php
• (consistently applied to all modules)
### Security Improvements
SQL Injection Protection:
Updated raw SQL queries to use prepared statements with named placeholders:
``
### Copyright Updates
Updated copyright years in all modified files:
• © 2005 - 2017 → © 2005 - 2026
## Modules Modified
1. admin/index.php - Minor routing update
2. admin/modules/admins.php - Removed unused global $conf
3. admin/modules/categories.php - Full modernization (40 changes)
4. admin/modules/changelog.php - GitHub integration (+356 lines)
5. admin/modules/favorites.php - Code style standardization (52 changes)
6. admin/modules/fields.php - Modernization (93 changes)
7. admin/modules/groups.php - Complete refactoring (163 changes)
8. admin/modules/lang.php - Code cleanup (53 changes)
9. admin/modules/messages.php - Full modernization (293 changes)
10. admin/modules/privat.php - Complete refactoring (151 changes)
11. config/changelog.php - GitHub configuration added
## Statistics
• 11 files modified
• 1 new file (monitor.php)
• 651 insertions, 557 deletions (+94 lines net)
• ~1,200 lines refactored for code quality
## Impact
• Modern PHP 8.4+ standards applied throughout
• Improved security with SQL injection protection
• Consistent code style (PSR-12)
• GitHub API integration enables cloud-based changelog management
• Better maintainability with standardized function names
• Cleaner codebase with removed legacy patterns
improvements, and new GitHub API integration for changelog functionality.
## New Features
### GitHub Integration (changelog.php)
Added commits() function to fetch commit history from GitHub API:
• Supports filtering by author, date range, search term
• Complete error handling with detailed HTTP status codes
• Bearer token authentication support
• Configurable commit limit (default: 50)
• Returns structured commit data: hash, author, date, message, files
Configuration added to config/changelog.php:
• github_owner: SLAED-CMS
• github_repo: SLAED-CMS-6.3-Pro
• github_token: API access token
• source: 'github' (local/github toggle)
### New Monitor Module
Added admin/modules/monitor.php (~30KB):
• System monitoring and analytics dashboard
• Real-time performance metrics
• Resource usage tracking
## Module Modernization
### Function Naming Standardization
Unified navigation functions across all modules to generic navi():
• msgNavi() → navi() in messages.php
• privatNavi() → navi() in privat.php
• (consistently applied to all modules)
### Security Improvements
SQL Injection Protection:
Updated raw SQL queries to use prepared statements with named placeholders:
``
php
// BEFORE:
$db->sql_query("UPDATE ".$prefix."_message SET active = '0', expire = '0' WHERE mid = '".$mid."'");
// AFTER:
$db->sql_query('UPDATE '.$prefix.'_message SET active = :active, expire = :expire WHERE mid = :mid',
['active' => 0, 'expire' => 0, 'mid' => $mid]);
`
Config File Validation:
Replaced end_chmod() with checkConfigFile() helper:
php
// BEFORE:
include('config/config_privat.php');
$permtest = end_chmod('config/config_privat.php', 666);
if ($permtest) $cont .= tpl_warn('warn', $permtest, '', '', 'warn');
// AFTER:
$cont .= checkConfigFile('config_privat.php');
`
### Code Style Standardization
Tabs → Spaces (PSR-12):
Converted all indentation from tabs to 4 spaces in:
• messages.php
• privat.php
• groups.php
• categories.php
• favorites.php
• fields.php
Double Quotes → Single Quotes:
php
// BEFORE:
if (!defined("ADMIN_FILE")) die("Illegal file access");
// AFTER:
if (!defined('ADMIN_FILE')) die('Illegal file access');
`
Template Functions:
• tpl_eval() → setTemplateBasic()
• tpl_warn() → setTemplateWarning()
Global Variables:
• $admin_file → $aroute (consistent routing variable)
### Function Signature Improvements
Type Hints and Return Types:
php
// BEFORE:
function privat() {
// AFTER:
function privat(): void {
`
Function Renaming for Clarity:
php
// BEFORE:
function privatConf() {
// AFTER:
function conf(): void {
``### Copyright Updates
Updated copyright years in all modified files:
• © 2005 - 2017 → © 2005 - 2026
## Modules Modified
1. admin/index.php - Minor routing update
2. admin/modules/admins.php - Removed unused global $conf
3. admin/modules/categories.php - Full modernization (40 changes)
4. admin/modules/changelog.php - GitHub integration (+356 lines)
5. admin/modules/favorites.php - Code style standardization (52 changes)
6. admin/modules/fields.php - Modernization (93 changes)
7. admin/modules/groups.php - Complete refactoring (163 changes)
8. admin/modules/lang.php - Code cleanup (53 changes)
9. admin/modules/messages.php - Full modernization (293 changes)
10. admin/modules/privat.php - Complete refactoring (151 changes)
11. config/changelog.php - GitHub configuration added
## Statistics
• 11 files modified
• 1 new file (monitor.php)
• 651 insertions, 557 deletions (+94 lines net)
• ~1,200 lines refactored for code quality
## Impact
• Modern PHP 8.4+ standards applied throughout
• Improved security with SQL injection protection
• Consistent code style (PSR-12)
• GitHub API integration enables cloud-based changelog management
• Better maintainability with standardized function names
• Cleaner codebase with removed legacy patterns
08.12.2025
Complete language code standardization for admin help files and refactor modules
This commit continues the ISO 639-1 language code standardization,
focusing on admin help documentation files and modernizing admin module code.
## Admin Help Files Renamed (admin/info/)
Renamed 84 HTML help files from verbose language names to ISO 639-1 codes:
Modules affected:
• admins: admins-english.html → admins-en.html (and fr, de, pl, ru, uk)
• blocks: blocks-english.html → blocks-en.html (and fr, de, pl, ru, uk)
• categories: categories-english.html → categories-en.html (etc.)
• comments: comments-english.html → comments-en.html (etc.)
• configure: configure-english.html → configure-en.html (etc.)
• database: database-english.html → database-en.html (etc.)
• editor: editor-english.html → editor-en.html (etc.)
• favorites: favorites-english.html → favorites-en.html (etc.)
• fields: fields-english.html → fields-en.html (etc.)
• groups: groups-english.html → groups-en.html (etc.)
• lang: lang-english.html → lang-en.html (etc.)
• messages: msg-english.html → messages-en.html (also renamed msg-* → messages-*)
• modules: modules-english.html → modules-en.html (etc.)
Total: 14 help file sets × 6 languages = 84 files standardized
## Admin Modules Refactored (admin/modules/)
### Navigation Function Standardization
Unified all module-specific navigation functions to generic
• adminsNavi() → navi() in admins.php
• databaseNavi() → navi() in database.php
• (applied consistently across all modules)
### Security Improvements
Added
``
## Impact
• Consistent ISO 639-1 language code usage across entire admin system
• Improved security with proper redirect termination
• More maintainable code with modern PHP patterns
• Cleaner codebase with removed legacy code
focusing on admin help documentation files and modernizing admin module code.
## Admin Help Files Renamed (admin/info/)
Renamed 84 HTML help files from verbose language names to ISO 639-1 codes:
Modules affected:
• admins: admins-english.html → admins-en.html (and fr, de, pl, ru, uk)
• blocks: blocks-english.html → blocks-en.html (and fr, de, pl, ru, uk)
• categories: categories-english.html → categories-en.html (etc.)
• comments: comments-english.html → comments-en.html (etc.)
• configure: configure-english.html → configure-en.html (etc.)
• database: database-english.html → database-en.html (etc.)
• editor: editor-english.html → editor-en.html (etc.)
• favorites: favorites-english.html → favorites-en.html (etc.)
• fields: fields-english.html → fields-en.html (etc.)
• groups: groups-english.html → groups-en.html (etc.)
• lang: lang-english.html → lang-en.html (etc.)
• messages: msg-english.html → messages-en.html (also renamed msg-* → messages-*)
• modules: modules-english.html → modules-en.html (etc.)
Total: 14 help file sets × 6 languages = 84 files standardized
## Admin Modules Refactored (admin/modules/)
### Navigation Function Standardization
Unified all module-specific navigation functions to generic
navi():• adminsNavi() → navi() in admins.php
• databaseNavi() → navi() in database.php
• (applied consistently across all modules)
### Security Improvements
Added
exit; after all header() redirects to prevent code execution:``
php
// BEFORE:
header('Location: '.$aroute.'.php?name=admins&op=show');
// AFTER:
header('Location: '.$aroute.'.php?name=admins');
exit;
`
Applied to: admins.php, blocks.php, categories.php, changelog.php,
comments.php, database.php, editor.php
### Code Modernization
Replaced opendir()/readdir() with scandir():
php
// BEFORE:
$handle = opendir('blocks');
while (false !== ($file = readdir($handle))) {
if (preg_match('/^block\-(.+)\.php/', $file, $matches)) {
// process file
}
}
closedir($handle);
// AFTER:
$files = scandir('blocks');
foreach ($files as $file) {
if (preg_match('/^block\-(.+)\.php/', $file, $matches)) {
// process file
}
}
`
Removed redundant checks:
php
// BEFORE:
if ($val != '') {
$result = $db->sql_query('SELECT bid FROM '.$prefix.'_blocks WHERE bposition = :val ORDER BY weight ASC', ['val' => $val]);
}
// AFTER:
$result = $db->sql_query('SELECT bid FROM '.$prefix.'_blocks WHERE bposition = :val ORDER BY weight ASC', ['val' => $val]);
`
Simplified redirects:
• Removed unnecessary parameters from redirects
• Redirects now use cleaner URLs: ?name=module instead of ?name=module&op=show
### Code Cleanup
• Removed 80+ lines of commented-out legacy code in database.php
• Removed unused global variable declarations (e.g., in blocks.php)
• Standardized parameter type hints in getVar() calls
## Statistics
• 7 admin modules modified
• 179 insertions, 254 deletions (-75 lines, ~30% reduction)
• 84 help files renamed (old deleted, new with ISO codes)
• All header() calls now properly terminated with exit;`## Impact
• Consistent ISO 639-1 language code usage across entire admin system
• Improved security with proper redirect termination
• More maintainable code with modern PHP patterns
• Cleaner codebase with removed legacy code
05.12.2025
Standardize language codes to ISO 639-1 format
Major refactoring to standardize language file naming across the system,
replacing verbose language names with ISO 639-1 two-letter codes.
Language file renaming:
• lang-english.php → en.php
• lang-french.php → fr.php
• lang-german.php → de.php
• lang-polish.php → pl.php
• lang-russian.php → ru.php
• lang-ukrainian.php → uk.php
Applied to directories:
• admin/language/
• language/
• setup/language/
Language flag images renamed:
• setup/templates/images/english.png → en.png
• setup/templates/images/french.png → fr.png
• setup/templates/images/german.png → de.png
• setup/templates/images/polish.png → pl.png
• setup/templates/images/russian.png → ru.png
• setup/templates/images/ukrainian.png → uk.png
Admin structure changes:
• admin/admin.php → admin/index.php
• admin/modules/configure.php → admin/modules/config.php
• Removed legacy admin/links/ directory
Updated all admin modules to reflect language code changes and
modernization patterns established in refactoring-rules.md.
Core system files updated for compatibility with new language structure.
This standardization improves internationalization consistency, follows
ISO standards, and simplifies language file management throughout SLAED CMS.
replacing verbose language names with ISO 639-1 two-letter codes.
Language file renaming:
• lang-english.php → en.php
• lang-french.php → fr.php
• lang-german.php → de.php
• lang-polish.php → pl.php
• lang-russian.php → ru.php
• lang-ukrainian.php → uk.php
Applied to directories:
• admin/language/
• language/
• setup/language/
Language flag images renamed:
• setup/templates/images/english.png → en.png
• setup/templates/images/french.png → fr.png
• setup/templates/images/german.png → de.png
• setup/templates/images/polish.png → pl.png
• setup/templates/images/russian.png → ru.png
• setup/templates/images/ukrainian.png → uk.png
Admin structure changes:
• admin/admin.php → admin/index.php
• admin/modules/configure.php → admin/modules/config.php
• Removed legacy admin/links/ directory
Updated all admin modules to reflect language code changes and
modernization patterns established in refactoring-rules.md.
Core system files updated for compatibility with new language structure.
This standardization improves internationalization consistency, follows
ISO standards, and simplifies language file management throughout SLAED CMS.
04.12.2025
Refactor: Admin system - Info files reorganized & core improvements
• Info files: Language names standardized (english→en, german→de, etc.)
• blocks.php: Switch-Cases finalized and cleaned
• admin.php: Auto-discovery optimizations
• core.php: Admin functions improved
• blocks.php: Switch-Cases finalized and cleaned
• admin.php: Auto-discovery optimizations
• core.php: Admin functions improved
Refactor: blocks.php - Operation names fully consistent
• Navigation: op=new → op=add, op=file → op=fileadd
• Switch: case 'new' → case 'add', case 'file' → case 'fileadd'
• Switch: case 'add' → case 'addsave' (save operation)
• Formular: op=add → op=addsave (save action)
• Alle Operationen entsprechen jetzt exakt den Funktionsnamen
• Switch: case 'new' → case 'add', case 'file' → case 'fileadd'
• Switch: case 'add' → case 'addsave' (save operation)
• Formular: op=add → op=addsave (save action)
• Alle Operationen entsprechen jetzt exakt den Funktionsnamen
Refactor: blocks.php - Switch-cases reorganized & function names consistent
• bfile() → filecode()
• bfilesave() → filecodesave()
• Switch-Cases grouped and commented by logic
• Alle Formular-Referenzen aktualisiert
• bfilesave() → filecodesave()
• Switch-Cases grouped and commented by logic
• Alle Formular-Referenzen aktualisiert
Fix: blocks.php - Fatal error fixed (file → fileadd)
file() is a PHP built-in function and cannot be overridden.
Refactor: blocks.php - Simplify navigation function (blocksNavi → navi)
