Журнал изменений

Updates all user-facing and developer-facing documentation to reflect the camelCase function rename sprint completed in core/security.php.

Core changes:

1. CONTRIBUTING.md:
2. getVar() type table updated (filterWord, filterHtml, filterFields)
3. SECURITY.md:
4. New section: renamed security functions reference table (20 entries)
5. UPGRADING.md:
6. Breaking changes section: full migration table for renamed functions
7. Version history updated
8. docs/TEMPLATES.md:
9. Date updated to 2026
10. docs/TESTS.md:
11. Function names updated to camelCase equivalents

Benefits: - Developers can look up old names and find new equivalents - Migration path is clearly documented for upgraders

Technical notes: - No code changes; documentation only - Covers all renames tracked in GLOSSARY.md

Completes the security/utility function rename sprint: all legacy snake_case identifiers in core/security.php are replaced with camelCase VerbNoun names per SLAED coding standard §3-4, and every call site across the project is updated accordingly.

Core changes:

1. Function renames (core/security.php):
2. log_report() → addLog()
3. is_admin_god() / is_admin() → isAdmin(bool $super = false)
4. get_host() → getHost()
5. get_referer() → getReferer()
6. zip_check() / zip_compress() → checkCompress() / addCompress()
7. isVar() / analyze() → filterVar()
8. url_filter() → filterUrl()
9. num_filter() → filterNum()
10. var_filter() → filterWord()
11. text_filter() → filterText()
12. cutstrc() → filterCut()
13. ed2k_link() → getEd2kLink()
14. url_clickable() → filterClickable()
15. save_text() → filterHtml()
16. fields_save() → filterFields()
17. display_time() → getDuration()
18. rest_time() → getTimeLeft()
19. mail_send() → addMail()
20. doHackReport() → addHackReport()
21. doWarnReport() → addWarnReport()
22. error_sql_log() → addSqlLog() (core/classes/pdo.php)
23. isAdmin() optimisation (core/security.php):
24. Merged isAdminSuper() into isAdmin(bool $super = false)
25. Single DB query fills both cache slots (key 0 and key 1)
26. hash_equals() for constant-time password comparison
27. Strict === throughout; getSqlRow() null-guard added
28. Variable renames (core/security.php):
29. $ua → $uagt, $ag → $agent, $ipt_base → $iptbase
30. $array_index → $arridx, $is_array_all → $allarr
31. $date_time → $dtime
32. Bug fixes (core/security.php):
33. @ suppression removed from $lwrite closure
34. getIp() / getAgent() hoisted out of blocker foreach loop
35. setCookies() uses implode() instead of fixed $value[0..5] indexing
36. getTimeLeft() calls time() once; getHost() has ?: '' fallback
37. getSqlRow() null-guard added via ?? ['', '', '']
38. Call sites updated across 68 files:
39. admin/modules/*.php, modules//index.php, modules//admin/index.php
40. core/admin.php, core/system.php, core/user.php, templates/admin/index.php
41. core/legacy.php removed (empty guard-only file)

Benefits: - Consistent camelCase API throughout the project - Merged admin-check function reduces DB queries per request - Security hardened: timing-safe comparison, no error suppression

Technical notes: - All renames tracked in .agents/skills/slaed/GLOSSARY.md - php -l: no syntax errors in all changed files - Backward compatible: no public API exposed outside this project

Replaces all double-quoted strings with single quotes in language files, blocks, and plugins to align with SLAED coding standard §17 (always use single quotes for simple strings).

Core changes:

1. Language files (language/, admin/language/, modules/*/language/):
2. 150+ define() calls: double to single quotes
3. Block files (blocks/*.php):
4. All string literals converted to single quotes
5. Plugin files (plugins/filemanager/**):
6. All string literals converted to single quotes
7. Template (templates/lite/index.php):
8. array() → [] syntax; string literals to single quotes

Benefits: - Consistent code style across the project - Alignment with SLAED coding standard §17

Technical notes: - Behaviour unchanged; purely cosmetic - Applied via php-cs-fixer - Backward compatible

Revert the function extraction introduced in commit 6ec4ea7 due to a production failure. The refactored split (system.php + legacy.php) caused 500 errors on the live server that persisted even after PHP-FPM restart.

Core changes:

1. core/system.php:

2. Restore all legacy functions that were moved to core/legacy.php * Production server failed silently after deployment of the split

3. core/legacy.php:
4. Remove all functions; restore to stub (guard only)

Benefits: - Production stability restored

Technical notes: - Root cause not yet confirmed; suspected: config file format mismatch between old doConfig() output and new getConfig() reader - Refactor to be re-attempted after diagnosing production config format

Correct over-indented variable declaration in rechn() and remove a redundant setThemeInclude() call that was left after a prior refactor.

Core changes:

1. rechn() (modules/money/admin/index.php):
2. Fix indentation: $id = getVar(...) was at 8 spaces, corrected to 4

3. Remove setThemeInclude() call * Function is called by the dispatcher before rechn() is invoked;

calling it again inside the function is redundant and incorrect

Benefits: - Consistent indentation aligned with project code style - Eliminates double theme-include side effect

Technical notes: - No behavioral change for normal request flow - setThemeInclude() removal has no visible effect as template is already loaded

Initialize $retcode before pass-by-reference use and fetch $format from GET input to eliminate PHP undefined-variable warnings in the changelog admin module.

Core changes:

1. gitfetch() (modules/changelog/admin/index.php):

2. Add $retcode = 0 before gitexec($cmd, $gitlog, $retcode) * Prevents PHP 8.x warning: undefined variable passed by reference

3. export() (modules/changelog/admin/index.php):

4. Add $format = getVar('get', 'format', 'var', 'txt') at function start * Variable was used on lines 659 and 664 without being declared * Default 'txt'; accepts 'md' for Markdown export

5. File header (modules/changelog/admin/index.php):
6. Remove UTF-8 BOM () from line 1

Benefits: - Eliminates two PHP undefined-variable warnings - export() correctly handles both txt and md format requests

Technical notes: - $format default 'txt' preserves existing plain-text export behavior - No changes to git log parsing or GitHub fetch logic

Drop constants that are no longer referenced anywhere in the codebase, keeping all 6 locale files (de, en, fr, pl, ru, uk) in sync.

Core changes:

1. Admin language files (admin/language/*.php — 6 files):

2. Remove _BAN, _OPTION, _SOFT, _TOP * Constants confirmed unused after legacy function extraction

3. Frontend language files (language/*.php — 6 files):

4. Remove _IN, _MENU * Constants confirmed unused in templates and modules

Benefits: - Eliminates dead constants and reduces noise in language files - All 6 locales remain consistent with each other

Technical notes: - No functional impact; purely declarative constant removal - No template or module references to these constants exist

Replace the deprecated doConfig() call in doHackReport() with the modern setConfigFile() to align with the unified config architecture.

Core changes:

1. doHackReport() (core/security.php):

2. Replace doConfig('config/security.php', 'confs', $cont, $conf['security'], '') with setConfigFile('security.php', $cont, $conf['security']) * Path prefix 'config/' dropped — setConfigFile prepends CONFIG_DIR automatically * Variable name parameter removed — derived from filename by setConfigFile * Type parameter removed — no longer required

Benefits: - Consistent with the rest of the codebase using setConfigFile() - Removes dependency on the deprecated doConfig() function

Technical notes: - Output format changes from $confs = [...] to return ['security' => [...]] - Merge behavior: array_replace_recursive() replaces += for proper deep merge - Backward compatible for all callers of the security config

Move deprecated and low-priority functions out of core/system.php into core/legacy.php to reduce system.php size and separate legacy code from the modern API surface. Also fix two issues in filterSlug().

Core changes:

1. Legacy function extraction (core/legacy.php + core/system.php):

2. Move ~2800 lines of legacy functions from system.php to legacy.php * Deprecated helpers: datetime(), save_datetime(), format_time(), user_news(), etc. * Admin UI helpers: getBlocks(), doScript(), doCss(), and related

3. Remove stale section comments (### Config bootstrap functions, ### The beginning of new functions)
4. filterSlug() fix (core/system.php):
5. Fix indentation of static $rus array declaration (8 spaces → 4 spaces)

6. Replace Unicode escapes ("\u{0410}") with literal Cyrillic characters * Improves readability and avoids reliance on double-quoted escape processing

Benefits: - system.php is significantly leaner and easier to navigate - Legacy code is isolated from the modern API - filterSlug() array is human-readable

Technical notes: - Behavior is unchanged; all moved functions remain callable - Cyrillic literals require UTF-8 file encoding (already enforced project-wide) - No API/interface changes

Bring all project docs in sync with the 6.3.x refactoring: Database rename, filterMarkdown, getLang/setLang, getAdminInfo, $conf, setHead/setFoot page lifecycle, and admin info file path restructure.

Core changes:

1. CONTRIBUTING.md (main contributor guide):
2. SQL examples updated to getSqlQuery() / Database
3. New section: Global Configuration ($conf) — key table, module nesting, usage
4. New section: Page Lifecycle — setHead($seo keys table) and setFoot()
5. New section: Language Loading — getLang() with params table, setLang() bootstrap warning
6. Admin Module Conventions: added Help Info Files (getAdminInfo() paths)
7. Content Parsing: filterMarkdown() section added; removed broken link to deleted docs/PARSE.md
8. README.md:
9. Tech Stack: Database class / getSql* prefix; filterMarkdown() full signature

10. Modernization status: 80% → 85% complete; added completed items for getAdminInfo(), admin info file restructure, sql_db → Database rename

11. SQL examples updated
12. SECURITY.md:
13. SQL example updated to getSqlQuery()
14. Security changelog: 3 new entries (getAdminInfo, admin info paths, Database rename)
15. UPGRADING.md:
16. SQL migration table updated (new getSqlQuery() column)
17. Breaking changes: full rename tables for Database class and getAdminInfo()

18. Admin info file path fix: corrected wrong en.html/english.html references to actual 2-letter locale codes (en, de, fr, pl, ru, uk)

19. Migration checklist: 3 new items
20. Troubleshooting: fixed wrong class name in error message
21. CODE_OF_CONDUCT.md:
22. Date updated to March 2026
23. docs/PARSE.md, docs/DISCUS.md — deleted:
24. PARSE.md: filterMarkdown() reference (content now in CONTRIBUTING.md)
25. DISCUS.md: architecture discussion (unified parser; superseded by implementation)

Benefits: - All documented APIs match actual function signatures in codebase - Contributors have accurate migration guidance for the Database rename - filterMarkdown, getLang, setHead/setFoot, $conf now fully documented

Technical notes: - filterMarkdown() parameter order corrected in all docs: ($src, $mod, $safe) - Admin info paths use 2-letter locale codes (not full language names) - getAdminInfo() takes no parameters — auto-detects from $_GET['name']