changelog

Added production-ready documentation files for SLAED CMS 6.3 to support
contributors, security researchers, and users upgrading from previous versions.

Core changes:

1. Project documentation (README.md):
• Updated with links to new documentation files
• Added references to CONTRIBUTING, SECURITY, CODE_OF_CONDUCT, UPGRADING

2. Contribution guidelines (CONTRIBUTING.md):
• Coding standards with 8 required verbs
• Type declarations and variable naming conventions
• SQL prepared statements and input validation rules
• Commit message format and PR requirements
• Testing requirements (PHPUnit, PHPStan)

3. Security policy (SECURITY.md):
• Supported versions table
• Vulnerability reporting process and timeline
• Security measures documentation (SQL injection, XSS, CSRF)
• Best practices for administrators

4. Code of Conduct (CODE_OF_CONDUCT.md):
• Based on Contributor Covenant 2.1
• Community standards and enforcement guidelines
• Contact information for reporting

5. Upgrade guide (UPGRADING.md):
• Migration paths from 6.2.x to 6.3.x
• Breaking changes (config_db.php removed, new db.php format)
• Function changes (tpl_eval, admin_file)
• Troubleshooting section

Benefits:
• Clear guidelines for contributors
• Transparent security reporting process
• Smooth upgrade path for existing users
• Professional open-source project presentation

This commit updates README badge colors and minor formatting.

README.md - Badge updates:

1. Badge color changes:
• License: yellow → green
• Migration: yellow → purple

2. Formatting:
• Email → E-Mail (consistent with German spelling)

3. Cleanup:
• Remove GitHub Issues badge (redundant)

This commit removes the old short-named info files that were replaced
by full language name versions in the previous commit.

Removed files:
• modules/news/admin/info/de.html
• modules/news/admin/info/en.html
• modules/news/admin/info/fr.html
• modules/news/admin/info/pl.html
• modules/news/admin/info/ru.html
• modules/news/admin/info/uk.html

Technical notes:
• Replaced by german.html, english.html, french.html, etc.
• Part of language naming standardization

This commit adds static analysis configuration and initial unit tests
for code quality assurance.

Core changes:

1. PHPStan configuration (phpstan.neon):
• Level 5 analysis settings
• Custom bootstrap for global definitions
• Stub files for legacy functions

2. Bootstrap files:
• phpstan-bootstrap.php: Global constants and variables
• phpstan-stubs.php: Legacy function signatures

3. Unit tests (tests/Unit/):
• StructureTest.php: Project structure validation
• TemplateTest.php: Template system tests

Benefits:
• Static type analysis for early bug detection
• Automated testing infrastructure
• Code quality enforcement
• CI/CD ready configuration

Technical notes:
• PHPStan level 5 catches most type errors
• Tests run via PHPUnit 10+
• Bootstrap handles legacy global state

This commit updates the news module to use centralized ModuleBase
and renames info files to full language names for clarity.

Core changes:

1. News module (modules/news/index.php):
• Integrate with centralized module runner
• Reuse ModuleBase for navigation and filters
• Consistent offset and letter filter handling

2. Info file renames (modules/news/admin/info/):
• de.html → german.html
• en.html → english.html
• fr.html → french.html
• pl.html → polish.html
• ru.html → russian.html
• uk.html → ukrainian.html

Benefits:
• Centralized module behavior via ModuleBase
• Clear, readable info file names
• Consistent with language naming convention
• Easier maintenance and localization

Technical notes:
• Info files contain admin panel module descriptions
• Full language names match config/languages structure

This commit updates the admin panel to use config-based module names
instead of database IDs, completing the module system migration.

Core changes:

1. Admin panel loader (admin/index.php):
• Replace database queries with getModules() iterator
• Use module names for navigation and sidebar
• Direct filesystem checks for module existence

2. Admin permissions (admin/modules/admins.php):
• Store permissions as module names (CSV format)
• Replace numeric IDs with string names in checkboxes

3. Module management (admin/modules/modules.php):
• Config-based module operations
• Remove database dependency for module listing

4. Language files (admin/language/*.php):
• Updated translations for 6 languages
• Consistent terminology across locales

Benefits:
• No database queries for module enumeration
• Human-readable permission strings
• Portable module configuration
• Consistent with config-based architecture

Technical notes:
• Permissions stored as "news,pages,users" format
• Module validation via filesystem checks
• All 23 admin modules updated

This commit modernizes core system files with improved module management,
security enhancements, and removal of deprecated components.

Core changes:

1. Module management (core/system.php):
• Add getModules() iterator for config-based module loading
• Enhance setConfigFile() with deep array merging
• Improve bootstrap module loading

2. Admin utilities (core/admin.php):
• Add updateModulesConfig() for filesystem sync
• Remove deprecated database-based module queries
• Improve module configuration handling

3. Security improvements (core/security.php, core/access.php):
• Enhanced input validation
• Improved access control checks

4. Database layer (core/classes/pdo.php):
• PDO connection improvements
• Better error handling

5. Removed deprecated files:
• config/config_db.php (replaced by config/db.php)
• core/classes/module.php (replaced by config-based system)

Benefits:
• Config-based module system (no database queries)
• Cleaner codebase without deprecated files
• Improved security and validation
• Better maintainability

Technical notes:
• Module config stored in config/modules.php
• Backward compatibility maintained

This commit updates the project license from MIT to GNU General Public
License v3.0 to align with README badge and project requirements.

LICENSE - License change:

1. License replacement:
• Remove: MIT License text
• Add: Full GNU GPL v3.0 text (674 lines)
• Include: Preamble, Terms and Conditions, How to Apply

2. GPL-3.0 sections included:
• Definitions (Section 0)
• Source Code (Section 1)
• Basic Permissions (Section 2)
• Patents (Section 11)
• Disclaimer of Warranty (Section 15)
• Limitation of Liability (Section 16)

Benefits:
• Consistent with README license badge
• Copyleft protection for project
• Clear terms for distribution and modification

Technical notes:
• Full GPL-3.0 text from gnu.org
• No modifications to standard license text

This commit improves README documentation by adding GitHub-flavored
markdown alerts and correcting various URLs and references.

README.md - Documentation updates:

1. GitHub alerts added:
• WARNING: Default admin credentials reminder
• CAUTION: Delete setup.php after installation
• NOTE: Modernization status progress
• IMPORTANT: Security best practices
• CAUTION: SQL injection prevention
• TIP: Code requirements for contributors

2. URL corrections:
• Fix git clone URL to SLAED-CMS organization
• Fix config file path (config_db.php → db.php)
• Fix database schema path (setup/sql/table.sql)
• Add Documentation link to slaed.info
• Add Forum link to slaed.net/forum
• Add GitHub Issues link

3. Badge updates:
• License badge now links to LICENSE file
• Added GitHub Issues badge

4. Project structure fixes:
• Fixed comment alignment in tree view
• Corrected file descriptions

Benefits:
• Better visual highlighting of important information
• Correct URLs for contributors and users
• Consistent documentation style

Technical notes:
• GitHub alerts render as colored callout boxes
• All external links verified and working