Admin data-display fragments gain a safe-text rendering path so callers can pass raw PHP strings and let the template apply htmlspecialchars, instead of calling htmlspecialchars in PHP before passing content_html. This makes escaping responsibility explicit and template-side.
Core changes:
- table-cells.html:
- Add is_col_title class flag → outputs sl-col-title on th and td
- Add prefix_html slot rendered before content in each cell
Add has_content_text / content_text: auto-escaped text path replacing manual htmlspecialchars in PHP callers
- th.html:
- Mirror is_col_title class support to header cells
- label.html:
- Add prefix_html slot (renders before label content)
- Add has_content_text / content_text safe-text path
- Existing content_html path preserved as fallback
- info-tooltip.html:
Add has_value_text / value_text on tooltip items, escaping value server-side in template instead of in PHP
- div-row.html:
Add has_field_text / field_text path for form rows that display plain text values; applies to both wrapped and unwrapped field variants
Benefits: - Removes htmlspecialchars() from PHP call sites; escaping is done once in the template layer at the correct output boundary - prefix_html enables tooltip + text combos without wrapper <span>
Technical notes: - All existing content_html paths remain fully backward-compatible - is_col_title maps to a new CSS class added in the accompanying style update
Every inline OnClick="HideShow(...)" handler is removed from all Mustache templates (admin, default, lite, simple) and replaced with the declarative data-sl-toggle-control / data-sl-toggle-effect / data-sl-toggle-duration attributes consumed by slaed.js. No behaviour changes — only the binding mechanism moves from inline JS to data attributes.
Core changes:
- Admin partials (session-summary, block-sidebar, dashboard-panel):
- Replace all OnClick HideShow() with data-sl-toggle-control + effect attrs
- Admin fragment (image-preview):
- href changed from 'javascript: void(0);' to '#'
- toggle_onclick removed; data-sl-toggle-control/effect/duration added
- Popup span gains data-sl-toggle and data-sl-toggle-default="closed"
- Frontend templates (default / lite / simple):
- comment, forum-post, image-preview: same OnClick → data attribute migration
- account-profile, contact-block, login-nav, session-summary: same migration
- voting-home: span OnClick replaced with data-sl-toggle-control
- index.html (commented code): updated in place for consistency
Benefits: - Eliminates all inline JavaScript from template markup - Consistent toggle behaviour across admin and frontend themes - Works with htmx afterSwap hook added in the JS refactor
Technical notes: - toggle_onclick template variable is no longer consumed in image-preview - data-sl-toggle-default="closed" controls initial hidden state without JS
The legacy window.HideShow() function is removed in favour of a data-attribute-driven toggle API that keeps behaviour and animation effects fully declarative. Callers set data-sl-toggle-effect and data-sl-toggle-duration on the trigger element; the JS reads these on every event instead of relying on positional arguments baked into HTML.
Core changes:
- setToggleBlockState / setToggleBlock (slaed.js):
Accept effect and duration as parameters instead of ignoring animation * 'slide' delegates to setSlideMotion(); 'puff' to setFadeScale() * plain toggle falls back to hidden/display as before
- event.preventDefault() now called on non-checkbox click triggers
- Toggle block initialisation (slaed.js):
Read data-sl-toggle-default attribute ('open'/'closed') for initial state when no saved state is present
- window.HideShow removal (slaed.js):
- Global shim deleted; all call sites migrated to data-sl-toggle-control
- htmx afterSwap hook (slaed.js):
setToggleBlocks() called after every HTMX content swap so dynamically injected toggle blocks are wired automatically
Benefits: - No inline JS in HTML required for animated toggles - Animation type is declarative and visible in markup, not hidden in PHP - Eliminates the last globally-scoped legacy function from slaed.js
Technical notes: - Backward compatibility: window.HideShow no longer exists; all call sites must be updated to data-sl-toggle-* attributes - No changes to the public toggle-state API (getToggleState/setToggleState)
Visual updates to admin theme styles and a new template fragment for the debug stats panel.
base.css - Soften default input/textarea/select look: lighter background (#fcfeff), softer border (#d6e2ea), updated text color (#59697a). Add transition for background, border and box-shadow on focus/hover
theme.css - Add .sl-debug-stats grid styling with .sl-debug-value tone variants (success/warn/danger) for the new debug-stats fragment - Restyle .sl-warn / .sl-info callouts: larger icon area (32px, vertically centered via transform), wider left padding (60px), min-height 40px - Replace the single 2px progress bar in .sl-alert-flash-bar with a top+bottom hairline pattern using currentColor; warn flash uses orange (#d68a2d), default success uses green (#37a957) - Add gradient hairline under the admin login header (was a flat #e3edf3 line)
templates/admin/fragments/debug-stats.html - New fragment that renders the system debug summary as a definition list (CPU load, memory use, timestamp), replacing the previous ad-hoc inline markup. Driven by tone flags (cpu_is_/mem_is_) consistent with the rest of the admin template vocabulary
Routine config update reflecting changed site settings and a refreshed base fingerprint after template and asset changes in this sprint.
Core changes:
- config/global.php:
- Updated sitekey to new value
- Updated variables bitmask
- config/local.php:
- Updated base_fingerprint hash
Benefits: - Config state reflects current codebase revision - Fingerprint ensures cache invalidation for changed assets
Technical notes: - base_fingerprint is auto-derived from asset checksums - variables bitmask controls enabled site feature flags
Strip the hardcoded padding, margin and border from the fieldset base rule. These values conflicted with component-level overrides and are no longer needed now that admin forms use sl-div-* grid layout.
Core changes:
- Admin base CSS (templates/admin/assets/css/base.css):
Removed: padding: 3px, margin: 0 0 3px 0, border: 1px solid #dee0e2 from the fieldset base rule
- Retained: overflow: auto, border-radius: 3px
Benefits: - Eliminates style conflicts for fieldsets inside sl-div-* containers - Reduces specificity fights between base and component CSS layers
Technical notes: - border-radius retained for visual consistency where fieldset is still used - overflow: auto retained to contain floated children if any remain
Move the robots-template button logic from an inline <script> fragment to a standalone JS file loaded with defer. Improves separation of concerns and allows browser caching of the script.
Core changes:
- Editor module (admin/modules/editor.php):
getRobotsButton() now prepends a head-script-src fragment that loads editor-robots.js with the defer attribute
- Removed inline JS fragment (editor-robots-button.js):
- Deleted the template fragment that embedded script content inline
- New standalone file (templates/admin/assets/js/editor-robots.js):
- Self-contained script with applyRobotsTemplate logic
- Registers a DOMContentLoaded listener for safe deferred execution
Benefits: - Script is browser-cacheable as a static asset - Inline JS eliminated from HTML response - Cleaner separation between markup and behaviour
Technical notes: - Script uses defer; DOMContentLoaded listener retained for safety - No changes to the button markup or data attributes
Delete the remaining legacy PNG/GIF images that were part of the old image-based admin layout (borders, backgrounds, separators, tab chrome). The modern admin theme uses pure CSS and no longer references these files.
Core changes:
- Deleted admin sprite and layout images (24 files):
Layout backgrounds: bchead, pagebg, wraptop, wrapmid, wrapfoot, wrapenter, wrapmidenter
- Navigation chrome: tabmenu, tabsubmenu, toolbar, topmenu
- Separators: hsep, vseptop, vsepmid, vsepfoot
- Decorators: leftblocktop, leftbdbtm, footer, footer_ent, entersubmit
- Sort arrows: misc/asc.gif, misc/desc.gif, misc/bg.gif
- Scroll: uppage.png
Benefits: - Eliminates unreferenced binary assets from the repository - Reduces admin theme asset footprint - Completes the migration from sprite-based to CSS-based admin layout
Technical notes: - No CSS or template references to these files remain in the codebase - Sort arrows replaced by CSS ::after pseudo-elements (sl-sort-* classes)
Remove the .sl_loading sprite-based indicator in favour of a pure-CSS three-dot animation. Eliminates the binary gif dependency across all themes and the admin area.
Core changes:
- Frontend CSS (default/new.css, lite/new.css, simple/new.css):
.sl-loading rewritten: flexbox container with ::before pseudo-element producing an animated three-dot loader using box-shadow and keyframes
- Frontend CSS (default/system.css, lite/system.css):
- Removed legacy .sl_loading rule that referenced loading.gif
- Deleted gif files:
- templates/admin/images/misc/loading.gif
- templates/default/images/misc/loading.gif
- templates/lite/images/misc/loading.gif
- templates/simple/images/misc/loading.gif
Benefits: - No binary image dependency for loading indicator - CSS animation scales to any DPI and respects prefers-reduced-motion - Reduces total asset count across all themes
Technical notes: - Animation uses three dots at 0.8s linear cycle via box-shadow offsets - Colors match existing brand palette (#207fb6, #8fc5d9)
