Журнал изменений

Replace the deprecated doConfig() call in doHackReport() with the modern setConfigFile() to align with the unified config architecture.

Core changes:

1. doHackReport() (core/security.php):

2. Replace doConfig('config/security.php', 'confs', $cont, $conf['security'], '') with setConfigFile('security.php', $cont, $conf['security']) * Path prefix 'config/' dropped — setConfigFile prepends CONFIG_DIR automatically * Variable name parameter removed — derived from filename by setConfigFile * Type parameter removed — no longer required

Benefits: - Consistent with the rest of the codebase using setConfigFile() - Removes dependency on the deprecated doConfig() function

Technical notes: - Output format changes from $confs = [...] to return ['security' => [...]] - Merge behavior: array_replace_recursive() replaces += for proper deep merge - Backward compatible for all callers of the security config

Move deprecated and low-priority functions out of core/system.php into core/legacy.php to reduce system.php size and separate legacy code from the modern API surface. Also fix two issues in filterSlug().

Core changes:

1. Legacy function extraction (core/legacy.php + core/system.php):

2. Move ~2800 lines of legacy functions from system.php to legacy.php * Deprecated helpers: datetime(), save_datetime(), format_time(), user_news(), etc. * Admin UI helpers: getBlocks(), doScript(), doCss(), and related

3. Remove stale section comments (### Config bootstrap functions, ### The beginning of new functions)
4. filterSlug() fix (core/system.php):
5. Fix indentation of static $rus array declaration (8 spaces → 4 spaces)

6. Replace Unicode escapes ("\u{0410}") with literal Cyrillic characters * Improves readability and avoids reliance on double-quoted escape processing

Benefits: - system.php is significantly leaner and easier to navigate - Legacy code is isolated from the modern API - filterSlug() array is human-readable

Technical notes: - Behavior is unchanged; all moved functions remain callable - Cyrillic literals require UTF-8 file encoding (already enforced project-wide) - No API/interface changes

Bring all project docs in sync with the 6.3.x refactoring: Database rename, filterMarkdown, getLang/setLang, getAdminInfo, $conf, setHead/setFoot page lifecycle, and admin info file path restructure.

Core changes:

1. CONTRIBUTING.md (main contributor guide):
2. SQL examples updated to getSqlQuery() / Database
3. New section: Global Configuration ($conf) — key table, module nesting, usage
4. New section: Page Lifecycle — setHead($seo keys table) and setFoot()
5. New section: Language Loading — getLang() with params table, setLang() bootstrap warning
6. Admin Module Conventions: added Help Info Files (getAdminInfo() paths)
7. Content Parsing: filterMarkdown() section added; removed broken link to deleted docs/PARSE.md
8. README.md:
9. Tech Stack: Database class / getSql* prefix; filterMarkdown() full signature

10. Modernization status: 80% → 85% complete; added completed items for getAdminInfo(), admin info file restructure, sql_db → Database rename

11. SQL examples updated
12. SECURITY.md:
13. SQL example updated to getSqlQuery()
14. Security changelog: 3 new entries (getAdminInfo, admin info paths, Database rename)
15. UPGRADING.md:
16. SQL migration table updated (new getSqlQuery() column)
17. Breaking changes: full rename tables for Database class and getAdminInfo()

18. Admin info file path fix: corrected wrong en.html/english.html references to actual 2-letter locale codes (en, de, fr, pl, ru, uk)

19. Migration checklist: 3 new items
20. Troubleshooting: fixed wrong class name in error message
21. CODE_OF_CONDUCT.md:
22. Date updated to March 2026
23. docs/PARSE.md, docs/DISCUS.md — deleted:
24. PARSE.md: filterMarkdown() reference (content now in CONTRIBUTING.md)
25. DISCUS.md: architecture discussion (unified parser; superseded by implementation)

Benefits: - All documented APIs match actual function signatures in codebase - Contributors have accurate migration guidance for the Database rename - filterMarkdown, getLang, setHead/setFoot, $conf now fully documented

Technical notes: - filterMarkdown() parameter order corrected in all docs: ($src, $mod, $safe) - Admin info paths use 2-letter locale codes (not full language names) - getAdminInfo() takes no parameters — auto-detects from $_GET['name']

Replace legacy sql_db class and sql_* method names with Database class and getSql* prefix across the entire codebase. The new naming follows SLAED verb-noun conventions and makes database calls visually distinct in all module files.

Core changes:

1. Database class (core/classes/pdo.php):
2. class sql_db → class Database
3. sql_interpol() → filterSqlQuery() (private)
4. sql_quote() → filterSqlValue() (private)
5. sql_close() → getSqlClose()
6. sql_query() → getSqlQuery()
7. sql_fetchrow() → getSqlRow()
8. sql_fetchrowset() → getSqlRows()
9. sql_numrows() → getSqlRowCount()
10. sql_numfields() → getSqlFieldCount()
11. sql_fieldname() → getSqlFieldName()
12. sql_fieldtype() → getSqlFieldType()
13. sql_affected_rows() → getSqlAffected()
14. sql_last_id() → getSqlLastId()
15. sql_error() → getSqlError()
16. sql_free_result() → getSqlFree()
17. sql_seek() → getSqlSeek()
18. sql_value() → getSqlValue()
19. All consumers (77 PHP files — modules, admin, blocks, core, setup, templates):
20. new sql_db(...) → new Database(...)
21. instanceof sql_db → instanceof Database
22. All sql_ method calls replaced with getSql equivalents
23. setup/index.php:
24. executeSqlFile() → getSqlFile() (follows verb-noun standard)

Benefits: - Consistent naming: getSql* prefix makes DB calls immediately recognisable - Follows SLAED function naming standard (verbNoun, mandatory get/set/filter verbs) - Eliminates legacy sql_db class name from all call sites

Technical notes: - Zero regressions: all 15 public method signatures preserved (types, params, returns) - getSqlSeek() kept as stub (PDO does not support row seek; always returns false) - getSqlValue() remains public (used externally in admin/modules/database.php backup)

Three independent runtime fixes across frontend and admin modules, plus updated sitemap.xml reflecting corrected storage path.

Core changes:

1. admin/index.php — getAdminPanelBlocks():
2. Added \$conf to global declaration
3. Eliminated 'Undefined variable \$conf' + 'foreach null' warnings
4. modules/account/index.php — profile render:
5. bb_decode(\$sig, ...) → bb_decode(\$sig ?? '', ...)
6. user_sig column is NULL for users without a signature (TypeError)
7. modules/forum/index.php — post anchor navigation:
8. URL generation: &last# → &last=1# (9 occurrences)
9. Detection: getVar('get','last','num') → filter_input presence check
10. Fixes ?name=forum&op=view&id=X&last#Y not scrolling to anchor
11. sitemap.xml:
12. Regenerated after SITEMAP_DIR path fix (storage/sitemap/)

Benefits: - Admin panel loads without PHP warnings - Forum deep-link anchors work with both old and new URL formats - No TypeError when viewing profiles of users without a signature

Resolve six distinct runtime errors surfaced in error_php.log and error_sql.log, all caused by PHP 8.4 strict type enforcement or missing null-guards on global variables.

Core changes:

1. sport_referer INSERT (core/system.php):
2. Column names refer/page → referer/link to match DB schema
3. num_ajax() signature (core/system.php, core/user.php):
4. Argument #10 \$id: int → string (DOM element name)
5. Argument #11 \$cid / \$mnum: "" → 0 / 8 at all call sites
6. Sitemap path fix (core/system.php):

7. doSitemap() still wrote to config/sitemap/ while SITEMAP_DIR points to storage/sitemap/ — unified all three path references

8. Upload widget null-guards (core/system.php):
9. \$user[0] → \$user[0] ?? 0 (admin has no user cookie)
10. \$con[10] / \$con[11] → ?? 0 (short upload configs lack keys 10-11)
11. checkemail() return type (core/system.php):

12. return \$stop → return \$stop ?? [] when no errors found (valid bot emails caused TypeError: must return array, null returned)

Benefits: - Eliminates all entries from error_sql.log and error_php.log - Consistent null-safe access on \$user and \$con arrays

Technical notes: - \$user is populated from cookie via explode(':'); absent in admin context - \$con comes from explode('|', uploads config string); length varies by module

Replace the legacy adm_info() function with getAdminInfo(), which auto-detects the info file path from the current request context (\$_GET['name']) instead of requiring explicit path parameters. Restructures admin/info/ from flat {name}-{locale}.html files into {name}/{locale}.html subdirectories.

Core changes:

1. Function rename and rewrite (core/admin.php):
2. New signature: getAdminInfo(): string (no parameters)
3. Auto-detects module path: modules/{name}/admin/info/{locale}.html
4. Auto-detects admin path: admin/info/{name}/{locale}.html
5. AJAX save handler: POST type= + name= instead of mod= + name=
6. \$obj parameter removed; callers use echo getAdminInfo() explicitly
7. AJAX routing (index.php):
8. case 'adm_info': adm_info() → echo getAdminInfo()
9. Call sites — 23 admin modules (admin/modules/*.php):
10. adm_info(1, 0, 'name') → getAdminInfo()
11. Call sites — 23 module admins (modules/*/admin/index.php):
12. adm_info(1, 'mod', 0) → getAdminInfo()
13. Info file structure (admin/info/):
14. Renamed {name}-{locale}.html → {name}/{locale}.html (subdirs)
15. Added .htaccess + index.html per directory

Benefits: - Zero path parameters — function resolves location automatically - Consistent with SLAED get-prefix naming convention - Admin and module admins use identical call syntax

Technical notes: - Old flat-file format (admins-de.html) was already broken: code read wrong paths while files had already moved to subdirectories - getcat() call in admin.php fixed: "" → 0 for int \$id parameter

Fix mojibake in copyright headers (© → (c)) caused by UTF-8 double-encoding in source files. Remove corrupted Russian comments from forum module. Standardize indentation (tabs → 4-space) in access.php. Translate Russian doc-comments in ConfigValidationTest to English per project language rules.

Core changes:

1. Copyright encoding fix (admin/index.php, admin/modules/*, templates/admin/index.php, modules/changelog/admin/index.php, modules/whois/index.php):

2. Replace garbled © with plain (c) in file headers
3. Add missing newline at end of files
4. Indentation normalization (core/access.php):
5. Convert tab indentation to 4-space throughout the file
6. No functional changes
7. Dead code removal (modules/forum/index.php):
8. Remove 5 Mojibake Russian comments that became unreadable garbled UTF-8
9. Comments were orphaned annotations with no semantic value
10. Array syntax modernization (modules/clients/index.php):
11. array() constructor calls → short [] syntax
12. Remove trailing blank line at EOF
13. Test comment translation (tests/ConfigValidationTest.php):
14. Translate PHPDoc comments and assertion messages from Russian to English
15. Aligns with project rule: all code/comments/identifiers must be in English

Benefits: - Consistent file headers across all PHP files in the project - Readable source without mojibake artifacts - Uniform indentation style in core files

Technical notes: - No logic changes in any file — purely cosmetic/encoding fixes - core/admin.php included for CRLF → LF normalization (no content change)

Resolves three classes of runtime bugs: (1) HTML content mangled by parser when rendered via content/view module, (2) empty template file treated as missing template (TypeError cascade), (3) stash tokens leaking into rendered output due to single-pass resolution.

Core changes:

1. filterMarkdown param reorder (core/system.php):

2. Signature: filterMarkdown(string $src, string $mod = '', bool $safe = true) * $safe is now an explicit opt-out (false) for admin/legacy content * bb_decode() updated: filterMarkdown($src, $mod, false)

3. HTML passthrough fixes for safe=false mode (core/system.php):

4. filterMain: skip filterIndentedCode when safe=false — prevents tab-indented HTML lines being wrapped in <pre><code> blocks

5. filterBlocks: widen HTML block pattern from specific tag list to /^<\/?[a-zA-Z]/ so <p>, <tr>, <td> etc. are recognized as HTML blocks

6. filterBlocks: decode &#034;/&#039; entities before stashing HTML blocks (save_text(editor=0) encodes quotes as HTML entities)

7. filterBlocks: strtr($raw, $this->stash) before re-stashing — resolves inner BB-block tokens that were already stashed inside HTML blocks

8. Multi-pass stash resolution (core/system.php):

9. filterHtml: single strtr → loop until no \x02{salt}: sentinel remains * Prevents stash tokens leaking when [tabs] BB block contains HTML blocks * Loop breaks on no-progress to avoid infinite loop

10. Return type normalization (core/system.php):
11. getThemeLoad(): ?string → string; returns '' for missing/unreadable files

12. replace_break/user_sinfo/user_sainfo/adminblock/add_menu/rss_read/ fields_out/engines_word: ?string → string with return '' fallback

13. Template existence check (core/template.php):

14. setTemplateBasic/setTemplateWarning: use getThemeFile() for existence, then getThemeLoad() for content — distinguishes empty template from missing

15. TemplateTest.php stubs updated to match new signatures
16. content/view migration (modules/content/index.php):

17. Replace bb_decode() with filterMarkdown($hometext, $conf['name'], false) * Render admin HTML content correctly without XSS filtering

18. Remove deprecated imagedestroy() calls (core/system.php):
19. GdImage is a proper PHP object since 8.0; GC handles cleanup automatically

Benefits: - HTML content stored by admin now renders correctly in content/view - Empty theme templates (open.html etc.) no longer trigger "template missing" error - Stash tokens no longer appear in rendered page output - PHP 8.4 return type compliance across parser and template functions

Technical notes: - safe=false bypasses XSS filters — only use for admin-authored content - Multi-pass stash is O(depth) iterations, bounded by nesting depth - Cyrillic transliteration maps migrated to \u{XXXX} escapes for encoding safety

Replace ?string nullable returns with explicit string + return '' fallback to prevent TypeError when callers assume a string result. Covers save_text(), fields_save(), setMessageShow(), and userblock(). Also removes 35 unused $confXX transition aliases and dead commented log_report() code from security.php.

Core changes:

1. Return type fixes (core/security.php):

2. save_text(): ?string → string; adds return '' when $text is falsy * Prevents TypeError in replace_break() at system.php:4793

3. fields_save(): ?string → string; adds return '' when $field is not array
4. Return type fixes (core/user.php):
5. setMessageShow(): ?string → string; adds return '' at end of function
6. userblock(): ?string → string; adds return '' when user has no block set
7. Dead code removal (core/security.php):
8. Remove 35 $confXX transition aliases — all confirmed unused after migration
9. Remove commented-out log_report() legacy implementation

Benefits: - Eliminates runtime TypeError when save_text() result passed to replace_break() - PHP 8.4 strict typing compliance — no implicit null returns from typed functions - Cleaner security.php — removes ~60 lines of dead code

Technical notes: - Aliases were safety-net globals from $conf migration; all callers now use $conf['key'] directly - No functional change to return values — empty string is the correct semantic fallback