Журнал изменений

Rewrites whois admin module to match current SLAED coding standards: typed functions, single-quoted strings, and modern navigation API.

Core changes:

1. Navigation (modules/whois/admin/index.php):
2. Replace whois_navi() / func_get_args() with typed navi()
3. Switch to getAdminTabs() and name=whois&op= URL scheme
4. All handler functions:
5. Add void return type declarations
6. Replace double-quoted strings with single-quoted throughout
7. Replace list() with [] destructuring in fetchrow loops
8. Replace $admin_file with $afile

Benefits: - Consistent style with other modernized admin modules - Cleaner navigation registration via getAdminTabs()

Technical notes: - Copyright year updated to 2026 - No functional logic changes; all CRUD operations preserved

Rewrites voting admin module to align with the current SLAED admin architecture: typed functions, modern API calls, and clean URL routing.

Core changes:

1. Navigation (modules/voting/admin/index.php):
2. Replace voting_navi() / func_get_args() pattern with typed navi()
3. Use getAdminTabs() and name=voting&op= URL scheme
4. All handler functions:
5. Add void return type declarations
6. Replace $admin_file with $afile, tpl_eval() with setTemplateBasic()
7. Replace double-quoted heredoc style with single-quoted strings
8. Replace list() with [] destructuring in fetchrow loops
9. Admin links:
10. Update op=voting_add/delete to name=voting&op=add/delete throughout

Benefits: - Consistent with other modernized admin modules - Typed API reduces silent failures from wrong argument types - URL routing aligned with new op-based dispatch scheme

Technical notes: - Copyright year updated to 2026 - No functional logic changes; all CRUD operations preserved

UNIQUE KEY mid_modul_uid (mid, modul, uid) blocked all guest votes after the first one, because all guests share uid=0. The application already enforces one-vote-per-IP in PHP; the DB key now mirrors that.

Core changes:

1. Schema for fresh installs (setup/sql/table.sql):
2. Drop UNIQUE KEY mid_modul_uid (mid, modul, uid)
3. Add UNIQUE KEY mid_modul_host (mid, modul, host)
4. Migration for 6.2 > 6.3 upgrade (setup/sql/table_update6_3.sql):
5. Same key replacement applied to the ALTER TABLE block
6. Setup wizard (setup/index.php):
7. Append deduplication DELETE and key migration queries to update6_3 branch
8. DELETE removes duplicate (mid, modul, host) rows keeping earliest id
9. ALTER TABLE DROP INDEX IF EXISTS mid_modul_uid (safe if already absent)
10. ALTER TABLE ADD UNIQUE KEY mid_modul_host
11. Fix unused $key => $val in language() foreach loop
12. getInfo() output added to report migration result in the UI

Benefits: - Multiple guests from different IPs can now vote in the same poll - DB-level uniqueness still enforces one vote per IP per item per module - Race-condition protection preserved via $inserted guard (see prev commit)

Technical notes: - host column is VARCHAR(45), covers both IPv4 and IPv6 - PHP duplicate check logic (by host for guests, by uid for users) unchanged - Migration is idempotent: IF EXISTS prevents error on already-applied runs

The voting list page exposed raw $stitle in HTML attribute and JS onclick context, and fetched an unused column from the database.

Core changes:

1. voting() (modules/voting/index.php):
2. Apply htmlspecialchars($stitle, ENT_QUOTES) in title="" attribute

3. Apply htmlspecialchars($stitle, ENT_QUOTES) in JS DelCheck() argument to prevent apostrophes from breaking the inline event handler string

4. Remove unused 'questions' column from SELECT and list() destructuring
5. Remove unused $confv from global declaration in view()
6. Replace foreach ($langlist as $key => $val) with $val only

Benefits: - Eliminates attribute-injection risk for admin-authored titles with quotes - Prevents JS syntax error in moderator delete confirmation for special chars - Reduces SELECT payload by one unused column

Technical notes: - $stitle is already HTML-entity encoded at save time via save_text() - htmlspecialchars() adds a second encoding layer safe for attribute context - Behavior preserved; no template or route changes

Previously, if the INSERT into _rating failed (e.g. due to a DB constraint violation), code continued and updated vote counters anyway, causing silent count inflation across all rating-enabled modules.

Core changes:

1. Rating function (core/system.php):
2. Capture sql_query() result into $inserted
3. Wrap all module UPDATE statements and update_points() calls in if ($inserted)
4. SELECT + echo ajax_rating() still runs to return current state to client
5. avoting_save() (core/system.php):
6. Same guard applied to the voting-specific INSERT path
7. Vote answer array update and update_points(42) skipped on INSERT fail
8. getVoting() result still returned so UI shows current results

Benefits: - Vote counters stay consistent with actual _rating table rows - Eliminates data corruption on duplicate-key or race-condition failures - getVoting() / ajax_rating() always return a response, preserving UX

Technical notes: - sql_query() returns false on PDOException (caught internally) and logs - Fix covers both rating() and avoting_save() code paths - No schema changes in this commit

The admin basic item template used positional array references (\$arg[1] through \$arg[10]) which were fragile and hard to read. Replaces them with descriptive named tokens matching the keys passed by setTemplateBasic().

Core changes:

1. Placeholder rename (templates/admin/basic.html):
2. \$arg[2] → {%id%}
3. \$arg[3] → {%title%}
4. \$arg[4] → {%text%}
5. \$arg[5] → {%post%}
6. \$arg[6] → {%date%}
7. \$arg[7] → {%reads%}
8. \$arg[8] → {%comm%}
9. \$arg[9] → {%rating%}
10. \$arg[10] → {%admin%}
11. \$arg[1] → {%ctitle%}

Benefits: - Template is self-documenting; field purpose visible without cross-referencing PHP - Named tokens decouple template from positional argument order - Consistent with the named-token convention used in other templates

Technical notes: - Requires setTemplateBasic() callers to pass named-key arrays - No HTML structure changed; layout identical

Converts the sitemap public module to current SLAED PHP conventions: 4-space indentation, single-quoted strings, void return type, SITEMAP_DIR constant for file resolution, and updated template helpers.

Core changes:

1. Code style (modules/sitemap/index.php):
2. Tabs → 4-space indentation throughout
3. Double-quoted strings → single-quoted
4. sitemap() → sitemap(): void
5. File path (modules/sitemap/index.php):

6. Hardcoded 'config/sitemap/sitemap.txt' → SITEMAP_DIR.'/sitemap.txt' * Resolves via constant, independent of working directory

7. Template helpers (modules/sitemap/index.php):
8. tpl_eval('title', ...) → setTemplateBasic('title', ['title' => ...])
9. tpl_eval('open/close') → setTemplateBasic('open/close')
10. tpl_warn() → setTemplateWarning()
11. Switch style (modules/sitemap/index.php):
12. Multiline switch/case → compact single-line form
13. Removed closing ?>

Benefits: - Consistent style with other modernized public modules - File path resolved via constant rather than implicit cwd

Technical notes: - Behavior unchanged; pure refactor - Copyright year updated to 2026

Cleans up the sitemap admin module: replaces $aroute with $afile, uses the SITEMAP_DIR constant for file paths, adds a null-check for fopen(), passes the $legacy parameter to getAdminTabs(), and guards file_get_contents() with is_readable().

Core changes:

1. Global variable (modules/sitemap/admin/index.php):
2. $aroute → $afile in all functions (sitemap, xsl, xslsave, conf, confsave)
3. File path hardening (modules/sitemap/admin/index.php):
4. Hardcoded 'sitemap.xsl' → SITEMAP_DIR.'/sitemap.xsl'
5. file_get_contents() → is_readable() guard before read

6. fopen() now checked for false before entering while loop * fclose() moved inside the if-block to prevent warning on null handle

7. Navigation fix (modules/sitemap/admin/index.php):
8. $legacy parameter now forwarded correctly to getAdminTabs()

Benefits: - Eliminates $aroute global; consistent with other modernized modules - Prevents PHP warnings from fopen() failure on missing XML files - File paths resolved via constant rather than implicit cwd

Technical notes: - Behavior unchanged; pure refactor and hardening - fopen() suppression (@) retained from original for non-critical read

Rewrites the shop admin module with current SLAED conventions: short op-aligned function names, $afile instead of $admin_file, inline $conf['shop'] access instead of global $confs, and unified template API.

Core changes:

1. Navigation (modules/shop/admin/index.php):
2. shop_navi() → navi() with typed int + string parameters
3. Function renames (modules/shop/admin/index.php):
4. shop_clients() → clients()
5. shop_clients_act() → clientsact()
6. shop_clients_add() → clientsadd()
7. shop_clients_save() → clientssave()
8. shop_clients_delete() → clientsdel(int $id)
9. shop_products() → products()
10. shop_products_add() → productsadd()
11. shop_products_save() → productssave()
12. shop_products_admin() → productsadmin(int|array $id, string $vtyp)
13. shop_partners() → partners()
14. shop_partners_act() → partnersact()
15. shop_partners_add() → partnersadd()
16. shop_partners_save() → partnerssave()
17. shop_partners_delete() → partnersdel(int $id)
18. shop_partners_details() → partnersdetails()
19. shop_export() → exportdata()
20. shop_conf() → conf()
21. shop_conf_save() → save()
22. shop_info() → info()
23. New: shop() — main listing function
24. Global variable cleanup (modules/shop/admin/index.php):
25. $admin_file → $afile
26. $confs → $conf['shop'] with null-coalesce defaults
27. tpl_eval() → setTemplateBasic()
28. while (list()) → while ([]) destructuring

Benefits: - Eliminates deprecated $confs global and panel() call - Consistent naming aligned with router op values - Template API unified with other modernized modules

Technical notes: - Behavior unchanged; pure refactor - Copyright year updated to 2026

The adm_info() call in info() was passing the numeric flag as the second argument and the module name as the third. The function signature expects (flag, module, ...) — swap restores correct info-panel rendering.

Core changes:

1. Argument order fix (modules/rss/admin/index.php):

2. adm_info(1, 0, 'rss') → adm_info(1, 'rss', 0) * Second arg is module name, third is language fallback flag

Benefits: - Info panel now loads the correct rss module documentation - Aligns with the adm_info() signature used in all other modules

Technical notes: - Single-line change; no other logic affected