Initialize $retcode before pass-by-reference use and fetch $format from GET input to eliminate PHP undefined-variable warnings in the changelog admin module.
Core changes:
- gitfetch() (modules/changelog/admin/index.php):
Add $retcode = 0 before gitexec($cmd, $gitlog, $retcode)
- Prevents PHP 8.x warning: undefined variable passed by reference
- export() (modules/changelog/admin/index.php):
Add $format = getVar('get', 'format', 'var', 'txt') at function start
- Variable was used on lines 659 and 664 without being declared
- Default 'txt'; accepts 'md' for Markdown export
- File header (modules/changelog/admin/index.php):
- Remove UTF-8 BOM () from line 1
Benefits:
- Eliminates two PHP undefined-variable warnings
- export() correctly handles both txt and md format requests
Technical notes:
- $format default 'txt' preserves existing plain-text export behavior
- No changes to git log parsing or GitHub fetch logic
Drop constants that are no longer referenced anywhere in the codebase, keeping all 6 locale files (de, en, fr, pl, ru, uk) in sync.
Core changes:
- Admin language files (admin/language/*.php — 6 files):
Remove _BAN, _OPTION, _SOFT, _TOP
- Constants confirmed unused after legacy function extraction
- Frontend language files (language/*.php — 6 files):
Remove _IN, _MENU
- Constants confirmed unused in templates and modules
Benefits:
- Eliminates dead constants and reduces noise in language files
- All 6 locales remain consistent with each other
Technical notes:
- No functional impact; purely declarative constant removal
- No template or module references to these constants exist
Replace the deprecated doConfig() call in doHackReport() with the modern setConfigFile() to align with the unified config architecture.
Core changes:
- doHackReport() (core/security.php):
Replace doConfig('config/security.php', 'confs', $cont, $conf['security'], '') with setConfigFile('security.php', $cont, $conf['security'])
- Path prefix 'config/' dropped — setConfigFile prepends CONFIG_DIR automatically
- Variable name parameter removed — derived from filename by setConfigFile
- Type parameter removed — no longer required
Benefits:
- Consistent with the rest of the codebase using setConfigFile()
- Removes dependency on the deprecated doConfig() function
Technical notes:
- Output format changes from $confs = [...] to return ['security' => [...]]
- Merge behavior: array_replace_recursive() replaces += for proper deep merge
- Backward compatible for all callers of the security config
Move deprecated and low-priority functions out of core/system.php into core/legacy.php to reduce system.php size and separate legacy code from the modern API surface. Also fix two issues in filterSlug().
Core changes:
- Legacy function extraction (core/legacy.php + core/system.php):
Move ~2800 lines of legacy functions from system.php to legacy.php
- Deprecated helpers: datetime(), save_datetime(), format_time(), user_news(), etc.
- Admin UI helpers: getBlocks(), doScript(), doCss(), and related
- Remove stale section comments (### Config bootstrap functions, ### The beginning of new functions)
- filterSlug() fix (core/system.php):
- Fix indentation of static $rus array declaration (8 spaces → 4 spaces)
Replace Unicode escapes ("\u{0410}") with literal Cyrillic characters
- Improves readability and avoids reliance on double-quoted escape processing
Benefits:
- system.php is significantly leaner and easier to navigate
- Legacy code is isolated from the modern API
- filterSlug() array is human-readable
Technical notes:
- Behavior is unchanged; all moved functions remain callable
- Cyrillic literals require UTF-8 file encoding (already enforced project-wide)
- No API/interface changes
Bring all project docs in sync with the 6.3.x refactoring: Database rename, filterMarkdown, getLang/setLang, getAdminInfo, $conf, setHead/setFoot page lifecycle, and admin info file path restructure.
Core changes:
- CONTRIBUTING.md (main contributor guide):
- SQL examples updated to getSqlQuery() / Database
- New section: Global Configuration ($conf) — key table, module nesting, usage
- New section: Page Lifecycle — setHead($seo keys table) and setFoot()
- New section: Language Loading — getLang() with params table, setLang() bootstrap warning
- Admin Module Conventions: added Help Info Files (getAdminInfo() paths)
- Content Parsing: filterMarkdown() section added; removed broken link to deleted docs/PARSE.md
- README.md:
- Tech Stack: Database class / getSql* prefix; filterMarkdown() full signature
Modernization status: 80% → 85% complete; added completed items for getAdminInfo(), admin info file restructure, sql_db → Database rename
- SQL examples updated
- SECURITY.md:
- SQL example updated to getSqlQuery()
- Security changelog: 3 new entries (getAdminInfo, admin info paths, Database rename)
- UPGRADING.md:
- SQL migration table updated (new getSqlQuery() column)
- Breaking changes: full rename tables for Database class and getAdminInfo()
Admin info file path fix: corrected wrong en.html/english.html references to actual 2-letter locale codes (en, de, fr, pl, ru, uk)
- Migration checklist: 3 new items
- Troubleshooting: fixed wrong class name in error message
- CODE_OF_CONDUCT.md:
- Date updated to March 2026
- docs/PARSE.md, docs/DISCUS.md — deleted:
- PARSE.md: filterMarkdown() reference (content now in CONTRIBUTING.md)
- DISCUS.md: architecture discussion (unified parser; superseded by implementation)
Benefits:
- All documented APIs match actual function signatures in codebase
- Contributors have accurate migration guidance for the Database rename
- filterMarkdown, getLang, setHead/setFoot, $conf now fully documented
Technical notes:
- filterMarkdown() parameter order corrected in all docs: ($src, $mod, $safe)
- Admin info paths use 2-letter locale codes (not full language names)
- getAdminInfo() takes no parameters — auto-detects from $_GET['name']
Replace legacy sql_db class and sql_* method names with Database class and getSql* prefix across the entire codebase. The new naming follows SLAED verb-noun conventions and makes database calls visually distinct in all module files.
Core changes:
- Database class (core/classes/pdo.php):
- class sql_db → class Database
- sql_interpol() → filterSqlQuery() (private)
- sql_quote() → filterSqlValue() (private)
- sql_close() → getSqlClose()
- sql_query() → getSqlQuery()
- sql_fetchrow() → getSqlRow()
- sql_fetchrowset() → getSqlRows()
- sql_numrows() → getSqlRowCount()
- sql_numfields() → getSqlFieldCount()
- sql_fieldname() → getSqlFieldName()
- sql_fieldtype() → getSqlFieldType()
- sql_affected_rows() → getSqlAffected()
- sql_last_id() → getSqlLastId()
- sql_error() → getSqlError()
- sql_free_result() → getSqlFree()
- sql_seek() → getSqlSeek()
- sql_value() → getSqlValue()
- All consumers (77 PHP files — modules, admin, blocks, core, setup, templates):
- new sql_db(...) → new Database(...)
- instanceof sql_db → instanceof Database
- All sql_ method calls replaced with getSql equivalents
- setup/index.php:
- executeSqlFile() → getSqlFile() (follows verb-noun standard)
Benefits:
- Consistent naming: getSql* prefix makes DB calls immediately recognisable
- Follows SLAED function naming standard (verbNoun, mandatory get/set/filter verbs)
- Eliminates legacy sql_db class name from all call sites
Technical notes:
- Zero regressions: all 15 public method signatures preserved (types, params, returns)
- getSqlSeek() kept as stub (PDO does not support row seek; always returns false)
- getSqlValue() remains public (used externally in admin/modules/database.php backup)
Three independent runtime fixes across frontend and admin modules, plus updated sitemap.xml reflecting corrected storage path.
Core changes:
- admin/index.php — getAdminPanelBlocks():
- Added \$conf to global declaration
- Eliminated 'Undefined variable \$conf' + 'foreach null' warnings
- modules/account/index.php — profile render:
- bb_decode(\$sig, ...) → bb_decode(\$sig ?? '', ...)
- user_sig column is NULL for users without a signature (TypeError)
- modules/forum/index.php — post anchor navigation:
- URL generation: &last# → &last=1# (9 occurrences)
- Detection: getVar('get','last','num') → filter_input presence check
- Fixes ?name=forum&op=view&id=X&last#Y not scrolling to anchor
- sitemap.xml:
- Regenerated after SITEMAP_DIR path fix (storage/sitemap/)
Benefits:
- Admin panel loads without PHP warnings
- Forum deep-link anchors work with both old and new URL formats
- No TypeError when viewing profiles of users without a signature
Resolve six distinct runtime errors surfaced in error_php.log and error_sql.log, all caused by PHP 8.4 strict type enforcement or missing null-guards on global variables.
Core changes:
- sport_referer INSERT (core/system.php):
- Column names refer/page → referer/link to match DB schema
- num_ajax() signature (core/system.php, core/user.php):
- Argument #10 \$id: int → string (DOM element name)
- Argument #11 \$cid / \$mnum: "" → 0 / 8 at all call sites
- Sitemap path fix (core/system.php):
doSitemap() still wrote to config/sitemap/ while SITEMAP_DIR points to storage/sitemap/ — unified all three path references
- Upload widget null-guards (core/system.php):
- \$user[0] → \$user[0] ?? 0 (admin has no user cookie)
- \$con[10] / \$con[11] → ?? 0 (short upload configs lack keys 10-11)
- checkemail() return type (core/system.php):
return \$stop → return \$stop ?? [] when no errors found (valid bot emails caused TypeError: must return array, null returned)
Benefits:
- Eliminates all entries from error_sql.log and error_php.log
- Consistent null-safe access on \$user and \$con arrays
Technical notes:
- \$user is populated from cookie via explode(':'); absent in admin context
- \$con comes from explode('|', uploads config string); length varies by module
Replace the legacy adm_info() function with getAdminInfo(), which auto-detects the info file path from the current request context (\$_GET['name']) instead of requiring explicit path parameters. Restructures admin/info/ from flat {name}-{locale}.html files into {name}/{locale}.html subdirectories.
Core changes:
- Function rename and rewrite (core/admin.php):
- New signature: getAdminInfo(): string (no parameters)
- Auto-detects module path: modules/{name}/admin/info/{locale}.html
- Auto-detects admin path: admin/info/{name}/{locale}.html
- AJAX save handler: POST type= + name= instead of mod= + name=
- \$obj parameter removed; callers use echo getAdminInfo() explicitly
- AJAX routing (index.php):
- case 'adm_info': adm_info() → echo getAdminInfo()
- Call sites — 23 admin modules (admin/modules/*.php):
- adm_info(1, 0, 'name') → getAdminInfo()
- Call sites — 23 module admins (modules/*/admin/index.php):
- adm_info(1, 'mod', 0) → getAdminInfo()
- Info file structure (admin/info/):
- Renamed {name}-{locale}.html → {name}/{locale}.html (subdirs)
- Added .htaccess + index.html per directory
Benefits:
- Zero path parameters — function resolves location automatically
- Consistent with SLAED get-prefix naming convention
- Admin and module admins use identical call syntax
Technical notes:
Old flat-file format (admins-de.html) was already broken: code read wrong paths while files had already moved to subdirectories
- getcat() call in admin.php fixed: "" → 0 for int \$id parameter
Fix mojibake in copyright headers (© → (c)) caused by UTF-8 double-encoding in source files. Remove corrupted Russian comments from forum module. Standardize indentation (tabs → 4-space) in access.php. Translate Russian doc-comments in ConfigValidationTest to English per project language rules.
Core changes:
Copyright encoding fix (admin/index.php, admin/modules/*, templates/admin/index.php, modules/changelog/admin/index.php, modules/whois/index.php):
- Replace garbled © with plain (c) in file headers
- Add missing newline at end of files
- Indentation normalization (core/access.php):
- Convert tab indentation to 4-space throughout the file
- No functional changes
- Dead code removal (modules/forum/index.php):
- Remove 5 Mojibake Russian comments that became unreadable garbled UTF-8
- Comments were orphaned annotations with no semantic value
- Array syntax modernization (modules/clients/index.php):
- array() constructor calls → short [] syntax
- Remove trailing blank line at EOF
- Test comment translation (tests/ConfigValidationTest.php):
- Translate PHPDoc comments and assertion messages from Russian to English
- Aligns with project rule: all code/comments/identifiers must be in English
Benefits:
- Consistent file headers across all PHP files in the project
- Readable source without mojibake artifacts
- Uniform indentation style in core files
Technical notes:
- No logic changes in any file — purely cosmetic/encoding fixes
- core/admin.php included for CRLF → LF normalization (no content change)