Simplify file names in config/ by dropping the redundant config_ prefix. Remove the editrewrite admin function that was editing the now-deleted config/config_rules.php file.
Core changes:
- Config file renames:
- config/config_chmod.php → config/chmod.php
- config/config_header.php → config/header.php
- config/config_rules.php — deleted (no longer used)
- Security guard (config/system.php):
- Add FUNC_FILE guard to match style of all other config files
- Remove duplicate license header (already in repo root)
- Reference updates (core/admin.php, admin/modules/editor.php):
- end_chmod(): update tdir to 'config/chmod.php'
- editheader(): switch to CONFIG_DIR.'/header.php'
- htaccess(), robots(): switch to BASE_DIR-prefixed paths
- Remove editrewrite() function entirely
- Admin navigation (admin/modules/editor.php):
- Remove "System Rewrite" tab from editor navigation
- Renumber remaining tabs accordingly
- Documentation (admin/info/blocks-*.html, 6 languages):
- Update all references from config/config_header.php → config/header.php
- Tests (tests/ConfigValidationTest.php):
- Update required file list: config_global.php → global.php
Benefits:
- Cleaner, shorter file names consistent with the rest of config/
- Dead code (editrewrite) removed, reducing surface area
- All paths now use constants (BASE_DIR, CONFIG_DIR) for portability
Technical notes:
- config/chmod.php and config/header.php already existed as new files
- Storage format unchanged; only file names differ
_REDAKTOR was a legacy alias for _EDITOR. Consolidate all references to a single constant and drop the outdated definition from every language file.
Core changes:
- Language files (admin/language/*.php, 6 files):
- Remove define("_REDAKTOR", ...) from de, en, fr, pl, ru, uk
- Remove define("_EREW", ...) and define("_EREWN", ...) — editor rewrite labels
- Remove define("_EINFO3", ...) — rewrite editor info text
- Admin config panel (admin/modules/config.php):
- Replace _REDAKTOR with _EDITOR in editor-selector label
- Editor selector labels (core/system.php):
Remove redundant _EDITOR prefix from option strings in redaktor() (e.g., _EDITOR.' SLAED BB' → 'SLAED BB')
Benefits:
- Single constant _EDITOR used consistently everywhere
- Removes dead constants that referenced removed functionality
- Reduces translation maintenance overhead
Technical notes:
- _REDAKTOR was functionally identical to _EDITOR
- admin/modules/admins.php already updated in previous commit
Drop all uses of the legacy \$prefix variable in favour of the PREFIX_DB constant defined in core/security.php. This completes the migration started in earlier commits and removes the last runtime dependency on the dynamic global.
Core changes:
- Remove \$prefix assignment (core/security.php):
- Delete the \$prefix = \$conf['db']['prefix'] line
- PREFIX_DB constant was already defined; variable was redundant
- All blocks (blocks/block-*.php, 15 files):
- Remove \$prefix from global declarations
- Replace ".$prefix."_table with ".PREFIX_DB."_table in all queries
- All front-end modules (modules/*/index.php, 24 files):
- Remove \$prefix from function global declarations
- Replace \$prefix in every SQL query string
- All admin modules (admin/index.php, admin/modules/.php, modules//admin/index.php):
- Same substitution as front-end modules
- Templates (templates/admin/index.php, templates/lite/index.php, templates/lite/0index.php):
- Remove \$prefix from global declarations
- Replace \$prefix in SQL queries
Benefits:
- Single source of truth: PREFIX_DB constant eliminates accidental overrides
- Consistent style across the entire codebase
- Prepares for full removal of legacy globals
Technical notes:
- No behaviour change; queries produce identical SQL
- Backward-compatible: PREFIX_DB was already defined before any query runs
Harden .htaccess and fix string quoting in setConfigFile().
Core changes:
- .htaccess:
- Added Options -Indexes (prevent directory listing)
- Added RewriteRule ^config/ [F,L] (block config access)
- Added RewriteRule ^setup/ [F,L] (block installer access)
- Split commented deflate/expires into separate IfModule blocks
- setConfigFile() (core/system.php, setup/index.php):
- Replaced double-quoted "\n" with PHP_EOL and single quotes
- '['.PHP_EOL and ','.PHP_EOL consistent with rest of function
Benefits:
- config/ directory with DB credentials no longer web-accessible
- setup/ installer blocked after initial setup
- Directory listing disabled sitewide
- String quoting consistent with Rule 17 (single quotes)
Rename single-letter and over-length variables to comply with SLAED coding rules (Rule 6: prefer 4-8 chars, no camelCase).
Core changes:
- setConfigFile() (core/system.php, setup/index.php):
- \$normalize (9 chars) → \$norm
- \$exp closure: \$a→\$arr, \$d→\$dep, \$p→\$pad, \$i→\$ind, \$s→\$out
- Loop vars: \$k→\$key, \$v→\$val throughout the function
Benefits:
- Compliant with Rule 6 (4-8 char variable names)
- No functional changes
Expose the existing dev_mode flag in the admin interface so it can be toggled without manually editing config files or local.php.
Core changes:
- admin/modules/config.php:
- Added radio_form row for dev_mode (after site close toggle)
- Added 'dev_mode' => getVar('post', 'dev_mode', 'num') to save \$cont
- admin/language/*.php (6 files):
Added _DEVMODE constant after _DEAKTIVE (alphabetical order) ru: «Режим разработки» en: «Developer Mode» de: «Entwicklermodus» fr: «Mode développeur» pl: «Tryb deweloperski» uk: «Режим розробника»
- config/global.php:
- Added 'dev_mode' => false as explicit default
Benefits:
- dev_mode can be enabled/disabled without file editing
- Config fingerprint tracking active when dev_mode is on
- Consistent with all other boolean toggles in general preferences
Technical notes:
- getConfig() already provides $conf['dev_mode'] ??= false fallback
- normalize() converts false → '0', true → '1' on save
- String '0' is falsy in PHP, behavior unchanged
Replace var_export() with a recursive closure that produces modern PHP short-array syntax ([]) consistent with all config/*.php files.
Core changes:
- setConfigFile() (core/system.php, setup/index.php):
- Added $exp closure: renders arrays as [...] with 4-space indent
- Replaced var_export($data, true) with $exp($data)
- Output format now matches manually-converted config files
Benefits:
- Config files saved by admin panel are readable and consistent
- No more array() vs [] style mismatch after save
- Multi-level arrays (ratings, modules) properly indented
Technical notes:
- $exp recurses for nested arrays using depth counter
- Scalar values still use var_export() for correct quoting
- Both system.php and setup/index.php versions kept in sync
Remove legacy variable-assignment format and update all callers.
The function now writes config files in the modern return [...]
format compatible with getConfig() which uses require $file.
Core changes:
- setConfigFile() (core/system.php, setup/index.php):
- Signature simplified: removed $name and $type parameters
- Output format changed from
$name = var_export(...)toreturn var_export(...) - Guard
if (!defined(...)) die(...)removed (no longer needed) - Wrapping logic added: global.php → flat array, others → [$key => $arr]
- setup/index.php copy also modernized to match core version
- All 30 callers updated (20 files):
- Removed 2nd string argument (variable name like 'conf', 'confmd')
- Removed 5th empty string argument where present
- PHP warnings fixed (core/system.php, core/user.php):
- rss_select(): added
global $confrs - bb_decode(): preg_replace null guard added (
?? '') - user.php: $cid undefined key, $fstatus, user variables
Benefits:
- Config writes now produce files readable by getConfig()
- Saved admin settings no longer break the entire CMS
- Cleaner API without semantic-free string parameters
Technical notes:
- Wrapping: pathinfo(basename($fp), PATHINFO_FILENAME) determines key
- global.php → flat merge into $conf; all others → keyed sub-array
- Both system.php and setup/index.php versions kept in sync
Replaces direct usage of the global \$prefix variable with the PREFIX_DB constant defined in core/security.php. This eliminates the need to declare \$prefix in every function's global list and makes DB table references explicit.
Core changes:
- core/admin.php:
- All SQL queries: \$prefix."_table" → PREFIX_DB."_table"
- Removed \$prefix from global declarations in affected functions
- Applies to admininfo(), fav_aliste(), fav_adel(), ajax_privat() and others
- core/user.php:
- All SQL queries: \$prefix."_table" → PREFIX_DB."_table"
- Removed \$prefix from global declarations in affected functions
- Consistent with the modernization pattern applied to admin/modules/
Benefits:
- Fewer global declarations per function (cleaner signatures)
- Consistent with admin modules already using PREFIX_DB
- Eliminates risk of \$prefix being unset in a function scope
Technical notes:
- PREFIX_DB defined as: define('PREFIX_DB', \$conf['db']['prefix']) in core/security.php
- Backward compat: \$prefix alias still set for not-yet-modernized modules
Modernized modules (changelog, rss, sitemap, account) were still loading config files directly via require_once/include. Since config files now return arrays instead of setting globals, these calls no longer populated the expected \$confX variables. Replace each with a direct \$conf read.
Core changes:
- modules/changelog/index.php and changelog/admin/index.php:
- Removed: require_once CONFIG_DIR.'/changelog.php'
- Added: \$conflog = \$conf['changelog'] ?? []
- modules/rss/index.php and rss/admin/index.php:
- Removed: require_once CONFIG_DIR.'/rss.php'
- Added: \$confrs = \$conf['rss'] ?? []
- modules/sitemap/admin/index.php:
- Removed: require_once CONFIG_DIR.'/sitemap.php'
- Added: \$confma = \$conf['sitemap'] ?? []
- modules/account/index.php:
- Removed: include('config/config_news.php') and require_once .../rss.php
- Added: \$confn = \$conf['news'] ?? [] and \$confrs = \$conf['rss'] ?? []
- modules/account/admin/index.php:
- Removed: require_once CONFIG_DIR.'/config_news.php' (inside add() function)
- Added: \$confn = \$conf['news'] ?? [] (using already-declared global \$conf)
Benefits:
- Eliminates TypeError: chlogRenderCommits() argument #2 must be array, null given
- Config data now comes from the single authoritative \$conf source
- Consistent with the new architecture: no direct config file reads in modules
Technical notes:
- Un-modernized modules are covered by transition aliases in core/security.php
- include('config/config_X.php') in old modules are now silent no-ops