Releases: wintercms/winter
Releases · wintercms/winter
v1.1.1
UX/UI Improvements
- Adjusted
winter:fresh
to remove the demo plugin even when the demo theme has already been removed. - Allowed for the "fancy" breadcrumb widget to be styled based on custom branding colors specified in the "Customize back-end" settings.
- System will now throw an exception with a helpful error message if image resizing fails because an unsupported cache driver is being used (i.e.
array
). - Switched the order of the "Install plugins" & "Install themes" buttons to match the order of the tabs on the actual install page
- Plugins that are already present in the local system and also exist in the marketplace will no longer be re-downloaded when a Project ID is attached.
- The plugin management page will now reload after making changes that would affect which plugins are currently active.
- Custom messages can now be provided for bulk deletions in Lists, defined by the
deleteMessage
property for successful deletions, andnoRecordsDeletedMessage
property for when no deletions occurred due to missing selections or an altered list query not returning any applicable records.
API Changes
- The initial seeding process for empty databases no longer uses a default password; instead a secure random password is generated and reported in the console. If you need to change the admin account password run
php artisan winter:passwd admin NewPasswordHere
- The
winter:env
command is now privileged and will run even if plugins are failing to boot. - A new syntax for specifying the available options for field types that use the
options
property is now available:\Path\To\Class::staticMethodName
will use the array returned by calling the static method\Path\To\Class::staticMethodName()
as the options - The
noRecordsMessage
configuration value to specify a message when a list is empty can now be specified for list-type widgets in the Relation controller. - CMS pages that are hidden (only accessible to logged in backend users) will now be automatically removed from RainLab.Pages menus.
session.same_site
now defaults toLax
instead of null and any invalid configurations will be automatically corrected to the default value ofLax
. See #5293 for a detailed breakdown.- Added new
removeSideMenuItems()
helper method toNavigationManager
, which can quickly remove one or more side menu items for a specific owner and menu. - The app locale at the time of a message's entry onto the queue is now stored with the message on the queue as
_current_locale
. - Added support for
$query->selectConcat(array $parts, string $as)
to concatenate an array of parts into a single column/attribute$as
. - Added support for the
upsert($values, $uniqueBy, $updateColumns)
QueryBuilder method added in Laravel 8.x which allows for bulk updates or inserts at the database level. - Added separate
backend.manage_own_editor
permission to allow users to manage their own personal editor preferences without being able to modify the global ones. - Added new
media_path()
helper function to return the fully qualified path to the media directory. - Added new
Storage::identify($disk)
method to identify the name of the disk configuration used to instantiate the given disk instance. - Template blocks in Backend templates are now correctly terminating the output buffering used. Block processing uses layers of output buffering to determine applicable block content, however, a particular scenario occurred where subsequent blocks were not rendered due to content in between two blocks cancelling another layer, causing issues with further blocks. The block functionality will now capture the content in between blocks and hold it until the final content is generated, keeping the correct layer intact so that subsequent blocks are kept in the right location. See https://github.com/wintercms/library/pull/517 for more information.
- Added new
Winter\Rain\Database\Behaviors\Sortable
behavior that mirrors the functionality of theWinter\Rain\Database\Traits\Sortable
trait except with the ability to dynamically attach it to models at runtime allowing for third-party plugins to be extended with the functionality. - Themes can now register localization keys to be used only on the backend using a similar file structure to plugins & modules. Ex:
themes/mytheme/lang/en/lang.php
contains'ga_api_key' => 'Google Analytics API Key'
, referenced bythemes.mytheme::lang.ga_api_key
. - Quick actions can now be defined in the top-right of the Backend. Quick actions act as shortcuts to common actions, such as previewing the website. See https://github.com/wintercms/winter/pull/5344 for more information.
Bug Fixes
- Fixed issue where displaying protected file thumbnails with a width or height set to nothing would fail.
- Fixed issue where URLs to resized images were not being properly URL encoded
- Fixed an issue introduced in Build 1.1.0 where plain Twig templates couldn't be loaded through the
{% include 'path' %}
or{{ source(path) }}
Twig functions. - Fixed issue introduced in build 1.0.458 where non-grouped repeaters with minimum items specified via the
minItems
option did not pre-fill the repeater with the minimum items. - Fixed issue where the ImageResizer would attempt to process image types that it couldn't handle instead of just passing them through untouched.
- Fixed issue where resized images were not correctly identified as already having been resized when atomic (blue/green) deployment strategies are used in conjunction with files being stored on the local filesystem in a shared symlinked storage folder.
- Fixed issue where the media manager would not display a folder that a contained a filename with characters that are considered invalid by the MediaLibrary class (i.e. '+', various unicode characters).
- Fixed issue where resized images with spaces in their filenames would not pass the resizer validation checks because the target URL would be decoded three times instead of the intended two.
- If a model's dateFormat includes microseconds (
.u
) or milliseconds (.v
) but a given value provided to an attribute that is cast as a date does not include that information, then the date casting logic will now automatically add the appropriate number of zeros to the end of the provided date value for it to be accepted when parsing the provided value according to the defined dateFormat for the model. This fixes an issue with databases that have.u
or.v
in date columns that are managed by the datepicker in the backend which doesn't support sending micro or milliseconds. - Fixed a long-standing issue where returning a redirect to a file in response to an AJAX request in order to get the browser to download the file wouldn't stop displaying the AJAX loading indicator.
- Fixed the
uploads_path()
helper. - Fixed support for AWS S3 as a source for the ImageResizer.
- Fixed issue where backend administrators list could not be filtered by "Is superuser?" filter on SQL Server due to that database engine not supporting literal boolean values.
- Fixed adjacent block placeholders not working in Backend templates - the initial block is rendered, but the subsequent block is ignored. See API change above regarding block termination for more information.
- Fixed issue where an exception is thrown when scanning template content for mail templates and layouts that have been orphaned by a disabled or removed plugin. This prevented plugins such as the Translate plugin from scanning messages correctly.
- Fixed issue where models with guarded properties were failing to allow attributes that don't have a corresponding column to be processed in events (for example, the "data" attribute in the File model).
- Fixed issue with the included
http_build_url()
polyfill where the current and replacement URLs couldn't be passed as strings. - Fixed issue where having multiple belongsToMany relationships defined and differentiated by the
conditions
property would cause one of the relationships to be wiped out on saves of a separate relationship. See wintercms/winter#4952 for more information. - Fixed issue where paths provided to the
theme:sync
command were too loosely matched, which could lead to files that weren't intended to be synced being synced anyways.
Security Improvements
- The admin account password is now securely randomly generated during the initial seeding process for empty databases and is reported in the console. If you need to change the admin account password run
php artisan winter:passwd admin NewPasswordHere
- Tightened up the default permissions granted to the "Publisher" system role out of the box
- Improved handling of custom editor styles to prevent HTML injection
- Locked down the Twig sandbox even more to prevent allowing users with access to Twig templates from defining and running PHP code
Translation Improvements
- Improved Taiwanese translation
- Improved French translation
- Improved Slovenian translation
- Improved Russian translation
- Improved Italian translation
- Improved Dutch translation
- Improved German translation
Dependencies
- The Composer merge plugin was temporarily cloned to the WinterRain GitHub organization to resolve an issue with Composer 2.0 support.
v1.0.471
Community Improvements
- Fixed a bug with the marketplace build server that required a bump in the version number.
v1.0.470
API Changes
- The
Winter\Storm\Database\Attach\File
model now uses "fillable" attributes as opposed to "guarded" attributes to control mass assignment. If you extend theFile
(or the mainSystem\Models\File
) model to provide additional fields, you must now copy the "fillable" attributes to your extension and add any additional fields to this definition (backported from 1.1.0)
Bug Fixes
- Temporarily fixed an issue with existing code-bases that abuse the Twig engine by loading template files in unsupported ways (
.js
/.svg
files rendered as partials through{% partial %}
,{% include %}
, or$this->renderPartial()
). NOTE: This hotfix will not be available in Build 1.1.x so existing code still needs to be fixed to not use those unsupported file types. - Fixed an issue introduced in Build 1.0.469 where plain Twig templates couldn't be loaded through the
{% include 'path' %}
or{{ source(path) }}
Twig functions - Fixed issue introduced in a security update to Laravel 5.5 where models with guarded properties were failing to allow attributes that don't have a corresponding column to be processed in events (for example, the "data" attribute in the File model). (backported from 1.1.1)
Security Improvements
- Tightened up the default permissions granted to the "Publisher" system role out of the box (backported from 1.1.1).
- Locked down the Twig sandbox even more to prevent allowing users with access to Twig templates from defining and running PHP code (backported from 1.1.1).
v1.1.0
NOTE: This build contains a number of changes made as a part of the upgrade from Laravel 5.5 LTS to 6.x LTS, it is highly recommended that you review the upgrade guide to ensure you aren't affected.
UX/UI Improvements
- Added new "sensitive" field widget that provides a revealable password field for forms.
- Finished implementing the
php artisan winter:util purge uploads
console command that purges invalid files (Files that don't have a matching entry insystem_files
) and empty directories from theuploads
directory. This only works on uploads stored on the local disk for now. - Added built in support for easy and fast resizing of images with three new Twig filters (
| resize(width, height, options)
,| imageWidth
,| imageHeight
) and a new backend List column type (image
). See https://github.com/wintercms/winter/pull/5231 for more information. - The SMTP port field in the Mail Settings page will be pre-filled with the default port depending on the encryption type selected, if it is using a standard port. Custom ports will not be overwritten.
- Added a link to the backend in the demo theme header menu to make it easier for new users to find the backend.
API Changes
- Added new development configuration option
develop.allowDeepSymlinks
which allows for symlinks at any subdirectory level when generating a public URL from a local path. - The
System\Controllers\Settings
controller now provides aformGetWidget
method to retrieve the form widget used for Settings forms. - The default password validation rules for
Backend\Models\User
andWinter\Storm\Auth\Models\User
have been loosened by no longer having a max length since passwords are stored in the database as hashed values and the length of the input has no effect on the length of the output. winter:env
will now useQUEUE_CONNECTION
instead ofQUEUE_DRIVER
to refer to the queue connection when generating a .env file from the config files.- The individual composer.json files for each of the Winter Rain library components have been removed as using individual components of the Winter Rain library is no longer supported.
- Support has been added for
hasOneThrough
relationships. - Support has been added for the
eloquent.retrieved
Model event that Laravel added in 5.5.2. - The
app:name
Artisan command was removed as Laravel removed it in L6 and Winter never really had a need for it. - Added new public static method
Model::flushDuplicateCache()
to flush a given model's duplicate query cache during a request lifecycle. - Added polyfill for the
http_build_url()
core PHP function. - Added new
php artisan create:theme $code
scaffolding command. - Added new
Arr::undot()
andarray_undot
helper methods / functions (transforms a flat, dot-notated array into a normal nested array) - Added new
config_path()
helper function. - Added new
resolve_path()
helper function that closely emulates the PHPrealpath()
function, but supports resolving paths for missing files and subdirectories. This is provided by theWinter\Rain\Filesystem\PathResolver
helper class, which can resolve canonical paths and determine if given paths are within given directories. - The
Winter\Storm\Database\Attach\File
model now uses "fillable" attributes as opposed to "guarded" attributes to control mass assignment. If you extend theFile
(or the mainSystem\Models\File
) model to provide additional fields, you must now copy the "fillable" attributes to your extension and add any additional fields to this definition. - The
Winter\Storm\Database\Attach\File
model will now log exceptions whengetThumb()
fails in addition to generating the broken image file as the thumbnail as per existing behaviour. - The
Winter\Storm\Html\HtmlBuilder::limit()
method now considers whitespaces and line breaks to be one character, regardless of the line break type or number of spaces. This ensures a consistent result across both Windows and Linux. - Added
File::isLocalDisk($filesystemAdapterDisk)
method to check if the provided disk is using the Local Flysystem adapter.Winter\Rain\Database\Attach\File
has switched it's internal methodisLocalStorage()
to using it, so if you are overriding that method you may be able to remove your overridden method implementation so long as yourgetDisk()
method is returning the correct disk for your custom FileModel. - Removed
data-browser-validate
from the default controller scaffolding files as HTML5 form validation does not play nice with anything beyond the most basic forms. Also removed from the System Settings backend forms. - Plugin view & configuration files are now registered on protected routes even if the plugin doesn't have elevated permissions to run on those routes in order to support views and configuration being used in database migrations.
- Added
getAllPlugins()
method to theSystem\Classes\PluginManager
class to retrieve all plugins detected on the system instead of just the enabled ones. - Bound
Illuminate\Foundation\Application
toWinter\Storm\Foundation\Application
in the application container to better support Laravel packages that typehint the Application class directly rather than the contract. - Improved handling of Rule objects when used in validation - the
message()
method is now used to return a fallback message (optionally translated), and there is no need to specify avalidate()
method anymore. - The
winter:util set build
command has been replaced with thewinter:version
command, which now does a more accurate build version check by comparing the Winter CMS installation files with a manifest kept on GitHub, and no longer queries the Winter CMS servers simply for the latest stable or edge build. - Added a unique ID to the Filter widget container to support being targeted through the AJAX framework.
Bug Fixes
- Improved stability of the FieldParser when parsing fields without the type property specified.
- Fixed issue where the
QueryBuilder->remember()
method did not properly support being passed DateTime instances for cache expiry. - Fixed an issue introduced in Build 1.0.466 where asset files were unable to be created through the CMS section.
- Fixed issue where removing the currently sorted by column from the list's visible columns would cause an error.
- Fixed issue where not having the GD extension loaded would cause the process to exit with an error message instead of throwing an Exception.
- Fixed issue where non-compound use statements that were aliasing imported classes in CMS code sections (i.e.
use Session as WinterSession
) were no longer being included in the parsed PHP because of a bug fix in Build 1.0.468. - Fixed issue introduced in Build 1.0.466 where
BelongsTo
relationships were unable to be updated using the RelationController behavior. - Fixed issue where not specifying a
thumbnailWidth
(even when providing athumbnailHeight
) for theFileUpload
FormWidget
would cause it to default to 100x100. - Fixed issue where unlinking a
HasOne
orBelongsTo
relationship with the RelationController would not fully clear it from the view widget being displayed. - Fixed issue where creating or adding a new record to a
HasOne
orBelongsTo
relationship with the RelationController would not fully remove any existing relationship. - Fixed issue introduced in Build 1.0.461 where all SystemExceptions would be logged twice to the EventLog.
- Fixed an exception that would be thrown when editing Mail Templates if any partials recorded in the database were no longer provided by the plugin due to it being removed or disabled.
- Fixed issue where a JS exception would be thrown if attempting to load a page with tabs where the hash part of the URL contained a
/
.
Translation Improvements
- Improved Spanish translation.
- Improved Russian translation.
Community Improvements
- Added the Laravel framework dependency to each of the core modules to improve stability of existing composer installations
- The
ftp
andsftp
storage drivers are now included with the core. - The
postmark
mail driver is now included with the core. - The Winter CMS and Storm Library are now tested against both Linux and Windows, PHP versions 7.2 to 7.4, to ensure that functionality works correctly across both supported operating systems.
Dependencies
- The Laravel framework has been added as a dependency to the core modules and library to improve the stability of existing Composer installations.
- The Assetic library is no longer an external dependency as the key functionality has been absorbed by the Winter Rain library.
- The Jenssegers/Date library is no longer an external dependency as the key functionality was included in Carbon 2.0 and Argon took over whatever small pieces were left behind.
- The unmaintained
leefo/scssphp
dependency has been replaced withscssphp/scssphp
- The unmaintained
lessc.inc.php
included dependency has been replaced withwikimedia/less.php
v1.0.469
API Changes
.svg
has been removed from the default list of allowed extensions for uploading for security reasons, will be re-added in Build 1.1.1 alongside sanitization to protect against XSS attacks. Usestorage.media.defaultExtensions
to override the default list of allowed extensions in order to re-add support for it at your own risk.$fileName
was removed as a parameter for theWinter\Storm\Halcyon\Builder->delete()
method as it wasn't actually being used internally and had no effect.- Partials included via
$this->renderPartial()
,{% partial 'path/to/partial' %}
, and{% include 'path/to/partial
%} now properly block all extensions other than.htm
by default. - Attempting to load & render partials from outside of the theme using the CMS Twig engine will no longer work (note, this was never officially supported, it was a bug that it ever worked in the first place). If you are trying to render Twig from outside the theme you should always use the System Twig engine instead of the CMS one by calling
\Twig::parse($templateContents, $templateVars);
)
Bug Fixes
- Fixed issue where cookies that were generated at some point between pre-Laravel 5.5.* cookie security fix and the latest cookie security fixes in Build 1.0.468 could fail to be processed correctly.
- Fixed an issue where some SystemExceptions include unfiltered user input in the response to the browser, which would cause security researchers to think that they've found a XSS vulnerability which would then take resources to explain how it wasn't exploitable by just stripping any potential XSS from SystemException messages.
Security Improvements
- Fixed issue where the FileDatasource could be abused to load files outside of the intended location.
- Fixed issue where the Twig sandbox could be escaped allowing users with access to Twig templates to define and run PHP code.
Community Improvements
- Winter has moved to a slightly different versioning scheme, major changes such as Laravel framework upgrades will now be indicated by the "minor" version number, and the build / patch number will reset on every increment of the minor version number. Winter builds from initial conception to Laravel 5.5 EOL will be the v1.0.319 to v1.0.469 range, and the Laravel 6 upgrade will be v1.1.0. EOL branches will not be supported with bug fixes or feature additions, but will continue to have security issues IN winter CODE ONLY (i.e. security fixes for dependencies will not be included) fixed as they are reported to the core team through our Security Policy.
v1.0.468
UX/UI Improvements
- Added new Paragraph Formats option to the Editor Settings page, which allows you to control the available tags in the Paragraph Formats button.
API Changes
- The
Encryptable
trait now encrypts "empty" values correctly, such as the number zero and an empty string. The only value that is left unencrypted is anull
value. - Fixed docblocks in the
Winter\Storm\Network\Http
class that referred to the$options
property as anarray
instead of thecallable
that is actually used
Bug Fixes
- Unit tests involving authentication are now namespaced to
backend.auth
, to prevent conflicts with other authentication libraries. - Fixed "use statement with non-compound names has no effect" when attempting to import classes already in the root namespace (like facades) in the CMS PHP code section.
- Fixed a bug where the text entry of a
taglist
field would remain after the tag has been created. - Resolved an issue where PHP
max_input_vars
limits would prevent "group" filters from working if they contained more options thanmax_input_vars
would allow. - Fixed support for
ignoreTimezone
indate
anddaterange
filter scope types. - Fixed issue with Arabic translation in the backend where Indic numerals were being used instead of Arabic numerals for the
datepicker
FormWidget which was confusing the serverside processing of date values. - Fixed issue where an incorrect
<textarea>
tag definition broke the popup editor forstringList
andtext
type fields in the Inspector.
Security Improvements
- Improved validation of encrypted cookies by locking cookie values to the cookie they were created for. See the security advisory for more information.
Translation Improvements
- Improved French translation.
Community Improvements
- Added note in
config/cms.php
for handling URL generation for uploaded files when using Winter in a subfolder installation.
v1.0.467
UX/UI Improvements
- Added docblocks to the controller scaffolding.
- Added support for decompiling nested compiled asset files when
cms.decompileBackendAssets
is enabled. - Improved error handling for failed fileuploads
Bug Fixes
- Fixed bug introduced in 466 where
:number
stopped working in transChoice translation strings. - Fixed bug introduced in 466 where it was impossible to upload images to the Media Library while on a page that included the AssetList widget.
- Fixed bug introduced in 466 where plugin dependencies wouldn't be loaded all of the time.
- Fixed bug where belongsToMany relationships with pivot data could not be added to through the RelationController if a custom
order
property was set on the relationship definition. - Fixed empty tags being stripped in RichEditor (Froala) widget.
- Fixed bug where a field with
@context
in the name would completely break forms if it also utilized thedependsOn
API other fields. - Fixed bug introduced in 466 where backend throttle records were no longer recording the IP address correctly of authentication attempts.
- Fixed visual glitch on Inspector autocomplete dropdown fields
- Fixed an issue where using
File()->fromUrl()
on very long URLs would result in a filename that was too long for the database. - Fixed issue where application bootstrappers could hard crash the application by throwing an exception that wouldn't be able to passed on to the user for them to resolve.
- Improve error handling for invalid counter properties on backend menu items.
- Fixed issue where the
onSave()
AJAX handlers of theFormController
behavior weren't getting being affected by context-specific configuration values. - Fixed issue where refreshing the entire form through JS would cause an issue because the
toggleEmptyTabs
delayed function would be run after the original form element it was targeting was replaced in the DOM - Improved error message when attempting to fork an unforkable component (component without a
default.htm
partial)
Security Improvements
- Fixed security issue where content pasted into the Froala richeditor wasn't properly sanitized exposing users to self-XSS attacks from malicious websites when copying & pasting content into the editor.
Community Improvements
- Documented the Select field widget's dynamic option creation (tagging) feature.
Translation Improvements
- Improved the Polish translation.
v1.0.466
UX/UI Improvements
- Improved the disabled styling of the
markdown
,richeditor
,mediafinder
, &colorpicker
FormWidgets. - Fixed long standing issue where on initial page load the backend nav bar would be an incorrect width until the JS loaded to correct it by switching to a flex layout for the backend nav bar.
- Improved UX when an AJAX request is made while the application is in hard maintenance mode (
php artisan down
). - Added three preset buttons (Default, Full, & Minimal) to the backend richeditor toolbar settings to simplify the experience of selecting a custom richeditor toolbar.
- Form tabs in the backend are now tracked in the URL bar by default making linking to specific tabs easier and retaining the place of the currently active tab across page reloads. Disable this behaviour by setting
linkable: false
on the form tab configuration. - Added button on backend user record pages that allows admins to unsuspend a user account that has been locked out due to failed login throttling.
- Added new
plugin:rollback Author.Plugin 1.2.3
command to rollback a specified plugin all the way to before it was installed or to the provided version. - Added new
create:reportwidget Author.Plugin ReportWidgetName
command to scaffold ReportWidget creation. - Added button on the Updates page in the backend to take users directly to the Install Themes page.
- Update management page & dashboard status widget now list plugins that are missing their dependencies and what dependencies are missing specifically.
API Changes
- Menu items controlled by
NavigationManager
are now objects, and$manager->getMainMenuItem($owner, $code)
has been added to make it easier to manipulate existing menu items without having to deregister and reregister menu items to apply changes. - The
postbackHandler
property for DataTable form widgets now defaults tonull
- the widget will interpret anull
value as to detect the save handler for the form that contains the widget (this is usuallyonSave
, the old default value, but it will now detect other handlers such as those used by the relation controller). - The
getParameter
method inCms\Classes\Router
is now correctly type-hinted. - External parameters may now use dot notation to get a deeper-nested value when used for component parameters in a CMS object.
- Added
auth.throttle.*
configuration options to configure the login throttling for the backend. - Added
formGetRedirectUrl($context, $model)
method to theFormController
behavior, overrideable by the implementing controller. Used to get the redirect URL for a given context & model if a redirect is requested. - If uploaded files are missing an extension Winter will now try to automatically determine one based on the MIME type of the file.
- Added support for the
attributes
property on thecolorpicker
,codeeditor
,markdown
,richeditor
,mediafinder
, &fileupload
FormWidgets. - Added support for the
placeholder
attribute on thepassword
field type. - Added support for defining custom values for the
title
andtoolbarButtons
labels of the RelationController behavior. - Added support for a
badge
property on main & side menu items in the backend to display string values as the menu item badge instead of the only numeric values already supported by thecounter
property. - Added a unique HTML id attribute to the Filter widget popups for targeting individual filter scopes in CSS.
- Added
usingSource($source, $closure)
method to theCms\Classes\AutoDatasource
to force theAutoDatasource
to only use the specified source for that closure. - Media items now only return an absolute URL if either
cms.linkPolicy
is set toforce
or thepath
property of the media storage disk starts with an absolute URL. This limits the breaking change from Build 1.0.444 to only installations using aforce
link policy. - Implemented the new
Backend\Traits\UploadableWidget
trait intended for Widgets that need to handle uploading files to the Media Library. - Added support for "soft" or "optional" components, a way for themes to include components only if they're present without breaking the theme if the relevant plugin is not installed and / or enabled. To make a component "soft" or "optional", prefix its name with
@
. Example:[@staticPage]
- Added support for
ignoreTimezone
todate
anddaterange
filter scope types. - Changed optional .htaccess line forcing HTTPS to default to returning a 301 response instead of 302.
- Added ability to translate List column default values
- Added ability to specify the filename of files uploaded directly via the AJAX framework and
Blob
objects. - Added new
data-browser-validate
option to trigger browser-based client side validation on AJAX requests within<form>
elements. - Plugins & themes included as git submodules are now properly detected as valid git sources in the
winter:util git pull
command. PluginManager->findMissingDependencies()
now returns an array of arrays of missing plugin codes keyed by the plugin code that requires the missing plugins.- Added support for the
trigger
field property in the FieldParser. - Finished the implementation of the
(array) $cssClasses
property on the Filter widget. - Inspector dropdown properties now refresh dependent fields if the values are loaded remotely through the API (ie. through a
getOptions
method). - Inspector dropdown properties now support the
emptyOption
option as a synonym forplaceholder
, to show a value if no dropdown option is selected.
Bug Fixes
- Fixed an issue where data in a DataTable widget inside a relation model popup form would not be saved on submit.
- Record Finder widgets will now correctly save and load a record when using a column other than ID in the
keyFrom
configuration value, when the widget is not in relation mode. - Fixed issue where custom validation rule strings starting with
unique
would not register correctly. - Fixed
propertyExists()
method to correctly detect properties added throughaddDynamicProperty()
. - Fixed
options
support forcheckboxlist
andballoon-selector
field types in the Syntax Parser - Fixed issues with properly quoting values when running
winter:env
- Fixed issue where Excel wouldn't properly detect the encoding of CSV files exported using the
useList
option - Asset files uploaded in the CMS will now take their default permissions from the value set in the configuration.
- Repeaters will now trigger
change.oc.formwidget
when adding or removing items. - Fixed issue where the richeditor toolbar popups were z-index clashing with other form elements.
- Fixed issue where mail layouts that didn't exist in the database but did exist in the filesystem weren't being loaded correctly.
- Fixed issue where some browsers would incorrectly check off list checkboxes after a page reload through the autocomplete functionality which would cause visual & behavioural inconsistencies.
- Fixed support for importing CSV files with encodings not supported by
mb_convert_encoding()
by usingiconv()
as a fallback. - Fixed issue where translations for related models managed by the
RelationController
behavior would not save when creating the related model, or updating a pivot model. - Fixed issue where model scopes applied by the
relation
FormWidget didn't support joins being used. - Fixed issue where
php artisan theme:sync --target=database
wouldn't properly sync to the specified target. - Improved the flexibility of the PluginManager in accepting plugin identifiers that are not perfectly matched to the desired plugin's casing (i.e.
Rainlab.Blog
would be considered an invalid plugin identifier prior to this change, it is now correctly identified as belonging toRainLab.Blog
). - Fixed issue where pivot records being created or updated through the
RelationController
would not trigger the form field change events. - Update manager now respects the values of
cms.pluginsPathLocal
andcms.themesPathLocal
when installing new plugins & themes. - Improved support for opcache when
opcache.restrict_api
is in effect. - Fixed issue where
Lang::choice
method would not use the plural form for a locale with a sublocale (ie. "English (United Kingdom)" /en-uk
). - Fixed issue where
theme:install
Artisan command would throw an exception if the database templates feature was enabled. - Fixed issue where using the search query input in a filter for a relation list modal would throw a "not bound to controller" exception, due to the request not being tied to the relation list modal.
- Fixed weird outline styling around
:focus
ed elements introduced in Build 1.0.465 - Fixed bug that prevented the
Purgeable
database model behavior from being used with theSimpleTree
&NestedTree
traits. - Fixed error that would occur when using the
Revisionable
model trait with a date value that was null. - Fixed long standing problem where if a user attempts to use the list search feature on a list that has improperly configured (i.e.
searchable: true
set on a column that doesn't support DB searching) then that list would remain broken for the rest of the session's lifetime. - Fixed issue where model slugs weren't generated before model validation ran, meaning that autogenerated slugs would not be considered present when attempting to validate a slug attribute as required.
- Fixed issue where creating records with the TagList would require the nameFrom attribute to be marked as fillable for mass assignment.
- Fixed issue where having a filter config with no scopes defined would cause issues with the ListController behavior.
- Fixed typos referencing the Halcyon library
- Fixed IE11 support for deregistering service workers in the backend
- Fixed issue where if a template was manually removed from
cms_theme_templates
when usingdatabaseTemplates
would cause an exceptio...
v1.0.465
UX/UI Improvements
- The Event Log list now shows the entire first line of a logged error message, up to 500 characters maximum, in order to provide more context of errors in the list.
- When searching for plugins to install in the backend plugin management screen author names are now included in the search results.
- A consistent cross browser focus ring style is now utilized in the backend.
- Fixed a small typo when using number range filters with no value provided for the minimum.
- Removed excess space from tab titles when hovering over them.
- Added styling to distinguish a disabled unchecked checkbox from a enabled unchecked checkbox.
- Added ability to middle mouse click on list rows to open them in a new tab.
- Added new
style
attribute for repeater widgets, which controls repeater item behaviour. Allows items to be expanded or collapsed on load, or allows a repeater to act as an "accordion" widget. - If a lazily loaded tab is the first tab or only tab displayed it will now be automatically loaded on page load instead of remaining empty.
API Changes
- Type hint for
registerSchedule
method inPluginBase
updated to correctly hint theIlluminate\Console\Scheduling\Schedule
object that is passed to it. - Added
exception.beforeReport
andexception.report
events cms.backendForceSecure
no longer supports the value ofnull
(where it would be considered the inverse ofapp.debug
) as this resulted in confusion when disabling debug mode while the application was behind a proxy causing an infinite loop. Ultimately it's the server's responsibility to handle forcing HTTPS.- User preferences for list widgets are now ignored if the list widget has disabled the setup modal via
showSetup
beingfalse
. - Return type hint documentation for
PluginBase::boot
method changed fromarray
tovoid
. - Re-added the
db:seed
artisan command
Bug Fixes
- Fixed issue with the
queueOn
andlaterOn
methods of theMail
facade throwing an invalid argument exception due to queue name string being defined where the queue manager is meant to be defined. The queue name is now injected into theMailable
object that is created, and the default queue manager is used instead. - Implemented another fix for the temporary monkey patched LESS compilation to support PHP 7.4 until the Laravel 6 upgrade is completed.
- Fixed a bug where attempting to set a simple value on a BelongsToMany relationship as a collection would produce a collection wrapped in an array instead of an array of values which would confuse the
sync()
command. - Fixed an issue with composer.json which could cause some installations to load a version of Laravel newer than actually supported.
- Fixed issue where un-elevated plugins weren't being loaded on any routes starting with /combine (should have been /combine/)
- Fixed a change in default behavior where a recent update to Dropzone.js (used for uploading files) added a timeout property that defaults to 30 seconds. Timeout has been set to 0 (infinite) to retain the previous behaviour of no timeout utilized on file uploads.
- Fixed a bug where reloading a Lists widget with a custom search term applied would reset the pagination.
- Improved error handling on invalid model attributes being used for form fields.
- Improved preview mode support for
type: number
fields with0
as their value.
Security Improvements
- Improved escaping of option values provided to the dropdown field type
Translation Improvements
- Improved Slovakian translation.
- Improved French translation.
- Improved Dutch translation.
- Minor cleanup to English translation.
v1.0.464
Bug Fixes:
- Fixed the
trans()
helper function to match the updated signature required by the Translator.