v1.0.453

Bug Fixes:

• Truncate URLs in the Request Log to 191 characters instead of 255 to reflect the default DB schema of utf8mb4
• Fixed issue introduced in Build 1.0.452 where all themes would have their configuration cached under the same key causing issues when switching themes.
• Improve tab usability on mobile by disabling the swipe-to-change-tabs feature as it conflicted with tabs that had horizontal scrollable content.

Security Improvements

• Escape more user provided inputs in the backend to minimize potential XSS

Translation Improvements:

• Improved Viatnamese & Serbian input preset character mapping

Community Improvements:

• Setup a Discord server to experiment with potentially moving to Discord: https://discord.gg/D5MFSPH6Ux

v1.0.452

UX/UI Improvements:

• Force values that would overflow a .form-control container to wrap to the next line instead of overflowing the field
• Fixed minor visual glitch in the Insert URL popup of Froala

API Changes:

• Added oc.inputPreset.beforeUpdate JS event to the input.preset.js logic
• Added support for optional $options parameter to the FormController's formRenderField($name, $options) method to be passed to the Form widget's renderField($name, $options) method.
• Added role="form" attribute to output of Form::open()
• Added automatic conversion of array notation to dot notation in validation rules (attribute[nested] to attribute.nested, etc)
• Added cache attribute to attributes supported by addJs($script, $attributes) to enable disabling the CloudFlare RocketLoader which causes issues in the backend.
• Simplified how the Repeater FormWidget works internally which should resolve some sporadic issues.
• Now using an embedded Form widget to process FileUpload file properties (like title and description). This enables dynamic extension of this form.
• Added automatic mimetype detection of .svg files as image/svg+xml
• Added relationGetManageWidget() and relationGetViewWidget() methods to the RelationController behavior.
• Added hasFatalError() and getFatalError() methods to the ErrorMaker trait
• Return 404 when attempting to visit /error directly when debug mode disabled
• Added ability to make wildcard URL parameters optional.
• Added support for morphOne relations in backend list columns

Bug Fixes:

• Fixed issue with the DataTable FormWidget being unable to dynamically get dropdown options
• Fixed issue where Form widgets attached to the CMS backend controller would have a different alias on every request causing features that relied on consistent aliases to break (namely grouped repeaters in the CMS / RainLab.Pages section)
• Fixed issue where the text filter used a hardcoded widget alias instead of getEventHandler()
• Fixed issue where when inserting an image with the mediafinder into a richeditor field, the image could sometimes be inserted at the top of the content instead of where the cursor was when it was originally selected
• Fix ability to clear RecordFinder fields when useRelation is set to false
• Fixed issues introduced in Build #449 with regards to the "Image not found" message showing up at incorrect times for the MediaFinder formwidget
• Fixed a bug where track-input triggered requests could return incorrect results by waiting until input is finished to fire requests triggered by tracking input
• Fixed bug where inserting a link reference to a home page (/) in the RichEditor through the page selection dialog would actually insert an empty link reference instead.
• Fixed issue where a scheduled command could be run before the database is initially populated which could cause issues if that command attempted to access the database.
• Fixed support for Laravel's automatic package discovery feature

Security Improvements

• Prevent public functions on backend ControllerBehaviors from being run as controller actions unless intended to do that.

Translation Improvements:

• Improved Arabic translation
• Improved Hungarian translation
• Improved Spanish (Argentina) translation

Performance Improvements:

• Added preloading of all essential scripts in the backend to improve performance
• Improved performance when utilizing remote storage drivers by caching the results of hasFile().
• Cached the parsed theme configuration to improve performance on subsequent page loads

Dependencies

• Updated jQuery from V3.3.1 to V3.4.0

v1.0.451

UX/UI Improvements:

• Added support for previewMode to the markdown FormWidget

API Changes:

• Added new configuration option database.useConfigForTesting to change the default behaviour of using the in-memory Sqlite DB driver for running automated tests to using whatever connection is defined by your configuration.
• Added defaultFormatOptions to the ImportExportBehavior to override the default format options to be used when exporting

Bug Fixes:

• Fixed support for migration files in subdirectories
• Fixed colorpicker FormWidgets being unable to be manually updated while inside of a popup modal
• Fixed issue with getting request input from get() and post() that were introduced in Build 1.0.450.
• Fixed issue where grouped repeaters stopped working in Build 1.0.449

Translation Improvements:

• Improved Russian translation

v1.0.450

API Changes:

• input(), get(), & post() now pull values from the Request app container instead of directly from the PHP superglobals
• Execution context is now handled in the application container
• All uses of of exit() or die() removed to support being run under a concurrent server (i.e. Swoole)

Bug Fixes:

• Updated Froala license key

v1.0.449

UX/UI Improvements:

• Redirect users with the manage_theme_options (but not the manage_themes) permission directly to the Customize theme page
• Dashboard now uses a 12-column layout instead of a 10-column layout
• Show a "not found" message when the image selected by a mediafinder FormWidget does not exist
• Added link to backend updates page to see a detailed changelog for the current build
• Minor improvements to the styling of the clear search button

API Changes:

• Support enableDefaults on repeaters using grouped mode
• Simplified the Repeater item's data saving process by calling each item's Form widget's getSaveData() method instead of attempting to process the data directly.
• Disabled FormWidgets are now ignored in the Form widget's getSaveData() method just like regular form fields are.
• Backend Controller middleware support has been changed to only support 'after' middleware as it requires instantiating plugin controllers in order to retrieve the middleware that they have registered, which calls the constructor for those controllers; which is where the problem is (Controller constructors often, for one reason or another, do things that require the session to be started, for instance, getting the current user)
• Added support for headCssClass in the Lists widget's column definitions to specify a CSS class to be added to the table header cell for that column.
• Added allowTrashedSlugs property to models that use the Sluggable and SoftDelete database traits to include the slugs of records that have been soft deleted when checking to see if a slug already exists.

Bug Fixes:

• Fixed Save & Close button on the ThemeOptions update view
• Fixed long standing issue with being unable to update translated values with the RelationController
• Fixed issue where Repeaters with the same field names being bound to the same controller would cause confusing conflicts as they tried to process each other's data.
• Fixed issue where having the CMS module present but disabled would still try to handle backend 404's with the CMS controller.
• Fixed issue where multiple Filter widgets could not exist on the same page at the same time.
• Fixed support for migration files with extra .s in their file names (ex. 1.0.5.update_posts.php)
• Fixed issue where the popup loading indicator would sometimes not close after the request had finished loading
• Improved FireFox & IE11 support by fixing race conditions in backend JS

Translation Improvements:

• Improved French translation

Community Improvements:

• Added guidelines for updating JS dependencies used in the Winter CMS core

Dependencies

• Fixed issue with Twig 2.7.4
• Replaced all deprecated Twig PSR-0 class references with the new PSR-4 class references.
• Updated Froala to 2.9.3

v1.0.448

UX/UI Improvements:

• Improved consistency of file size displayed in the FileUpload FormWidget between upload and page load actions
• Added Inline (No icons) navigation mode to the branding settings

API Changes:

• Changed filter.js to fire AJAX requests on the filter control element instead of the closest form element
• Changed the datepicker FormWidget when in mode date to send a DateTime string with zeroed time (according to the app.timezone configuration) using the client's timezone. This is a change from the previous behaviour of sending the current time.
• Added ability to specify a permissions array when registering ReportWidgets to force the user to have at least one of the specified permissions to be able to utilize the ReportWidget in question.
• Added support for counter and counterLabel to main menu items, counter will default to the sum of the relevant side menu counters unless counter is set to false.
• Added support for multi-line update messages in plugin's version.yaml file
• Now firing the backend.list.extendRecords event from the export() method when useList: true in the ImportExportController behavior.
• abort(404) now returns the backend 404 view when called in the backend (module and plugin backend controllers)
• Added plugin:list, plugin:disable Author.Plugin, plugin:enable Author.Plugin Artisan CLI commands
• Added backend.layout.extendHead view event (passes $layout = 'auth.htm' | 'default.htm')
• Changed Backend\Classes\Controller to extend the base Illuminate\Routing\Controller class instead of being its own root class in order to support the middleware() method on the controllers.

Bug Fixes:

• Fixed field default values when adding new items with the Repeater or when using minItems over 0
• Fixed support for nested jsonable properties as list columns (i.e. additional_data[level_1][level_2])
• Fixed support for DataTable FormWidgets within Repeaters
• Fixed an issue where SVG menu icons wouldn't display on page load and required a repaint to actually display
• Fixed issue where the password in invitation emails was getting HTML encoded leading 123&test to become 123&test
• Fixed issue with AJAX handlers in ReportWidgets, specifically related to issues with the widget aliases not being set correctly
• Fixed issue with being unable to use the second datepicker field's popup for a daterange filter inside of a popup
• Fixed issue with multibyte slugs, reduced default max length from 240 to 175 to account for the default DB charset of utf8mb4
• Fixed the hasMany relationship when not using the model's primary key as the the relationship's key
• Fixed issue where attempting to install plugins from the winter:install CLI command wouldn't work due to plugins attempting to install themselves before Winter itself was configured.
• Return a 500 response instead of a 200 response when an exception is thrown during the compiling of an asset file using the AssetCombiner
• Fixed minor CSS bug in Firefox (user deleted message on the user detail's page)
• Fixed error "Invalid security token" when trying to login to the backend by instructing the browser to clear it's cache on signin and signout as well as unregistering any service workers on the login action

Translation Improvements:

• Improved Hungarian translation
• Improved Turkish translation
• Improved French translation
• Improved Arabic translation

Performance Improvements:

• Refactored stripe-loading-indicator to use CSS transforms instead of animating the width property to improve rendering performance.

v1.0.447

UX/UI Improvements:

• Added Backend 404 page, throw 404 instead of an exception on missing backend controller actions when debug mode is disabled.
• Added "Go to previous page" link to the Backend Access Denied page

API Changes:

• Renamed the Lists widget's prepareModel() method to prepareQuery() instead.
• Provided the containing Form widget to FormWidgetBases instances as $widget->getParentForm() to enable complex FormWidgets to correctly obtain their containing Form widget instance.
• Implemented automatic backend URL generation for protected file's getPath() and getThumb() methods
• Added returnResponse parameter to output() and outputThumb() methods on the Winter\Rain\Database\Attach\File class to return Response objects instead of outputting the response headers and content directly.
• Added validateUserModel() method to the AuthManager class to provide an opportunity to reject a user's login
• Added step, min, & max options to the number field type.
• Added support for the recordfinder FormWidget to be used without a relationship definition through the useRelation: false and modelClass config properties
• Added support for the brand.faviconPath config option (and backend customization option) to load a custom favicon for the backend to use
• Added support for the data-request-url attribute to change the URL that the AJAX API fires an AJAX request to
• Added getClassMethods() method to the ExtendableTrait as a replacement for get_class_methods() to include the dynamic methods that are available within the class as well
• File models will now attempt to get the backend files controller path instead of the public path for private files. This may be a breaking change if you had previously misconfigured your server so that the private upload directory was publicly accessible and you were relying on private files being visible to public visitors.

Bug Fixes:

• Fixed issue when the user's current page number for the list widget no longer existed (for any number of reasons) causing them to become stuck on a non-existent page. Fixed by using the last available page number in that case.
• Fixed Filter options being escaped twice (once by Mustache, once by the internal options retrieval logic)
• Fixed being unable to detect the Enter and Backspace / Delete keys in the keydown.oc.richeditor event by attaching the event before internal Froala capturing events are run.
• Fix the input trigger API where a form element doesn't exist
• Fixed returning false from model.beforeValidate not halting the validation process.
• Fixed FormWidgets not picking up the correct previewMode setting from their parent Form on AJAX requests that do not call the parent Form's render() method.
• Reduced reliance on the CMS module from the Backend module to improve stability of instances that just use the Backend and System modules (i.e. web applications)
• Only translate default values when they are strings (not arrays as in the case of default values for Repeaters).
• Fixed display of the "Clear search" button in various contexts
• Improved error messages in the YAML parser
• Fixed issue from Build 1.0.444 where tabs and tables were no longer horizontally scrollable on touch devices
• Fixed issue with simplePaginate using Laravel's translation system for Next & Previous which doesn't work in Winter
• Fixed insidious bug where HasOne relationship's getSimpleValue would return the key of the parent record, not of the actual related record.
• Fixed issue introduced in Build 1.0.446 where some media URLs would contain the base folder twice in a row
• Fixed issue with expanding / collapsing the side menu items within the backend settings section
• Fixed the Repeater's "Add item" (grouped mode) popover in a popup context
• Fixed dropdown's support for the placeholder attribute.

Security Improvements

• Added escaping to more variables to prevent potential XSS attacks

Community Improvements:

• Now running automatic CI tests with PHP 7.3

Documentation Improvements:

• Added better documentation on how to register custom validation rules within plugins, credit to Ben Thomson

v1.0.446

API Changes:

• Added format property to text and number type columns which runs the value through sprintf using the provided format.
• Added new nestedform widget that allows you to infinetly nest forms inside of each other for maximum reusability of fields that are stored in model array attributes (such as jsonable or encryptable)
• Added option as an alias for alt in input.hotkey.js for Mac developers
• Pass the originating event object to the callback function in input.hotkey.js as the third parameter
• Added backend.manage_default_dashboard permission to lock down who has access to change the system's default dashboard configuration

Bug Fixes:

• Fixed issue with the backend upgrade process to Build 1.0.444 where the user model would be retrieved before running the migration that added the deleted_at column to the users table
• Fixed support for the placeholder option on richeditor fields
• Fixed issue where using the clear search button in a Search widget that was within an HTML form element would cause the form to submit

Translation Improvements:

• Minor improvements to Brazilian Portugese translation
• Improvements to Spanish translation

Community Improvements:

• Updated the Winter CMS Contributing Guidelines
• Added issue & PR templates
• Moved Code of Conduct to it's own file

v1.0.445

Bug Fixes:

• Fixed issue where new installs would fail on running migrations that used the User model before the deleted_at column was added to the users table

v1.0.444

UX/UI Improvements:

• Replaced the PNG flag icons with the flag-icon-css library that uses SVGs and has more flags available.
• Added filters to the backend logging pages (access, theme, event)
• Icons added to the Status dashboard widget
• Icon added to CMS section to see the last modified date of files
• Resize popovers dynamically when the viewport resizes
• Added ability to define icons for tabs
• Added "Apply" & "Clear" buttons to filter popups
• Added support for 'auto' placement of the time picker widget (based on viewport)
• Added ability to install Winter.Drivers and RainLab.Builder plugins from the winter:install command
• Added readOnly support to RecordFinder, Switch, & Relation form widgets
• Improved the visibility of the code editor control buttons
• Collapse folders in the CMS by default
• Changed the number field type to actually use the HTML5 'number' input type
• Added clear search button when the search widget has content in it
• Improve Datatable dropdown UX, now able to type partial options to select them and use arrow keys to navigate the items

API Changes:

• Added support for registerMailTemplates and registerMailPartials in the Plugin registration file
• Added support for the placeholder property in the TagList FormWidget
• Added @framework.extras.js and @framework.extras.css file specific aliases to the combiner (Previously they were both combined under the 'framework.js' alias which is still available)
• Added translation support to the 'default' form field property
• Added change detection on the relation controller so that dependsOn can be used on relation controller’s containing fields
• Remove unused X-UA-Compatible meta tag from backend layout
• Implemented SoftDeleting of backend users
• Added ablitity to specify custom paginators for use with the database builder
• Added translator.beforeResolve event to override language strings passed through the translator
• Added addPurgeable() method to the base Halcyon model, automatically included dynamically added properties to the purgeable properties list.

Bug Fixes:

• Added a missing content-type header to CSV exports
• Improved table column width handling in Chrome
• Improved compatibility with using CloudFlare performance tools on backend routes
• Fixed z-index conflict for the markdown editor when in full screen mode
• Fixed file upload fields not correctly saving in the relation controller create popup
• Fixed issue where using Ctrl+F would mark the code editor as "dirty"
• Fixed filter popups not displaying when in a popup modal
• Improved relation controller’s handling of VARCHAR keys
• Fixed not being able to delete asset files in the CMS
• Fixed minItems & maxItems support for Repeaters using groups
• Prevent plugins that cannot be instantiated from being loaded (fixes issues with plugins that include reserved words in their namespaces crashing the whole application)
• Improved CSS minification effectiveness
• Fixed Queued event listeners

Security Improvements

• Escape output of various variables displayed in the backend to prevent theoretical XSS attacks
• Prevent access to controllers of disabled plugins
• Flush the entire session on logout, not just the authentication key

Translation Improvements:

• Minor improvements to the Slovak translation
• Additions to the Dutch translation

Performance Improvements:

• Improved HasMany performance by no longer instantiating a full Collection object when getting the simple value for the relationship
• Improved List performance by only loading necessary data for getRecordUrl instead of loading all model data for each row.

Dependencies

• jQuery updated from 2.0 to 3.3.1
• jQuery Migrate was added, included by default with the @jquery alias
• Modernizr updated from 2.8.3 to 3.6.0
• Moments.js & Timezone from 2.13.0 to 2.22.0
• Raphaël updated from 2.1.2 to 2.2.7
• Eve.js updated from 0.4.2 to 0.5.4
• jQuery.isotope.js updated from 1.5.26 to 3.0.6