Releases: wintercms/winter
Releases · wintercms/winter
v1.0.453
Bug Fixes:
- Truncate URLs in the Request Log to 191 characters instead of 255 to reflect the default DB schema of utf8mb4
- Fixed issue introduced in Build 1.0.452 where all themes would have their configuration cached under the same key causing issues when switching themes.
- Improve tab usability on mobile by disabling the swipe-to-change-tabs feature as it conflicted with tabs that had horizontal scrollable content.
Security Improvements
- Escape more user provided inputs in the backend to minimize potential XSS
Translation Improvements:
- Improved Viatnamese & Serbian input preset character mapping
Community Improvements:
- Setup a Discord server to experiment with potentially moving to Discord: https://discord.gg/D5MFSPH6Ux
v1.0.452
UX/UI Improvements:
- Force values that would overflow a
.form-control
container to wrap to the next line instead of overflowing the field - Fixed minor visual glitch in the Insert URL popup of Froala
API Changes:
- Added
oc.inputPreset.beforeUpdate
JS event to theinput.preset.js
logic - Added support for optional
$options
parameter to theFormController
'sformRenderField($name, $options)
method to be passed to theForm
widget'srenderField($name, $options)
method. - Added
role="form"
attribute to output ofForm::open()
- Added automatic conversion of array notation to dot notation in validation rules (
attribute[nested]
toattribute.nested
, etc) - Added
cache
attribute to attributes supported byaddJs($script, $attributes)
to enable disabling the CloudFlare RocketLoader which causes issues in the backend. - Simplified how the
Repeater
FormWidget works internally which should resolve some sporadic issues. - Now using an embedded
Form
widget to processFileUpload
file properties (liketitle
anddescription
). This enables dynamic extension of this form. - Added automatic mimetype detection of
.svg
files asimage/svg+xml
- Added
relationGetManageWidget()
andrelationGetViewWidget()
methods to theRelationController
behavior. - Added
hasFatalError()
andgetFatalError()
methods to theErrorMaker
trait - Return 404 when attempting to visit
/error
directly when debug mode disabled - Added ability to make wildcard URL parameters optional.
- Added support for morphOne relations in backend list columns
Bug Fixes:
- Fixed issue with the
DataTable
FormWidget being unable to dynamically get dropdown options - Fixed issue where
Form
widgets attached to the CMS backend controller would have a different alias on every request causing features that relied on consistent aliases to break (namely grouped repeaters in the CMS / RainLab.Pages section) - Fixed issue where the
text
filter used a hardcoded widget alias instead ofgetEventHandler()
- Fixed issue where when inserting an image with the
mediafinder
into aricheditor
field, the image could sometimes be inserted at the top of the content instead of where the cursor was when it was originally selected - Fix ability to clear
RecordFinder
fields whenuseRelation
is set tofalse
- Fixed issues introduced in Build #449 with regards to the "Image not found" message showing up at incorrect times for the
MediaFinder
formwidget - Fixed a bug where
track-input
triggered requests could return incorrect results by waiting until input is finished to fire requests triggered by tracking input - Fixed bug where inserting a link reference to a home page (
/
) in the RichEditor through the page selection dialog would actually insert an empty link reference instead. - Fixed issue where a scheduled command could be run before the database is initially populated which could cause issues if that command attempted to access the database.
- Fixed support for Laravel's automatic package discovery feature
Security Improvements
- Prevent public functions on backend
ControllerBehavior
s from being run as controller actions unless intended to do that.
Translation Improvements:
- Improved Arabic translation
- Improved Hungarian translation
- Improved Spanish (Argentina) translation
Performance Improvements:
- Added preloading of all essential scripts in the backend to improve performance
- Improved performance when utilizing remote storage drivers by caching the results of
hasFile()
. - Cached the parsed theme configuration to improve performance on subsequent page loads
Dependencies
- Updated jQuery from V3.3.1 to V3.4.0
v1.0.451
UX/UI Improvements:
- Added support for
previewMode
to themarkdown
FormWidget
API Changes:
- Added new configuration option
database.useConfigForTesting
to change the default behaviour of using the in-memory Sqlite DB driver for running automated tests to using whatever connection is defined by your configuration. - Added
defaultFormatOptions
to theImportExportBehavior
to override the default format options to be used when exporting
Bug Fixes:
- Fixed support for migration files in subdirectories
- Fixed
colorpicker
FormWidgets being unable to be manually updated while inside of a popup modal - Fixed issue with getting request input from
get()
andpost()
that were introduced in Build 1.0.450. - Fixed issue where grouped repeaters stopped working in Build 1.0.449
Translation Improvements:
- Improved Russian translation
v1.0.450
API Changes:
input()
,get()
, &post()
now pull values from theRequest
app container instead of directly from the PHP superglobals- Execution context is now handled in the application container
- All uses of of
exit()
ordie()
removed to support being run under a concurrent server (i.e. Swoole)
Bug Fixes:
- Updated Froala license key
v1.0.449
UX/UI Improvements:
- Redirect users with the
manage_theme_options
(but not themanage_themes
) permission directly to the Customize theme page - Dashboard now uses a 12-column layout instead of a 10-column layout
- Show a "not found" message when the image selected by a
mediafinder
FormWidget does not exist - Added link to backend updates page to see a detailed changelog for the current build
- Minor improvements to the styling of the clear search button
API Changes:
- Support
enableDefaults
on repeaters using grouped mode - Simplified the
Repeater
item's data saving process by calling each item'sForm
widget'sgetSaveData()
method instead of attempting to process the data directly. - Disabled
FormWidget
s are now ignored in theForm
widget'sgetSaveData()
method just like regular form fields are. - Backend Controller middleware support has been changed to only support 'after' middleware as it requires instantiating plugin controllers in order to retrieve the middleware that they have registered, which calls the constructor for those controllers; which is where the problem is (Controller constructors often, for one reason or another, do things that require the session to be started, for instance, getting the current user)
- Added support for
headCssClass
in theLists
widget's column definitions to specify a CSS class to be added to the table header cell for that column. - Added
allowTrashedSlugs
property to models that use theSluggable
andSoftDelete
database traits to include the slugs of records that have been soft deleted when checking to see if a slug already exists.
Bug Fixes:
- Fixed Save & Close button on the
ThemeOptions
update view - Fixed long standing issue with being unable to update translated values with the RelationController
- Fixed issue where Repeaters with the same field names being bound to the same controller would cause confusing conflicts as they tried to process each other's data.
- Fixed issue where having the CMS module present but disabled would still try to handle backend 404's with the CMS controller.
- Fixed issue where multiple
Filter
widgets could not exist on the same page at the same time. - Fixed support for migration files with extra
.
s in their file names (ex.1.0.5.update_posts.php
) - Fixed issue where the popup loading indicator would sometimes not close after the request had finished loading
- Improved FireFox & IE11 support by fixing race conditions in backend JS
Translation Improvements:
- Improved French translation
Community Improvements:
- Added guidelines for updating JS dependencies used in the Winter CMS core
Dependencies
- Fixed issue with Twig 2.7.4
- Replaced all deprecated Twig PSR-0 class references with the new PSR-4 class references.
- Updated Froala to 2.9.3
v1.0.448
UX/UI Improvements:
- Improved consistency of file size displayed in the
FileUpload
FormWidget between upload and page load actions - Added
Inline (No icons)
navigation mode to the branding settings
API Changes:
- Changed
filter.js
to fire AJAX requests on the filter control element instead of the closestform
element - Changed the
datepicker
FormWidget when in modedate
to send a DateTime string with zeroed time (according to theapp.timezone
configuration) using the client's timezone. This is a change from the previous behaviour of sending the current time. - Added ability to specify a
permissions
array when registeringReportWidgets
to force the user to have at least one of the specified permissions to be able to utilize theReportWidget
in question. - Added support for
counter
andcounterLabel
to main menu items,counter
will default to the sum of the relevant side menucounter
s unlesscounter
is set to false. - Added support for multi-line update messages in plugin's
version.yaml
file - Now firing the
backend.list.extendRecords
event from theexport()
method whenuseList: true
in theImportExportController
behavior. abort(404)
now returns the backend 404 view when called in the backend (module and plugin backend controllers)- Added
plugin:list
,plugin:disable Author.Plugin
,plugin:enable Author.Plugin
Artisan CLI commands - Added
backend.layout.extendHead
view event (passes$layout = 'auth.htm' | 'default.htm'
) - Changed
Backend\Classes\Controller
to extend the baseIlluminate\Routing\Controller
class instead of being its own root class in order to support themiddleware()
method on the controllers.
Bug Fixes:
- Fixed field default values when adding new items with the
Repeater
or when usingminItems
over 0 - Fixed support for nested jsonable properties as list columns (i.e.
additional_data[level_1][level_2]
) - Fixed support for
DataTable
FormWidgets within Repeaters - Fixed an issue where SVG menu icons wouldn't display on page load and required a repaint to actually display
- Fixed issue where the password in invitation emails was getting HTML encoded leading
123&test
to become123&test
- Fixed issue with AJAX handlers in
ReportWidget
s, specifically related to issues with the widget aliases not being set correctly - Fixed issue with being unable to use the second datepicker field's popup for a daterange filter inside of a popup
- Fixed issue with multibyte slugs, reduced default max length from 240 to 175 to account for the default DB charset of
utf8mb4
- Fixed the
hasMany
relationship when not using the model's primary key as the the relationship's key - Fixed issue where attempting to install plugins from the
winter:install
CLI command wouldn't work due to plugins attempting to install themselves before Winter itself was configured. - Return a 500 response instead of a 200 response when an exception is thrown during the compiling of an asset file using the
AssetCombiner
- Fixed minor CSS bug in Firefox (user deleted message on the user detail's page)
- Fixed error "Invalid security token" when trying to login to the backend by instructing the browser to clear it's cache on signin and signout as well as unregistering any service workers on the login action
Translation Improvements:
- Improved Hungarian translation
- Improved Turkish translation
- Improved French translation
- Improved Arabic translation
Performance Improvements:
- Refactored
stripe-loading-indicator
to use CSS transforms instead of animating thewidth
property to improve rendering performance.
v1.0.447
UX/UI Improvements:
- Added Backend 404 page, throw 404 instead of an exception on missing backend controller actions when debug mode is disabled.
- Added "Go to previous page" link to the Backend Access Denied page
API Changes:
- Renamed the Lists widget's
prepareModel()
method toprepareQuery()
instead. - Provided the containing
Form
widget toFormWidgetBases
instances as$widget->getParentForm()
to enable complex FormWidgets to correctly obtain their containingForm
widget instance. - Implemented automatic backend URL generation for protected file's getPath() and getThumb() methods
- Added
returnResponse
parameter tooutput()
andoutputThumb()
methods on theWinter\Rain\Database\Attach\File
class to returnResponse
objects instead of outputting the response headers and content directly. - Added
validateUserModel()
method to the AuthManager class to provide an opportunity to reject a user's login - Added
step
,min
, &max
options to thenumber
field type. - Added support for the
recordfinder
FormWidget to be used without a relationship definition through theuseRelation: false
andmodelClass
config properties - Added support for the
brand.faviconPath
config option (and backend customization option) to load a custom favicon for the backend to use - Added support for the
data-request-url
attribute to change the URL that the AJAX API fires an AJAX request to - Added
getClassMethods()
method to theExtendableTrait
as a replacement forget_class_methods()
to include the dynamic methods that are available within the class as well - File models will now attempt to get the backend files controller path instead of the public path for private files. This may be a breaking change if you had previously misconfigured your server so that the private upload directory was publicly accessible and you were relying on private files being visible to public visitors.
Bug Fixes:
- Fixed issue when the user's current page number for the list widget no longer existed (for any number of reasons) causing them to become stuck on a non-existent page. Fixed by using the last available page number in that case.
- Fixed Filter options being escaped twice (once by Mustache, once by the internal options retrieval logic)
- Fixed being unable to detect the Enter and Backspace / Delete keys in the
keydown.oc.richeditor
event by attaching the event before internal Froala capturing events are run. - Fix the input trigger API where a
form
element doesn't exist - Fixed returning false from
model.beforeValidate
not halting the validation process. - Fixed FormWidgets not picking up the correct
previewMode
setting from their parent Form on AJAX requests that do not call the parent Form'srender()
method. - Reduced reliance on the CMS module from the Backend module to improve stability of instances that just use the Backend and System modules (i.e. web applications)
- Only translate default values when they are strings (not arrays as in the case of default values for Repeaters).
- Fixed display of the "Clear search" button in various contexts
- Improved error messages in the YAML parser
- Fixed issue from Build 1.0.444 where tabs and tables were no longer horizontally scrollable on touch devices
- Fixed issue with simplePaginate using Laravel's translation system for Next & Previous which doesn't work in Winter
- Fixed insidious bug where HasOne relationship's
getSimpleValue
would return the key of the parent record, not of the actual related record. - Fixed issue introduced in Build 1.0.446 where some media URLs would contain the base folder twice in a row
- Fixed issue with expanding / collapsing the side menu items within the backend settings section
- Fixed the
Repeater
's "Add item" (grouped mode) popover in a popup context - Fixed
dropdown
's support for theplaceholder
attribute.
Security Improvements
- Added escaping to more variables to prevent potential XSS attacks
Community Improvements:
- Now running automatic CI tests with PHP 7.3
Documentation Improvements:
- Added better documentation on how to register custom validation rules within plugins, credit to Ben Thomson
v1.0.446
API Changes:
- Added
format
property totext
andnumber
type columns which runs the value throughsprintf
using the providedformat
. - Added new
nestedform
widget that allows you to infinetly nest forms inside of each other for maximum reusability of fields that are stored in model array attributes (such asjsonable
orencryptable
) - Added
option
as an alias foralt
ininput.hotkey.js
for Mac developers - Pass the originating event object to the callback function in
input.hotkey.js
as the third parameter - Added
backend.manage_default_dashboard
permission to lock down who has access to change the system's default dashboard configuration
Bug Fixes:
- Fixed issue with the backend upgrade process to Build 1.0.444 where the user model would be retrieved before running the migration that added the
deleted_at
column to the users table - Fixed support for the
placeholder
option onricheditor
fields - Fixed issue where using the clear search button in a Search widget that was within an HTML form element would cause the form to submit
Translation Improvements:
- Minor improvements to Brazilian Portugese translation
- Improvements to Spanish translation
Community Improvements:
- Updated the Winter CMS Contributing Guidelines
- Added issue & PR templates
- Moved Code of Conduct to it's own file
v1.0.445
Bug Fixes:
- Fixed issue where new installs would fail on running migrations that used the User model before the deleted_at column was added to the users table
v1.0.444
UX/UI Improvements:
- Replaced the PNG flag icons with the flag-icon-css library that uses SVGs and has more flags available.
- Added filters to the backend logging pages (access, theme, event)
- Icons added to the Status dashboard widget
- Icon added to CMS section to see the last modified date of files
- Resize popovers dynamically when the viewport resizes
- Added ability to define icons for tabs
- Added "Apply" & "Clear" buttons to filter popups
- Added support for 'auto' placement of the time picker widget (based on viewport)
- Added ability to install Winter.Drivers and RainLab.Builder plugins from the winter:install command
- Added readOnly support to RecordFinder, Switch, & Relation form widgets
- Improved the visibility of the code editor control buttons
- Collapse folders in the CMS by default
- Changed the number field type to actually use the HTML5 'number' input type
- Added clear search button when the search widget has content in it
- Improve Datatable dropdown UX, now able to type partial options to select them and use arrow keys to navigate the items
API Changes:
- Added support for registerMailTemplates and registerMailPartials in the Plugin registration file
- Added support for the
placeholder
property in the TagList FormWidget - Added
@framework.extras.js
and@framework.extras.css
file specific aliases to the combiner (Previously they were both combined under the 'framework.js' alias which is still available) - Added translation support to the 'default' form field property
- Added change detection on the relation controller so that dependsOn can be used on relation controller’s containing fields
- Remove unused X-UA-Compatible meta tag from backend layout
- Implemented SoftDeleting of backend users
- Added ablitity to specify custom paginators for use with the database builder
- Added
translator.beforeResolve
event to override language strings passed through the translator - Added
addPurgeable()
method to the base Halcyon model, automatically included dynamically added properties to the purgeable properties list.
Bug Fixes:
- Added a missing content-type header to CSV exports
- Improved table column width handling in Chrome
- Improved compatibility with using CloudFlare performance tools on backend routes
- Fixed z-index conflict for the markdown editor when in full screen mode
- Fixed file upload fields not correctly saving in the relation controller create popup
- Fixed issue where using Ctrl+F would mark the code editor as "dirty"
- Fixed filter popups not displaying when in a popup modal
- Improved relation controller’s handling of VARCHAR keys
- Fixed not being able to delete asset files in the CMS
- Fixed minItems & maxItems support for Repeaters using groups
- Prevent plugins that cannot be instantiated from being loaded (fixes issues with plugins that include reserved words in their namespaces crashing the whole application)
- Improved CSS minification effectiveness
- Fixed Queued event listeners
Security Improvements
- Escape output of various variables displayed in the backend to prevent theoretical XSS attacks
- Prevent access to controllers of disabled plugins
- Flush the entire session on logout, not just the authentication key
Translation Improvements:
- Minor improvements to the Slovak translation
- Additions to the Dutch translation
Performance Improvements:
- Improved HasMany performance by no longer instantiating a full Collection object when getting the simple value for the relationship
- Improved List performance by only loading necessary data for
getRecordUrl
instead of loading all model data for each row.
Dependencies
- jQuery updated from 2.0 to 3.3.1
- jQuery Migrate was added, included by default with the
@jquery
alias - Modernizr updated from 2.8.3 to 3.6.0
- Moments.js & Timezone from 2.13.0 to 2.22.0
- Raphaël updated from 2.1.2 to 2.2.7
- Eve.js updated from 0.4.2 to 0.5.4
- jQuery.isotope.js updated from 1.5.26 to 3.0.6