aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2021-09-19Pre-select the current user in page/post formThomas Lange2-2/+4
Pre-select the user with the user ID of the current session in the forms for creating a page or a post. This fixes the problem that occurs if one have multiple users in the database, but the create forms were not using the *current* logged-in user as the default selected user. The forms for modifying a page or post are not affected because they use the ID from "$FORM['DATA']['USER']" for selecting the correct user. This key is undefined on the create forms, so we use "$_SESSION['USER_ID']" for selecting the default user for creating new pages and posts.
2021-09-19Rename some session array keysThomas Lange2-5/+5
* Rename "auth" to "USER_ID" * Rename "token" to "CSRF_TOKEN"
2021-08-29Check for "is_file" in the SPL class autoloaderThomas Lange1-4/+8
2021-08-26Add underline for blue hyperlinks in admin themeThomas Lange3-3/+16
2021-08-26Don't use wrapper function "escapeHTML" internallyThomas Lange1-2/+2
Don't use the template function "escapeHTML" internally and replace all occurrences outside of the template files with "htmlspecialchars".
2021-08-26Explicitly set placeholder color for admin themeThomas Lange3-0/+24
Explicitly set the placeholder color and opacity for the form fields of the admin theme as the various browsers are using different defaults.
2021-08-26Explicitly set scrollbar colors for admin themeThomas Lange5-0/+108
Explicitly set the scrollbar colors for the admin theme instead of using the default colors of the web browser and integrate the scrollbar colors better into the user-selected color scheme (bright or dark).
2021-08-10Exclude "_modified" property from "getAll" methodThomas Lange1-0/+1
The "getAll" method of the Entity class should return an array with real attributes of the Entity object but not internally used properties.
2021-08-10Add "getModifiedKeys" method to EntityInterfaceThomas Lange1-0/+1
2021-08-10Declare "set" method of Entity class as voidThomas Lange2-4/+3
2021-08-10Add a better mechanism to detect Entity changesThomas Lange7-61/+68
Implement and use a better mechanism to detect changes of attributes of the Entity objects by using a private variable which keeps track of the changed Entity attributes ("properties") via the "set" method. The "insert" and "update" method of the Repository now calls the method "getModifiedKeys" of the Entity class to get a list of properties which have been changed and builds the database query accordingly. This makes the use of "FALSE" as default value for the Entity attributes obsolete, so they have been set to the initial PHP default ("NULL").
2021-08-10Clear floating for #message-list-wrapperThomas Lange3-0/+3
2021-08-09Merge regex pattern for search and feed controllerThomas Lange1-17/+5
2021-08-09Show ID in the heading of the update templateThomas Lange4-4/+16
Show the current entity ID right-floated in the update.php templates.
2021-08-09Show action button list in entity update templateThomas Lange7-4/+23
Add a link to the current entity on the website and a link to the entity delete form in the administration area's update.php templates.
2021-08-09Pass entity template data to the update templateThomas Lange4-0/+4
2021-08-09Fix some inconsistent variable namesThomas Lange4-12/+12
2021-08-05Update link to MySQL documentation in translationsThomas Lange4-6/+6
Since the introduction of the category system, the application requires MySQL >= 8.0, so we should update the links to the documentation of the MySQL search functionality to match the minimum required MySQL version.
2021-08-05Enhance error message for invalid CSRF tokenThomas Lange2-2/+2
2021-08-05Don't check return value of insert/delete methodsThomas Lange8-24/+16
Don't check the return value of the Repository's "insert" and "delete" methods in the administration controllers for creating and modifying entities since a PDOException is thrown if an error occurs.
2021-08-05Show error message if CSRF token does not matchesThomas Lange6-49/+69
Print an error message for various actions in the administration area if the security token is invalid, instead of silently preventing the user's desired action to perform if the token is invalid for some reason. This change applies for the delete actions on all entity types and also for the login action and the database command execution form; the forms for creating/modifying entities had already shown a CSRF error before.
2021-08-05Simplify the insert/update HTTP-POST params checkThomas Lange8-8/+8
Simplify the HTTP-POST parameter presence check in the administration controllers for creating and modifying entities. Since we already use fallback values for each attribute, we don't need a full param check.
2021-08-04Use "strpos" to validate "If-None-Match" headerThomas Lange1-14/+5
Remove those "trim" calls and use "strpos" to check if the ETag value generated by the system is contained somewhere in the "If-None-Match" request header sent by the client (if present). With this commit, the ETag header validation now also works with nginx. The nginx web server prefixes the "ETag" header generated by the system with the string "W/" which caused the previous validation code to fail. Instead of using multiple "trim" calls or "preg_replace", we now use a single, simple and fast "strpos" call to check if the system generated Etag hash value is contained in the "If-None-Match" request header.
2021-08-04Add explicit parameter types for the "exit" methodThomas Lange1-1/+1
2021-08-04Move error page logic into the Application classThomas Lange3-30/+16
Move the logic for generating the error pages into the Application class to remove this ugly "require" call in the error403 and error404 methods.
2021-08-04Add trailing slash to forbidden directory rulesThomas Lange2-2/+2
2021-08-03Update readme.mdThomas Lange1-2/+2
2021-08-03Show current page in categories <title> elementThomas Lange3-1/+12
Posts in a category are paginated, so display the number of the current page in square brackets within the categories <title> element.
2021-07-29Update the Apache and nginx configuration filesThomas Lange2-20/+27
2021-07-28Use foreach loop for registering the item routesThomas Lange1-34/+15
Reduce some boilerplate code in the index.php by using a foreach loop to register the routes for the various item controllers.
2021-07-28Migrator: Don't recreate Language object anymoreThomas Lange2-13/+12
Do not force the recreation of the Language object in the migrations.php file anymore by changing the include position of the migrations.php (and the functions.php) in the application.php file a bit to the top.
2021-07-28Add "required" attribute to required form fieldsThomas Lange8-15/+15
2021-07-24Update CSS for "code" tag in error message boxThomas Lange3-0/+13
2021-07-24Language: Put search query between HTML "code" tagThomas Lange2-2/+2
2021-07-24Show message if search was not successfulThomas Lange2-2/+12
Show a message in the administration area's post and page search form if the search query returned no results.
2021-07-24Create feed item's GUID manually in template fileThomas Lange3-13/+5
Do not rely on the "$POST['GUID']" template parameter anymore and create the GUID for the feed item manually in the feed item's template file. The application internal function "generatePseudoGUID" has been removed and the function "generateItemTemplateData" will not return the "GUID" part anymore (which was only used by the feed item template anyway). For backward compatibility, the "$POST['GUID']" template parameter will still be present in the feed item template, but not in other templates!
2021-07-24Remove configuration option "POST.FEED_GUID"Thomas Lange2-15/+5
Remove the configuration option "POST.FEED_GUID" that contained the name of the columns from the database which were passed to the SHA1 function for generating the pseudo GUID for the items in the RSS feed.
2021-07-24Use correct config option for redirect singlesThomas Lange4-4/+4
In addition to the last commit, use the correct configuration option in the code to check if single items should be redirected.
2021-07-24Rename configuration options "*.SINGLE_REDIRECT"Thomas Lange1-4/+4
Rename the config options "(CATEGORY|PAGE|POST|USER).SINGLE_REDIRECT" to to "(CATEGORY|PAGE|POST|USER).REDIRECT_SINGLE".
2021-07-23Decrease default feed size from 25 to 10 itemsThomas Lange1-1/+1
2021-07-22Add quick link from category item to post searchThomas Lange1-0/+1
Add a quick link to the post search in the administration area with the category of the item preselected to search only posts in this category.
2021-07-22Add "autofocus" attribute to HTML form fieldsThomas Lange8-8/+8
2021-07-22Add user and category filter on post searchThomas Lange3-2/+84
Add a user and category filter option for the post search in the administration area. Filter on default theme is followed later.
2021-07-22Move repository search functionality into a traitThomas Lange4-99/+109
Move the methods for the search functionality of the abstract Repository class into a separate trait and use it in the Page and Post repository. The reason because of this is that only the Page and Post repositories having a search functionality, while the other repositories have not.
2021-07-22Catch possible PDOException for search requestThomas Lange5-8/+46
Catch possible PDOException on search requests with queries like "*" and pass the exception message to the template for displaying.
2021-07-22Add pagination for search resultsThomas Lange7-15/+116
Add pagination for search results in the admin and default theme.
2021-07-22Bugfix: Escape "%" in URL params for sprintfThomas Lange1-0/+1
Escape possible percent characters ("%") in the URL params for sprintf. Otherwise the pagination template breaks if URL params which contain a percent sign are merged into the pagination URL.
2021-07-22Add LIMIT and OFFSET parameters for search methodThomas Lange1-3/+7
2021-07-22Merge GET parameters into pagination URLThomas Lange1-1/+4
2021-07-22Add demo category and update other demo entitiesThomas Lange1-4/+6