| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The *content tags* are deprecated since July 2021 and have been replaced
by the more powerful *content functions*, but parsing/transforming the
old syntax was still supported until today.
This commit removes the logic to parse/transform the old *content tags*
from the codebase completely. If you are still using the old syntax in
your entities' content, you need to run a converter script.
Please look at the wiki for more information about *content functions*
and how to replace the old *content tags* with the converter script.
|
|
This script is used to convert the old *content tag* syntax to the newer
*content functions* syntax which has been introduced in July 2021.
See the wiki page for *content tags* for more details.
|
|
These content functions will return the pure URL to the corresponding
entity instead of a Markdown formatted link like the other functions.
|
|
Broken since 6f1c594 when the class name in the Fontello SCSS file has
been renamed from `fa-bars` to `fa-menu` and it was forgotten to also
change the use of the class name in the HTML template.
|
|
OLD: https://github.com/Nerdmind/Blog/wiki/Content-functions
NEW: https://github.com/Nerdmind/Blog/wiki/Content_functions
|
|
Because there currently is no sane way to escape double quotes within a
string intended to be used as title for a Markdown formatted link, just
replace the double with single quotes until a better solution is found.
Note: Just replacing with `"` will not work here because Parsedown
escapes this further to `"`.
|
|
The regular expression part `\\` must be written as `\\\\`, not `\\\` in
a PHP string variable. Although both variants (`\\\\` and `\\\`) will be
passed as `\` to the regex engine in this specific case, it's correct to
use 4 backslashes, as the PHP manual tells you:
https://www.php.net/manual/en/regexp.reference.escape.php
|
|
* Rewrite regular expressions and make them easier to read.
* Use named capture groups for backreferences and array keys.
* Allow backslash-escaping of quotes inside string arguments.
* Allow string arguments to be enclosed between single quotes.
|
|
The trailing slash on void elements (self-closing tags) doesn't have any
effect, isn't required by HTML5 and it is recommended to not use it.
|
|
|
|
Since PHP8, the second parameter for the "vsprintf" function MUST BE of
type "array", so cast the $arguments variable to "array".
|
|
If your custom theme is still using that method, you can simply upgrade
your theme by replacing all occurrences of "template" with "text":
OLD: $Language->template
NEW: $Language->text
|
|
Use SCSS variables for the background color of the header and darken it
a bit more for the dark theme of the "admin" template.
|
|
|
|
|
|
When used in the "server" context, the "try_files" directive will never
get executed if there also is a "location / {}" block specified (which
is most likely the case on a production vhost config).
|
|
SET NAMES 'utf8mb4'
|
|
with SET NAMES can you imort the file with the commandline: mysql -u root blog < core/db/database.sql
|
|
|
|
Include the category data and the category tree data in the feed item
template in the same way as on the post's "main" or "item" template.
So in the feed item template, the available parameters are now:
$POST (already existed before)
$USER (already existed before)
$CATEGORY (added with this commit)
$CATEGORIES (added with this commit)
See the template documentation in the wiki for more information.
|
|
Don't use the suppression operator "@" for the "session_start" call in
the migrations.php file, but rather check properly if there already is
an active session by checking the "session_status" return value.
|
|
The light color scheme was renamed from "main" to "bright" since the
following commit: 01cbd757d69668b39c1b072b0449b77e6e2bee8d
|
|
|
|
Pre-select the user with the user ID of the current session in the forms
for creating a page or a post. This fixes the problem that occurs if one
have multiple users in the database, but the create forms were not using
the *current* logged-in user as the default selected user.
The forms for modifying a page or post are not affected because they use
the ID from "$FORM['DATA']['USER']" for selecting the correct user. This
key is undefined on the create forms, so we use "$_SESSION['USER_ID']"
for selecting the default user for creating new pages and posts.
|
|
* Rename "auth" to "USER_ID"
* Rename "token" to "CSRF_TOKEN"
|
|
|
|
|
|
Don't use the template function "escapeHTML" internally and replace all
occurrences outside of the template files with "htmlspecialchars".
|
|
Explicitly set the placeholder color and opacity for the form fields of
the admin theme as the various browsers are using different defaults.
|
|
Explicitly set the scrollbar colors for the admin theme instead of using
the default colors of the web browser and integrate the scrollbar colors
better into the user-selected color scheme (bright or dark).
|
|
The "getAll" method of the Entity class should return an array with real
attributes of the Entity object but not internally used properties.
|
|
|
|
|
|
Implement and use a better mechanism to detect changes of attributes of
the Entity objects by using a private variable which keeps track of the
changed Entity attributes ("properties") via the "set" method.
The "insert" and "update" method of the Repository now calls the method
"getModifiedKeys" of the Entity class to get a list of properties which
have been changed and builds the database query accordingly.
This makes the use of "FALSE" as default value for the Entity attributes
obsolete, so they have been set to the initial PHP default ("NULL").
|
|
|
|
|
|
Show the current entity ID right-floated in the update.php templates.
|
|
Add a link to the current entity on the website and a link to the entity
delete form in the administration area's update.php templates.
|
|
|
|
|
|
Since the introduction of the category system, the application requires
MySQL >= 8.0, so we should update the links to the documentation of the
MySQL search functionality to match the minimum required MySQL version.
|
|
|
|
Don't check the return value of the Repository's "insert" and "delete"
methods in the administration controllers for creating and modifying
entities since a PDOException is thrown if an error occurs.
|
|
Print an error message for various actions in the administration area if
the security token is invalid, instead of silently preventing the user's
desired action to perform if the token is invalid for some reason.
This change applies for the delete actions on all entity types and also
for the login action and the database command execution form; the forms
for creating/modifying entities had already shown a CSRF error before.
|
|
Simplify the HTTP-POST parameter presence check in the administration
controllers for creating and modifying entities. Since we already use
fallback values for each attribute, we don't need a full param check.
|
|
Remove those "trim" calls and use "strpos" to check if the ETag value
generated by the system is contained somewhere in the "If-None-Match"
request header sent by the client (if present).
With this commit, the ETag header validation now also works with nginx.
The nginx web server prefixes the "ETag" header generated by the system
with the string "W/" which caused the previous validation code to fail.
Instead of using multiple "trim" calls or "preg_replace", we now use a
single, simple and fast "strpos" call to check if the system generated
Etag hash value is contained in the "If-None-Match" request header.
|
|
|
|
Move the logic for generating the error pages into the Application class
to remove this ugly "require" call in the error403 and error404 methods.
|
|
|
|
|
