Copying the latest maintenance patch for 9.2 to the GitHub repo:

 - Fixed a bug when choosing a password in the installer, where the admin installing still
   saw an incorrect message saying that the password needed to be at least 10 characters
   long. (Our password requirements are now more sophisticated.)
 - When installing the CMS, if you leave the site after running the installer but before
   picking a language, we've improved the navigation when you return.
 - Fixed a bug where the "A site is being built at this location. If you are a site
   administrator please click here" message on a fresh site would be blank in certain
   situations.

 - To reduce the filesize of our zip/tar/7z files, we no longer bundle the Payson, phpMQTT
   or YUI Compressor libraries in with the download of Zenario.
 - If you try to run our minifier tool, it will now display a message to tell you that
   Closure Compiler and YUI Compressor libraries are missing, and give you instructions on
   how to download them.
 - Fixed a bug where our minifier tool would crash with a PHP error if run on a release
   version of the CMS.

 - When registering a new custom file type, you can no longer register .phar files as an
   accepted file type.
 - .phar files are now globally blocked from being uploaded.

 - Gridmaker has received a few fixes for some visual problems that it previously had.
   You should see that elements show now correctly line up with the grid lines, rather
   than be a few pixels off as they were previously.

 - Pinning or unpinnning a content item is now flagged as a change. This means that the
   message on the admin toolbar will alert you that something has changed on a draft if it
   is pinned and the published version is unpinned (or vice versa).
 - Fixed a PHP error that appeared if you tried to edit the privacy of multiple content
   items at once.
 - Fixed a bug when editing a WYSIWYG editor next to a nest, where you could interact with
   the nest controls whilst still editing, causing buggy behaviour.
 - Fixed a bug where using the "First breadcrumb -> Use the home page" setting in the
   breadcrumbs plugin would cause a PHP notice.
 - Fixed a mistake where titles and messages in the Content Summary List plugins were
   double-escaped.

 - Fixed a bug in Organizer where junk data would sometimes appear in the
   "where it's used" column.
 - Fixed a graphical glitch where the icons in the "where it's used" column sometimes did
   not appear next to their labels.

 - We've removed support for using a video from Vimeo in the Video cType plugin, as this
   functionality was broken and not working. If you were using this feature, please
   migrate to using the HTML Snippet plugin instead.
 - Fixed a bug that prevented Vimeo videos from using their fullscreen button when
   included using the HTML Snippet plugin.
 - When displaying a list of video categories in the front end, they are now sorted by
   name and not by the order you created them in.


Finally, we've started to work towards supporting PHP version 8.1. This patch contains
several fixes that will allow Zenario to run on PHP 8.1. However, note that this is work
in progress and not yet fully complete. We are still recommending that you run Zenario
using either PHP 7.4 or 8.0 for non-development sites.

.htaccess

@@ -7,7 +7,7 @@ Options -Indexes
 <ifModule mod_headers.c>
 	Header setifempty Content-Security-Policy "default-src *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'"
 	Header setifempty Feature-Policy "sync-xhr *; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none';"
-	Header setifempty Permissions-Policy "sync-xhr=(self), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), fullscreen=(self), payment=()"
+	Header setifempty Permissions-Policy "sync-xhr=(self), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=()"
 	Header setifempty Referrer-Policy strict-origin-when-cross-origin
 	Header setifempty X-Content-Type-Options nosniff
 	Header setifempty X-Frame-Options SAMEORIGIN

package.json

@@ -28,5 +28,5 @@
 		"wowjs": "*",
 		"zxcvbn": "^4.4.2"
 	},
-	"version": "9.2.55622"
+	"version": "9.2.55826"
 }

zenario/admin/db_updates/latest_revision_no.inc.php

@@ -27,7 +27,7 @@
  */
 if (!defined('NOT_ACCESSED_DIRECTLY')) exit('This file may not be directly accessed');
 
-define('LATEST_REVISION_NO', 55051);	//N.b. 9.2 starts at revision #55140
+define('LATEST_REVISION_NO', 55052);	//N.b. 9.2 starts at revision #55140
 define('LATEST_BIG_CHANGE_REVISION_NO', 55050);
 define('INSTALLER_REVISION_NO', 53100);
 define('INSTALLER_DEFAULT_THEME', 'zebra_designs');
@@ -39,6 +39,6 @@
 define('ZENARIO_MINOR_VERSION', '2');
 define('ZENARIO_CHANGELOG_URL', 'https://zenar.io/zenario-92');
 define('ZENARIO_IS_BUILD', true);
-define('ZENARIO_REVISION', '55622');
+define('ZENARIO_REVISION', '55826');
 
 define('TINYMCE_DIR', 'zenario/libs/manually_maintained/lgpl/tinymce_4_7_3/');

zenario/admin/db_updates/step_2_update_the_database_schema/content_tables.inc.php

@@ -1609,4 +1609,11 @@
 	ALTER TABLE `[[DB_PREFIX]]spare_aliases` MODIFY COLUMN `alias` varchar(250) CHARACTER SET utf8mb4 NOT NULL
 _sql
 
-);
+);	ze\dbAdm::revision( 55052
+, <<<_sql
+	ALTER TABLE `[[DB_PREFIX]]writer_profiles`
+	DROP KEY `admin_id`,
+	ADD KEY (`admin_id`)
+_sql
+
+);

zenario/autoload/db.php

@@ -150,7 +150,9 @@ public function __construct($f) {
 
 
 //Wrapper class for a SQL query
-class queryCursor implements \Iterator {
+	//Note: I'm declaring this as an abstract class. I don't actually an an stract class, but this is going
+	//to be used as a workaround to fix a particually stupid bug in PHP further below!
+abstract class abstractQueryCursor implements \Iterator {
 	public $q;
 	protected $d = [];
 	protected $dc = 0;
@@ -306,24 +308,44 @@ public function close() {
 	protected $i = 0;
 	protected $nr;
 
-	public function rewind() {
+	public function rewind(): void {
 	}
 
-	public function next() {
+	public function next(): void {
 	}
 
-	public function valid() {
+	public function valid(): bool {
 		++$this->i;
 		return false !== ($this->nr = $this->fAssoc());
 	}
 
-	public function key() {
-		return $this->i;
-	}
+}
+
+//OK so here's the particually stupid bug in PHP.
+//Due to a breaking change, code written for PHP 7 and earlier isn't compatible
+//with code written for PHP 8.1 and later.
+//I'm forced to have a class declaration inside an if-statement, and have both versions
+//of the code, to fix it!
+if (version_compare(PHP_VERSION, '8.0.0') >= 0) {
+    class queryCursor extends abstractQueryCursor {
+		public function key(): mixed {
+			return $this->i;
+		}
 
-	public function current() {
-		return $this->nr;
-	}
+		public function current(): mixed {
+			return $this->nr;
+		}
+    }
+} else {
+    class queryCursor extends abstractQueryCursor {
+		public function key() {
+			return $this->i;
+		}
+
+		public function current() {
+			return $this->nr;
+		}
+    }
 }
 
 

zenario/autoload/escape.php

@@ -85,13 +85,13 @@ public static function hyp($text) {
 	const jsFromTwig = true;
 	//Formerly "jsEscape()"
 	public static function js($text) {
-		return strtr(addcslashes($text, "\\\n\r\"'"), ['&' => '\\x26', '<' => '\\x3c', '>' => '\\x3e', '{' => '\\x7b', '}' => '\\x7d']);
+		return strtr(addcslashes((string) $text, "\\\n\r\"'"), ['&' => '\\x26', '<' => '\\x3c', '>' => '\\x3e', '{' => '\\x7b', '}' => '\\x7d']);
 	}
 
 	const jsOnClickFromTwig = true;
 	//Formerly "jsOnClickEscape()", "jsOnclickEscape()"
 	public static function jsOnClick($text) {
-		return htmlspecialchars(addcslashes($text, "\\\n\r\"'"));
+		return htmlspecialchars(addcslashes((string) $text, "\\\n\r\"'"));
 	}
 
 	public static function utf($string) {

zenario/autoload/file.php

@@ -606,6 +606,7 @@ public static function isExecutable($extension) {
 			case 'exe':
 			case 'js':
 			case 'jsp':
+			case 'phar':
 			case 'php':
 			case 'php3':
 			case 'ph3':

zenario/autoload/fileAdm.php

@@ -441,6 +441,7 @@ public static function getImageUsage($imageId) {
               AND in_use = 1
 			  AND archived = 0
 			  AND foreign_key_to IN ('content', 'library_plugin', 'menu_node', 'email_template', 'newsletter', 'newsletter_template') 
+			  AND foreign_key_id != 0
 			GROUP BY foreign_key_to, is_nest, is_slideshow
 		") as $ucat) {
 			$keyTo = $ucat['foreign_key_to'];

zenario/autoload/fun/showStartSitePageIfNeeded.php

@@ -29,6 +29,10 @@
 
 \ze\cookie::startSession();
 
+
+//If the site is not yet correctly set up, display the logo and a message
+//if someone tries to access it.
+
 $logoURL = $logoWidth = $logoHeight = false;
 if (\ze::$dbL
  && \ze::setting('brand_logo') == 'custom'
@@ -41,6 +45,10 @@
 }
 
 
+$errorTitle = \ze::setting('site_disabled_title');
+
+
+//Display a different message and/or destination URL depending on the situation.
 if ($reportDBOutOfDate && \ze\priv::check()) {
 	$errorMessage = '<p>This site is currently unavailable because a major database update needs to be applied.</p><p>Please go to <a href="[[admin_link]]">/admin</a> to apply the update.</p>';
 	$adminLink = \ze\link::absolute(). 'admin.php';
@@ -61,13 +69,23 @@
 	$adminLink = \ze\link::absolute(). 'admin.php?og=zenario__organizer/panels/start_page';
 }
 
+
+//If the error title and error message are ever missing for whatever reason,
+//instead of displaying a blank message, use their default values.
+if (!$errorTitle || empty(trim($errorTitle))) {
+	$errorTitle = 'Welcome';
+}
+if (!$errorMessage || empty(trim($errorMessage))) {
+	$errorMessage = '<p>A site is being built at this location.</p><p><span class="x-small">If you are a site administrator please <a href="[[admin_link]]">click here</a> to manage your site.</span></p>';
+}
+
 $errorMessage = \ze\admin::phrase($errorMessage, ['admin_link' => htmlspecialchars($adminLink)]);
 
 
 echo '
 <html>
 	<head>
-		<title>', \ze::setting('site_disabled_title'), '</title>
+		<title>', htmlspecialchars($errorTitle), '</title>
 		<style type="text/css">
 			div, p {
 				color: #9a9a9a; font-family: Verdana,Tahoma,Arial,Helvetica,sans-serif;
@@ -116,9 +134,9 @@
 </html>';
 
 
+//If a visitor has discovered a site that's missing database updates, warn the site admin.
 if ($reportDBOutOfDate && !\ze\priv::check()) {
 	\ze\db::reportError('Database update needed at',
 'This site is currently unavailable because a major database update needs to be applied.
 Please go to '. \ze\link::absolute(). 'admin to apply the update.');
 }
-

zenario/autoload/fun/startIncludeAdminControls.php

@@ -65,7 +65,7 @@
 				href="', $organizerLink, $nestPath, '~.plugin_settings~tbreadcrumbs~k', htmlspecialchars(json_encode(['instanceId' => $this->instanceId])), '"
 				class="zenario_slotButton zenario_editNestedPlugin"
 				id="', $this->containerId, '-egg"
-				onclick="return zenarioA.pluginSlotEditSettings(this, \'', $this->slotName, '\');"
+				onclick="if (zenarioA.checkForEdits()) zenarioA.pluginSlotEditSettings(this, \'', $this->slotName, '\'); return false;"
 				title="'. htmlspecialchars($tooltip). '"
 				data-tooltip-options=\'{"tooltipClass": "zenario_admin_tooltip"}\'
 			><span></span></a>';
@@ -92,7 +92,7 @@ class="zenario_slotButton zenario_editNestedPlugin"
 				href="', $organizerLink, $nestPath, $this->eggId, '~.plugin_settings~k', htmlspecialchars(json_encode(['eggId' => $this->eggId])), '"
 				class="zenario_slotButton zenario_editNestedPlugin"
 				id="', $this->containerId, '-egg"
-				onclick="return zenarioA.pluginSlotEditSettings(this, \'', $this->slotName, '\', false, {eggId: ', (int) $this->eggId, '});"
+				onclick="if (zenarioA.checkForEdits()) zenarioA.pluginSlotEditSettings(this, \'', $this->slotName, '\', false, {eggId: ', (int) $this->eggId, '}); return false;"
 				title="'. htmlspecialchars($tooltip). '"
 				data-tooltip-options=\'{"tooltipClass": "zenario_admin_tooltip zenario_plugin_info_tooltip"}\'
 			><span></span></a>
@@ -101,14 +101,17 @@ class="zenario_slotButton zenario_editNestedPlugin"
 				class="zenario_slotButton zenario_nestedPluginOptions"
 				id="', $this->containerId, '-egg-options"
 				onclick="', "
-					return zenarioAT.organizerQuick(
-						'", $nestPath, $this->eggId, "',
-						'zenario__modules/panels/nested_plugins',
-						false,
-						'", ze\escape::js($this->slotName), "',
-						false,
-						". ze\ring::engToBoolean($this->isVersionControlled). ",
-						this);", '"
+					if (zenarioA.checkForEdits())
+						zenarioAT.organizerQuick(
+							'", $nestPath, $this->eggId, "',
+							'zenario__modules/panels/nested_plugins',
+							false,
+							'", ze\escape::js($this->slotName), "',
+							false,
+							". ze\ring::engToBoolean($this->isVersionControlled). ",
+							this
+						);
+					return false;", '"
 			><span></span></a>';
 	}