Zenario 10.1

Version 10.1 of Zenario is now publicly available.

This version introduces a restructure to Nests and Slideshows, which makes setting up a nest or a slideshow a little more simple, whilst still keeping the more complicated controls available to advanced users.

Major changes

Nests and slideshows now more mobile-friendly

We have re-organised the system of Nests and Slideshows. There are now three kinds:

• Nests — Used for a nest with multiple slides. SEO friendly when used on public pages
• Ajax Nests — Used for a nest with one or multiple slides. Only one slide is loaded on the client browser at a time, and transitions between slides are implemented using AJAX (server-side calls). This type allows use of Conductor for advanced nest configurations such as to build multi-panel and multi-level dashboards
• Slideshows — Used typically for animated image-based hero graphics, but still with many further customisation options.

The key improvement in search engine terms is that regular nest slides are preloaded on the client browser, and transitions are implemented using JavaScript. This means their content can be read by search engine bots, and so all slides of a regular nest can be indexed.

Conductor-based nests

You can now make Conductor-based nests which have multiple slides, and use a Banner plugin on a slide to link to another slide.

Accordions!

Zenario now supports a nest-based way of creating "accordions".

The new 'Appearance' setting in the Nests plugin allows content to be displayed as accordions. This feature enables you to organize content into multiple collapsible sections.

The 'Accordions' tab provides several customization options, allowing you to control whether the first slide opens automatically on page load, whether all slides can be closed at once, and whether multiple slides can be expanded simultaneously.

Image handling with WebP

In Zenario 10.1 we're now using the WebP image format for all images in the public/ directory.

Although Zenario accepts original images in PNG and JPG format, all images that are going to be delivered to a visitor's browser are re-formatted into WebP format for higher performance.

The migration script to migrate to Zenario 10.1 will generate a WebP version of every publicly accessible image on the site. On a site with large images, this may take some time, but after that one-off delay performance should be faster and disk usage should be reduced compared with 10.0.

Note that very large images (over 3,000 px in either dimension), will be left in their original format, as the performance gain is then quite minor.

Other image-related changes

There's now a better system for auto-generating ALT tags for images when images are uploaded. (The ALT tag can still be edited by an administrator as required).

Document storage in the docstore

In Zenario 10.1 we've changed the format of the directory structure in the docstore directory.

Until Zenario 10.0, files were stored in its sub-directories using a naming convention where the folder name is the filename's short checksum.

Starting in 10.1, Zenario uses a sub-directory that groups files according to how they are used, their “usage”. It now has an extra level of sub-directory, in the naming convention usage/[filename-checksum]/.

This migration script will attempt to change the docstore at/to the new naming convention. (It will first perform a check to ensure it is writable).

Any sub-directories that do not have corresponding “usage” entries in the database will be moved into a new subdirectory called _uncategorised/.

There is a warning on the admin login/diagnostics page to warn that changes are about to be made to the structure of the docstore. 

Admin toolbar

We have improved the design of the admin toolbar so that there's more real estate for it to accommodate a larger number of languages. For example, a site can more easily be built for EU countries with 26 languages.

Slot Inspector

When using "Tools" view, if an administrator now wants to add something into slot, they now click "Insert plugin/nest/slideshow", and then a further interface takes them through the process of creating and/or inserting a plugin, nest or slideshow into the slot.

Similarly, there is now a Copy action to copy a plugin, nest or slideshow to another slot.

Staging mode

When viewing a page in staging mode, the small orange panel for invitees now has a link to the content item (which is useful if the invitee is also an administrator).

Document content items

Document content items now have retina quality image support on their thumbnails.

Forms

In the Forms editor, we have improved the order of fields that can be added from the left-hand side.

When a form response causes Zenario to send an email, the Sent Email Log now shows the email that was sent, and which form response generated it.

When using the Forms editor, and specifying that a field's visibility should be dependent on a second field, then we provide better information and warnings under certain conditions.

It is now possible to delete a form from the archived forms panel.

It is now no longer possible to edit the settings or fields of an archived form.

In the Forms editor, there is now validation to ensure that calculated fields cannot be placed within a repeat block, which would cause a bug.

When a form response causes Zenario to send an email, the Sent Email Log now shows the email and which form response generated it.

It is now no longer possible to edit the settings or fields of an archived form.

Where a form has calculated fields (i.e. a numeric field calculated on the fly from another field), we have now fixed an occasional difference between the JS and PHP calculations.

There is now validation to ensure that calculated fields cannot be placed within a repeat block, which would cause a bug.

Hierarchical documents

Fixed a bug whereby when a hierarchical document had multi-checkbox data, the data failed to be cleared from the database when the document was deleted.

Locations

When editing a location and selecting an image from the image library, an admin may only select images that are public (not private).

Organization Manager

There has been some inconsistent wording in modules related to organizations, companies, and customers. We have improved the wording to now refer consistently to "organizations" (with the US-style spelling).

Extranet sites

The Registration form plugin now has better support for custom fields, by making a "picker" button available so that the administrator can pick custom fields from the Users dataset and make them appear on the registration form.

User timers can now be extended at any time, and are no longer restricted to the last 30 days of a user's timer (i.e. membership or subscription).

Datasets

We have fixed a but where multiple-checkbox fields no longer show indexing options (which had no effect).

E-Commerce

For e-commerce sites, there is now a better system of handling addresses. On the checkout page, a customer can now select which address to use for the purchase, out of either home or business/alternative address, which the customer will have set up in their profile. It is still possible to select a separate address for delivery in the case of physical products.

Organizer

Organizer panels that show a list of plugins now use three lines to give more clear info about the plugins.

We have improved the navigation in Organizer with respect to Users, and now it is easier to find your way around.

Deletion of logged errors from the error log is now handled by the data protection cleanup scheduled task. This is more efficient.

Other changes

The Promo Menu plugin now has the capability of showing the promo image to the left or to the right.

The Email Template Manager module has been removed, and its functionality has been absorbed into Zenario Common Features module.

When editing a Location and selecting an image from the image library, an admin may only select images that are public.

We fixed a bug whereby when a hierarchical document had multi-checkbox data, the data failed to be cleared from the database when the document was deleted.

We have fixed a bug, whereby if a site had both a primary domain and an admin-specific domain set, a redirect would keep occurring to the primary domain even when the administrator was logged in.

Document Envelopes now have their own "usage pot" for images. There is now better control over validation of Codes, when creating/editing a Document Envelope.

When in Organizer and viewing information about modules, it is now easier to see information about modules.

Deletion of logged errors from the error log is now handled by the data protection cleanup scheduled task.

Error emails are now more informative and include the referrer, if present.

Zenario 10.0

Please note that Zenario version 10.0 did not see a public release. However it still saw an internal release and still had a change-log that you can see at zenar.io/zenario-100.

Notes for customers using Newsletters

If you have previously sent a Newsletter with images linking to PNG or JPEG images in the public/images/ directory, and you every delete those directories, then those links will become broken and stay broken as Zenario will no longer recreate them.

Notes for hosting providers

Previous versions of Zenario had a weakness where a bot attack or a pentest could generate sup...

Zenario 9.7.63394

This release addresses a couple of issues with our .htaccess rules, and with running using MySQL 8.

Fix for a bad .htaccess rule

If you're using the .htaccess rules we provided, you will have included the following rule:

RewriteRule .*\.svn.*$ - [F,NC]

This contains a mistake in its logic, which will block any file with a timestamp in its name from the 2nd of May or later.

The rule should be changed to the following instead:

RewriteRule \.svn/.*$ - [F,NC]

Fixes for timezones in PHP

The latest version of PHP removes support for several timezones. Any code that tries to use these timezones in its logic will trigger a PHP crash.

Our select lists did previously contain some of those removed timezones and were triggering the crash.

In this patch, we've removed them and tried to replace them with rough equivalents to preserve functionality.

Fixes for MySQL 8

The latest version of MySQL adds some new reserved words. By coincidence, we were using a few of these as column names, and in a few places we were using them without backticks.

This caused a database error. This update fixes this issue.

Fixes for our caching system

• Fixed a bug where JavaScript files would sometimes not load on a page when using both the page caching and JavaScript file caching systems at the same time.
• If a private image is used on a content item, the page/plugin caching system is now completely disabled for that pageload.

Other fixes in admin mode

• Fixed a PHP warning when migrating a site that uses inline images in WYSIWYG Editors to a later version of Zenario.
• Fixed a bug where some links to the layouts panel in Organizer were broken.
• Fixed a bug where you could not remove a plugin in a missing slot, if the slot was on the site-wide header or footer.

Miscellaneous changes

• We've added two new body CSS classes, body.in_iframe and body.not_in_iframe, that you can use in your CSS code.
• Any error emails sent by the CMS will now contain the time that the error occurred and the IP address of the person who triggered it.
• We noticed that the opensource.org website have updated their URLs to a new format. We've updated our links to match.

Zenario 9.7

This version introduces a rework to how image privacy works to make it more useful, as well as numerous other features to make using Zenario as an administrator a much smoother experience overall.

Organizer

There is now a greatly-improved Organizer Start page. This lets administrators get more quickly to a range of key areas of Organizer.

The first row contains links to the home page, the last page visited, and the draft pages. There are then individual links to each content type, followed by links to key areas of Organizer.

Editing

We have made more major updates to our WYSIWYG editors. The editor layouts are now more consistent across the whole of Zenario, with appropriate variants according to whether they are in-line editors, summary editors, email editors, or simple description editors.

When uploading an image while using a WYSIWYG editor on a public page or email template or newsletter, the image is now automatically made public, with a growl message visible to the administrator.

Image privacy

We now have a stronger concept of images being "public" or "private". Up until Zenario 9.6 it was more like "public" or "unlisted".

"Public" images had a fixed URL (including a 5-character code in the path), while "unlisted" images did not have a fixed URL (and therefore were not indexible on sites like Google Images).

On Zenario 9.7, "unlisted" has become "private", and the statuses are more clearly enforced. It will no longer be possible to put a private image on a public content item, and any such images will no longer be displayed (and there will be a warning to admin's when loading a public page with private images).

In a typical site, almost all images are public anyway, so this only affects sites where it is intended that some images are held back from public view — such as an image gallery in an extranet area, which may be a page with a Multiple Image Container plugin.

So when editing a publicly visible page, or an email template or newsletter, and the editor adds an image, that image will automatically be made public, with a toast message to say so.

This keeps the system easy to use, easier to understand, and gives more explicit control for situations when certain images should truly be kept private.

Option: Amazon Textract text extraction

To date, Zenario has used third party libraries such as pdftotext to scan document content items and other files for text. This has worked pretty well, but the process has a few issues with special characters, and does not work at all with PDFs that lack a text layer, and with images.

We have created the ability for Zenario to scan PDFs, JPEGs and PNGs using Amazon Textract. This gives vastly more accurate results. It handles accented characters more accurately, and performs OCR (optical character recognition) on documents which are images without a text layer.

The scanning takes a little time, and so is only initiated in the Organizer panel, and then completed asynchronously. New documents are scanned automatically, and existing documents can be re-scanned in this way. It is tied to a scheduled task, and so takes typically 1-3 minutes to get the result.

In conjunction with this, there is now a better site settings panel for connections with Amazon's AWS services. This exists already for storage of documents on Amazon's s3 service.

For Zenario managed hosting customers, we will be offering this as a paid upgrade.

For people downloading Zenario, the feature will be included, but note that you will need an AWS account to enable it, and you will need to pay the Textract and associated AWS fees.

Admin toolbar

The admin toolbar has been slimmed down, now with less buttons than before, as some of them were redundant.

The admin toolbar has also been improved for use on narrow screens, such as small laptops.

Languages and phrases

To improve managing translations for multi-language sites, we have re-organised how visitor phrases are tracked in the Organizer panel. You now see the content item they were first used on, and when they were first seen in visitor mode. This helps to understand the context of where a phrase is used so it can be been in-situ.

We've also redesigned how HTML is handled by phrases. In previous versions of Zenario, most phrases were treated as HTML and we were expecting administrators to hand-write the HTML. Now, most phrases are treated as plain text. In the rare case where a phrase actually is HTML, we give administrators a WYSIWYG editor so they can change the text without needing to know how to use HTML code.

Videos Manager

The Videos Manager module now integrates with Advanced Search, so that when a visitor uses the Advanced Search plugin, it can search in videos.

In addition, we have speed up the loading of the videos panel in Organizer, which could previously have been a bit slow to load with over 1,000 videos stored in a Vimeo-based library.

Privacy information from Vimeo is now cached in Zenario, so the whole process is now fast like the rest of Organizer.

Managing Extranet Users

We've made various improvements to managing extranet users in the admin backend.

Password fields that appear to users can now show a hide/show password field in the form of an "eye" (or which may be customised for each site skin).

There is better control over the "email verified" flag for users and contacts.

When selecting a user or contact account, there is now a "Send verification email" button, which causes an email to be sent from Zenario to that person, with a special verification link. This previously only happened silently in the registration process and some other processes, but was not so explicit.

We have tidied up the verification hash fields which are used when a user registers and verifies their email address, and when they are an existing user and change their email address.

Content Summary List plugins

Content summary list (CSL) plugins are a convenient way to show news or blog articles, as they can easily be set up to show most recent items first.

There is now a "New" class which can be attached to items in a CSL where they have release dates in the past few days or weeks.

Hidden content items

When using a CSL and it contains content items that have a status of "hidden", they are now shown to administrators, but are still hidden from visitor view.

This helps administrators visualise a new, draft page with a CSL, without having to publish the items that will appear on the list.

Email

The site settings panel in Organizer for Email and newsletter settings now has a tab called "CSS rules". This allows CSS rules to be applied for all emails. This was previously done on an individual email template basis, and so any settings were not easy to standardise.

The preview box of email templates and newsletters now correctly show the CSS styles. So you can more accurately see how nicely an HTML-based will appear.

On admin login 2FA screen, if there is a problem sending an email — for example, because of an SMTP issue from the server — there is now an informative message to show the error that Zenario encountered.

Forms

Forms have been improved, in terms of handling responses from visitors/users.

It is now possible select a form response and email it again.

Also, it is now possible to have a flag on each response to say that that particular response has been allocated to a particular administrator for handling. Zenario notes which administrator "takes" the response, so other administrators can see who is handling it.

There is now better escaping on form labels and other items in the form editor.

Search — change from Search Entry to Advanced Search

We have now deprecated the Search Entry Box and Search Results modules (zenario_search_entry_box and zenario_search_results).

These are now in the zenario_extra_modules directory which is available to hosted customers but not normally made available for download.

You should remove these from your Modules area, and install the far superior Advanced Search module (zenario_advanced_search). This is best installed using two modes:

• an inline search mode in the site-wide header area of every page, or in the upper area of most layouts
• a full page search and results mode, in the body of a Search content item.

Various other improvements

• The document container plugins now have improved options for showing thumbnail image of the document.

Bug fixes for problems in visitor mode

• We've fixed a bug in the Advanced Search plugin, whereby the cache could be cleared when a visitor runs a search.

Bug fixes for problems in admin mode

• When duplicating a content item, the administrator can no longer pick a retired layout for the new item.
• The process of copying permissions from one admin account to another is now a little more intuitive.
• We fixed a bug which was preventing search from working properly in hierarchical views (e.g. hierarchical documents, menus).

Security related changes

• If you pressed the "x" next to the admin login link in previous versions of Zenario, it only removed the admin username cookie from your browser. Now pressing this button removes both the admin username cookie and any two-factor-authentication codes you've entered.

Removed features

• The old menu tree hierarchy view (previously available by clicking a collection b...

Zenario 9.6.61188

This release addresses a couple of issues with using images, and a few other bugs in admin mode.

Fixes for using images

We've fixed a bug where the HTML sanitiser library that we use would not allow large retina images to be placed in WYSIWYG Editors.
(Their documentation actually recommends keeping a limit, however bumped it up to support 4k images.)

We've also fixed a problem where uploading an image with a % in the name caused various issues.

Other fixes in admin mode

• When editing a staging code, if you press the suggest button but then close the Admin Box, you'll now see a prompt warning you that it isn't going to be changed if you close the box without saving.
• Fixed a database error when trying to reattach a content item into the menu tree.
• Fixed a bug when trying to rename a nest or a slideshow, where the system would not let you change the case of the characters in the name.
• Fixed a bug where using the copy/paste buttons in a nest would break the ordinal numbers of the plugin buttons in a nest until you rearrange them.

Zenario 9.6.60771

Updating the GitHub repo with the latest changes from the 9.6 branch.

This release addresses an issue with enabling two-factor-authentication for administrators, and some other miscellaneous fixes.

Fixes for 2FA

We've fixed a couple of issues that were stopping anyone with the public release of Zenario from enabling two-factor-authentication for administrators.

Firstly, the section in the zenario_custom/site_description.yaml file that needed to be edited did not have enough guidance as to what that name of the config option actually was. This has been addressed.

Secondly, we've addressed an issue where the 2FA codes could not actually be sent, due to a PHP fatal error caused by a missing file in the build.

Fixes in admin mode

• Fixed a rare database error when opening Organizer due to a mistake in a database query.
• Fixed a bug in the public release of Zenario, where pressing the "Suggest" button in the Staging Mode admin box caused a PHP fatal error, due to a missing file in the build.
• Fixed an issue where if an inline image was used in a WYSIWYG editor, and if the WYSIWYG editor was a library plugin or in a nest, the image could not be centered.
• Some fixes to the buttons in the View Slots panel in Organizer, where some buttons were not appearing in situations where they should do.

Zenario 9.6

This release introduces a new "published unlisted" status for content items, among many other improvements.

Major changes

New "published unlisted" status for content items

Zenario now has a new status for content items: Published (unlisted).

This is a helpful way in which content items can be hidden from menus and content summary lists, while preserving access when the full URL of the page is known.

An example scenario could be for news articles that you no longer want to promote or have appearing in searches because they are obsolete, but you don't want to remove them completely from the site.

Unlisted content items differ from regular published content items in these ways:

• They are not shown in menus
• They are not shown in content summary lists
• They are not returned in on-site searches
• They are not displayed in site maps
• Can still be reached by links from banners, WYSIWYG areas or Raw HTML snippets.

WYSIWYG editor

We have upgraded TinyMCE to latest version, for a more fresh and modern interface, and many usability improvements.

robots.txt

The robots.txt content is no longer a file.

Instead, it is driven from Zenario, so it's far easier to make adjustments to its content without administrators needing access to edit the file system.

Standard setups are easy to enable — the standard full-SEO content, and the block-all-search-engines content — and it's easy to customise the content if required.

Plugin previews

The plugin preview system has been improved. It has been extended to plugins in nests and slideshows. It's now possible to see the preview for mobile, to the right of the plugin settings box, above the box, full width, full screen and on-page.

Cookie handling

The cookie-info popup can now show a logo or other image.

Staging mode

We've had very positive feedback about staging mode. 

(If you've not used it already, it is a way of sending a private link to a colleague, who's not a site administrator, so that they can see a page that is in draft mode. They can then comment on it before it is published.)

Staging mode is now easier to use, and it now has its own admin box. Look for the thumbs-up icon in the admin toolbar.

Changes to content types

Job vacancies

Job vacancies is a content type that's now included with Zenario ProBusiness. 

We have freshened it up to make it easier to use and to improve the fields supported. Job vacancies can now have specific kinds of meta data: job references, a deadline (date and/or time), as well as all of the usual fields. 

(To modify this, start the Job Vacancies content type module, then go to Organizer->Configuration->Content types->Job vacancies, where you can determine which fields will be presented to administrators.)

To accompany the content type, there is an improved Job Vacancy Summary List (zenario_job_vacancy_summary_list) plugin, which lists job vacancies and their meta data.

When a job vacancy content item has a banner on it, e.g. "Apply for this job", which links to a content item with an application form, it now has the ability to add a referrer code. Provided that code is passed to the form, the form will receive the code and display back the job reference or job title.

This makes it easier for the applicant to use the form, and aids the recruiters when processing numerous applications.

While this referrer code feature has been developed for job vacancies, it is generic for all Banner plugins and Forms, and so can be used in any context.

Finally for job vacancies, there is a new scheduled task for processing job vacancies that have a deadline. Once the deadline has passed, the vacancy is automatically set to a status of "Unlisted", so that it no longer appears in a job vacancy summary list, search or menu.

Events

We have added time zone support to the Event content type.

Module and plugin-specific changes

Breadcrumb Trail for rich results

The Breadcrumb Trail plugin can now generate structured data for rich results.

This creates a tag in an application/ld+json format in the HTML source of the page, and tells search engines more information about the page.

Meta Data plugin

We have added crop and zoom controls to the writer photo images.

Advanced Search plugin

The plugin can now show how many more results are available in inline mode.

When searching in locations (as opposed to a type of content item), results now correctly sort on score, most relevant first.

We have fixed an issue whereby a search by a visitor could result in the cache being cleared.

Nests

The nest heading may now be set as a hyperlink to a content item.

Menus

We have improved the Promo Menu plugin so it has better images size options.

Responsive push pull menu has had minor improvements.

Document management

There are now better choices in the content type document download plugin of whether to view the document in the browser, or to download and save it.

The Document Container plugin now shows a CSS class when it lists private documents. This allows a design to highlight ones that need passworded access.

We have improved the "migrate to hierarchy" box.

User-related changes

For users and contacts, Zenario now has better handling of the email-verified field, and no longer says "not verified" against an account which doesn't have an email address.

Improvements to the email verification system: when a user changes their email address and successfully clicks on the email link, their account is marked as Verified. Conversely when an admin changes their email address manually, their account is marked as Unverified.

When a Personal Data Encryption (PDE) key is missing, the users and contacts admin box will be read-only and contain an error message to this effect.

Newsletters now show a date created/last edited when editing the newsletter.

We have hidden the newsletters Outbox link, as the Outbox is only used for a few moments while newsletters are sending. Thus it will only appear if there is a problem with sending mail.

Form changes

On Forms, when the save and complete later function is enabled, the form is now "smart" and responds to whether the form is being seen by a logged in user, or by an anonymous visitor.

If it's an anonymous visitor, the form's Save button will now link the visitor to a Login page, whereupon they can log in or create an account, and then immediately return to the form to save their data.

General CMS improvements

Interface improvements

When logging in to admin mode, the admin login page now has explicit buttons to determine where to send you to, e.g. front end or Organizer.

Floating admin boxes can now easily be collapsed (minimised) while in use by pressing a small arrow in the top-right corner.

We have improved the menu path preview, and menu path previews are now visible when creating content items and menu nodes.

Organizer now has small "bubbles" to show the number of things in some lower level area, for example the number of responses logged for a form.

The Organizer display of content item equivalence chains has been improved.

Caching system

The page/plugin caching system is now better optimised for sites/pages that experience periods of lower traffic.

In earlier versions, if there was a page that does not experience traffic for 2 hours, Zenario cleared it from the page cache. Zenario now keeps the page cached for much longer, currently up to one week.

This reduces the number of times that pages are unnecessarily served from the database.

Images

There is now a dedicated panel called "Special images", which shows all images that are marked for use in site settings.

Multiple image container (MIC) images now show image privacy in the Organizer panel.

The "usage" for images column now takes into account the usage of images in email templates.

Menus

All content item related actions are now available in the menu nodes panel of Organizer.

Minor improvements and fixes

There is now an on-page warning in admin mode if an admin is looking at their site and the URL in their browser is not the primary domain of the site.

It's now possible to log in to the site with /admin without the need for an subdirectory called "admin".

There is now a warning to administrators, if the layout of a given content item has no slots.

On a Form, we have a "Mandatory / read-only" setting, with the values: Mandatory, Read-only, Mandatory on condition, Mandatory if visible. The Validation tab of the dataset editor now has the same options.

Google Maps API keys; Zenario now support a second API key, which may be needed when locations are processed for scheduled tasks.

We have got rid of the obsolete "Notifications email address".

The PHPExcel library, which is now obsolete, has been replaced by PHPSpreadsheet.

We have removed the old version of fontawesome.

We have improved the display of cache information.

We have dropped some obsolete database tables.

We have removed support for "roundabout" slideshows.

For scheduled tasks, we have simplified the interface when editing a scheduled task, so that error or action-related emails can only be sent to the support email address.

For the jobCleanDirectories task, there is now advice on the Diagnostics page on a ProBusiness/Enterprise site when the task is not running.

Uninistalling a module now removes any "suggest" connections with menu hierarchy.

Changes for designers

Designers: you can remove the colorbox/ and jquery_ui/ directories from your skins

In previous versions of Zena...

Zenario 9.5.60602

This release is a bugfix release; with fixes for the page caching system, some fixes for quality of life features when for logging in as an admin, and some miscellaneous fixes in admin mode.

Security related fixes

We're removed the "Tree Explorer" tool from Organizer, as this was no longer supported and the code contained a XSS vulnerability.

Fixes in visitor mode

• Fixed a bug with the page caching system, where if you have a document download plugin in a nest, which links to a document that's still a first draft, it would crash in visitor mode with a PHP fatal error.

Fixes for logging in as an admin

• Fixed a bug where the admin login screen would not correctly redirect an administrator back to the content item they were previously on, if the page they were previously on was served from the page cache.
• Fixed a bug where the admin login screen would not correctly redirect an administrator back to the content item they were previously on, if the administrator had just clicked the "AUTHENTICATE" button in the email with their 2FA code.

Fixes in admin mode

• Fixed a bug where the "Save and Next" button for content items was not working for content items that did not already have a draft created.

Zenario 9.5.60437

This release contains a security patch related to the usage of Twig code in the Twig Snippet plugin, and in the site-wide <head> and <body>.

Critical security patch

The Twig template engine currently has a vulnerability with how some of its filters are implemented, where it is possible for a designer or an administrator who is aware of the vulnerability to execute arbitrary CLI code on the server.

This update disables the ability for designers/administrators to call the affected filters, as a work-around in place of an actual patch for this from Twig's developers.

Other fixes

We've fixed a visual glitch where administrators could always see the "Delete archived versions" and "Rescan text/image extract" buttons in the Content Items panel in Organizer, even if they didn't have the permissions needed to actually press them.

Zenario 9.4.60437

This release contains a security patch related to the usage of Twig code in the Twig Snippet plugin, and in the site-wide <head> and <body>.

Critical security patch

The Twig template engine currently has a vulnerability with how some of its filters are implemented, where it is possible for a designer or an administrator who is aware of the vulnerability to execute arbitrary CLI code on the server.

This update disables the ability for designers/administrators to call the affected filters, as a work-around in place of an actual patch for this from Twig's developers.

Zenario 9.5.60240

This release is purely a bugfix release, with several miscellaneous small fixes.

Updates for minifying skins

After receiving feedback, we've reworked how the "Minify Skin" button works on the diagnostics screen.
Instead of having to manually press a button, it's now done when you press continue, and we no longer offer the choice to delay doing this.

We've also fixed a few bugs and inconsistencies, where the ability to do this would sometimes not appear when a site was in Production mode.

Fixes in visitor mode

• Fixed a bug with the link from the login page to the registration page, where the link always went to the page in the default language. It should now go to the page in the visitor's current language.
• Fixed a bug on extranet plugins with a password entry box, where the password requirement messages were always in English, and not able to be translated.
• Fixed a bug when using implied cookie consent together with page caching, where the notice message explaining about cookies could sometimes fail close as intended.
• Fixed an issue in our code where it was possible to trigger a PHP error by hacking the URL to the search page.

Fixes in admin mode

• Fixed a bug where, if a site has a custom logo, the error messages shown in staging mode were not correct.
• Fixed a bug where, under certain situations, the admin UI elements would bleed into "Preview" mode.
• Fixed an issue where the WYSIWYG Editor would remove the "rel" attribute from elements.
• Fixed an issue where the WYSIWYG Editor would corrupt an image's URL if it was used in an inline style rule.