Skip to content
Go to file
Cannot retrieve contributors at this time
executable file 1020 lines (980 sloc) 81 KB

BigTree CMS 4.1


BigTree CMS is publicly licensed under the GNU Lesser General Public License. If you would like to use BigTree under a different license, please contact us.


We would love to have the community work with us on BigTree. Guidelines are currently being created for how community contributions will be worked back into the project. For more information, please contact If you would like to begin developing the BigTree core, follow the process below:

  1. Fork it.
  2. Create a branch (git checkout -b 4.0_toms_branch)
  3. Commit your changes (git commit -am "Fixed My Broken Foot")
  4. Push to the branch (git push origin 4.0_toms_branch)
  5. Create an [Issue][1] with a link to your branch


4.1.18 Release

  • SECURITY FIX: Potential XSS attack vector in module integrity checker - thanks to Haojun Hou in ADLab of Venustech

4.1.17 Release

  • SECURITY FIX: Fixed authenticated SQL injection vulnerability (users with access to edit a page could make SQL calls that could leak data) - Thank you to Mehmet İnce (

4.1.16 Release

  • SECURITY FIX: Fixed Blind SQL injection attack for admin users with access to a module form (requires admin access).
  • SECURITY FIX: Cross Site Request Forgeries should now be blocked across the board in the developer section.
  • SECURITY FIX: Fixed Cross Site Scripting vulnerability when editing a Module View (clicking a malicious link could steal cookies).

Thank you to Ashraf Alharbi at for providing vulnerability analysis related to the security fixes in this release.

4.1.15 Release

  • SECURITY FIX: A privilege escalation issue that would enable Administrator level users to become Developer level for a session.
  • SECURITY FIX: Fixed object injection vulnerability in POST data that enabled any BigTree admin-side user to poison settings. Thanks to Tim Coen @ Curesec GmbH for the disclosure.

4.1.14 Release

  • ADDED: A ping to to help us maintain version usage numbers (you can disable this by setting $bigtree["config"]["disable_ping"] to true)
  • UPDATED: Google API notes and made it trim keys for easier copy/paste
  • FIXED: Processing of empty crop/thumb entries
  • FIXED: Duplicate image uploads when exact image dimensions were met
  • FIXED: Firefox 41+ breaking search input styles
  • FIXED: BigTreeCMS::catch404 not properly clearing the output buffer
  • FIXED: Module reports table not getting proper columns when upgrading from BigTree 4.0
  • FIXED: Several field types appearing incorrectly in embeddable forms
  • FIXED: TinyMCE color issues in dropdowns
  • FIXED: BigTreeModule::getRecentFeatured ordering by ascending date rather than descending by default
  • FIXED: Protocol agnostic URLs failing integrity checks
  • FIXED: Cloud file caches not clearing properly when switching buckets

4.1.13 Release

  • FIXED: 30 day page views not showing in Pages when Google Analytics is setup
  • FIXED: Incorrect permission checking when sending out lists of pending changes in Daily Digest emails
  • FIXED: Google Analytics API storing things in bigtree_caches that it never uses
  • FIXED: 301 redirects containing special characters (i.e. # or &) not redirecting correctly
  • FIXED: Callout access levels not functioning properly
  • FIXED: Cloud caches not being populated properly when selecting a container

4.1.12 Release

  • SECURITY FIX: Fixed a critical path manipulation bug that could expose private files
  • FIXED: Related Menu dropdown looking broken in IE10/11
  • FIXED: Feed parsers containing a " character not being editable
  • FIXED: Template editor showing related module for basic templates
  • FIXED: Permission errors when a module has the same route as a core ajax directory (i.e. callouts)
  • FIXED: Chrome issues with TinyMCE (updated to latest release)

4.1.11 Release

  • FIXED: A permissions breaking bug that prevented normal users from hitting the Pages tab
  • FIXED: Installation on Windows server setups
  • FIXED: BigTree::makeDirectory failing on Windows environments
  • FIXED: Missing underline icon in TinyMCE 4

4.1.10 Release

  • FIXED: Several XSS and SQL injection vectors that could possibly be exploited by users with admin access (thanks to Tim Coen @ Curesec GmbH)
  • FIXED: Creating packages with callouts and templates failing to also include custom field types used by them
  • CHANGED: A file is now only deleted from the file system / file manager after it has been removed from all the containing folders in the file manager

4.1.9 Release

  • FIXED: BigTreeYouTubeAPI timeSplit method being protected (and unable to be called by other classes that needed it)
  • FIXED: Launcher now works better with sym-linked cores (in fresh installs)
  • FIXED: User's names and company names not being encoded properly
  • FIXED: Draggable views setting positions to be negative numbers (failed to sort if you were using unsigned columns)

4.1.8 Release

  • FIXED: Redirect lower in Pages not working when all child pages were not visible in nav
  • FIXED: User and settings pagination
  • FIXED: Outlook change that broke daily digest emails in 4.1.7
  • FIXED: Corrupt many to many data showing when adding new content
  • FIXED: Custom checkboxes in admin sometimes not understanding their current state
  • FIXED: Module reports not being deletable
  • FIXED: BigTreeCMS::cacheGet not working without max_age being passed
  • FIXED: Pages and Settings failing to crop images if errors occurred
  • FIXED: Possible SQL injection vectors by admin users
  • FIXED: Developer AJAX requests often not requiring developer permissions
  • FIXED: Possible variable scope overwriting
  • FIXED: Reports not including their tables automatically when creating packages
  • CHANGED: Removed support for BigTree 3 internal page link format (serialized) to remove a possible object injection attack.

4.1.7 Release

  • SECURITY FIX: Fixed several possible SQL injection vulnerabilities that could be run by authenticated BigTree users (thanks sumitingole)
  • SECURITY FIX: Fixed several XSS attack vectors (thanks sumitingole)
  • SECURITY FIX: Session and login cookies are now set to HTTPOnly (less susceptible to XSS attacks, thanks sumitingole)
  • FIXED: Invalid files (due to security implications) sticking around in /tmp when BigTreeStorage rejects them
  • FIXED: When an FTP path is invalid when trying to upgrade, it will now tell you instead of just failing silently and asking again
  • FIXED: Failure to properly encode arrays as strings when caching pending records (thanks jmason03)

4.1.6 Release

  • SECURITY FIX: Fixed cross-site request forgery vulnerability in the /admin/profile/ page (thanks Charlie Clark)
  • FIXED: Paginated results for Disqus getUsers related calls
  • FIXED: Pagination of getActivities in Google+ API
  • FIXED: Recursive LinkPoint Payment Gateway values and LinkPoint void
  • FIXED: PayPal Express Checkout redirect URLs
  • FIXED: Pagination of Twitter API's getBlockedUsers, getFollowers, and getFriends calls
  • FIXED: Invalid parameter chain in Twitter API's sendTweet call
  • FIXED: Twitter API's searchPlaces not using additional parameters
  • FIXED: Twitter API's searchTweets not using passed longitude
  • FIXED: IPL encoding of files when a page exists AND a physical directory is at the same path (thanks jmason03)
  • FIXED: Pagination of getChannelVideos YouTube call
  • FIXED: Warnings being thrown when checking integrity of modules where the text field had a sub type that generates an array (thanks jmason03)
  • FIXED: Module integrity check not checking single line text fields
  • FIXED: Email issues on Exchange servers (thanks jmason03)
  • FIXED: Demo site's link field causing validation to fail if an invalid link was placed in its link field
  • FIXED: Module designer now properly gives callouts a TEXT column
  • FIXED: Embedded form validation issues with CR/LF (thanks jmason03)
  • FIXED: zIndex issues when performing multiple create/uploads in a single File Manager session
  • FIXED: Example site not having the needed admin JS by default
  • FIXED: Issues with some environments not properly assigning IDs to form fields (thanks randyhook and varavin)
  • FIXED: Callouts in front end editor that are the first resource having lots of padding
  • FIXED: Administrators being able to move pages into top level visible navigation
  • FIXED: Google Analytics cache being the wrong file and breaking the analytics section
  • FIXED: Settings appearing to be empty when the stripped tags version of them was empty (thanks atstp)
  • FIXED: "Hide From Search Engines" from not being un-selectable (thanks katyemunger)
  • FIXED: Gravatar images not working properly over HTTPS
  • ADDED: New "simple" mode for BigTreeCloudStorage's getContainer method that drastically reduces memory overhead when setting your cloud storage to an existing bucket
  • ADDED: Default gravatar images can now be set in $bigtree["config"]["default_gravatar"]
  • CHANGED: Servers that run PHP as FastCGI / suPHP / suEXEC now keep permissions to defaults rather than 777
  • CHANGED: Attempting to directly access a header or footer of a routed template / admin module will no longer render it but instead add _header or _footer to the $bigtree["commands"] array and load the default file
  • CHANGED: In future installs, launch logic is now in core/launch.php rather than site/index.php (so it can be updateable across versions)

4.1.5 Release

  • SECURITY FIX: A privilege escalation bug exists in BigTree 4.1.4 and lower and BigTree 4.0.8 and lower that allows an Administrator level user to change his or her user level to Developer.
  • FIXED: BigTreeAdmin::getModuleViews still relying on actions to figure out what views a module has
  • FIXED: Developer tab being slow if was not resolving or connecting quickly (used for checking for system update availability)
  • FIXED: Google Cloud Storage failing due to sunsetting of their beta 2 API
  • FIXED: Return view functionality not working in forms and reports
  • FIXED: "0" not working properly as a value in columns that accept null (thanks jmason03 on the forums)
  • FIXED: BigTree admin bar Javascript not escaping & in its URL.
  • FIXED: Edit links showing up in Pending Changes even if the view doesn't have an edit URL
  • FIXED: Various admin methods failing to properly escape some SQL calls. These were all developer calls so they pose little security risk but could have resulted in failed creation of content involving parsers, preprocess functions, and callbacks if a single quote was included in the entered value.
  • FIXED: Internal Page Link 404 checking
  • FIXED: Image fields dropping their current value if an insecure file type was uploaded instead of an image
  • FIXED: BigTreeAdmin::requirePublisher not showing its content
  • FIXED: BigTreeModules::getInfo call not working when a full entry was passed in
  • FIXED: Split read/write MySQL setup not properly routing write commands to the write server
  • FIXED: BigTree::unzip PclZip fallback not unzipping to the proper directory
  • FIXED: Styles related to grouped image lists, invalid instructions for image lists w/o edit, bad links for image lists w/o edit
  • UPDATED: Instructions for Google Cloud Storage (Google insists on changing the way you manage their APIs every 3 months)

4.1.4 Release

  • FIXED: Google Analytics not being disconnectable until a profile is chosen
  • FIXED: Warnings in Site Status when an embeddable form was left empty
  • FIXED: A path auto-detection failure when doing FTP upgrades (should now be more reliable at guessing where BigTree is installed)
  • FIXED: BigTreeCloudStorage::createFolder failing on Amazon S3
  • FIXED: Issues with large sites losing permissions data when saving a user (thanks to jmason03 on the forums)
  • FIXED: BigTreeListMaker Javascript failing to work properly when using a key other than "fields"
  • FIXED: Amazon S3 only returning the first 1000 objects in a bucket in BigTreeCloudStorage
  • FIXED: MySQLi installation
  • FIXED: Installer not checking that ctype extension exists (should be a default extension, but in rare cases it's not included)
  • FIXED: BigTreeCloudStorage::getAuthenticatedURL failing on URLs that contained a #
  • FIXED: Size definitions showing up on columns that have no size definition in BigTree::describeTable results
  • FIXED: Table selects not functioning properly on databases that were not all lowercase in certain MySQL environments
  • FIXED: Double encoding of titles and group names in Module Designer
  • CHANGED: Maintenance mode now throws a X-Robots-Tag: noindex header to prevent maintenance pages from being indexed

4.1.3 Release

  • ADDED: BigTreeCMS::deleteCache method
  • FIXED: Checkbox labels not wrapping well when hitting two lines
  • FIXED: Checkbox field type not supporting required
  • FIXED: Embeddable Form entries not being removed when errors occurred in the form but auto-publish was set
  • FIXED: Some TinyMCE 3 dialogs not having borders
  • FIXED: Validation errors in Embeddable forms
  • FIXED: Array of Items styles in embeddable forms
  • FIXED: Embeddable forms not being able to pull custom css/javascript for custom field types
  • FIXED: Embeddable form photo gallery styles
  • FIXED: "Text" field type sub type styles when used in a callout dialog
  • FIXED: TinyMCE 4's fonts being passed with the wrong content type (in some cases they would fail to load and icons wouldn't show)
  • FIXED: Phone field type using old $value setting instead of $field["output"]
  • FIXED: BigTree::describeTable being case sensitive (should now read tables properly when MySQL outputs strange casing)
  • FIXED: BigTreePaymentGateway's PayPal Express Checkout when using PayPal REST API as your gateway
  • FIXED: Google Analytics refresh bugs when not using cron
  • FIXED: Issues with some Payment Gateways where passing a single precision amount (i.e. $4.1) for amount or tax would cause an error
  • FIXED: Nested Views not supporting Advanced Permissions when using the parent column as the grouping column (it's still not advisable to use Nested Views when using Advanced Permissions as disqualifying a parent leads to not showing any children that may qualify -- this update makes the parent column a viable option for your "Main Field").
  • FIXED: Third level and greater depth page permissions not showing up properly when editing a normal user.

4.1.2 Release

  • FIXED: Editing HTML fields in the Array of Items field type when using TinyMCE 4
  • FIXED: Cloud Storage APIs throwing a warning when in PHP's safe mode
  • FIXED: Sorting issues when returning to a searchable view after interacting with a form
  • FIXED: Cloud Storage allowing you to choose a not-yet-connected storage service as the default storage service.
  • FIXED: Google Cloud Storage instructions and return page
  • FIXED/UPDATED: Default .htaccess for "Advanced" routing now includes latest deflate settings from HTML5 Boilerplate (fixes some edge case deflate issues)
  • FIXED: Cropping and other issues when using a cloud storage URL as your static root.
  • FIXED: Improper grammer in environment alert (thanks to jono_hayward on the forums)
  • FIXED: Missing

    in delete user dialog
  • FIXED: Date & Time field using a time format (g:ia) that was inconsistent with other places (h:ia elsewhere)
  • FIXED: Return page when updating a user fails
  • FIXED: Dropdowns in WebKit/Blink when using .callout_fields but not #callout_resources.
  • FIXED: Footers in dialogs having improper styling of regular links
  • FIXED: Dropdown options in styled s getting cut off on short screens when used in dialogs. FIXED: Missing edit link for pending changes FIXED: Publishing a page from Pending Changes leading to an expired page FIXED: Really bad readability scores (i.e. tables of data) leading to negative SEO scores FIXED: Multiple crops not working when using the front end editor FIXED: Photo Gallery styles in callouts / front end editor FIXED: Embeddable forms not submitting if not logged into the admin FIXED: Hash table in OAuth classes throwing warnings. FIXED: 404 Manager not supporting internal page link encoding FIXED: Failed BigTreeAutoModule::createItem causing empty cache entries (now properly returns false as well) FIXED: Module Designer not setting id columns to UNSIGNED FIXED: Error Reporting shouldn't throw STRICT errors FIXED: Crop Message icon showing check instead of X FIXED: Crop icon in H1 FIXED: Page revisions being deleted if they were > 31 days old (should preserve up to 10 revisions even if they're older than a month) FIXED: Downloading an update field being accessible to non-developers FIXED: Embeddable Form data not validating when using form field types that produced array output FIXED: Horizontal Rule not working in TinyMCE 4 FIXED: AJAX call occurring when editing a page (shouldn't need that) that slowed down page edits FIXED: PayPal REST API authentication FIXED: PayPal REST API calls failing if any (optional) fields were left blank (i.e. address line2) FIXED: Advanced Search having wrong edit URLs after the first tab FIXED: Site Integrity Check failing to show edit links for modules FIXED: 404 Manager throwing a Javascript error on blur (could also cause 404s to fail to save properly if you tab through) FIXED: Base SQL being for 4.1 instead of 4.1.1 (resolves warning on first login of a clean install) CHANGED: BigTree::directoryContents no longer includes .git / .gitignore unless requested 4.1.1 Release ADDED: Front ends of sites should now receive the "bigtree_bar_closed" class on the body when the BigTree Bar is in its tab mode. ADDED: A confirmation dialog when trying to navigate away from a page where you are cropping images. ADDED: You can now specify that you wish to draw a field yourself for custom field types (similar to how callouts always drew itself). ADDED: Landing page for System Upgrade UPDATED: TinyMCE 4 to 4.1.3 UPDATED: Instructions updated for Service APIs to reflect changing processes at the different services. UPDATED: Field Types terminology use case changed from "Pages" to "Templates" to better reflect its usage. UPDATED: Form fields are now wrapped in a to better work with first/last child styling. UPDATED: Debug should no longer throw strict errors - new debug value of "full" will show strict and notices. UPDATED: Thumbnail settings for File Manager are now an easy to edit setting instead of a JSON string FIXED: "Advanced" routing settings should now function properly in Apache 2.4 (requires a new install as .htaccess is written during an install) FIXED: Service APIs not being disconnectable FIXED: Some issues where HTML entities would be double encoded (new BigTree::safeEncode method) FIXED: BigTree Bar tab button covering the page title in the example site FIXED: Some settings in the example site configuration being in the wrong files FIXED: Tab indexes in the installer FIXED: Empty modules being exported in packages that did not contain modules FIXED: JSON and FTP being checked in Site Status (no longer applicable as BigTree uses custom FTP class and JSON is built into PHP 5.2) FIXED: MySQLi and cURL not being checked in Site Status FIXED: Standardized error language on image sizes FIXED: Errors for a submission now occur AFTER crops (prevents temp files from staying behind in /site/files/). FIXED: zIndex issues with TinyMCE (i.e. Formats menu not working in callouts) FIXED: Max post size error not showing when updating a page. FIXED: Missing class comments / docs on Service APIs FIXED: Use of eval() over parseJSON in Javascript. FIXED: JPG images that were rotated via EXIF data failing to upload. FIXED: New BigTreePasswordInput field type to replace default password input fields as all major browsers are moving to ignore autocomplete="off" (which caused auto fills to occur when editing users). FIXED: BigTreeModule's add/update methods not converting internal page links and being tempermental about their array value support. FIXED: TinyMCE tooltips/menus getting stuck when changing callout types. FIXED: Callout editor window being partially scrolled when changing types. FIXED: Embedded Forms failing to validate properly when an HTML field was used. FIXED: Overflow menu in modules being in reverse order. FIXED: Not being able to install without a database password and errors not highlighting properly in the installer. FIXED: Embedded Forms not working for non-logged-in users and the cropper not working. FIXED: Display issues on the login form when there was a long site title. FIXED: Upload field type showing the full URL of the current file instead of just the file name. FIXED: Deleted many to many fields showing up in the field selector. FIXED: TinyMCE 4 not working in Array of Items. FIXED: Missing buttons in TinyMCE 4 editors. FIXED: "urlify" (used to create routes) converting / into a blank space (should now be -) FIXED: Front end cropping and warnings being thrown when bad data was associated to crops. FIXED: BigTreeListMaker not functioning properly for one element. FIXED: Double encoding (&) of group names when editing/adding a module. FIXED: BigTree crashing if BIGTREE_CUSTOM_BASE_CLASS and BIGTREE_CUSTOM_ADMIN_CLASS were not defined. FIXED: Importing packages that had non-default related forms for views FIXED: Re-ordering groups in their view not reflecting the new order in other views that were grouped by those groups. FIXED: Crashes that would occur when cloud storage grew too large (no longer uses flat file caches, moved to bigtree_caches table). FIXED: BigTree::sendEmail not getting a proper domain when run from cron/command line. FIXED: Issues with JSON values as field options. FIXED: Random test s staying in the DOM in the admin. FIXED: Many to Many styles not working properly in callouts. FIXED: Callouts with required fields causing the entire form to fail validation. FIXED: Callout styles not being usable inside of a callout pop-up. FIXED: Sprites on the installer on retina capable screens FIXED: _nav-tree.php include not having access to SQL for custom drawing of admin nav. FIXED: Cron file using BigTree 4.0 style configs. FIXED: Double required message on password inputs. FIXED: Double sanitization of data in BigTreeAutoModule FIXED: Approving changes via the dashboard not sanitizing data (i.e. not converting NULLs properly) FIXED: BigTreeModule's add method failing if you were using an array with out of order numeric keys for values FIXED: Obnoxious memory usage of autoIPL method on large pages. FIXED: Users that weren't deletable still being clickable. FIXED: BigTree Bar links getting a border in some sites FIXED: Class auto loader not allowing a custom admin class to extend BigTreeAdmin FIXED: Site Integrity check throwing errors on agnostic protocols // and tel: FIXED: Back to back callout blocks in the front end editor having bad styles FIXED: Flickr API failing to work due to new required https endpoint FIXED: Logout requiring two clicks FIXED: BigTreeCMS::getLink returning links for archived pages FIXED: boxes with the "multiple" attribute still being converted to BigTree's custom ones
  • FIXED: Embeddable forms weren't deletable
  • FIXED: Double encoding of callout groups (&)
  • FIXED: Usage of $val in callout resources causing havoc
  • FIXED: BigTree::trimLength still adding ellipsis on non-shortened strings (if the string was longer than the set # due to not truncating words)
  • FIXED: Some field options not being sortable (Array of Items)
  • FIXED: Hidden elements (display: none) being converted to BigTree custom ones and drawing.
  • FIXED: "Edit in Developer" showing up for everyone on forms/views
  • FIXED: BigTree Bar not showing up unless you selected "Remember Me" when logging into the admin.

4.1 Release

  • ADDED: Built-in core updater (via local write and FTP, SFTP coming in 4.2)
  • ADDED: Page ID in Page Properties section.
  • ADDED: Multiple WYSIWYG options (TinyMCE 3, TinyMCE 4) - the default is now TinyMCE 4.
  • ADDED: The ability to have a WYSIWYG area degrade to "simple mode" if a user is not an admin / developer.
  • ADDED: A Developer/admin maintenance mode that restricts access to the admin area to developer users.
  • ADDED: User Emulator for developers so that they can test how the admin behaves as a different user without knowing their password.
  • ADDED: Pages can now throw a "X-Robots-Tag: noindex" header via a checkbox when adding/editing a page (stops Google/Bing from indexing the page).
  • ADDED: Image option to automatically convert uploaded PNGs (that don't have an alpha channel) to JPGs to save space.
  • ADDED: Users can now hide Module View descriptions by clicking a close button.
  • ADDED: Titles to action buttons when hovering over them.
  • ADDED: Example content when using the Module View styler so that you can see how actual content will be affected by your changes.
  • ADDED: Quick links back to Developer edit page for module views/forms when viewing them.
  • ADDED: A setting to change the default number of items per page.
  • ADDED: Audit Trail tool to run reports on activity in the admin (the audit trail table has existed since 4.0, this new interface can use existing data).
  • ADDED: BigTreeModule::getInfo method that will return information about a given module entry (creation time, update time, who created, who last updated, etc).
  • ADDED: Module Reporting to create custom reports and CSV exports quickly.
  • ADDED: Nested Draggable view type (perfect for something like categories that have subcategories).
  • ADDED: Embeddable Module Forms — forms that you can embed via iframe in the front end of your site that will feed directly into your modules.
  • ADDED: Message Thread support in Message Center (you can now see the full conversation when viewing a message).
  • ADDED: Maintenance Mode option that will load /templates/basic/_maintenance.php and redirect users to a given URL (similar to the developer maintenance mode except for the front end).
  • ADDED: File Manager file/folder deletion ability.
  • ADDED: File Manager replace file ability.
  • ADDED: Support for "nested" boxes (add data-depth="{depth}" to your to increase its tab depth) ADDED: Support for Google Cloud Storage ADDED: BigTreeCloudStorage class for easy manipulation of different cloud storage services (you can use Amazon, Rackspace, and Google together now through this class). ADDED: Cloud Storage support to the "Foundry" file picker. ADDED: BigTree::directoryContents method to list a directory's contents without looping it yourself. ADDED: BigTreeFTP class for connecting to FTP sites. ADDED: BigTreeAdmin::backupDatabase method for backing up the whole database. ADDED: Forms/Views/Reports are now associated in the database directly with a module and should be properly deleted when a module is deleted. ADDED: Some default security headers to the "Advanced" routing htaccess file ADDED: Templates / Callouts / Field Types should now have better error checking on creation (to prevent duplicate ids) ADDED: Modules now support an unlimited number of actions in their navigation -- if they exceed the width of the nav bar they will be placed in an overflow menu. ADDED: BigTree::placeholderImage now supports JPG and GIF files ADDED: Group Name Parser option to the Grouped view. ADDED: getArchived, getUnarchived (equivalent to getNonArchived) and getUnapproved methods to BigTreeModule ADDED/CHANGED: Callouts are no longer a template option; they are now a field type. You can have multiple sets of callouts and callout groups. ADDED/CHANGED: The field types _photo-process.php function has been removed and replaced with BigTreeAdmin::processImageUpload (with better documentation) ADDED/CHANGED: View Filters are now available on all view types but the filter occurs BEFORE processor functions are run (data passed in is raw from the database). CHANGED: New Design CHANGED: New Example Site CHANGED: Duplicate resources are no longer stored as duplicates (use MD5 hashes to correlate dupes). CHANGED: Editing a user in sites where lots of pages existed is now MUCH faster. Page trees are now loaded via AJAX when no permissions exist in them. CHANGED: Generated Route field type now provides a drop down of columns to choose from instead of making you enter it manually. CHANGED: No longer using generic __autoload function to load classes, should help compatibility with some third party libraries. CHANGED: Removed a lot of third party API libraries and replaced them with custom coded (much simpler) classes (i.e. Amazon, Rackspace, Google Analytics). CHANGED: References to resources uploaded through the File Manager are now encoded as irl://{id} so that references are better kept. CHANGED: Big revamp of Cloud Storage section. You'll need to reauthenticate services and re-select the one you wish to use for default storage. CHANGED: There is a new package format (incompatible with things packaged in 4.0) in preparation for full extension support in 4.2 CHANGED: There is no longer a "Template" tab in Pages. Templates are now stored in a single more clean dropdown in the Properties tab. CHANGED: Configuration settings are no longer stored in /templates/config.php (though if you are upgrading, they will still be read from there). Configuratation settings are now split into /custom/settings.php (for environment independent settings) and environment.php (for settings that will differ between a live and development site). CHANGED: BigTree 4.1 and higher require PHP 5.3+ CHANGED: Javascript Minifying now uses JShrink (jsMin was no longer maintained) CHANGED: Updated CSSMin and LESS compiler CHANGED: Updated static caching system (requires a new index.php if upgrading from 4.0) to be more efficient CHANGED: When creating a module form/view/report you now automatically redirect back to editing the module instead of getting stuck on a completed page. CHANGED: Adding or Editing a Module Action now only shows forms/views for the same module. CHANGED: Parsers now run in a function scope instead of global. CHANGED: getMatching now has fuzzy matching on values that could be NULL, blank, or 0. This allows methods like getNonArchived to work even if your database column allows null values. CHANGED: Geocoding field type will now work properly on array-based content (i.e. the "Address" type of the main Text field type) CHANGED: Upload / Photo Gallery field types now suggest a default directory. CHANGED: Templates / Callouts now allow you to specify an upload directory for Upload / Photo Gallery field types instead of always forcing /files/pages/. CHANGED: BigTree FIXED: Lots of misspellings causing class docs to not generate properly. REMOVED: (undocumented) optipng and jpegtran support. 4.0.4 Release FIXED: BigTreeadmin::getPageAccessLevelByUser only working for the logged in user's permissions and made it more efficient. FIXED: Missing focus highlighting on installer fields FIXED: An issue that would cause user creation to fail in PHP 5.2 FIXED: Image Memory manipulation calculations to be more accurate (should now catch large images more frequently) FIXED: Overlays disappearing when creating a file or folder in the file manager failed FIXED: Module Designer not letting you delete fields from a form FIXED: Publishing drafts not working. FIXED: Missing retina icons for thumbnail / delete in the crops editor. FIXED: Thumbnails and Crops attempting to be processed even if they were left blank. FIXED: Checkbox bug in the installer and adjusted a few other things FIXED: Unarchiving second level children FIXED: replaceInternalPageLinks converting 0 or another falsey value to "" (thanks tamtt) FIXED: Keyboard arrow usage in Firefox on custom select fields FIXED: Daily Digest / Password Reset email issues in GMail and Outlook FIXED: Front End Editor not showing up if for some reason iframes are display: something-other-than-block in the user CSS FIXED: asp/aspx files being allowed as user uploads 4.0.3 Release ADDED: Better support for installation on Windows with IIS FIXED: Another PHP 5.2 compatibility issue in func_get_args FIXED: Writable directory errors on Windows environments (should now better determine if a directory is writable) FIXED: Static caching not working properly on routed template pages FIXED: Reduced memory usage for cached pages FIXED: Pages where POST vars were present being cached FIXED: Disabled resources still being clickable in the File Manager FIXED: Module Designer not properly creating columns in the table. FIXED: Packager not properly recognizing the option to include data when exporting a table. CHANGED: Resources (File Manager) permissions should now behave the same as Pages permissions in that you can have permission to a sub folder of a folder that you don't have permission to access (the folders you don't have permission to just appear empty and unwritable) REMOVED: Settings encryption key as an option in the installer, it's now randomly generated and can be manually editing the config. 4.0.2 Release FIXED: BigTree::globalizeArray (and its related methods) no longer will overwrite BigTree's globals ($admin, $bigtree, $cms) and should no longer break if the passed in array contains previously used internal variable names to the method ("array", "key", "val", "functions", "func"). FIXED: BigTree::putFile failing if the root filesystem directory was not readable. FIXED: Pending Changes page crashing if no view was present for a pending module change. FIXED: Random hits to /pages/update/ causing blank drafts to the homepage. FIXED: Admin bar showing up on different sites you're not logged into on the same domain (i.e. logged into /test/admin/ and not /test2/admin/). FIXED: Autocomplete should now be off for password fields when editing a user. FIXED: Settings icon randomly disappearing from templates editor when zoomed in on Safari/Chrome. FIXED: Many to Many and Geocoding buttons not working on initial module form creation. FIXED: When creating a callout, BigTree will now verify that the ID isn't in use by another callout. FIXED: Some error messages not showing up properly after submitting a form. FIXED: Field Types not including their related files when creating packages. REMOVED: Google Analytics check from Site Status (new usage of Google Tag Manager prevents us from really knowing anyway). UPDATED: Advanced .htaccess now includes a few more mime types that Apache occasionally gets confused (ogv, mp4, webm). 4.0.1 Release FIXED: IE prior to 10 having issues with background-gradient declarations that use rgba (using "CSS3" parser feature in BigTree) FIXED: Issues with forms that contained multiple many to many fields. FIXED: An issue where sometimes custom radio buttons in the admin would become duplicated. FIXED: Advanced Search in the admin not searching callout content. FIXED: BigTree's background-gradient parser when notices were turned on corrupting the end color. FIXED: icon_export class in the admin using the same icon as icon_archive. FIXED: Sorting of image views (you no longer have the option to choose a sort since it never worked). FIXED: Sorting of views by ID should now properly sort numerically instead of alphabetically. FIXED: An issue that occurred when a module had multiple forms and an error occurred in a form. The "Return & Edit" button should now return to the proper form. FIXED: Mobile and Tablet responsive states of the example site. FIXED: A rare issue that could occur where a fatal error would be thrown when editing a user if there was data corruption. FIXED: Usernames with a single quote in them would sometimes corrupt with BigTree bar on the front end. FIXED: Issues with numeric columns not sorting properly and database populated lists not sorting properly in sortable views. FIXED: Incorrect styles for pagination in message center. FIXED: Site Integrity Check running on archived pages. FIXED: Analytics columns getting list bullets and bad line height. FIXED: BigTree::globalizeGETVars / BigTree::globalizePOSTVars not working in PHP 5.2 FIXED: Incrementing of 404 hits not working when a 301 existed. FIXED: Encrypted settings showing their existing value when editing them. FIXED: Settings not having internal page links encoded and crops/errors not working properly. FIXED: BigTree::putFile not working at all. FIXED: Routed templates not working for the homepage. FIXED: Module Designer failing to create table columns for column names that were reserved MySQL keywords. FIXED: Example Site allowing for empty author fields in blog posts. FIXED: Rejecting changes in Pending Changes not clearing view caches (which left the change appearing in views). FIXED: $bigtree["current_page"] not existing while processing field types during a page update. FIXED: Many to Many and Tags changes not being applied when approving a change in the Pending Changes section. ADDED: SVG content-type headers to fix serving svg files in htaccess UPDATED: Newer version of CSSMin class. CHANGED: Draggable views with search results should now order by the first column instead of their "position" for easier browseability. CHANGED: Many to Many fields in forms now have more obscure form keys to make key collisions less likely. REMOVED: Deprecated Twitter API class from the example site. 4.0 Release ADDED: Multiple Service APIs (Twitter, Instagram, YouTube, Google+, Flickr, Disqus) ADDED: Multiple Geocoding options (Yahoo, Yahoo BOSS, Google, MapQuest, Bing) ADDED: BigTreeModule::getRecent, BigTreeModule::getRecentFeatured, and BigTreeModule::getNonArchived ADDED: A heads up view on the dashboard of the logged in user's changes that are awaiting publish ADDED: BigTreeAdmin::getPendingChanges (see note in "UPDATED" about the previous method by this name) ADDED: Front End admin bar now throws "openbigtreebar" and "closebigtreebar" events ADDED: BigTree::relativeTime (gives you a "5 days ago", "1 month ago", etc response like a Twitter timestamp) ADDED: Events "addedItem" and "removedItem" are now triggerd by Many to Many ADDED: Photo Galleries can now have captions disabled ADDED: NavPosition property to BigTreeModule that allows module navigation to go below or above page based navigation ADDED: Database Cache support via bigtree_caches (BigTreeCMS::cacheGet and BigTreeCMS::cachePut) ADDED: Instruction block to files created when making a new custom field type ADDED: BigTree::sendEmail utility function. Utilizes bundled htmlMimeMail class. ADDED: "change" events for BigTreeCheckbox and BigTreeRadioButton ADDED: Ability to choose a sorting field for "Images" and "Grouped Images" view types ADDED: The a few options to BigTreeModule::search ADDED: The ability to re-order module view actions and edit custom module view actions. ADDED: PayPal REST API payment gateway (beta support) UPDATED: BigTreeModule::delete can now accept a full item OR the item's ID UPDATED: Some language throughout the admin has been updated to be more clear UPDATED: BigTreeAdmin::getPendingChanges is now BigTreeAdmin::getPublishableChanges UPDATED: Sorting columns in a searchable view is now always case insensitive in new installs UPDATED: Paging ellipsis now goes to the first or last page UPDATED: Charset in auto-generated sitemap.xml UPDATED: TinyMCE's default allowed elements now include figure and figcaption UPDATED: Many to Many now removes items from the available list as they are used and re-adds them as they are deleted UPDATED: jQuery to 1.10.2 UPDATED: jCrop to 0.9.12 UPDATED: Executable files are no longer uploadable through BigTreeStorage service (previously BigTreeUploadService) to prevent security issues UPDATED: Feeds editor now uses the more stylish field adder inspired by Phil P (previously only in Module Forms) UPDATED: Example site modules now have icons UPDATED: Photo Gallery no longer requires the user to manually hit Add Photo UPDATED: Clicking a label next to a radio button now works as if you clicked on the radio button itself UPDATED: BigTreeCMS::getBreadcrumbByPage now sets the BreadcrumbTrunk property when a trunk is hit UPDATED: Photo Gallery field type can now be used in Callouts UPDATED: Example site now includes a breadcrumb. UPDATED: Default TinyMCE buttons now include indentation buttons UPDATED: Group and form titles added to integrity check naming to make it more clear where the error is (since multiple forms can be in one module and modules can have the same name in different groups). UPDATED: Added the ability to not view cache items in add/update/save in BigTreeModule (speeds up entry when importing). UPDATED: Module Groups are now alphabetical when choosing a group in the Module add/edit screen UPDATED: BigTree's CSS3 Vendor Prefixing now supports transform CHANGED: $state_list, $country_list, and $month_list globals are now BigTree::$StateList, BigTree::$CountryList, BigTree::$MonthList CHANGED: Significantly improved Amazon S3 cloud storage - now only uses a single bucket with "virtual" directories and authenticates you when you first enter credentials instead of trusting they are correct and also creates a bucket automatically if none is specified. CHANGED: BigTree now creates tables with utf8_general_ci collation instead of utf8_bin CHANGED: Most JavaScript variables are now namespaced to prevent collisions with custom scripts CHANGED: Massive update to the way field types are drawn and processed. All the data you need is now available in the $field variable and fieldsets and labels are automatically drawn. $field["output"] is now used for the process file to return the value instead of $value. CHANGED: Removed "Custom Function" field type as it was a precursor to custom field types. CHANGED: Many previously global PHP variables are now stored within the $bigtree global array. CHANGED: Textarea no longer acts as an unescaped HTML dump. It is now htmlspecialchar'd just like a single line text field. This was confusing and unexplained behavior when compared to a regular text field. Create a custom field type if the old behavior is needed. CHANGED: When processing data in form field types, $bigtree["entry"] now contains the current data set (be it the module's row or pages resources or callouts resources) CHANGED: When cropping, the default crop should now be ~90% of the size of the uploaded image instead of the minimum required crop CHANGED: Admin navigation array is no longer included in _header.php -- it's now in _nav-tree.php so that it's easier to override in custom without changing the whole header CHANGED: PayPal Express checkout methods in BigTreePaymentGateway CHANGED: Many places in the admin that previously relied on eval() now use call_user_func. eval() remains only for parsers on form fields and post-install package code. CHANGED: Made the checking of uniqueness an option in BigTreeModule::add CHANGED: Module View Actions are now much smaller and no longer draw their title in the column (more space is now available for data columns) CHANGED: Moved BigTreeForms functionality into BigTreeAutoModules, BigTreeForms class no longer exists. CHANGED: BigTreeUploadService is now BigTreeStorage and the "upload" method is now "store" (backwards compatibility still exists for the old class name/method) CHANGED: "List" field type no longer htmlspecialchars the submitted values. CHANGED: BigTree::globalizeArray and related globalize functions now iterate through arrays instead of ignoring them. You can also now pass in functions as string parameters instead of a single array of functions. FIXED: Admin header now pulls protocol-agnostic version of html5.js for IE (works for HTTPS admins now) FIXED: Paging functions globally use 1 as the first page now instead of 0 FIXED: Pending items not being editable FIXED: Sortable many-to-many fields FIXED: Lots of CSS and layout issues FIXED: Quick Search / Advanced Search returning pages/modules that the logged in user did not have access to FIXED: Settings not handling file uploads, crops, and errors FIXED: sqlescape() causing errors on boolean values FIXED: cron.php in shared core setups FIXED: Non-administrative users not being able to use Save & Preview in Pages FIXED: Non-images being dumped into /files/ instead of /files/resources/ when using the File Manager FIXED: Pending Pages getting the title "Home" in Pending Changes and having the wrong preview link FIXED: Save & Preview button not working on pending pages FIXED: Front End BigTree Bar not working on pending pages FIXED: Routing issues when a piece of the path was also a piece of one of the commands (i.e. events/new-events/ would fail to route) and a related issue with route history 301s failing when there were similar routes. FIXED: Sorting of getNavByParent when requesting hidden nav as well. FIXED: Geocoding fields appearing on edit of a module. FIXED: 404s potentially hard-cacheing FIXED: 404 manager filling with blank URLs when HTML tags were entered in the URL string FIXED: Arrays being butchered when passed into a Callout resource FIXED: Sorting of columns in searchable views FIXED: HTML areas not fitting properly in callout windows FIXED: Dual 404/301 headers being sent when a 301 is found in the 404 Manager FIXED: Installer not working if deprecated MySQL PHP module isn't available FIXED: Settings not having their links encoded properly for dev->live FIXED: Issues with Daily Digest / Password Request emails not working properly in some email clients FIXED: Page Preview not working if the new template being used has a different type (basic/routed) than the previous template FIXED: Date Time and Custom Field Types causing Module Designer to fail FIXED: Crash that would occur if you for some reason switched back to the blank spot in a table selector for adding a view/form/feed. FIXED: DB populated lists causing the page to crash if the table was renamed/deleted. FIXED: Example Site's features form uploading to /files/features/ instead of /images/features/ FIXED: Example Site's blog search throwing an Exception FIXED: Example Site's pagination numbers in Blog and lack of 404s FIXED: Example Site's posts module not having tags enabled FIXED: Radio buttons having to be clicked twice after being clicked once FIXED: Trigger handling on checkboxes so that the "click" events now get the proper "checked" status of the checkbox FIXED: max_input_vars being hit when submittion permissions for Users in sites with > ~1000 pages. FIXED: Module Designer creating MyISAM tables instead of InnoDB FIXED: An issue in pages when you switched templates between two wysiwygs of the same name/type would cause the content to not save FIXED: Custom routing issues in the admin FIXED: A bug where if a custom field type stored itself as a JSON encoded array and the callout was never edited the next time the page was that field would lose its information FIXED: Hitting back after cropping an image would lead to a broken crop page FIXED: Admin crashing if an image was too large to do image cropping/thumbnailing on within scope of available memory (now properly throws errors instead of blank screening) FIXED: BigTree::createCrop and BigTree::createThumbnail now fail gracefully if there isn't enough memory available FIXED: Drag/drop sorting of modules FIXED: Double htmlspecialchar encoding of growl messages FIXED: Removed some console.log's that were left in Javascript FIXED: An issue with external link checking in Integrity Check FIXED: An error message is now shown if a form submission exceeds PHP's post_max_size setting (instead of causing blank entries / bad saves to occur) FIXED: A bug where float parsing would return NULL for empty values even if NULL wasn't allowed FIXED: BigTreeAutoModule::createItem not accepting arrays as values FIXED: Module Forms/Views not deleting properly FIXED: A module class' getBreadcrumb and getNav being called even if the methods don't exist. FIXED: Data not transitioning between callout types FIXED: Date & Time pickers not showing up in callout resources FIXED: Pages not locking properly when another user was editing them FIXED: Possible infinite loop when generating a route FIXED: Array of Items field type doing odd things if the developer never adds fields to it FIXED: Array of Items HTML field sometimes failing FIXED: Many to Many not showing up when there was nothing to tag FIXED: Missing ability to add form field types to packages FIXED: Callout resources asking to be the SEO body copy / H1 score FIXED: Poor namespacing of headers/footers in ajax and routed templates that could possibly be junked by the proceeding includes FIXED: Lack of error messages when a file upload failed in the File Manager FIXED: Form fields sticking around after the column is removed from a table FIXED: Updating a module view/form should now update its related action name FIXED: The super large size of the TinyMCE icon set (should be PNGcrushed now) FIXED: Editors not being able to delete their own pending entries FIXED: Behavior of BigTreeSelect when removing elements and when all elements are removed FIXED: Behavior of BigTreeManyToMany when the add button is clicked with nothing left to add FIXED: BigTreeSelect now gets wider when a larger option is added FIXED: Publishing pending entries did not handle arrays properly FIXED: depth > 1 parsing in BigTreeAdmin::getNaturalNavByParent — thanks to asiral on the forums. FIXED: Selected file / pane not resetting when you begin to search in the File Browser — thanks asiral on the forums. FIXED: Non-developers seeing a checked checkbox when adding top level navigation even though they would end up getting hidden nav. FIXED: Encrypted system settings still untranslating. FIXED: Sub-routes with similar route partials getting stuck in the admin breadcrumb FIXED: BigTreeSelect drop downs not closing on scroll inside of callout editor windows. FIXED: Lots of issues with WebKit, overflow scroll windows, and the BigTreeSelect boxes. FIXED: Double calls to BigTreeCustomControls() causing already styled items to bug out FIXED: Some XSS vulnerabilities. Thanks to Contra on github for pointing them out. FIXED: getSitemapXML failing if a custom page module didn't implement getSitemap. FIXED: Front End Editor not including custom admin CSS/JS FIXED: BigTree bar not being loading over https when on an https page. FIXED: SQL injection possibility when inserting a ' into a URL FIXED: An issue related to # in internal page links FIXED: Updating resource titles in File Manager. Thanks to asiral on the forums. FIXED: A potential cross-site scripting issue on the module view add page. Thanks to High-Tech Bridge Security Research Lab for alerting us of this. FIXED: A Cross-Site Request Forgery exploit that would allow logged-in BigTree admins hitting a malicious page to automatically create / update users. Thanks to High-Tech Bridge Security Research Lab for alerting us of this. FIXED: Issues with MultiViews in Apache causing asfg.sdgsd in /site/ to tank the /asfg/ route in BigTree. Thanks @mcongrove FIXED: Searching quick links and through the main search in the admin should no longer return archived pages. FIXED: Fixed BigTreeDialog close icon when there are no buttons. FIXED: Payment gateways not showing info when you go back into them after setting your API keys. FIXED: Improper latin encodings on some columns in BigTree tables FIXED: Memory leak in BigTreeCMS::replaceInternalPageLinks FIXED: User profile not being editable by normal users. Thanks spud! FIXED: Checkboxes and radio buttons misbehaving in callouts. FIXED: Custom Field Types not showing up in Settings FIXED: Pending Entries not showing up properly in Images/Grouped Images views. FIXED: Double cache when using BigTreeModule::save FIXED: Internal page links showing up as ipl:// in Settings list FIXED: Potential crazy database corruption if you set your config's www_root or static_root to "/" FIXED: Password resets and logging out when config's force_secure_login is set and config's admin_root isn't https. FIXED: Styling module views showing a number instead of action title for custom actions. FIXED: Double htmlspecialchars encoding of callout names in the callout selector drop down. FIXED: HTML areas drawing non-htmlspecialchared data into a <textarea> block. Thanks asiral for the bug report. FIXED: Stopped date fields from drawing crazy stuff if 0000-00-00 gets entered in. FIXED: BigTreeAutoModules::publishPendingItem inserting improper data into the database for NULLs and such. FIXED: Sort direction not working for the default sorted column in searchable views. FIXED: Generally sorted out issues with sorting of columns that are originally numeric but run parsers or have foreign keys that indicate they're probably a string. FIXED: Various IE 7/8/9/10 issues. FIXED: Editing a feed should now properly show the list of unused fields. FIXED: Various issues with the Payment Gateway overview screen and sub sections throwing warnings. FIXED: Updating a module to have group based permissions (or changing those) not clearing the module's view cache. FIXED: Replying to a message that you sent trying to send the message to you instead of all the people you'd previously sent the message to. FIXED: BigTree::trimLength using a literal UTF-8 ellipsis character. Now uses an HTML entity for better cross-character-set support. FIXED: Issues when a BigTreeSelect was disabled and re-enabled it behaved poorly. FIXED: BigTree Bar breaking when a user's name contained an apostrophe. FIXED: View Options breaking if they were edited before choosing a table. FIXED: Vitals & Statistics showing for non-administrators. FIXED: Messages not being properly recognized as read when the user was not the first person to read them. FIXED: Values for "List" field type not being htmlspecialchar'd when drawing the list FIXED: Non-htmlspecialchar'd data getting into the view cache. REMOVED: "Menu" field type, as it was just a pre-configured Array of Items REMOVED: BigTreeCMS::getCallout -- replaced with improved version of BigTreeAdmin::getCallout REMOVED: When there are errors in your form submission, the Delete button no longer shows up. REMOVED: Twitter callout from example site (so long Twitter API 1.0) 4.0RC2 ADDED: 404 Report now has paging and delete functionality. ADDED: Foreign key constraints to tables. ADDED: Module Views now pass their state information to forms so that when you return from the form you are where you left off. ADDED: Site Integrity Check now also checks module content. ADDED: More icons to choose from for module actions. ADDED: SQL queries are now logged to $bigtree["sql"]["queries"] when debug mode is on. ADDED: Support for module actions that contain /s in them so they can pretend to be in a subdirectory of custom modules. ADDED: Module Actions add/edit can now specify a form / view. ADDED: Placeholder image functionality. ADDED: BigTree::geocodeAddress ADDED: The ability to package instructions and post-install PHP code when importing a package. ADDED: You can now turn on/off tagging in modules and pages. ADDED: Delete All function for 404s without redirects entered. ADDED: Page titles should now reflect better where you are in the admin. ADDED: New, prettier email templates for daily digest / forgot password. ADDED: Searching in a grouped view now includes items in a group where the group name matches your query. ADDED: $bigtree["page"]["link"] now contains the equivalent of $cms->getLink($bigtree["page"]["id"]); ADDED: Default configuration variables to show a Development Area flag with a link to the website. ADDED: Default configuration variables to preload the admin with JS and CSS ($bigtree["config"]["admin_css"] and $bigtree["config"]["admin_js"] arrays) UPDATED: Consolidated a lot of images into a single sprite for faster loading of the admin. UPDATED: New glyph-based icon set and 2x image set for retina-capable displays. UPDATED: Google Analytics was completely revamped since RC1's authentication feeds were deprecated. UPDATED: Newer versions of TinyMCE and related plugins. UPDATED: The example site is updated to support "callouts" on the homepage for extensibility and also has had its code cleaned up. UPDATED: LESS compiler to support @import UPDATED: Credits page to be more comprehensive - linked it up in the footer. UPDATED: Example site blog now supports previewing. UPDATED: Adding a Geocoding or Many to Many to a form now automatically brings up the settings dialog. FIXED: BigTreeAutoModule's getViewForTable should be static. FIXED: "route" being limited to 30 characters in bigtree_pages. FIXED: View Columns should no longer break if they were styled and a Preview button was added. FIXED: Parameters for BigTreeCMS's getBreadcrumb function were wrong. FIXED: BigTree admin's login page should now load resources over HTTPS if force_secure_login is set in the config. FIXED: Documentation bugs FIXED: File Extensions not being set in the database correctly for things uploaded to the File Manager. FIXED: Issue with hidden resources in Callouts. FIXED: Users section should now have sortable columns and paging should now work properly. FIXED: Permission issue with drag and drop. FIXED: A bug with Array of Items in Chrome. FIXED: Site Status crashing if PHP was running as CGI. FIXED: Several Module import/export issues. FIXED: Date/Time picker styles in WebKit browsers. FIXED: Thumbnail images in dialog pop-ups. FIXED: Misbehavior of the Field Selector for Module Forms. FIXED: Unintended creation of orphaned temporary images. FIXED: Views crashing if all the columns were removed. FIXED: Inclusion of hidden files in /custom/inc/required/ FIXED: Poor english in some places. FIXED: CSS and JavaScript not getting Last-Modified headers causing redownloads each time. FIXED: Administrators not being able to archive top level hidden pages. FIXED: Random CSS/JS cache files being created. Only combinations set in the config will create them now. FIXED: Missing "default to now" option for Date & Time picker. FIXED: Date & Time picker showing a default date of 1969. FIXED: Missing "Required" option for Date/Time/Date & Time pickers. FIXED: Custom view actions not being able to be disabled after added. FIXED: Content Alert inheritance buttons in user editor. FIXED: Double encoding of html special characters in module views. FIXED: Odd encoding issue on pre/post process module form functions. FIXED: Site Status now properly checks all directories for writability. FIXED: Some BigTreeForms methods being public instead of static. FIXED: Sorting in grouped image views. FIXED: BigTreeAdmin::deleteFieldType now properly removes the options file. FIXED: A bug in BigTree::trimLength FIXED: Improper headers being sent for images served through TinyMCE's javascript folder. FIXED: A bug with the view cache and pending entries. FIXED: Many to Many bugging out if there were no possible relationships to be made. FIXED: Fields not being validated when creating a form / action / view. FIXED: Settings not translating properly. FIXED: Not being able to preview an expired or publish-in-the-future page. FIXED: Save & Preview not working in Pages when there were crops. FIXED: Front end cropping not closing the window properly. FIXED: Breadcrumb breaking in Pages if trunk was set. FIXED: Int fields that were empty and didn't accept NULL being butchered. FIXED: Forgot Password email coming from FIXED: Group sorting when it was sorting by numeric values. FIXED: Page revisions never falling off after 10 / more than a month old. FIXED: BigTreeSelect not recognizing when a was disabled.
  • FIXED: Numeric commands not being passed to module actions.
  • FIXED: Various issues related to pending changes.
  • FIXED: Grouped view items where the item's group is missing.
  • FIXED: Template creation no longer creates a "Resources Available" comment if none are available.
  • FIXED: Columns named "route" should now be assumed as the Generated Route field type.
  • FIXED: BigTree::copyFile so that it supports URLs for the source.
  • FIXED: An issue with module forms doubling when exporting a module.
  • FIXED: An issue where adding a new resource to a callout wouldn't let you save it's radio button value.
  • FIXED: A text overflow issue on view columns.
  • FIXED: BigTreeModule::search method.
  • FIXED: BigTreeCMS::getLink now recognizes if you're requesting the current page's link and doesn't ask the database for it.
  • FIXED: Amazon S3 storage settings not sticking properly.
  • FIXED: Caching of unpublished view items.
  • FIXED: BigTreeAdmin::autoIPL issue with URLs where text followed.
  • FIXED: Lots of issues with tables where column names contained spaces or `
  • FIXED: Column sorting in searchable views.
  • FIXED: Problems caused by the column set to sort by wasn't included in the view.
  • FIXED: IE10 background gradient support.
  • FIXED: Failed photo uploads causing the field to be filled with the value of the previous field.
  • FIXED: View paging not making sense if there were more than ~5 pages.
  • FIXED: Admin crashing if the table for a form/view was deleted when trying to edit them.
  • FIXED: Crashes in database populated lists when the table it pulled from was deleted.
  • FIXED: Front end editor should no longer show Edit if the user doesn't have access to edit the page.
  • FIXED: Editing a page should now return you to the page you were previously on instead of always its parent.
  • FIXED: Quick Search is now more clear about the existence of Advanced Search.
  • FIXED: Previewing the homepage.
  • FIXED: Issues where a person with different group based permissions on a single module could escalate their editor/publisher rights.
  • FIXED: Improper calculation of quarterly reporting for Google Analytics.
  • FIXED: Issues with Analytics crashing the cron update so that it never sends Daily Digest email updates.
  • FIXED: Demo site should now properly respect publish dates on blog entries.
  • FIXED: Double encoding of relationships in Many to Many fields.
  • FIXED: Adding Geocoding to forms.
  • FIXED: Images not showing up in advanced search.
  • FIXED: Preview/Save & Preview when editing from a link on the front end of the site.
  • FIXED: Generated Route field type did not work if the column's name was something other than "route"
  • FIXED: Not being able to save & preview the homepage.
  • CHANGED: Page Header and Page Content are no longer required fields in the example site's Content template.
  • CHANGED: Simple HTML WYSIWYG no longer has the Code option.
  • CHANGED: Passing of information in Developer section from using commands to GET to be more clear.
  • CHANGED: Admin area now uses $_SESSION["bigtree_admin"] instead of $_SESSION["bigtree"] to avoid register_globals breaking front ends.
  • CHANGED: BigTree now defaults to MySQLi instead of MySQL.
  • CHANGED: BigTree now uses sqlescape() instead of mysql_real_escape_string so that it can cooperate with MySQLi and MySQL.
  • CHANGED: Improved the layout of Site Integrity Check
  • CHANGED: Crops will now be a square if only one dimension was entered.
  • CHANGED: Display of editing a Setting.
  • CHANGED: If a class is not found when auto loading, it will clear the module class list cache file in case it's out of date.
  • CHANGED: sqlfetch() calls will no longer throw an exception if you don't have debug on.
  • CHANGED: Tagging now associates by table instead of module.
  • CHANGED: SQL commands are now in /core/inc/bigtree/sql.php, moved most of /core/inc/utils/ into /core/inc/lib/ to be more accurate in the naming.
  • CHANGED: Installer now uses the main admin's css/js instead of a custom subset.
  • CHANGED: Several items that were always included in bootstrap are now auto loaded when needed.
  • CHANGED: Consolidated code for replacing relative/hard roots.
  • CHANGED: Approving a change now growls the proper module name.
  • CHANGED: If an error is thrown in Pages, the tab is now switched to the first tab that contains an error.
  • CHANGED: Routing now supports unlimited depth levels of _header and _footer and routing code has been consolidated and optimized.
  • CHANGED: Many to Many's list parser function now parses both the list of available relationships as well as the list of existing relationships.
  • CHANGED: BigTreeModule::search is now case insensitive by default.
  • CHANGED: New default layout for the admin includes H1s, breadcrumb, and navigation for modules. THIS MAY CAUSE BACKWARDS COMPATIBILITY ISSUES WITH CUSTOM MODULES THAT DRAW IT ON THEIR OWN.
  • CHANGED: Including custom CSS and JavaScript in the admin is now done through $bigtree["css"] and $bigtree["js"] instead of $css and $js — THIS IS A BACKWARDS COMPATIBILITY BREAK FOR CUSTOM MODULES.
  • CHANGED: form_container class name is now container - THIS IS A BACKWARDS COMPATIBILITY BREAK FOR CUSTOM MODULES.
  • CHANGED: Cropping code is now consolidated across modules/pages.
  • CHANGED: Pages tab should no longer be in the header if a user has no pages access.
  • CHANGED: BigTreeBar javascript is now namespaced better in a JavaScript object.
  • CHANGED: Users with Group Based publisher permission can now publish their entry if they choose a group they have publish access to without first saving it.
  • CHANGED: Switching a select that affects the group based permissions of an entry now changes the button actions at the bottom of the form.
  • CHANGED: The permissions tree in the User editor should auto-expand down to where specific permissions have been set.
  • CHANGED: Page Paradigm now more semantic. Calls to paged methods now start at 1 for the first page instead of 0. — THIS IS A BACKWARDS COMPATIBILITY BREAK FOR BigTreeModule::getPage
  • REMOVED: Dropdown of modules from the main header.
  • REMOVED: getPendingPage and getTagsForPage from BigTreeAdmin since they were redundant with BigTreeCMS's implmentation.


  • NEW: Retina Display asset support (create 2x images at lower quality when capable)
  • NEW: Forms can now manually specify a return view.
  • NEW: Image quality settings can now be set in /templates/config.php for both retina images and regular images (previously BigTree always used 90%).
  • NEW: Crops and thumbnails can now be given grayscale treatment.
  • UPDATED: Custom s now support UPDATED: Thumbnails of cropped images now re-crop from the original image to preserve quality. UPDATED: Template add/edit now groups Related Modules in for easier choosing of modules with the same name. FIXED: Form's action routes not updating if suffix changed. FIXED: Searchable view sorting. FIXED: Template creation now throws an error message if you try to use an existing ID. FIXED: # being thrown if you click on an already active tab in Pages. Now scrolls to the top. FIXED: Regular user permissions that totally got screwed in beta 7. FIXED: Trunk support in BigTreeCMS::getToplevelNavigationIdByPage FIXED: Duplicate entries sometimes occurring in sitemap.xml FIXED: Warning being thrown for output filters being false in router. FIXED: Terminology on Callout add/edit page. Fixed options button being in the wrong place as well. Fixed doubled radio buttons. FIXED: Group based permissions being checked off for modules where it was null. FIXED: Options button in Module Designer. FIXED: Image Views ignoring the "Edit" function being deactivated. FIXED: Admin not redirecting to the requested page if it was requested when you weren't logged in. (Now returns to the requested page after login). FIXED: Dialogs not re-centering if their height changed. FIXED: Template tab in Pages now hides if a user doesn't have access to the template that is currently set (i.e. the template is Administrator or Developer only). FIXED: Auto Modules now properly refresh their locks on content every minute. FIXED: Double encoding of the names of Field Types (leading to & showing up). FIXED: Missing image when adding an image to a photo gallery for the first time. FIXED: Packaging a module with tables that had foreign keys not being packaged in the proper order (leading to failed creation of tables due to foreign key constraints). RETURNED: Support for /sitemap/ defaulting to /templates/basic/_sitemap.php REMOVED: Imagick support. GD support remains. 4.0b7 NEW: Redesigned sample site that provides more in depth examples of using BigTree NEW: Field Types are now able to be used in Settings NEW: Gravatar support for users NEW: Date Time Picker support NEW: BigTree::describeTable method for a faster way to get SQL table columns NEW: Foreign key constraints are now recognized when creating a form and are automatically created to be database populated lists. NEW: ENUM columns are now recognized when creating a form and are automatically created to be static lists. NEW: BigTreeModule::getSitemap method to allow for drawing sitemap branches from a module class. UPDATED: LESS Compiler to 0.3.5 UPDATED: Authentication no longer caches permissions via sessions. UPDATED: New installs now set SERVER_ROOT in /site/index.php to allow for sym-linked /core/ folders. UPDATED: Install.php can now accept command line options instead of $_POST vars for automated installs. UPDATED: New installs will receive indexes and foreign key constraints on bigtree core tables. UPDATED: Retina assets for custom controls. UPDATED: CSS parsing to include root variable auto replacing (www_root/ admin_root/ static_root/ etc). FIXED: Custom select boxes now blur other select boxes when clicked. FIXED: Custom select boxes now scroll the window down to show their full drop down when low on the page. FIXED: A bug with SEO scoring unique titles improperly. FIXED: Turning on notices when debugging a custom module shouldn't break the whole admin now. FIXED: Bug related to locked pages/entries. FIXED: Searching users, settings, and resources is no longer case sensitive FIXED: Missing jump dropdown in Dashboard areas. FIXED: Searching auto modules is no longer case sensitive FIXED: Missing "custom" fields in view options, field options, other dialogs FIXED: Default templates using $content instead of $bigtree["content"] FIXED: Google Analytics setup failing to store encrypted information properly in the database. FIXED: Dialogs now stay centered on the screen when the browser resizes. FIXED: Bug that caused image resources to use {wwwroot} over {staticroot} FIXED: Empty module groups are no longer shown in the Modules dropdown FIXED: File Browser "Cancel" button not closing the window when packaging a module. FIXED: The front end editor now alerts a user if there is no editable content. FIXED: Custom selects misbehaving in dialogs FIXED: Sorting via fields not using backticks (`) around column names FIXED: RSS 2 feeds not really being RSS 2.0 FIXED: Warning that could show when preprocessing functions didn't return an array FIXED: A rare bug where creating a new item in a module before the module's view was cached would make the existing items never cache. REMOVED: Custom JavaScript and CSS in Auto Module forms. REMOVED: Uncached ability in Auto Module views. 4.0b6 NEW: BigTree now allows for usage of index.php routing WITHOUT .htaccess / mod_rewrite NEW: BigTree::unzip function (preparing for the future) FIXED: Buttons in the image browser not working in beta 5. FIXED: Example site "Wonders" form missing in beta 5. FIXED: Module forms not creating properly in beta 5. FIXED: Choosing image size not working in Image Browser in beta 5. FIXED: Styles of the H3 in the image size chooser in the Image Browser. FIXED: 404s in the 404 list not being htmlspecialchar'd FIXED: Some "Advanced Link" problems in TinyMCE FIXED: Views with more than 5 columns causing a critical error. FIXED: Many problems that stopped module packaging / importing from working in recent betas. FIXED: Callout images throwing an error if they were unchanged from last publish (Thanks Phil P!) FIXED: A warning that occurred if you uploaded an invalid image. FIXED: Lazy loading of modules throwing a critical error when class_exists() was called (fixes Module Designer!) FIXED: Module creation process showing urlencoded titles FIXED: Homepage resources loading into a new page if the template was changed (Thanks Phil P!) 4.0b5 NEW: Array of Items now supports using several different field types (text, textarea, date, time, html) NEW: BigTree version updater automatically does database and file system changes when a new revision is installed. NEW: "Trunk" flag for pages that allows for resetting BigTreeCMS::getTopLevelNav and BigTreeCMS::getBreadcrumbByPage methods. UPDATED: TinyMCE to latest version. UPDATED: BigTreeAdmin::updateSetting now supports system settings. UPDATED: System settings are now consolidated to not clutter the bigtree_settings table so much. UPDATED: Cleaned up list-generating code to be usable by third party field types (see BigTreeListMaker JavaScript class). UPDATED: Callouts "Title" now renamed "Label" so there aren't two things called "Title". UPDATED: Daily Digest email now sends out emails alerting you of unread messages in Message Center. UPDATED: Cleaned up the global namespace to move several variables ($content, $layout, $page, $callouts, $resources) into a $bigtree array variable. FIXED: A possible notice in install.php FIXED: Updating a pending page change (fixes restoring to a revision when a pending change to a page exists) FIXED: "Cron" no longer tries to run Google Analytics if a profile isn't set. FIXED: The size of some panels in the Image/File browser. FIXED: Many to Many editor's odd style issues. FIXED: Generated routes failing when publishing a pending item. FIXED: Preview URL for the homepage. FIXED: Double-encoding of HTML entities for callouts. FIXED: Errors for "Array of Items" when used in callouts. FIXED: Some issues with inline popups in TinyMCE. FIXED: Custom select boxes were firing "changed" instead of "change" like a normal element would.
  • FIXED: Tooltips not hiding properly (and causing things behind them to be unclickable)
  • FIXED: Creating a user not setting the daily digest flag properly.
  • FIXED: "Cron" not getting the right environment variables when running daily digest.
  • FIXED: "Growl" messages not showing up in Users section.
  • FIXED: Users rows not disappearing after deleting them.
  • FIXED: Deleting a user confirmation dialog saying "Resource" instead of "User"
  • FIXED: Styling and clickablility of Quick Search results in admin.
  • FIXED: File Browser in IE8, removed it's use with a warning in < IE8.
  • FIXED: Sub directories are no longer (attempted to be) included in /custom/inc/required/ (thus throwing a warning)
  • FIXED: Pages not publishing certain properties properly when published via the Pending Changes section of Dashboard.
  • FIXED: Saving a revision not showing the new revision immediately.
  • FIXED: Array of Items not getting a draggable placeholder
  • FIXED: Daily digest going out even if there was nothing for the user to be notified about.


  • Fixed issues with saving pending changes on pages that were empty of content.
  • Fixed publishing pending changes for pages from the dashboard
  • Fixed the number of pending page changes on the dashboard always showing 1.
  • Updated the layout of the user permission editor to list modules by group.
  • Fixed the module permissions always showing a blue arrow even when sub-permissions were not available.
  • Fixed default date format for the date picker if "Default to Today's Date" was set.
  • Fixed callout files/images disappearing on re-save
  • Fixed resources in callouts saving strangely.
  • Fixed callout resources ignoring validation rules.
  • Restored ability to add classes to images in TinyMCE
  • Added missing + buttons in module designer.
  • Removed confirm dialogs from deleting fields from a form.
  • Fixed an error that caused options for a view to not save (and throw a warning) on initial creation.
  • Fixed cron-job not running properly.
  • Fixed BigTreeCMS::makeSecure
  • Fixed a few Javascript events in the admin (changing callout types and a few other places were broken in beta 3)
  • Switched sorting in the admin to use POST instead of GET (to support thousands of items).


  • Updated image cropper count design to make the number of crops more obvious
  • Updated callouts to allow developers to set a default title.
  • Updated module creation so that if there isn't a related table it throws a growl and moves away from the view/form creation process.
  • Fixed custom view actions behavior.
  • Fixed BigTreeModule::getTagsForItem
  • Changed positions to always be position: fixed instead of a mix of fixed and absolute.
  • Fixed the variable scope in which _404.php is included on 404 pages.
  • Fixed pulling module class' breadcrumb.
  • Fixed BigTreeCMS::urlify to properly decode html entities before creating a URL string (prevents this-amp-that type URLs).
  • Fixed some z-index issues with dialog windows.
  • Fixed Array of Items field type item order to be consistent with List.
  • Fixed using view actions (feature, archive, approve, dragging to change position) on items that are not yet published.
  • Fixed TinyMCE paste problems.
  • Added the ability to specify a required user level for a module action to appear in a module's admin navigation.
  • Updated the Home template to default to developer-only and set its position to be second in the list of default templates (so that content is the default for new pages).
  • Fixed (Database Populated) List field type not remembering your sort order the first time you create it.
  • Fixed Field Types not remembering whether they're allowed for Callouts on initial creation.
  • Fixed link to analytics on the dashboard.
  • Fixed Feeds not loading properly on the front end.
  • Fixed route history not being created when moving pages.
  • Fixed CSS border radius in several places in Safari.
  • Fixed grouped module breadcrumb going to the wrong place if you clicked the group name.
  • Fixed module designer creating the wrong icons and in the wrong order.
  • Updated BigTreeAdmin::createModuleAction to allow you to specify a default position.
  • Updated view caching to process out {wwwroot}
  • Fixed Module View creation to throw proper errors on draggableness (previously checked the wrong properties so false errors were thrown and real ones were missed)
  • Added + icons to the edit module screen.
  • Silenced some warnings when images had bad EXIF data.
  • Made initial content age be the date of installation instead of 1969.
  • Fixed install / admin errors when Notices were turned on in PHP.
  • Updated the style of the Unused Field adding mechanism to more accurately group the + icon and the field name together. Thanks philp!
  • Fixed the front end editor messing up page titles / nav titles that had & in them.
  • Updated sqlfetch() to throw an Exception when you give it a bad sqlquery() result to aid in debugging.
  • Added BigTreePaymentGateway -- a way to handle payment gateways without knowing which one the user has.
  • Updated the layout of the developer landing to support Payment Gateways.
  • Fixed styling of phone / email field types when in callout editor.
  • Fixed callout's phone number processing.
  • Fixed the initial description of a callout's resources that's written to the callout file.
  • Fixed mobile.css and no-zoom/resize being set for mobile browsers (should work now on iPhone/Android, though not optimized for it yet).
  • Added placeholder styles for dragging of callouts and image views.
  • Fixed image views not using the "prefix" option properly.
  • Changed to native event firing on custom Select, Radio, and Checkboxes in the admin (used to be checked:click and select:changed, now you just observe click or changed).
  • Fixed Google Analytics and Daily Digest not sending out in the event that your cron isn't running (should have happened on any visit to the admin if cron hasn't run in 24 hours, wasn't)
  • Fixed File Browser not working on the front end editor.
  • Stopped the home page from being able to be moved.


  • Removed .htaccess warnings from the installer since it's throwing a lot of warnings when there isn't a problem.
  • Fixed page "Revisions" showing the currently published copy as an option for creating a new draft.
  • Fixed fatal error that's thrown when an item was locked and someone else tried to access it.
  • Updated BigTree::curl to not verify SSL host/peer (caused lots of failed cURLs)
  • Fixed a warning thrown when calculating SEO value if some of the field types were arrays in a page template.
  • Silenced some warnings in the installer (caused by shared server openbase_dir stuff).
  • Fixed styles in the example site.
  • Fixed an error that caused issues with grouped views in modules.
  • Removed the ability to use Field Wrappers.
  • Changed the default sorting for templates.
  • Changed the "name" field of resources of callouts to be "title" like everything else (if you've made some callouts, their titles may not be working now, sorry!)
  • Fixed some errors in processing photo gallery field types.
  • Fixed a bug with file dialogs when hitting Escape to close them.
  • Updated the user editor to hide permissions that aren't applicable to Administrators and Developers.
  • Fixed text-ellipsis for long URLs in the Properties section of pages.
  • Fixing pending changes to pages not decoding properly (caused broken images in HTML areas).
  • Added + icons to buttons in forms to bring better attention to them adding things.
  • Removed extraneous old code from BigTree 3.3
  • Fixed some HTML5 validation errors.
  • Fixed a tag closing bug that was causing Internet Explorer to not render the nav properly.
  • Fixed a bug with tagging items not sticking.
  • Fixed a message when deleting a 404.


  • Initial public release.
You can’t perform that action at this time.