Skip to content
Dec 5, 2018
Release version 0.1.0-beta.8.1
Pre-release

@tobscure tobscure released this Nov 29, 2018 · 125 commits to master since this release

See the release announcement.

Added

  • PHP Extender API (docs)
  • Add ItemList#isEmpty method (#1218)
  • Allow setting the raw content of a CommentPost (084f749)
  • Allow full URLs to be used as the avatar path (c31c1ea)
  • Add user display names API (#1246)
  • Add apiKey request attribute (096e552)
  • Allow configuring cookie attributes (87bf84e)
  • Add LESS variable to configure expansion of sideNav dropdowns (2754a8c)
  • Add drag and drop avatar uploading (#1261)
  • New design for Reset Password page (9392e1b)
  • Add log out confirmation if CSRF token is invalid (e8a4e5e)
  • New design for error pages (b7c1cc5)
  • Basic implementation of admin dashboard widgets (1ef9217)
  • Add infinite scrolling in the notifications list (77c25ab)
  • Add custom footer HTML setting (#1315)
  • Automatically load an extend.php file at the forum root (#1559)
  • Add console configuration event (#1349)
  • Improve search performance and design (#1339, 7e95b80)
  • Allow notification methods to be extended (#1361)
  • Add flarum migrate:reset command (#1363)
  • Add message to exceptions thrown in DispatchRoute middleware (#1376)
  • Warn about debug mode in flarum info command (0cf351e, 5374f8a)
  • JS Extender API foundation (#1468)
  • Add support for JS sourcemaps (#1471)
  • Add canonical URL to discussion HTML (551ca23)
  • Add event to override floodgate behaviour (#1411)
  • Use ItemList for signup and login modals (#1420)
  • Display extensions in a table in flarum info command (#1562)
  • Add oldUsername parameter to User\Event\Renamed (#1563)
  • Live output of migrator notes in console (9e487b4)
  • Use ItemList for edit group modal (#1625)
  • Use ItemList for edit user modal (#1593)
  • Track API key last activity and allow keys to reference specific users (#1622)
  • Add a toolbar area to the TextEditor component (c13dfa2)
  • Add a tooltip to the Preview button (bf3934d)
  • Add database indices (#1577)
  • Log errors that occur in the API stack (222e3c3)
  • Add "clear cache" button to admin dashboard (2ef66ac)
  • New extensions page layout (#1496)

Changed

  • Upgrade to Laravel 5.5 (#1252)
  • PHP namespace restructure (#1308)
  • Performance: Don't include post content in the "basic" serializer (37cf95f)
  • Only apply custom CSS and header HTML on forum frontend, not admin (40ebc13)
  • Performance: Load only basic information about terminal/relevant posts (dedcbae)
  • Performance: Load only basic information about post discussion/users (3c80612)
  • Organise views into directories (479e44d)
  • Use more sensible installation default data (b760d11)
  • Manage Composer height with overridable methods (#1272)
  • Rename AbstractPolicy::after to can to reflect removal of event priorities (ae2e07e)
  • Overhaul model visibility scoping (#1342)
  • Remove - separator in discussion URL if there is no slug (#1351)
  • API: Provide forum info under / (f0cea11)
  • Upgrade to Font Awesome 5 (#1372)
  • Upgrade to zend-stratigility v2.2 (9d30be1)
  • Use Illuminate Session component instead of Symfony (#1366)
  • Use PSR-15 middleware standard (#1441, #1443)
  • Simplify interface of migration-related classes (#1445)
  • Rename Api\Controller\TokenController to CreateTokenController (#1451)
  • Replace gulp with webpack and npm scripts for JS compilation (#1367)
  • Rename database columns and JSON-API attributes (#1344)
  • Refactor frontend code (#1471, edaca31)
  • Remove need for page reload if JS application will not boot (#1471)
  • Split permission for editing and deleting posts (#1466)
  • Upgrade to TextFormatter 1.2 (#1457)
  • Require PHP 7.1 (0278d52)
  • Rename extension bootstrap.php to extend.php (#1556)
  • Use default system font instead of Open Sans (07298e1)
  • Change composer submit button icon to paper plane (bf3934d)
  • New heading styles in posts (6fadc0b)

Removed

  • Remove user bio feature (#1214)
  • Remove FastClick (a8826dc)
  • Remove server-side JavaScript minification, because it is done by Webpack (#1471)
  • Remove the "debug" button from request error alerts (64686ef)
  • Remove fileinfo dependency (105dd09)

Fixed

  • Fix dropdown menu icon width (7ec9281)
  • Fix user online indicator spacing (57f828b)
  • Remove faulty default value for forum description (a2e0dae)
  • Fix scrubber icon alignment (287085d)
  • Don't hardcode admin URL (c037658)
  • Update zend-diactoros to v1.6 to fix Content-Length problems (1e8399c)
  • Security: Remove execute permissions from .php/.less files (#1338)
  • Fix post contentHtml sometimes breaking script parsing (ea4d889)
  • Make sure components receive all children properly (42ecee4)
  • Fix extractText breaking in some cases (f3b4d35)
  • Revert color input type (257ee93)
  • Make sure dropdowns don't go above the edge of the screen (3be98b9)
  • Improve mobile composer behaviour (a8826dc, 094345d)
  • Fix Composer textarea losing its height across route changes (1a10276)
  • Performance: Assign parent discussion to posts so it doesn't have to be reloaded (5f7060f)
  • Performance: Cache translation catalogue to avoid reparsing YAML (9cc67fe)
  • Fix email gambit (0aa74c9)
  • Fix users not being listed properly when searching (7796580)
  • Fix crash when post's user has been deleted (1a239ee)
  • Filter out notifications with non-existent subjects (a0c95e6)
  • Dispatch user events after password reset (#1340)
  • Only display pagination link if necessary (6913e8f)
  • Add pagination link for previous page (8c47095)
  • Prevent editing fields in sign up modal according to identification data (#1330)
  • Refactor MIME type guessing to work without any PHP extensions (ba96f31)
  • Fix modal title background on phone media (#1378)
  • Always return a promise in PostStream#update (#1392)
  • Fix absence of variable reference in Notification\Sending event (f51e29f)
  • Update doctrine/dbal to v2.7 to fix MariaDB compatibility (d42205a)
  • Escape string used in LIKE query (569e6c9)
  • Make ExtensionManager a singleton (050496a)
  • Fix discussion posts not being initialized correctly (#1455)
  • Prevent undefined class names from being rendered (#1456)
  • Fix asset recompilation issues (#1471)
  • Fix unread notifications badge appearing fuzzy (fb9a89f)
  • Fix generation of next/previous URLs in discussion HTML (3d845d5)
  • Prevent invalid custom CSS from crashing forum (#1471)
  • Fix profile page posts jumping when scrolling (6a6b9ac)
  • Fix git errors displaying in flarum info command (#1562)
  • Fix guests encountering permission errors when searching (#1527)
  • Add tokenizer to PHP extension requirements (c16ddf2)
  • Installer: add check for file existence and fix path resolving (#1397)
  • Change tab title after renaming discussion (#1543)
  • Fix post composer width bug on profile (#1541)
  • Fix wrong permission check in UserPolicy#find (#1536)
  • Fix registration errors when debug mode is on (5ce702a)
  • Sort user discussion list correctly (184ffcd)
  • Fix group badge misalignment if there is no group icon (c32af65)
  • Fix dropdown menu hidden by PermissionsPage header when going up (#1627, 3b630cb)
  • Fix scrubber index exceeding post count (#1634)
  • Perform visibility checks on notification subjects at the query level (6d14d0c)
  • Delete associated notifications when deleting discussions, posts, and users (bf8bc02)
  • Clear the search loading indicator after pressing Enter (b474843)

Security

  • Always invalidate all user email tokens (66607a5)

Also see the 0.1.0-beta.8 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji lang-english flags likes lock markdown mentions pusher sticky subscriptions suspend tags

Assets 2
Pre-release

@tobscure tobscure released this Nov 9, 2018 · 811 commits to master since this release

Security

  • Fix leak of private information when updating users. (more details)
Assets 2
Pre-release

@tobscure tobscure released this Jan 6, 2018 · 811 commits to master since this release

Security

  • Fixed a vulnerability that allows an attacker to bypass the email verification step during registration. (@clarkwinkelmann) (more details)
Assets 2
Pre-release

@tobscure tobscure released this Jul 22, 2017 · 812 commits to master since this release

Added

  • Add "remember me" checkbox in login from.
  • Update notification count when discussion list refresh button is clicked. (@datitisev)
  • Add event to allow custom user password validation.
  • Support module prefixing of locale resources.
  • Allow accessing the session via the actor.
  • Add group gambit to support search user by group name. (@liji)
  • Ability to manually activate users. (@renyuneyun)
  • Add dir and lang attribute in app.blade.php. (@datitisev)
  • Prevent crawlers from indexing nojs pages.
  • Add option to hide the language selector. (@datitisev)
  • Add link() and setCanonicalUrl() methods to the WebAppView.
  • Add viewUserList permission. (@datitisev)
  • Allow JSON config to be used for command-line installation. (@dav-is)
  • Add API for extensions to mark discussions and posts as private. (@luceos)
  • Improve password reset validation/error handling.
  • Added a migration helper for adding default permissions.
  • Turn Rename Discussion dialog into a modal. (@datitisev)

Fixed

  • Prevent deletion of default locale. (@dav-is)
  • Prevent overwriting of user attributes on authenticated registration. (@dav-is)
  • Prevent notice if bootstrapping app in command line environment.
  • Make Add Extension modal's title translatable. (@milescellaro)
  • Fix asset path when unpublishing. (@clarkwinkelmann)
  • Update affix sidebars when window is resized.
  • Fix login remember in MS EDGE.
  • Prevent reverting editable user bio on click.
  • Fix API sorting of users by post count.
  • Support PNG avatars with transparent backgrounds and fix EXIF rotation. (@oanhnn, @Zeokat)
  • Fix /api/posts returning 500. (@datitisev)
  • Make extension event attributes public.
  • Prevent admins from demoting themselves through the API. (@datitisev)
  • Fix incorrect migration notes for extensions without any migrations.

Changed

  • Upgrade s9e\TextFormatter to 0.8.1. (@JoshyPHP)
  • Upgrade zendframework/zend-stratigility to 1.3.
  • Update minimum required PHP version to 5.6.
  • Add specific error message for username validation.
  • Remove fa-fw class from all icons. Manually apply the fa-fw class or other styles if needed.
  • Simplify global back button behaviour and appearance.

Also see the release notes for: approval flags lock mentions sticky suspend tags

Assets 2
Pre-release

@tobscure tobscure released this Oct 19, 2016 · 971 commits to master since this release

Added

  • Allow separation of public and base directories. (@bmalex88)
  • Introduce superficial permission dependency tree to make UI more intuitive.
  • Add specific error message when an email address is not found in forgot password modal. (@datitisev)
  • Pull in FontAwesome as a Composer dependency, and update to 4.6.
  • Add ability to view the IP address for a post in its meta dropdown. (@dav-is)
  • Show an upload icon instead of a user's default avatar on their own profile. (@datitisev)
  • Add admin pane to configure SMTP settings. (@datitisev)
  • Add ability to upload forum logo and favicon.
  • Add ability to add custom HTML above the Flarum header.
  • Log exceptions in error handler middleware.
  • Add CLI installer option to write the config file to a different path.
  • Allow extensions to add default model attributes.
  • Add Server extend API to allow skeleton to customise the Application instance.
  • Automatically support basic HTML tags in translations.
  • Add cache:clear CLI command.

Changed

  • Updated s9e\TextFormatter to 0.5.0. (@JoshyPHP)
  • Improve inline code styling. (@datitisev)
  • Use group ID instead of name in generated class names.
  • Scroll to reply preview immediately when opening composer.
  • Change post edited icon into text. (@datitisev)
  • Clean up discussion renamed posts to only show the new title.
  • Extract list keyboard navigation code from search into a reusable class.
  • Improve text contrast, especially in dark mode.
  • Change permission logic priorities; change policy catch-all method from before to after.
  • Simplify deleted post toggle CSS.
  • Refactor web app bootstrapping code.

Deprecated

  • Deprecated ConfigureClientView event; use ConfigureWebApp instead.

Removed

  • Removed AbstractPolicy@before method; use after instead.
  • Removed broken extension generator CLI command.

Fixed

  • Prevent scrubber post count from exceeding maximum value. (@augiwan)
  • Validate password when resetting. (@poush)
  • Only check for reply permission for actual replies.
  • Fix post controls not being clickable in some circumstances.
  • Don't show username/email fields when editing own account.
  • Prevent images from loading when generating excerpt post content. (@dav-is)
  • Fix avatar upload on Windows servers. (@KazeFlame)
  • Prevent humanTime helper from generating future times.
  • Fix settings not automatically showing when an extension is enabled.
  • Fix post header items sometimes getting out of order.
  • Remove temporary file after avatar upload failure.
  • Make search dropdown filtering case-insensitive.
  • Automatically focus on composer textarea when tapped on iOS.
  • Prevent page zoom on input focus in iOS 10.

Also see the 0.1.0-beta.6 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags

Assets 2
Pre-release

@tobscure tobscure released this Mar 29, 2016 · 1138 commits to master since this release

Added

  • Users who haven't confirmed their email address are now able to log in and get their confirmation email resent. (@sijad)
  • created:YYYY-MM-DD gambit to search for discussions by their creation date. (@Albert221)
  • Allow provision of an avatar URL to upload during sign up via avatarUrl attribute.
  • php flarum info console command to help debug broken installations.
  • Inline user online indicators. (@petermein)
  • AbstractOAuth2Controller class to provide a generic OAuth2 login implementation for extensions.
  • Support for new minifiers. (@JoshyPHP)
  • ConfigureLocales::loadLanguagePackFrom helper method.
  • Pop animation when scrolling to post preview. (@sijad)
  • Add rel="nofollow" to user bio links. (@sijad)
  • Ask for confirmation before "Mark all as Read". (@bogdanteodoru)
  • Allow existing users to be activated via the API isActivated attribute.
  • Support multiple comma-separated names in author: search gambit. (@Albert221)
  • Admin-only email: gambit to look up users by email.
  • Allow custom redirection after logging out via return query parameter.
  • Event to configure server middleware (ConfigureMiddleware).
  • Allow forum to be taken offline by setting offline to true in config.php.
  • Garbage-collect email/password/auth tokens.

Changed

  • Overhaul extension management code. (@luceos)
  • New migration structure. Details
  • Improve post composer appearance/usability on mobile.
  • Upgrade to flarum-gulp 0.2.0, Babel 6, and Mithril 0.2.3.
  • Refactor ListPostsController to make filtering extensible.
  • Lighten discussion list hover color.
  • Increase avatar upload max file size from 1MB to 2MB.
  • Refactor Composer rendering for smoother animations.
  • Don't automatically activate users created by admins; require an attribute to be set.
  • Extract notification settings into an item list.
  • Improvements to colored header styles.
  • Rename HTTP method override header.
  • Tweak mobile drawer appearance.
  • Change value field in settings table from BLOB to TEXT to allow for easier user editing. (@ahsanity)
  • Tweak badge appearance: remove border, decrease shadow radius.
  • Delete a discussion when its last post is deleted.
  • Slightly widen index sidebar, overflow buttons properly.
  • Store discussion slug in database table.
  • Add priorities to user page sidebar items.

Fixed

  • Deleting users will now delete discussions that became empty.
  • Admin now no longer shows incorrect information on how to install extensions.
  • Support prefix in URL generators. (@Albert221)
  • Fix autocompletion bugs in Firefox. (@sijad)
  • Add specific error message when an email address is not found in forgot password modal.
  • Show dropdown menus in front of post composer.
  • Prevent long forum title in mobile drawer from entering viewport.
  • Fix search box overlapping forum title in some cases.
  • Fix JSON serialization error on PHP 7.
  • Fix "sort by" dropdown being empty on the latest versions of Chrome.
  • Dramatically improve performance when typing in a modal.
  • Fix browser back button losing scroll position.
  • Don't require a previous Post when saving event posts.
  • Fix crash when sending notification to non-existent user.
  • Fix username validation to disallow problematic characters.
  • Fix crash when displaying a discussion with no posts.
  • 401 for unauthorised request to settings, notifications page.
  • Better post scrubber size calculations.
  • Tweak padding on user dropdown button so avatar is flush with border radius.
  • Clear search when input is empty and enter is pressed.
  • Give GetPermission event priority when determining permissions.
  • Key item lists to maintain identity across redraws.
  • Ensure routes are only populated after extensions have registered listeners.
  • Ensure a new asset revision identifier is generated if there is none.
  • Allow username capitalisation to be changed.
  • Prevent some translations being compiled unnecessarily.
  • Prevent unapproved discussions from dropping to the bottom of the discussion list.

Security

  • Rework authentication/session/cookies code for better security and stability.
  • Add password confirmation when changing email address.
  • Prevent users from being incorrectly able to delete their own discussions.
  • Fix posts being incorrectly visible on user page on private forums.

Also see the 0.1.0-beta.5 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags

Assets 2
Pre-release

@tobscure tobscure released this Nov 5, 2015 · 1403 commits to master since this release

Added

  • Add an icon/label to the back button to indicate where it leads
  • Add "Loading..." text while the JavaScript payload is loading

Fixed

  • Fix some admin actions resulting in "You do not have permission to do that"
  • Fix translation keys persisting after enabling an initial language pack
  • Fix translation => references not being parsed in some cases
Assets 2
Pre-release

@tobscure tobscure released this Nov 2, 2015 · 1417 commits to master since this release

Architecture improvements

  • Composer-driven extension architecture. All extensions are Composer packages installable via Packagist.
  • Backend codebase & API refactoring. Classes, namespaces, and events systematically tidied up.

Improved internationalization

A huge thanks to @dcsjapan for the countless hours he put in to make this stuff happen. You're amazing!

  • New systematic translation key naming scheme.
  • Make many hardcoded strings translatable, including administration UI and validation messages.
  • More powerful pluralization via use of Symfony's Translation component instead of a proprietary one.

New moderation tools

  • Hide/restore discussions. Discussions can be soft-deleted by moderators or by the OP if no one has replied.
  • Flags. New bundled extension that allows posts to be flagged for moderator review.
  • Approval. New bundled extension that hides/flags new posts to be approved by the moderation team.
  • Akismet. New bundled extension that checks new posts for spam with Akismet.
  • IP address logging. IP addresses are stored with posts for use by extensions (e.g. Akismet).
  • Flood control. Users must wait at least ten seconds between consecutive posts.

Other features

  • Social login. New bundled extensions that allow users to log in with Facebook, Twitter, and GitHub.
  • More compact post layout. All controls are grouped over to the right.
  • Improved permissions. The admin Permissions page has been improved with icons and other tweaks.
  • Improved extension management. The admin Extensions page has a new look and is easier to use.
  • Easier debugging. The "oops" error message has a Debug button to inspect a failed AJAX request.
  • Improved JavaScript minification. Minification is done by ClosureCompiler only when debug mode is off, resulting in easier debugging and smaller production assets.

Added

  • Allow HTML tag syntax in translations (#574)
  • Add gzip/caching directives to webserver configuration (#514)
  • API to set the asset compiler's filename
  • Migration generator, available via generate:migration console command
  • Tags: Ability to set the tags page as the home page
  • bidi attribute for Mithril elements as a shortcut to set up bidirectional bindings
  • route attribute for Mithril elements as a shortcut to link to a route
  • Abstract SettingsModal component for quickly building admin config modals
  • Model::afterSave() API to run callback after a model instance is saved
  • Sticky: Allow permission to be configured
  • Lock: Allow permission to be configured
  • Add a third state to header icons (#500)
  • Allow faking of PATCH/DELETE methods (#502)
  • More reliable form validation and error handling

Changed

  • Rename notification_read_time column in discussions table to notifications_read_time.
  • Update to FontAwesome 4.4.0.

Fixed

  • Output forum description in meta description tag (#506)
  • Allow users to edit their last post in a discussion even if it's hidden
  • Allow users to rename their discussion even if their first post is hidden
  • API links correctly include the /api path (#579)
  • Tags: Fix sub-tag ordering algorithm in Chrome (#325)
  • Fix several design bugs
Assets 2
Pre-release

@tobscure tobscure released this Sep 15, 2015 · 1675 commits to master since this release

Added

  • Check prerequisites (PHP version, extensions, etc.) before installation (#364)
  • Enforce maximum title and post length through validation (#53, #338)
  • Ctrl+Enter submits posts (#276)
  • Syntax highlighting for code blocks (#248)
  • All links open in new window, receive rel=nofollow attribute (#247)
  • Default build script for extensions (#438)
  • Input validation in installer

Changed

  • Ask for admin password confirmation in installer (#405)
  • Increased some text contrasts for accessibility (#390)

Fixed

  • Discussion list did not work with non-empty database prefix (#269, #380)
  • Non-admins could not reset their password (#229)
  • Requests ending with a slash resulted in a 404 (#334)
  • In rare cases, posts did not load correctly (#295)
  • Avatars did not show up when installed in a subfolder (#291)
  • Installer crashed when views directory was not writable (#376)
  • Table prefix could not be set in web installer (#269)
  • Enabling an extension disabled all other extensions (#402)
  • Invalid custom CSS could crash the application (#400)
  • First posts could not be restored or deleted
  • Several design bugs
  • Set cookies to be HTTP-only
  • Tags: Sometimes, tags could not be dragged for reordering in the admin panel (#341)
  • Suspend: Use correct column name in when migrating database
  • Lock: Check for correct permission when displaying lock control
  • Likes: Allow liking permissions to be configured
Assets 2
You can’t perform that action at this time.