@jbroadway jbroadway released this Dec 9, 2018 · 4 commits to master since this release

Assets 2

Improvements:

  • I18n filters now accept DateTime objects in addition to date strings
  • Added Form::generate_csrf_token() for custom use cases
  • Minimal grid supports every column size increment of 5%
  • Image::resize() defaults to auto-detecting the correct format
  • Access control on WYSIWYG editor plugins so the editor can still be used by non-admins
  • Updated Google OAuth2 login support and added Google auth credentials to user settings form
  • Added admin/util/select-buttons helper to convert select boxes to button groups
  • Let users set jquery_source = Off to disable jQuery completely on the front-end
  • Force jQuery source to be local if admin
  • Admin toolbar and admin area usability improvements
  • Added admin/modal template for admin pages in frames
  • Upgraded URLify to version 1.1.2-stable
  • Upgraded Analog to version 1.0.11-stable

Bug fixes:

  • Fixed error marking file manager app upgraded
  • Fixed exception in admin toolbar template
  • Removed PHP 5.3 from travis-ci config, fixed PHPUnit issues on travis-ci
  • Fixed issue with dollar signs in some database passwords
  • Fixed warning on templates not always quoting array keys

@jbroadway jbroadway released this Sep 11, 2018 · 39 commits to master since this release

Assets 2

Security updates:

  • Fixed remote execution in file manager (#287)
  • Fixed remote execution in stylesheet editor (#286)

Improvements:

  • Added "Now" button next to date field in blog posts

Bug fixes:

  • Fixed open graph image dimension tags

@jbroadway jbroadway released this Sep 5, 2018 · 44 commits to master since this release

Assets 2

Improvements:

  • Added emoji support to page titles and descriptions, block titles, and blog post titles
  • Added one-click Bitly link generator to file manager
  • Revamped Elefant backend UI with larger inputs, buttons, and spacing for improved usability
  • Updated minimal-grid.css to accommodate wider screen widths
  • Added og:image:width and og:image:height Open Graph tags to blog posts
  • Added I18n::short_date_year_time filter for short dates including years + times

Bug fixes:

  • Fixed timecodes in embedded YouTube videos
  • Fixed upload validation error in filemanager/util/browser

@jbroadway jbroadway released this Aug 27, 2018 · 66 commits to master since this release

Assets 2
  • Additional CSRF protection on uploads and other forms
  • Fixed pager on on user chooser widget for sites with thousands of users
  • Added first/last page buttons to user chooser and dynamic objects widgets

@jbroadway jbroadway released this Aug 22, 2018 · 76 commits to master since this release

Assets 2

Security updates:

  • Fixed url decoding happening after validation on some file uploads
  • Increased restrictions in htaccess files
  • Added .phtml, .pht, .php3, .php4, and .phar to restricted uploads
  • Limit profile photo uploads to .jpg and .png
  • Verify .csv and .vcf user imports

Improvements:

  • Added responsive embed code for YouTube videos
  • Added superscript button to wysiwyg editor
  • Added social/cookienotice helper for cookie law compliance
  • Added .e-col-15 to minimal-grid.css
  • Added $.recenter_modal() to modal.js and auto-resize on window resize
  • Close modal dialogs by clicking away
  • User ID from API tokens is now available via user\Auth\HMAC::$user_id
  • Added --no-symbols option to ./elefant generate-password
  • Allow $page->add_style() with ?v= appended to stylesheet links for cache busting
  • Added month limit to blog archives sidebar
  • Re-enabled caching on blog archives sidebar

Bug fixes:

  • Fixed thumbnail preview in blog edit form
  • Fixed potentially skewed profile photos in accounts
  • Fixed validation errors in RSS output
  • Admins should be able to preview scheduled posts
  • Fixed admin toolbar not correctly fetching list of apps
  • Fixed use of undefined constant in admin toolbar
  • Strip script and style tags from open graph post descriptions

@jbroadway jbroadway released this Jan 25, 2018 · 109 commits to master since this release

Assets 2

Changes:

  • Added 'Twitter: Tweet This' option to Dynamic Objects menu to display tweetable quotes in posts and pages.
  • Improved HMAC validation by making data lowercase to avoid urlencoding differences in other programming languages.
  • Added client-side validation to filetype validation rule.
  • Added Facebook Pixel tracking support.
  • Upgraded MediaElement video player to version 4.2.7
  • Added new fcallback input validation rule to validate file uploads with a callback (e.g., to validate file contents)
  • Added 'Video GIF (MP4)' option to Dynamic Objects for mp4 videos as gifs (autoplays, loops, muted, and no player controls)

Fixes:

  • Fixed an error cancelling forms.
  • Fixed image size ratio differences in blog sidebar thumbnails.

@jbroadway jbroadway released this Oct 16, 2017 · 124 commits to master since this release

Assets 2

Changes:

@jbroadway jbroadway released this May 24, 2017 · 129 commits to master since this release

Assets 2

Bug fixes:

  • Additional type check on $ext in ExtendedModel
  • Namespace fix in HMAC authenticator

@jbroadway jbroadway released this Apr 6, 2017 · 132 commits to master since this release

Assets 2

Upgraded MediaElement video player, added new thumbnails view to blog app's sidebar options, minor fixes.

@jbroadway jbroadway released this Sep 27, 2016 · 138 commits to master since this release

Assets 2

Minor fix to fall back to HTTP_HOST on sites without a domain name set, but print a warning to the error log to set it in Administration > Site Settings.