Skip to content

Releases: flarum/framework

v0.1.0-beta.7.2

09 Nov 10:57
Compare
Choose a tag to compare
v0.1.0-beta.7.2 Pre-release
Pre-release

Security

  • Fix leak of private information when updating users. (more details)

v0.1.0-beta.7.1

06 Jan 09:50
Compare
Choose a tag to compare
v0.1.0-beta.7.1 Pre-release
Pre-release

Security

  • Fixed a vulnerability that allows an attacker to bypass the email verification step during registration. (@clarkwinkelmann) (more details)

v0.1.0-beta.7

22 Jul 03:22
Compare
Choose a tag to compare
v0.1.0-beta.7 Pre-release
Pre-release

Added

  • Add "remember me" checkbox in login from.
  • Update notification count when discussion list refresh button is clicked. (@datitisev)
  • Add event to allow custom user password validation.
  • Support module prefixing of locale resources.
  • Allow accessing the session via the actor.
  • Add group gambit to support search user by group name. (@liji)
  • Ability to manually activate users. (@renyuneyun)
  • Add dir and lang attribute in app.blade.php. (@datitisev)
  • Prevent crawlers from indexing nojs pages.
  • Add option to hide the language selector. (@datitisev)
  • Add link() and setCanonicalUrl() methods to the WebAppView.
  • Add viewUserList permission. (@datitisev)
  • Allow JSON config to be used for command-line installation. (@dav-is)
  • Add API for extensions to mark discussions and posts as private. (@luceos)
  • Improve password reset validation/error handling.
  • Added a migration helper for adding default permissions.
  • Turn Rename Discussion dialog into a modal. (@datitisev)

Fixed

  • Prevent deletion of default locale. (@dav-is)
  • Prevent overwriting of user attributes on authenticated registration. (@dav-is)
  • Prevent notice if bootstrapping app in command line environment.
  • Make Add Extension modal's title translatable. (@milescellaro)
  • Fix asset path when unpublishing. (@clarkwinkelmann)
  • Update affix sidebars when window is resized.
  • Fix login remember in MS EDGE.
  • Prevent reverting editable user bio on click.
  • Fix API sorting of users by post count.
  • Support PNG avatars with transparent backgrounds and fix EXIF rotation. (@oanhnn, @Zeokat)
  • Fix /api/posts returning 500. (@datitisev)
  • Make extension event attributes public.
  • Prevent admins from demoting themselves through the API. (@datitisev)
  • Fix incorrect migration notes for extensions without any migrations.

Changed

  • Upgrade s9e\TextFormatter to 0.8.1. (@JoshyPHP)
  • Upgrade zendframework/zend-stratigility to 1.3.
  • Update minimum required PHP version to 5.6.
  • Add specific error message for username validation.
  • Remove fa-fw class from all icons. Manually apply the fa-fw class or other styles if needed.
  • Simplify global back button behaviour and appearance.

Also see the release notes for: approval flags lock mentions sticky suspend tags

v0.1.0-beta.6

19 Oct 10:46
Compare
Choose a tag to compare
v0.1.0-beta.6 Pre-release
Pre-release

Added

  • Allow separation of public and base directories. (@bmalex88)
  • Introduce superficial permission dependency tree to make UI more intuitive.
  • Add specific error message when an email address is not found in forgot password modal. (@datitisev)
  • Pull in FontAwesome as a Composer dependency, and update to 4.6.
  • Add ability to view the IP address for a post in its meta dropdown. (@dav-is)
  • Show an upload icon instead of a user's default avatar on their own profile. (@datitisev)
  • Add admin pane to configure SMTP settings. (@datitisev)
  • Add ability to upload forum logo and favicon.
  • Add ability to add custom HTML above the Flarum header.
  • Log exceptions in error handler middleware.
  • Add CLI installer option to write the config file to a different path.
  • Allow extensions to add default model attributes.
  • Add Server extend API to allow skeleton to customise the Application instance.
  • Automatically support basic HTML tags in translations.
  • Add cache:clear CLI command.

Changed

  • Updated s9e\TextFormatter to 0.5.0. (@JoshyPHP)
  • Improve inline code styling. (@datitisev)
  • Use group ID instead of name in generated class names.
  • Scroll to reply preview immediately when opening composer.
  • Change post edited icon into text. (@datitisev)
  • Clean up discussion renamed posts to only show the new title.
  • Extract list keyboard navigation code from search into a reusable class.
  • Improve text contrast, especially in dark mode.
  • Change permission logic priorities; change policy catch-all method from before to after.
  • Simplify deleted post toggle CSS.
  • Refactor web app bootstrapping code.

Deprecated

  • Deprecated ConfigureClientView event; use ConfigureWebApp instead.

Removed

  • Removed AbstractPolicy@before method; use after instead.
  • Removed broken extension generator CLI command.

Fixed

  • Prevent scrubber post count from exceeding maximum value. (@augiwan)
  • Validate password when resetting. (@poush)
  • Only check for reply permission for actual replies.
  • Fix post controls not being clickable in some circumstances.
  • Don't show username/email fields when editing own account.
  • Prevent images from loading when generating excerpt post content. (@dav-is)
  • Fix avatar upload on Windows servers. (@KazeFlame)
  • Prevent humanTime helper from generating future times.
  • Fix settings not automatically showing when an extension is enabled.
  • Fix post header items sometimes getting out of order.
  • Remove temporary file after avatar upload failure.
  • Make search dropdown filtering case-insensitive.
  • Automatically focus on composer textarea when tapped on iOS.
  • Prevent page zoom on input focus in iOS 10.

Also see the 0.1.0-beta.6 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags

v0.1.0-beta.5

29 Mar 07:59
Compare
Choose a tag to compare
v0.1.0-beta.5 Pre-release
Pre-release

Added

  • Users who haven't confirmed their email address are now able to log in and get their confirmation email resent. (@sijad)
  • created:YYYY-MM-DD gambit to search for discussions by their creation date. (@Albert221)
  • Allow provision of an avatar URL to upload during sign up via avatarUrl attribute.
  • php flarum info console command to help debug broken installations.
  • Inline user online indicators. (@petermein)
  • AbstractOAuth2Controller class to provide a generic OAuth2 login implementation for extensions.
  • Support for new minifiers. (@JoshyPHP)
  • ConfigureLocales::loadLanguagePackFrom helper method.
  • Pop animation when scrolling to post preview. (@sijad)
  • Add rel="nofollow" to user bio links. (@sijad)
  • Ask for confirmation before "Mark all as Read". (@bogdanteodoru)
  • Allow existing users to be activated via the API isActivated attribute.
  • Support multiple comma-separated names in author: search gambit. (@Albert221)
  • Admin-only email: gambit to look up users by email.
  • Allow custom redirection after logging out via return query parameter.
  • Event to configure server middleware (ConfigureMiddleware).
  • Allow forum to be taken offline by setting offline to true in config.php.
  • Garbage-collect email/password/auth tokens.

Changed

  • Overhaul extension management code. (@luceos)
  • New migration structure. Details
  • Improve post composer appearance/usability on mobile.
  • Upgrade to flarum-gulp 0.2.0, Babel 6, and Mithril 0.2.3.
  • Refactor ListPostsController to make filtering extensible.
  • Lighten discussion list hover color.
  • Increase avatar upload max file size from 1MB to 2MB.
  • Refactor Composer rendering for smoother animations.
  • Don't automatically activate users created by admins; require an attribute to be set.
  • Extract notification settings into an item list.
  • Improvements to colored header styles.
  • Rename HTTP method override header.
  • Tweak mobile drawer appearance.
  • Change value field in settings table from BLOB to TEXT to allow for easier user editing. (@ahsanity)
  • Tweak badge appearance: remove border, decrease shadow radius.
  • Delete a discussion when its last post is deleted.
  • Slightly widen index sidebar, overflow buttons properly.
  • Store discussion slug in database table.
  • Add priorities to user page sidebar items.

Fixed

  • Deleting users will now delete discussions that became empty.
  • Admin now no longer shows incorrect information on how to install extensions.
  • Support prefix in URL generators. (@Albert221)
  • Fix autocompletion bugs in Firefox. (@sijad)
  • Add specific error message when an email address is not found in forgot password modal.
  • Show dropdown menus in front of post composer.
  • Prevent long forum title in mobile drawer from entering viewport.
  • Fix search box overlapping forum title in some cases.
  • Fix JSON serialization error on PHP 7.
  • Fix "sort by" dropdown being empty on the latest versions of Chrome.
  • Dramatically improve performance when typing in a modal.
  • Fix browser back button losing scroll position.
  • Don't require a previous Post when saving event posts.
  • Fix crash when sending notification to non-existent user.
  • Fix username validation to disallow problematic characters.
  • Fix crash when displaying a discussion with no posts.
  • 401 for unauthorised request to settings, notifications page.
  • Better post scrubber size calculations.
  • Tweak padding on user dropdown button so avatar is flush with border radius.
  • Clear search when input is empty and enter is pressed.
  • Give GetPermission event priority when determining permissions.
  • Key item lists to maintain identity across redraws.
  • Ensure routes are only populated after extensions have registered listeners.
  • Ensure a new asset revision identifier is generated if there is none.
  • Allow username capitalisation to be changed.
  • Prevent some translations being compiled unnecessarily.
  • Prevent unapproved discussions from dropping to the bottom of the discussion list.

Security

  • Rework authentication/session/cookies code for better security and stability.
  • Add password confirmation when changing email address.
  • Prevent users from being incorrectly able to delete their own discussions.
  • Fix posts being incorrectly visible on user page on private forums.

Also see the 0.1.0-beta.5 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags

v0.1.0-beta.4

05 Nov 06:00
Compare
Choose a tag to compare
v0.1.0-beta.4 Pre-release
Pre-release

Added

  • Add an icon/label to the back button to indicate where it leads
  • Add "Loading..." text while the JavaScript payload is loading

Fixed

  • Fix some admin actions resulting in "You do not have permission to do that"
  • Fix translation keys persisting after enabling an initial language pack
  • Fix translation => references not being parsed in some cases

v0.1.0-beta.3

02 Nov 23:35
Compare
Choose a tag to compare
v0.1.0-beta.3 Pre-release
Pre-release

Architecture improvements

  • Composer-driven extension architecture. All extensions are Composer packages installable via Packagist.
  • Backend codebase & API refactoring. Classes, namespaces, and events systematically tidied up.

Improved internationalization

A huge thanks to @dcsjapan for the countless hours he put in to make this stuff happen. You're amazing!

  • New systematic translation key naming scheme.
  • Make many hardcoded strings translatable, including administration UI and validation messages.
  • More powerful pluralization via use of Symfony's Translation component instead of a proprietary one.

New moderation tools

  • Hide/restore discussions. Discussions can be soft-deleted by moderators or by the OP if no one has replied.
  • Flags. New bundled extension that allows posts to be flagged for moderator review.
  • Approval. New bundled extension that hides/flags new posts to be approved by the moderation team.
  • Akismet. New bundled extension that checks new posts for spam with Akismet.
  • IP address logging. IP addresses are stored with posts for use by extensions (e.g. Akismet).
  • Flood control. Users must wait at least ten seconds between consecutive posts.

Other features

  • Social login. New bundled extensions that allow users to log in with Facebook, Twitter, and GitHub.
  • More compact post layout. All controls are grouped over to the right.
  • Improved permissions. The admin Permissions page has been improved with icons and other tweaks.
  • Improved extension management. The admin Extensions page has a new look and is easier to use.
  • Easier debugging. The "oops" error message has a Debug button to inspect a failed AJAX request.
  • Improved JavaScript minification. Minification is done by ClosureCompiler only when debug mode is off, resulting in easier debugging and smaller production assets.

Added

  • Allow HTML tag syntax in translations (#574)
  • Add gzip/caching directives to webserver configuration (#514)
  • API to set the asset compiler's filename
  • Migration generator, available via generate:migration console command
  • Tags: Ability to set the tags page as the home page
  • bidi attribute for Mithril elements as a shortcut to set up bidirectional bindings
  • route attribute for Mithril elements as a shortcut to link to a route
  • Abstract SettingsModal component for quickly building admin config modals
  • Model::afterSave() API to run callback after a model instance is saved
  • Sticky: Allow permission to be configured
  • Lock: Allow permission to be configured
  • Add a third state to header icons (#500)
  • Allow faking of PATCH/DELETE methods (#502)
  • More reliable form validation and error handling

Changed

  • Rename notification_read_time column in discussions table to notifications_read_time.
  • Update to FontAwesome 4.4.0.

Fixed

  • Output forum description in meta description tag (#506)
  • Allow users to edit their last post in a discussion even if it's hidden
  • Allow users to rename their discussion even if their first post is hidden
  • API links correctly include the /api path (#579)
  • Tags: Fix sub-tag ordering algorithm in Chrome (#325)
  • Fix several design bugs

0.1.0-beta.2

15 Sep 01:11
Compare
Choose a tag to compare
0.1.0-beta.2 Pre-release
Pre-release

Added

  • Check prerequisites (PHP version, extensions, etc.) before installation (#364)
  • Enforce maximum title and post length through validation (#53, #338)
  • Ctrl+Enter submits posts (#276)
  • Syntax highlighting for code blocks (#248)
  • All links open in new window, receive rel=nofollow attribute (#247)
  • Default build script for extensions (#438)
  • Input validation in installer

Changed

  • Ask for admin password confirmation in installer (#405)
  • Increased some text contrasts for accessibility (#390)

Fixed

  • Discussion list did not work with non-empty database prefix (#269, #380)
  • Non-admins could not reset their password (#229)
  • Requests ending with a slash resulted in a 404 (#334)
  • In rare cases, posts did not load correctly (#295)
  • Avatars did not show up when installed in a subfolder (#291)
  • Installer crashed when views directory was not writable (#376)
  • Table prefix could not be set in web installer (#269)
  • Enabling an extension disabled all other extensions (#402)
  • Invalid custom CSS could crash the application (#400)
  • First posts could not be restored or deleted
  • Several design bugs
  • Set cookies to be HTTP-only
  • Tags: Sometimes, tags could not be dragged for reordering in the admin panel (#341)
  • Suspend: Use correct column name in when migrating database
  • Lock: Check for correct permission when displaying lock control
  • Likes: Allow liking permissions to be configured

0.1.0-beta

27 Aug 12:42
Compare
Choose a tag to compare
0.1.0-beta Pre-release
Pre-release
v0.1.0-beta

Fix incorrect chmod instruction