Releases: flarum/framework
Releases · flarum/framework
v0.1.0-beta.7.2
Security
- Fix leak of private information when updating users. (more details)
v0.1.0-beta.7.1
Security
- Fixed a vulnerability that allows an attacker to bypass the email verification step during registration. (@clarkwinkelmann) (more details)
v0.1.0-beta.7
Added
- Add "remember me" checkbox in login from.
- Update notification count when discussion list refresh button is clicked. (@datitisev)
- Add event to allow custom user password validation.
- Support module prefixing of locale resources.
- Allow accessing the session via the actor.
- Add group gambit to support search user by group name. (@liji)
- Ability to manually activate users. (@renyuneyun)
- Add
dir
andlang
attribute in app.blade.php. (@datitisev) - Prevent crawlers from indexing nojs pages.
- Add option to hide the language selector. (@datitisev)
- Add link() and setCanonicalUrl() methods to the WebAppView.
- Add viewUserList permission. (@datitisev)
- Allow JSON config to be used for command-line installation. (@dav-is)
- Add API for extensions to mark discussions and posts as private. (@luceos)
- Improve password reset validation/error handling.
- Added a migration helper for adding default permissions.
- Turn Rename Discussion dialog into a modal. (@datitisev)
Fixed
- Prevent deletion of default locale. (@dav-is)
- Prevent overwriting of user attributes on authenticated registration. (@dav-is)
- Prevent notice if bootstrapping app in command line environment.
- Make Add Extension modal's title translatable. (@milescellaro)
- Fix asset path when unpublishing. (@clarkwinkelmann)
- Update affix sidebars when window is resized.
- Fix login remember in MS EDGE.
- Prevent reverting editable user bio on click.
- Fix API sorting of users by post count.
- Support PNG avatars with transparent backgrounds and fix EXIF rotation. (@oanhnn, @Zeokat)
- Fix /api/posts returning 500. (@datitisev)
- Make extension event attributes public.
- Prevent admins from demoting themselves through the API. (@datitisev)
- Fix incorrect migration notes for extensions without any migrations.
Changed
- Upgrade
s9e\TextFormatter
to 0.8.1. (@JoshyPHP) - Upgrade
zendframework/zend-stratigility
to 1.3. - Update minimum required PHP version to 5.6.
- Add specific error message for username validation.
- Remove fa-fw class from all icons. Manually apply the fa-fw class or other styles if needed.
- Simplify global back button behaviour and appearance.
Also see the release notes for: approval flags lock mentions sticky suspend tags
v0.1.0-beta.6
Added
- Allow separation of public and base directories. (@bmalex88)
- Introduce superficial permission dependency tree to make UI more intuitive.
- Add specific error message when an email address is not found in forgot password modal. (@datitisev)
- Pull in FontAwesome as a Composer dependency, and update to 4.6.
- Add ability to view the IP address for a post in its meta dropdown. (@dav-is)
- Show an upload icon instead of a user's default avatar on their own profile. (@datitisev)
- Add admin pane to configure SMTP settings. (@datitisev)
- Add ability to upload forum logo and favicon.
- Add ability to add custom HTML above the Flarum header.
- Log exceptions in error handler middleware.
- Add CLI installer option to write the config file to a different path.
- Allow extensions to add default model attributes.
- Add Server
extend
API to allow skeleton to customise the Application instance. - Automatically support basic HTML tags in translations.
- Add
cache:clear
CLI command.
Changed
- Updated s9e\TextFormatter to 0.5.0. (@JoshyPHP)
- Improve inline code styling. (@datitisev)
- Use group ID instead of name in generated class names.
- Scroll to reply preview immediately when opening composer.
- Change post edited icon into text. (@datitisev)
- Clean up discussion renamed posts to only show the new title.
- Extract list keyboard navigation code from search into a reusable class.
- Improve text contrast, especially in dark mode.
- Change permission logic priorities; change policy catch-all method from
before
toafter
. - Simplify deleted post toggle CSS.
- Refactor web app bootstrapping code.
Deprecated
- Deprecated
ConfigureClientView
event; useConfigureWebApp
instead.
Removed
- Removed
AbstractPolicy@before
method; useafter
instead. - Removed broken extension generator CLI command.
Fixed
- Prevent scrubber post count from exceeding maximum value. (@augiwan)
- Validate password when resetting. (@poush)
- Only check for reply permission for actual replies.
- Fix post controls not being clickable in some circumstances.
- Don't show username/email fields when editing own account.
- Prevent images from loading when generating excerpt post content. (@dav-is)
- Fix avatar upload on Windows servers. (@KazeFlame)
- Prevent humanTime helper from generating future times.
- Fix settings not automatically showing when an extension is enabled.
- Fix post header items sometimes getting out of order.
- Remove temporary file after avatar upload failure.
- Make search dropdown filtering case-insensitive.
- Automatically focus on composer textarea when tapped on iOS.
- Prevent page zoom on input focus in iOS 10.
Also see the 0.1.0-beta.6 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags
v0.1.0-beta.5
Added
- Users who haven't confirmed their email address are now able to log in and get their confirmation email resent. (@sijad)
created:YYYY-MM-DD
gambit to search for discussions by their creation date. (@Albert221)- Allow provision of an avatar URL to upload during sign up via
avatarUrl
attribute. php flarum info
console command to help debug broken installations.- Inline user online indicators. (@petermein)
AbstractOAuth2Controller
class to provide a generic OAuth2 login implementation for extensions.- Support for new minifiers. (@JoshyPHP)
ConfigureLocales::loadLanguagePackFrom
helper method.- Pop animation when scrolling to post preview. (@sijad)
- Add rel="nofollow" to user bio links. (@sijad)
- Ask for confirmation before "Mark all as Read". (@bogdanteodoru)
- Allow existing users to be activated via the API
isActivated
attribute. - Support multiple comma-separated names in
author:
search gambit. (@Albert221) - Admin-only
email:
gambit to look up users by email. - Allow custom redirection after logging out via
return
query parameter. - Event to configure server middleware (
ConfigureMiddleware
). - Allow forum to be taken offline by setting
offline
to true inconfig.php
. - Garbage-collect email/password/auth tokens.
Changed
- Overhaul extension management code. (@luceos)
- New migration structure. Details
- Improve post composer appearance/usability on mobile.
- Upgrade to
flarum-gulp
0.2.0, Babel 6, and Mithril 0.2.3. - Refactor
ListPostsController
to make filtering extensible. - Lighten discussion list hover color.
- Increase avatar upload max file size from 1MB to 2MB.
- Refactor Composer rendering for smoother animations.
- Don't automatically activate users created by admins; require an attribute to be set.
- Extract notification settings into an item list.
- Improvements to colored header styles.
- Rename HTTP method override header.
- Tweak mobile drawer appearance.
- Change
value
field insettings
table from BLOB to TEXT to allow for easier user editing. (@ahsanity) - Tweak badge appearance: remove border, decrease shadow radius.
- Delete a discussion when its last post is deleted.
- Slightly widen index sidebar, overflow buttons properly.
- Store discussion slug in database table.
- Add priorities to user page sidebar items.
Fixed
- Deleting users will now delete discussions that became empty.
- Admin now no longer shows incorrect information on how to install extensions.
- Support prefix in URL generators. (@Albert221)
- Fix autocompletion bugs in Firefox. (@sijad)
- Add specific error message when an email address is not found in forgot password modal.
- Show dropdown menus in front of post composer.
- Prevent long forum title in mobile drawer from entering viewport.
- Fix search box overlapping forum title in some cases.
- Fix JSON serialization error on PHP 7.
- Fix "sort by" dropdown being empty on the latest versions of Chrome.
- Dramatically improve performance when typing in a modal.
- Fix browser back button losing scroll position.
- Don't require a previous Post when saving event posts.
- Fix crash when sending notification to non-existent user.
- Fix username validation to disallow problematic characters.
- Fix crash when displaying a discussion with no posts.
- 401 for unauthorised request to settings, notifications page.
- Better post scrubber size calculations.
- Tweak padding on user dropdown button so avatar is flush with border radius.
- Clear search when input is empty and enter is pressed.
- Give GetPermission event priority when determining permissions.
- Key item lists to maintain identity across redraws.
- Ensure routes are only populated after extensions have registered listeners.
- Ensure a new asset revision identifier is generated if there is none.
- Allow username capitalisation to be changed.
- Prevent some translations being compiled unnecessarily.
- Prevent unapproved discussions from dropping to the bottom of the discussion list.
Security
- Rework authentication/session/cookies code for better security and stability.
- Add password confirmation when changing email address.
- Prevent users from being incorrectly able to delete their own discussions.
- Fix posts being incorrectly visible on user page on private forums.
Also see the 0.1.0-beta.5 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags
v0.1.0-beta.4
Added
- Add an icon/label to the back button to indicate where it leads
- Add "Loading..." text while the JavaScript payload is loading
Fixed
- Fix some admin actions resulting in "You do not have permission to do that"
- Fix translation keys persisting after enabling an initial language pack
- Fix translation
=>
references not being parsed in some cases
v0.1.0-beta.3
Architecture improvements
- Composer-driven extension architecture. All extensions are Composer packages installable via Packagist.
- Backend codebase & API refactoring. Classes, namespaces, and events systematically tidied up.
Improved internationalization
A huge thanks to @dcsjapan for the countless hours he put in to make this stuff happen. You're amazing!
- New systematic translation key naming scheme.
- Make many hardcoded strings translatable, including administration UI and validation messages.
- More powerful pluralization via use of Symfony's Translation component instead of a proprietary one.
New moderation tools
- Hide/restore discussions. Discussions can be soft-deleted by moderators or by the OP if no one has replied.
- Flags. New bundled extension that allows posts to be flagged for moderator review.
- Approval. New bundled extension that hides/flags new posts to be approved by the moderation team.
- Akismet. New bundled extension that checks new posts for spam with Akismet.
- IP address logging. IP addresses are stored with posts for use by extensions (e.g. Akismet).
- Flood control. Users must wait at least ten seconds between consecutive posts.
Other features
- Social login. New bundled extensions that allow users to log in with Facebook, Twitter, and GitHub.
- More compact post layout. All controls are grouped over to the right.
- Improved permissions. The admin Permissions page has been improved with icons and other tweaks.
- Improved extension management. The admin Extensions page has a new look and is easier to use.
- Easier debugging. The "oops" error message has a Debug button to inspect a failed AJAX request.
- Improved JavaScript minification. Minification is done by ClosureCompiler only when debug mode is off, resulting in easier debugging and smaller production assets.
Added
- Allow HTML tag syntax in translations (#574)
- Add gzip/caching directives to webserver configuration (#514)
- API to set the asset compiler's filename
- Migration generator, available via generate:migration console command
- Tags: Ability to set the tags page as the home page
bidi
attribute for Mithril elements as a shortcut to set up bidirectional bindingsroute
attribute for Mithril elements as a shortcut to link to a route- Abstract SettingsModal component for quickly building admin config modals
Model::afterSave()
API to run callback after a model instance is saved- Sticky: Allow permission to be configured
- Lock: Allow permission to be configured
- Add a third state to header icons (#500)
- Allow faking of PATCH/DELETE methods (#502)
- More reliable form validation and error handling
Changed
- Rename
notification_read_time
column in discussions table tonotifications_read_time
. - Update to FontAwesome 4.4.0.
Fixed
- Output forum description in meta description tag (#506)
- Allow users to edit their last post in a discussion even if it's hidden
- Allow users to rename their discussion even if their first post is hidden
- API links correctly include the
/api
path (#579) - Tags: Fix sub-tag ordering algorithm in Chrome (#325)
- Fix several design bugs
0.1.0-beta.2
Added
- Check prerequisites (PHP version, extensions, etc.) before installation (#364)
- Enforce maximum title and post length through validation (#53, #338)
- Ctrl+Enter submits posts (#276)
- Syntax highlighting for code blocks (#248)
- All links open in new window, receive rel=nofollow attribute (#247)
- Default build script for extensions (#438)
- Input validation in installer
Changed
- Ask for admin password confirmation in installer (#405)
- Increased some text contrasts for accessibility (#390)
Fixed
- Discussion list did not work with non-empty database prefix (#269, #380)
- Non-admins could not reset their password (#229)
- Requests ending with a slash resulted in a 404 (#334)
- In rare cases, posts did not load correctly (#295)
- Avatars did not show up when installed in a subfolder (#291)
- Installer crashed when views directory was not writable (#376)
- Table prefix could not be set in web installer (#269)
- Enabling an extension disabled all other extensions (#402)
- Invalid custom CSS could crash the application (#400)
- First posts could not be restored or deleted
- Several design bugs
- Set cookies to be HTTP-only
- Tags: Sometimes, tags could not be dragged for reordering in the admin panel (#341)
- Suspend: Use correct column name in when migrating database
- Lock: Check for correct permission when displaying lock control
- Likes: Allow liking permissions to be configured
0.1.0-beta
v0.1.0-beta Fix incorrect chmod instruction