v1.0.463

UX/UI Improvements:

• Fixed display of checkbox lists when quickselect is selected.
• Added new winter:passwd Artisan command to change the password of a Backend user through the command-line.
• Secondary branding colour is now applied to the active media filter in the MediaManager widget
• Lists can now disable the click event by applying the nolink CSS class to table row (TR) elements in addition to table data elements (TD) elements.

API Changes:

• System\Classes\PluginManager->sortByDependencies() is now deprecated as plugins are now sorted by key & dependencies by default.
• Changed the Winter\Rain\Database\Builder->simplePaginate() signature to match paginate() ($perPage, $currentPage, $columns, $pageName)
• Added engine => InnoDB to the default mysql database driver configuration
• Added support for varcharmax to the mysql database driver configuration to specify the default length used for varchar / string columns when running migrations. If using utf8mb4 on MySQL < 5.7 or MariaDB < 10.2 this should be set to 191, newer versions can be safely set to 255 however.
• Translator trans and transChoice method arguments have changed to match the Laravel 5.5 base package.

Bug Fixes:

• Fixed the LESS compiler using PHP 7.4 that was previously throwing an error.
• Added support for tab lazy loading to all forms of tabs, not just primary tabs.
• Fixed hard coded Form widget alias in the recently added tab lazy-loading functionality.
• Fixed support for Laravel's Builder::paginate() signature paginate($perPage, $columns, $pageName, $currentPage) in addition to Winter's paginate($perPage, $currentPage, $columns, $pageName). Additionally fixed support for Laravel's simplePaginate() signature.
• Fixed issue where errors thrown during the page processing of the RelationController would be silently consumed without being reported to the user.
• Fixed issue where popups can still be interacted with when they are in a loading state using data-popup-load-indicator.

Dependencies:

• Updated minimum required PHP version for the installer to match Build 1.0.472's minimum of 7.0.8

v1.0.462

UX/UI Improvements:

• Documented session.http_only config property in the default config/session.php

API Changes:

• Event logs are now double-encoded for HTML characters before being displayed as both HTML and text in the event log viewer. This allows encoded HTML entities to be parsed and displayed correctly in the HTML view, but displayed exactly as entered in the text view.

Bug Fixes:

• Fixed janky behaviour with the javascript sortable plugin when sorting items on a scrollable container (affected RainLab.Sitemap, RainLab.Pages, Menus, etc).
• Fixed issue where linked data in singular relation controller (hasOne or belongsTo) would remain populated in the relation fields even after unlinking or deleting the linked record.

Dependencies

• Changed Laravel dependency to require 5.5.40 as a minimum due to the breaking change Laravel made in that version, some composer installs were not recognizing anything newer than 5.5.38 so this bump makes it more obvious that a stale composer is the issue.

v1.0.461

UX/UI Improvements:

• Set the CMS codeeditor field to readonly and added a warning message above it when safemode is enabled.

API Changes:

• Bumped minimum required version of PHP from 7.0 to 7.0.8 to enable support for PHP 7.4.
• Added support for the customViewPath configuration property in the RelationController when rendering lists to be able to override the partials used for rendering the Lists widget.
• Using the ImportExportController's useList property will now pass the list header values through the backend.list.overrideHeaderValue event just like a regular list would.
• ApplicationException are no longer logged if unhandled (they're meant as more of a validation / sanity check exception. SystemExceptions are logged instead.
• All Artisan commands that are unusable in Winter (typically because they rely on a "Laravel" project structure) are no longer registered and thus no longer made available. Full list of removed commands here: wintercms/library#447
• Added static method Cms\Helpers\Cms::safeModeEnabled() to check if safe mode is enabled.
• Add support for lazy loading backend form tabs with the lazy configuration property that takes an array of tab names to apply lazy loading to.

Bug Fixes:

• Fixed scrolling issue in the MediaManager that would occur on some browsers causing scrolled content to no longer become visible erratically.
• Added smoother support for old serialized cookie data to retain sessions during the upgrade process.
• Fixed issue where similarly-named repeaters in a CMS page or layout would conflict when checking for AJAX actions on a child repeater.

Translation Improvements:

• Added Slovenian translation

Community Improvements:

• Switched to using Discord instead of Slack: https://discord.gg/D5MFSPH6Ux
• Launched Premium Support: https://wintercms.com/premium-support

Dependencies

• Minimum PHP version bumped from 7.0.0 to 7.0.8
• Support for PHP 7.4 added

v1.0.460

UX/UI Improvements:

• Moved CodeEditor's full screen buttons to the bottom of the widget.
• Fixed keyboard support for checkboxes
• Added keyboard support to lists
• Improved the UX of checkbox lists "Select All", "Select None" bulk actions
• Changed the cursor to be a grab cursor when hovering over table headers to indicate that they are a scrollable container
• Made the record "Delete" button consistent across the core backend controllers by replacing User Roles & User Groups delete buttons with the standard trash can icon button
• Fixed issue where form tabs would initially be unstyled until the JS had loaded and initialized them
• Added support for making radio fields display inline by adding cssClass: 'inline-options' to their properties
• Added auto detection of the field required property for fields that have required_if model validation rules

API Changes:

• Cookies are no longer serialized. This brings the behavior back in line with Laravel's default behavior as of the 5.5.42 update. IMPORTANT: If you are passing non-scalar values to Cookie::set() (i.e. objects & arrays) then you will need to change your code so that those values are JSON encoded / decoded before and after being stored in the cookie.
• Added new System\Traits\ResponseMaker trait to the base Backend\Classes\Controller class (and the Cms\Classes\Controller controller). Adds the following methods: setStatusCode($code), getStatusCode(), setResponse($response), setResponseHeader($key, $values, $replace = true), setResponseCookie($cookie), getResponseHeaders(), and makeResponse($contents).
• media.file.upload event now passes the $path argument by reference.
• Added ability to specify a LESS file to be used as a default backend brand CSS override with the config item brand.customLessPath
• Updated references to deprecated event.which and other methods of determining the selected keys to the new event.key
• Added new method removePermission($owner, $code) to the BackendAuth manager class to enable plugins to dynamically remove permissions from the available list registered with the BackendAuth manager class.
• Added support for SparkPost mail driver
• Added support for a string option to be provided to Winter\Rain\Network\Http->setOption($option, $value) as long as it corresponds to a valid CURLOPT_ constant
• Added getConfig($value, $default = null) method to the Backend\Classes\ListColumn class to mirror what's available on the Backend\Classes\FormField class
• Added order option to the relation FormWidget to allow relation options to be ordered by a custom order statement.
• Added email field type (type: email)
• Documented newly available services.mailgun.endpoint config item in config/services.php
• Replaced existing handling of disabling CloudFlare's rocket loader on backend scripts by adding a new event (system.assets.beforeAddAsset) that is listened to by the HeathDutton.CloudFlare plugin. Recommend any CloudFlare users using Rocket Loader to use that plugin going forward
• Added support for permissions property on form fields, list columns, and list filter scopes. Property supports either a single string or an array of permissions that the current backend user must have access to at least one of in order to access the field / column / filter scope.
• Added support for mode: switch to the Backend\FormWidgets\PermissionEditor FormWidget that defines permissions as either expliclity allowed (1) or denied (-1).
• Added support for availablePermissions property to the Backend\FormWidgets\PermissionEditor FormWidget that accepts an array of permission codes to filter the list of permission codes to be managed by that widget instance down to.
• Added clear-full, clear-left, and clear-right CSS classes that can be used to apply clearfixes to form fields by adding them to the field's cssClass property
• Added support for the CURLOPT_POSTFIELDS cURL option to be manually overriden when using the Winter\Rain\Network\Http wrapper.
• Added support for dependsOn to filter scopes of type: group. All current filter scopes (including their current values) will be passed to the options method as an array of scope objects to be used in redetermining the available options to provide when the scopes that are targeted with dependsOn are updated.
• Added support for unregistered translation strings to still have the replacement engine run on them
• Added support for minimum or maximum values in number range filter to be left unspecified - this is treated as an "at least" minimum value or "at most" maximum value filter.
• Added getSortColumn() and getSortDirection() public methods to the Lists widget.
• Added two more valid characters to filenames managed by the MediaLibrary, ' and &.
• Added parseClean() method to Winter\Rain\Parse\Markdown that enables safe mode on the markdown parser used.

Bug Fixes:

• Reverted improvements to table column width handling on Chrome (specifically for long unbroken text values in columns) introduced in Build 1.0.444 as it was causing other issues on mobile.
• Reduced inconsistencies with results generated by \Winter\Rain\Database\Attach\Resizer class, specifically for .gif images by processing .gif images with imagescale() instead of imagecopyresampled()
• Fixed an issue where attempting to modify the available Settings Items through the SettingsManager could fail if a user wasn't provided to filterItemPermissions() at that point in the request
• Removed caching of Theme configuration, this is now handled by YAML::parseFile() caching which simplifies the Theme processing code and fixes some bugs related to cache invalidation
• Fixed issue with trying to create multiple CMS templates at once
• Fixed issue where the cached classes file would not be removed along with the cached services file when running php artisan clear-compiled
• Fixed issue with PHP 7.0 compatibility introduced with new PreferenceMaker trait in Build 1.0.457
• Fixed issue where message subjects set in Mail callback functions were not available to the system mail layouts because the layouts were generated before the callback was called. Note that this was accomplished by calling the callback before content is added to the message instead of after, so it could be considered a breaking change
• Fixed styling for switch fields that are required
• Fixed bug where '0' was returned as NULL from $this->param() but returned as '0' from {{ this.param.slug }}
• Fixed issue where updating a record through a RelationController would not trigger a change event on the RelationController field like creating a record would by triggering the change event on successful update
• Fixed issue where FormWidgets in Repeaters that made orphaned AJAX requests (AJAX requests fired on an element outside of the repeater's markup structure, ex. from a popup modal instead) were not being initialized which was causing the orphaned requests to fail
• Fixed issue where the databaseTemplates feature from Build 1.0.456 wouldn't support templates in subfolders. Nesting limit is still 2 (/template-type/subfolder1/template.htm) but the issue where it was just 1 when databaseTemplates was enabled has been fixed.
• Fixed issue where the change event was not triggered on removing a recordfinder's value with the clear button
• Improved default email branding styles compatibility with Outlook mail clients by preventing harsh word breaks.
• Fixed issue where the Model class would try to trim an attribute that was a PHP resource (pgsql:bytea) by simplifying the trim detection logic to just use is_string instead of checking if value wasn't every other type of variable available.
• Fixed issue where an infinite loop could occur when trying to resolve a circular required_with or required_if validation rule chain.
• Fixed issue where having no class lists configured for the RichEditor markup class options would break the RichEditor.
• Fixed issue where the model.beforeSave event would be fired twice under some conditions when using a HasOneOrMany relationship.
• Fixed PHP fatal error under some cases where argv is not available in the server variables.
• Fixed issue where the FileUpload FormWidget was checking if the file model was protected before generating the URL to the file even though the File model itself handles that operation since Build 1.0.447.
• Fixed issue where the mediafinder formwidget wouldn't work when the user didn't have access to the Media Manager by switching the formwidget to preview mode under those conditions
• Fixed issue where text in an error message popup could not be selected for copy-pasting.
• Fixed issue with parsing the select2 options format over AJAX requests introduced in Build 1.0.457.
• Fixed conflict between input.trigger.js & filter.js that caused filter popup buttons to disappear when searching for records in a group filter popup.
• Fixed faulty type cast for belongsToMany deferring bindings table when using PostgreSQL
• Fixed support for mobile devices (touch screens) in the jquery.sortable.js plugin
• Fixed issue introduced in Build 1.0.459 where some server configurations could cause the AssetCombiner to stop working
• Fixed issue with number range filter not working with a value of 0 for either the minimum or maximum value.
• Fixed issue where attempting to sort by a column that isn't actually supported as a sortable column by the database could cause the session to enter an invalid state where it would be impossible to remove that column sorting preference.
• Fixed issue where changing just the "time" field on a datepicker FormWidget wouldn't trigger the JS change event on the field.
• Fixed issue with the numberrange filter on PostgreSQL when attempting to filter the range by infinity in either direction.
• Fixed issue w...

v1.0.459

UX/UI Improvements:

• The theme Delete button is now hidden for the currently active theme as you cannot delete the active theme anyways.
• Added a warning to the System Status dashboard ReportWidget when debug mode is enabled as debug should never be enabled in production.
• Invalid menu items now throw a ValidationException when debug mode is enabled and log an error instead when debug is disabled.
• Added support for Repeater item titles to be pulled from dropdown field types.
• Added the Validation trait to model stubs when calling create:model.
• Made the CodeEditor fullscreen button easier to see by increasing the contrast.

API Changes:

• When setting relationship values model mutator methods ('set' . $attribute . 'Attribute') are now taken into account meaning that you can control how specific relationship values are set by defining a custom mutator method for the relationship.
• Added getReportWidgets() method to Backend\Classes\WidgetManager to return the protected array of currently registered report widgets
• Custom theme data stored in cms_theme_data is now removed when the theme it belongs to is deleted.
• Added develop.decompileBackendAssets configuration flag to decompile the backend assets in order to simplify making changes to backend asset files for the purpose of making PRs to the Winter CMS core.
• Switched parsing of stub files for the generator commands to use Twig instead of basic str_replace(), this will enable more complex stub files

Bug Fixes:

• Fixed issue where the TagList FormWidget in mode: relation wasn't respecting relationship constraints (conditions and scope) set on the relationship definition.
• Fixed issue where using the ::class magic constant in database migrations would cause them to break due to flawed parsing logic.
• Fixed use of Storage::url() for local disks that haven't been configured correctly
• Moved the translation for plugin's "By $author" text in the plugin update view to the System module instead of the CMS module to support installations without the CMS module enabled or installed.
• Removed old "Holly Hack" for IE5-IE7 support, we don't support those browsers anymore.
• Fixed Theme importing/exporting that was broken as of 457-458.
• Fixed issue where the session expiring would throw a vague exception when attempting to check the CSRF token instead of just throwing a general CSRF invalid error message.
• Fixed issue where multiple instances of the PermissionEditor could not exist on a single page.

Translation Improvements:

• Improved Arabic translation

Performance Improvements:

• The file extension has been added to the end of asset combiner URLs (ex. /combine/asqw3ljkqw421323.js or /combine/lkj23jlk13j1l.css) in order to allow CDNs to more easily identify the URL as cacheable to improve overall site performance.

Community Improvements:

• Added documentation on keeping local forks of the Winter CMS codebase up to date with upstream.
• Improved the CONTRIBUTING.md guide
• Added security policy
• Added documentation for testing pull requests

Dependencies

• Updated to v1.8.0 of Spectrum.js (Note: Winter was already using 1.8.0, however jQuery API updates were made without the vendor tagging a new release)

v1.0.458

UX/UI Improvements:

• The link to "Access Logs" in the System Dashboard Widget is now hidden when the user doesn't have access to view those logs.
• Reverted 457's improvements for screen reader accessibility and keyboard navigation in the backend as they are not production ready. Will be considered for inclusion in 459.
• Side panel header now styled with brand colors

API Changes:

• Added cms.runMigrationsOnLogin configuration item to control whether the UpdateManager automatically runs any pending migrations on login to the backend. The default is now null which means that the value is pulled from app.debug; i.e. only enabled when the application is in debug mode.
• Field labels are now added as model validation attribute names after the field is checked for inclusion in the current context which solves an issue where multiple fields for the same attribute but under different contexts would conflict with each other.

Bug Fixes:

• Fixed support for tab icons in the Theme customization form
• Fixed support for default values in nestedforms inside of repeaters in an update context
• Fixed bug where a CSRF token mismatch would display an error twice in the CMS section
• Removed support for the Priority Hints API in the {% framework %} tags as that broke existing themes that rely on a synchronous load order of the theme scripts
• Fixed minor issue where the editable part of the RichEditor FormWidget didn't fully fill the height of the control
• Fixed issue where calling isset() on CMS page codebase object properties wouldn't give the same result as actually accessing them.
• Fixed "widget not bound to controller" error for nested repeaters.
• Improved support for previewMode being passed down to Repeaters and NestedForms
• Fixed an issue where using unsupported database drivers would thrown an incorrect exception

Translation Improvements:

• Added Thai translation

Community Improvements:

• Added documentation for the DataTable FormWidget
• Added an issue template for marketplace issues

v1.0.457

UX/UI Improvements:

• Now utilizing the selected secondaryColor brand setting for the border color on selected items in the Treeview control (pages list)
• Added support for cms.databaseTemplates to the winter:env command
• Added support for preview mode to the Taglist FormWidget
• Improved the visibility of the code editor buttons in the CMS section by changing their colour to one with more contrast
• Disabled the theme config cache when application is in debug mode
• Improved the styling of the colour picker when allowEmpty: true
• Improved screen reader accessibility for tabs and improved keyboard navigation in the backend

API Changes:

• The Winter\Rain\Database\Attach\File model's getPath() now defines an optional $fileName parameter, any custom classes that extend this method must have their method signatures updated to match this change.
• The Winter\Rain\Database\Attach\File model's getThumbFilename() method has been changed from protected to public, any custom classes that extend this method must have their method signatures updated to match this change.
• The getDisk() method has been added to the Winter\Rain\Database\Attach\File model which enables running all storage related commands on the File's actual storage disk instead of the default storage disk.
• Added new Backend\Traits\PreferenceMaker trait modelled after the SessionMaker trait that stores minor user preference changes (such as backend list configurations) in the user's preferences.
• Added cms.enableBackendServiceWorkers (defaulting to false) to allow the use of Service Workers in the backend. They have been disabled by default for security purposes to prevent any frontend Service Workers from leaking into the backend.
• Plugin dependencies defined in the plugin registration class $require property are now case insensitive.
• Removed support for the invalid type: relation column configuration, previously this would warn that is was invalid in the system log and convert to type: text automatically. Recommended replacement is to use whatever type the data actually is and then use the relation: property to specify the relationship you want to get the value from.
• Added a is_countable() polyfill to the library for PHP < 7.3
• Disabled global jQuery AJAX events by default in favour of just the framework.js ones. Previously both would fire leading to conflicts between what parameters jQuery sends vs what the AJAX framework. If access to the jQuery AJAX events is required, pass ajaxGlobal: true to the options for $.request(handler, options) or add data-request-ajax-global for the Data Attributes AJAX API.
• Third parameter $options added to Zip::make() that passes the options onto Zip->add(). In addition, the includeHidden option has been added which specifies that all hidden files (dot files) from the source should be included in the final Zip destination.
• Added maxFilesize option to the FileUpload FormWidget, defaults to the upload_max_filesize from the server

Bug Fixes:

• Fixed support for JS plugins extending the RichEditor
• Improved the Halcyon addDynamicProperty test
• Fixed issue where CMS Meta information wasn't populating correctly (breaking menus in RainLab.Pages)
• Fixed issue where mainMenu counter's being set to false didn't properly disable them fully from displaying
• Improved reliability of jsonable properties in models under conditions where they might be double de/encoded for one reason or another
• Fixed broken path to the video thumbnail in the MediaManager widget
• Fixed issue when attempting to interact with CMS assets in the backend caused by the recent addition of the databaseTemplates functionality
• Fixed long standing issue where loading indicators would remain in a loading state when an error or flash message was returned from a response forcing the user to reload the page to get back to a usable state
• Improved error message displayed when using a custom Halcyon model that does not have a dirName set
• Fixed issue introduced with 447 when trying to get the thumbnail for private files without specifying any options by using default options when generating thumbnails for private files
• Improved handling for error states in the RelationController behavior
• Fixed support for files: true as an AJAX framework option in newer browsers
• Fixed support for saving Repeater data in Static Pages when a repeater item is deleted
• Fixed support for custom Select2 options via the AJAX framework, also added new format for custom options to be returned in to preserve their order
• Fixed issue where CMS templates with the same filenames (i.e. a partial and a page both called contact.htm) would be unable to be selected in the list of templates in the CMS section.
• Fixed the centering of no record message in lists when tree mode is enabled.
• Stopped minifying CSS rules inside of parenthesis, fixes issue where calc() rules with pixel values were breaking after being run through the asset combiner.
• Fixed support for ReportWidgets using the objectList property type for their properties.
• Fixed support for Auth::id(), there was a typo in the method that rendered it unusable previously.
• Fixed bug when attempting to sort by the any_template (Template) column in the CMS Theme Log. To sort by template, change the list setup to show the "Old Template" and "New Template" columns and sort by those instead.
• Fixed inspector option values not being translated.
• Fixed DataFeed support for Postgres
• Fixed minor issues with poorly structured HTML from the dump() Twig function

Security Improvements

• Backend ServiceWorkers have been disabled by default to prevent frontend ones from leaking into the backend unintentionally. See cms.enableBackendServiceWorkers

Translation Improvements:

• Improved the Brazilian Portuguese translation
• Improved the Chinese translation
• Improved the Spanish translation
• Improved the Russian translation

Performance Improvements:

• When using Cloud storage drivers (ex. AWS or Rackspace) for Files that are marked as protected, the Backend\Controllers\Files controller's getDownloadUrl() and getThumbUrl() methods now return temporary URLs to the actual asset instead of a URL that proxies the entire asset through the framework to the browser. The amount of time the temporary URL is valid for is configurable by setting cms.storage.uploads.temporaryUrlTTL to a value in seconds (default 3600, an hour). This should dramatically improve performance of protected files that are located in storage drives that support the getTemporaryUrl() method - and it is recommended that if you heavily utilize that feature that you utilize a storage drive that supports that method.
• Added support for the Priority Hints API supported in newer browsers for backend core assets and the {% framework %} tags

Community Improvements:

• Various improvements (performance and otherwise) made to the TravisCI integration with the main repos to make contributing to PRs a nicer experience
• Various improvements to the automated testsuite (including a new style checker, the existing code base has been cleaned up to conform to the style checker. It may be made more strict in the future, for now all PRs are required to adhere to it)
• Added documentation for the theme:sync command and for the --relative option for the winter:mirror command

Dependencies

• Added inline_style and inline_class Froala plugins into the base Froala build
• Added polyfill for :focus-visible CSS selector to the backend (https://github.com/WICG/focus-visible)
• Added polyfill for event.key in JS events to the backend (https://github.com/cvan/keyboardevent-key-polyfill)

v1.0.456

UX/UI Improvements:

• Added default "hard" (artisan down) maintenance mode view, able to be overridden by a maintenance.php file placed in the project root.
• Added support for previewing SVG images in the Media Library

API Changes:

• Added Url::buildUrl() method (along with helper http_build_url()) as a polyfill for the PECL HTTP http_build_url() function.
• Added support for database-driven theme templates, enable cms.databaseTemplates to use it

Bug Fixes:

• Fixed issues with hasMany relationship management by reverting some performance PRs to that process that were causing issues.
• Fixed adding new dashboard widgets defaulting to full screen width instead of 5/6th of full screen.

v1.0.455

UX/UI Improvements:

• Implemented easy impersonation of backend users through the backend - feature controlled by the new backend.impersonate_users permission
• Open rowlink rows in a new tab when the Command or Ctrl key is held down (previously only did it for the Ctrl key)
• Added disabled style for switch field types

API Changes:

• Changed the FileUpload FormWidget to process uploads with a onUpload AJAX handler instead of the checkUploadPostback method
• Changed the default value of cache.disableRequestCache to be null which now disables the in memory request cache during CLI requests and enables it during HTTP requests. Other values are explicit true or false.
• Brought the AuthManager and User classes more in line with Laravel's Auth library; full support is still a far ways off though.
• Removed the mediafinder buttons from the RichEditor and MarkdownEditor FormWidgets when the user does not have permission to use the media library.

Bug Fixes:

• Fixed issue with retaining transparency when making thumbnails for some image files
• Fixed issue that could cause potential data loss with complicated implementations of the Repeater formwidget.
• Fixed issue where the DatePicker was ignoring the value of ignoreTimezone when in mode date

Translation Improvements:

• Improved Dutch translation

v1.0.454

API Changes:

• Moved RichEditor extending JS plugins into their own compiled file to eleminate the need to have the DRM vendor files present in order to build Winter's specific JS add-ons to the RichEditor
• Added support for Filter widgets in the RelationController view and manage options

Bug Fixes:

• Fixed issue where CSRF protection would prevent uploads directly in the RichEditor from succeeding by including the CSRF token in those requests
• Fixed issue with scrolling backend lists on mobile devices
• Fixed issue where the subject and / or user password in the user welcome email could be HTML encoded
• Fixed typo in FormWidget's JS & CSS stub files

Translation Improvements:

• Improved Finnish translation