Fix another weakness in the Input class and further harden the deserialize()
function. Thanks to Martin Auswöger for his input.
Further harden the deserialize() function and the Input class (see #6724).
Correctly load the parent pages in the navigation modules (see #6696).
Correctly encode URLs with GET parameters in the syndication links (see #6683).
Do not pass POST data to the deserialize() function, so it is not vulnerable
to PHP object injection. Thanks to Pedro Ribeiro for his input (see #6695).
Allow any character in passwords, especially the less-than symbol (see #6447).
Purge the image cache if a file is being renamed (see #6641).
Preserve tags in custom CSS definitions (see #6667).
Make the swipe CSS selectors more specific (see #6666).
Correctly optimize floating-point numbers in style sheets (see #6674).
Updated the Russian translation of the TinyMCE "typolinks" plugins (see #6224).
Do not create multiple stylect layers upon Ajax changes.
Some DCAs were missing the "rem" unit (see #6634).
Correctly trim the SQL statements in the Database class (see #6623).
Fix some broken back end icons (see #6214).
Show a hint in the news archive menu if there are no items (see #5888).
Prevent the back end tool tips from exceeding the screen width (see #6639).
Support the Google+ vanity name in addition to the numeric ID (see #6454).
Correctly detect Android tablets in the Environment class (see #5869).
Correctly resolve the module dependencies (see #6606).
Correctly unset the PHP session cookie depending on its parameters.
Fixed the XHTML variant of the comments form (see #5675).
Correctly assign articles to columns (see #6595).
Correctly merge the CSS classes in the Hybrid class (see #6601).
Correctly resize the mediaboxAdvanced in IE11 (see #6504).
Set the correct status header for cached files (see #6585).
Correctly set the empty value depending on the DB field (fixes #6550, #6544).
Prevent saving of detached models (see #6506).
Correctly determine the ACE editor's height (see #6578).
Always fall back to English if a language does not exist (see #6581).
Correctly display repeated events in the event list (see #6555).
Correctly show the available layout columns in the article module (see #6548).
Correctly show the "read more" link in the news list modules (see #6439).
Updated html5shiv to version 3.7.0 (see #6543).
Support browsers with both mouse and touch support in the back end (see #6520).
Correctly handle multiple RadioTable widgets on the same page (see #6389).
Fixed two issues with the SQL cache (see #6507).
Do not require a redirect page for newsletter channels (see #6521).
Use the related field instead of id in the model query builder (see #6540).
Correctly support insert tags nested in shortened "iflng" tags (see #6509).
Do not require a foreign key to define a relation in the DCA (see #6524).
Use UUIDs as parent IDs in Dbafs::addResource() (see #6532).
Correctly set the default language (see #6533).
Correctly update the order fields in the database updater (see #6534).
Do not override the "href" property in addImageToTemplate() (see #6468).
Correctly handle URLs if page aliases are disabled (see #6502).
Handle UUIDs in Model::getRelated() (see #6525).
Hide records with only one version from the "changed elements" overview.
Use an auto-resizing textarea to store CSS selectors.
Updated the ACE editor to version 1.1.2.
Prevent the ACE editor from overlapping the modal window (see #6497).
Use the default back end theme when running in safe mode (see #6505).
Updated TinyMCE to version 3.5.10 to fix the IE11 issues (see #6479).
Optionally override the repository tables when importing a template (see #6470).
Only do the UUID conversion once even if the Database\Updater helper methods
are called multiple times (see #6481).
Correctly toggle the mobile/desktop view (see #6227).
Correctly detect UUIDs in the "file" insert tag (see #6472).
Correctly assign images to FAQs (see #6465).
Improved the speed and memory footprint of the news archive menu (see #6463).
Removed CalendarEventsModel::findBoundaries() (see #6467).
Handle UUID strings in the UUID related FilesModel methods (see #6445).
Applied some minor fixes to the database installer.
Split the routines to convert database fields to UUIDs into separate methods:
Database\Updater::convertSingleField($table, $field)Database\Updater::convertMultiField($table, $field)Database\Updater::convertOrderField($table, $field)
Correctly show the folder protection status in the file picker (see #6433).
Correctly protect newly created folders (see #6432).
Correctly generate HTTPS URLs in the sitemap (see #6421).
Added the missing "sqlGetFromDca" hook (see #6425).
Support CSS selectors up to 1022 charachters long (see #6412).
Support UUIDs in FilesModel::findByPk(), FilesModel::findById() and
FilesModel::findByMultipleById() to be backwards compatible.
Set the correct empty value depending on the database field type (see #6424).
URL decode image paths when exporting to PDF (see #6411).
Do not add news and event URLs to the sitemap if the target page is exempt from the sitemap (see #6418).
Allow special characters in Validator::isUrl() (see #6402).
Sort the list of available modules (see #6391).
Standardize the user home directoy name upon registration (see #6394).
Correctly handle "enum" fields in the database installer (see #6387).
Do not load a page from cache if a user is (potentially) logged in.
Skip empty locale strings when building the language cache.
Slightly increased the contrast in the back end.
Fixed the ACE version number and added an inverted theme (see #6101).
Correctly handle "includeBlankOption" and numeric columns (see #6373).
Correctly detect IE11 in the Environment::agent() method (see #6378).
Disable the maintenance mode if a back end user is logged in (see #6353).
Correctly detect Android tablets in the Environment class (see #5869).
Create a new version if an element type changes (see #6363).
Purge the internal cache in the install tool (see #6357).
Add all resize modes to the TinyMCE thumbnail image screen (see #6362).
Correctly add the parameters to the TinyMCE thumbnail image (see #6361).
Disable HTML5 form validation in "select multiple" mode (see #6354).
Convert binary UUIDs to their hex equivalents in the diff view (see #6365).
Do not allow to create website root pages outside the root level (see #6360).
Updated jQuery to version 1.10.2 and jQuery UI to version 1.10.3 (see #6367).
Correctly link to FAQs using the "faq" insert tag.
Correctly mark checkboxes and radio buttons as mandatory (see #6352).
Add the "onclick" event to the "select all" checkbox (see #6314).
Only show the news/event source options if the user is allowed to access the fields required to configure those options (see #5498).
Added the "getAttributesFromDca" hook (see #6340).
Add the "maintenance mode" and automatically enable it when an extension is installed, upgraded or removed (see #4561).
Correctly handle "toggle visibility" and drag and drop requests via Ajax.
Correctly display nested wrapper elements (see #5976).
Added the "isVisibleElement" hook to determine whether an element is visible in the front end (see #6311).
Handle tables without keys in Database::listFields() (see #6310).
Allow FAQ categories without a redirect page (see #6226).
Create a new version of a record if a sorting field changes (see #6285).
Show the teaser text of redirect events in the event list (see #6315).
Support the "autocomplete", "autocorrect", "autocapitalize" and "spellcheck" attributes in the Widget class, so they can be set in the DCA (see #6316).
Added some validation logic to the Result::data_seek() methods (see #6319).
Model::__callStatic() now also supports "countBy" (see #5984).
// new magic method
$count = PageModel::countByPid(3);
// will be mapped to
$count = PageModel::countBy('pid', 3);Updated mediaelement.js to version 2.13.1 (see #6318).
Correctly handle slashes and empty strings in the TinyMCE link tab.
Order the template list alphabetically (see #6276).
Simplified the "iflng" insert tags (see #6291). You can now omit every closing
{{iflng}} tag but the last one, e.g.:
{{iflng::de}}Hallo Welt{{iflng::en}}Hello world{{iflng}}
Updated Colorbox to version 1.4.31 (see #6309).
Create new UUIDs when duplicating files or folders (see #6301).
Correctly handle booleans, null and empty strings in the Validator (see #6287).
Correctly assign the user's home directory (see #6297).
Move the "create IDE compat file" logic to a command line script (see #6270).
Added a model registry (thanks to Tristan Lins) (see #6248).
Added the "compileFormFields" hook (see #6253).
Append the article ID to the CSS ID if there is no alias (see #6267).
Use a PHP variable for the user agent in the back end (see #6277 and #3074).
Updated TCPDF to version 3.0.38 (see #6268).
Correctly show the "toggle page status" icon (see #6282).
Use a "show details" button in the file manager (see #6262).
Use the micro clearfix hack in the CSS framework (see #6203).
Convert binary UUIDs to hex when using it in SQL statements (see #6265).
Convert binary data to UUIDs in DC_Table::show() (see #6257).
Allow to define custom layout sections in the page layout (see #2885).
Added the custom layout sections positions "top" and "bottom" (see #2885).
Use serialized arrays to store order field data (see #6255).
Do not strip leading numbers from file names (see #6189).
Hide the script hint if a user cannot access to the layout module (see #6190).
Correctly generate image links (see #6249).
Added the convenience method PageModel::getFrontendUrl() (see #6184).
Removed the TinyMCE spell checker (see #6247).
Do not show dates in the past if a recurring event has not expired (see #923).
Pass the ID of the tl_undo record to the "ondelete_callback" (see #6234).
Added the "br" insert tag to insert line breaks (see #6143).
Do not alter the order of the UUID chunks (no optimized order).
Make usernames case-sensitive.
Added a system/docs/UPGRADE.md file to document API changes (see #6236).
Send an "X-Ajax-Location" header to redirect upon Ajax requests (see #5647).
Added new DCA table config flags (see #5254):
closed: no new rows can be added at allnotEditable: the rows cannot be editednotDeletable: the rows cannot be deletednotSortable: the order of the rows cannot be altered (new)notCopyable: existing rows cannot be duplicated (new)notCreatable: prevents to create rows but allows to duplicate rows (new)
The closed flag hence is a combination of notCreatable and notCopyable.
Always show the save buttons in the modal windows (see #5985).
Add the CSS classes "first" and "last" to articles/content elements (see #2583).
The form generator now supports defining a minimum input length (see #4394).
If you are running Contao via an SSL proxy server, you can now set the proxy server domain in the back end settings (see #4615).
Allow to alter any button set via the "buttons_callback" (see #4691). This includes any edit, edit multiple, select or upload form and also includes the option to unset or replace the default buttons.
[BC-BREAK] If you have been using the "buttons_callback" in version 3.0 or 3.1, you will have to adjust your code to reflect the changes!
Show the release notes when installing or upgrading an extension (see #5058).
Add an arc_[archive-id] CSS class to all news list items (see #4998).
You can now define a list of trusted proxy server IPs in the back end settings to improve identifying the user's remote address (see #5830).
Use COLLATE utf8_bin instead of varbinary to preserve case-sensitivity.
Back end users can now store their Google+ profile ID, which will then be used
to add a rel="author" link in FAQs and news items (see #4914).
Render the file tree view based on the eval flags "isGallery" and "isDownloads" instead of making it depend on the "type" column (see #5884).
Add tooltips to the preview height togglers (see #6213).
Use translatable error screens wherever the application dies.
Show the 404 page of the language fallback website if the requested language does not exist (see #5709).
Added the "nullIfEmpty" flag to the "eval" section of the DCA (see #6186).
Only cache the languages which are in use (see #6013).
The "file" insert tag now also handles UUIDs (see #5512).
<img src="{{file::bb643d42-0026-ba97-11e3-ccd6e14e1c8a}}" alt="">
The insert tag can also be used in the internal style sheet editor.
Purge the search index if a page is deleted (see #5897).
Pass additional parameters to the "insertTagFlags" hooks (see #5806).
Added a generic Model::findMultipleByIds() method (see #5805).
Updated slimbox to version 1.8 (see #5747).
Show error messages if a user is logged into the install tool (see #5001).
Support using closures as DCA callbacks (see #5772).
$GLOBALS['TL_DCA']['tl_content'] = array
(
'config' => array
(
'onload_callback' => array
(
function($dc) {
// Your custom code
},
array('tl_content', 'showJsLibraryHint')
)
)
);
Templates now support adding callables (see #6176).
$this->Template->sum = function($a, $b) {
return $a + $b;
}
<?php echo $this->sum(3, 4); ?>
Remove the left-over uses of inactiveModules (see #6142).
Consider all extensions when scanning for fileTree fields (see #6058).
Use unique IDs in the database assisted file system (see #5757).
Optionally follow redirects in the Request class.
$request = new Request();
$request->redirect = true;
$request->send("http://domain.tld/script.php");
Add basic authorization support to the Request class (see #6062).
Wrap the SQL statements in the install tool in a scrollable div (see #6100).