Последнии сообщения форума
Всего: 192 Коммитов в репозитории | Отфильтровано: 192 Коммиты | Страница: 1 / 20
Сегодня (17.02.2026)
Refactor: Replace getHref() with getSeoUrl() across all modules
Migrate all 98 getHref() calls in 16 files to the new getSeoUrl()
with named parameters. Remove getHref() (75 lines dead code),
getUrlMeta() and its dead callers from core. Delete unused config_seo.php.
with named parameters. Remove getHref() (75 lines dead code),
getUrlMeta() and its dead callers from core. Delete unused config_seo.php.
Test: Add unused language constants checker script
Utility script to detect define() constants in language files that are
not referenced anywhere in the codebase.
1. Checker (tests/check_constants.php):
• Parses all define() constants from a given language file
• Searches core, admin, modules, blocks, templates, setup directories
• Reports unused constants with line numbers and values
• Usage: php tests/check_constants.php [language_file]
not referenced anywhere in the codebase.
1. Checker (tests/check_constants.php):
• Parses all define() constants from a given language file
• Searches core, admin, modules, blocks, templates, setup directories
• Reports unused constants with line numbers and values
• Usage: php tests/check_constants.php [language_file]
Refactor: Remove meta keywords and migrate OG/Schema to admin config
Meta keywords have been ignored by search engines since 2009. This commit
removes the entire keyword system and migrates Open Graph / Schema.org
settings from static $confse to admin-managed $conf.
Core changes:
1. Keyword removal (config/global.php, config_seo.php, config.php):
• Remove 7 config keys: keys, dkeys, kwords, kletter, kmix, ksep, akeys
• Remove keyword form fields and save handlers from admin UI
• Delete 3 block files: block-keywords*.php
2. Keyword removal (core/system.php, core/user.php):
• Remove keyword auto-generation in getHref()
• Remove <meta name="keywords"> output from head()
• Remove <Tags> from OpenSearch XML
3. OG/Schema migration (config/global.php, admin/modules/config.php):
• Move agraph, graph, aschema, schema from $confse to $conf
• Add admin UI fields for Open Graph and Schema.org templates
4. Safety fix (core/system.php):
• Add is_user() guard for $uid = intval($user[0])
5. Language cleanup (admin/language/*, language/*):
• Remove 12 keyword constants from 6 admin language files
• Remove 7 unused constants from admin language files
• Remove 15 unused constants from 6 frontend language files
Benefits:
• Cleaner codebase without dead keyword functionality
• OG/Schema templates editable from admin panel
• No more undefined variable warnings
Technical notes:
• $kprotect in save() retained (used for bots, css_f, script_f)
• getUrlMeta() already deactivated, no DB changes needed
• config/config_seo.php cleaned but kept for remaining OG/Schema defaults
removes the entire keyword system and migrates Open Graph / Schema.org
settings from static $confse to admin-managed $conf.
Core changes:
1. Keyword removal (config/global.php, config_seo.php, config.php):
• Remove 7 config keys: keys, dkeys, kwords, kletter, kmix, ksep, akeys
• Remove keyword form fields and save handlers from admin UI
• Delete 3 block files: block-keywords*.php
2. Keyword removal (core/system.php, core/user.php):
• Remove keyword auto-generation in getHref()
• Remove <meta name="keywords"> output from head()
• Remove <Tags> from OpenSearch XML
3. OG/Schema migration (config/global.php, admin/modules/config.php):
• Move agraph, graph, aschema, schema from $confse to $conf
• Add admin UI fields for Open Graph and Schema.org templates
4. Safety fix (core/system.php):
• Add is_user() guard for $uid = intval($user[0])
5. Language cleanup (admin/language/*, language/*):
• Remove 12 keyword constants from 6 admin language files
• Remove 7 unused constants from admin language files
• Remove 15 unused constants from 6 frontend language files
Benefits:
• Cleaner codebase without dead keyword functionality
• OG/Schema templates editable from admin panel
• No more undefined variable warnings
Technical notes:
• $kprotect in save() retained (used for bots, css_f, script_f)
• getUrlMeta() already deactivated, no DB changes needed
• config/config_seo.php cleaned but kept for remaining OG/Schema defaults
Refactor: Optimize img_find() and clean up SEO config
Simplify img_find() by removing global $theme side-effect and adding
static cache. Comment out SEO settings now managed via admin panel.
Core changes:
1. img_find() optimization (core/system.php):
• Remove global $theme variable manipulation
• Add static $base cache for theme image path
* getTheme() called once per request instead of every invocation
* Preserves per-user/admin theme resolution via getTheme()
2. SEO config cleanup (config/config_seo.php):
• Comment out $confse['adesc'] and $confse['dletter']
* Values now managed through admin interface via $conf
Benefits:
• Cleaner img_find() without global state side-effects
• Single source of truth for SEO settings in admin panel
static cache. Comment out SEO settings now managed via admin panel.
Core changes:
1. img_find() optimization (core/system.php):
• Remove global $theme variable manipulation
• Add static $base cache for theme image path
* getTheme() called once per request instead of every invocation
* Preserves per-user/admin theme resolution via getTheme()
2. SEO config cleanup (config/config_seo.php):
• Comment out $confse['adesc'] and $confse['dletter']
* Values now managed through admin interface via $conf
Benefits:
• Cleaner img_find() without global state side-effects
• Single source of truth for SEO settings in admin panel
Fix: Address PHP runtime errors and add HTTP error page handling
Resolve multiple PHP 8.x warnings from error logs and ensure HTTP
errors (404/400) terminate with a clean SLAED error page instead of
continuing execution and feeding crawler traps.
Core changes:
1. Null-safety for $conff access (templates/lite/index.php):
• Add !empty($conff) guard before accessing $conff['defis']
* Prevents "array offset on null" when files module not loaded
2. Fallback for unknown file types (core/system.php):
• Add null coalescing for $conftp[$type] in encode_attach()
* Handles .mid/.avi and other unmapped extensions gracefully
3. Fix fields_in() globals (core/system.php):
• Replace require_once with global $conffi declaration
* Config already loaded; avoids redundant include
4. HTTP error handling (core/security.php):
• Call setExit() after logging HTTP errors to terminate request
• Use $conf['theme'] for logo path in setExit() instead of img_find()
* img_find()/getTheme() not available during early boot
Benefits:
• Eliminates ~290 PHP warnings per day from bot traffic
• Stops crawler trap caused by bots following links on error pages
• Clean exit page with logo and auto-redirect for HTTP errors
errors (404/400) terminate with a clean SLAED error page instead of
continuing execution and feeding crawler traps.
Core changes:
1. Null-safety for $conff access (templates/lite/index.php):
• Add !empty($conff) guard before accessing $conff['defis']
* Prevents "array offset on null" when files module not loaded
2. Fallback for unknown file types (core/system.php):
• Add null coalescing for $conftp[$type] in encode_attach()
* Handles .mid/.avi and other unmapped extensions gracefully
3. Fix fields_in() globals (core/system.php):
• Replace require_once with global $conffi declaration
* Config already loaded; avoids redundant include
4. HTTP error handling (core/security.php):
• Call setExit() after logging HTTP errors to terminate request
• Use $conf['theme'] for logo path in setExit() instead of img_find()
* img_find()/getTheme() not available during early boot
Benefits:
• Eliminates ~290 PHP warnings per day from bot traffic
• Stops crawler trap caused by bots following links on error pages
• Clean exit page with logo and auto-redirect for HTTP errors
Вчера (16.02.2026)
Fix: Initialize undefined variables and add type-safety guards
Resolves PHP warnings caused by uninitialized variables and unsafe
array access across core attachment handler, forum, account, and
template modules.
Core changes:
1. Attachment encoder (core/system.php):
• Initialize $timg, $width, $height before conditional branches
* Prevents "undefined variable" notices when attachment is not an image
• Add isset() guards for $date[4][$i] and $date[5][$i]
* Avoids "undefined index" when optional dimensions are missing
• Cast $timg to (string) for str_replace() safety
2. Account profile view (modules/account/index.php):
• Initialize $rgroup as empty array and $uranks as empty string
* Prevents notices when user has no rank groups or point system is off
3. Forum module (modules/forum/index.php):
• Initialize $massiv, $cmassiv, $where, $umassiv as empty arrays
* Prevents "undefined variable" if early return paths are taken
• Add is_array() + !empty() guard for $userinfo before accessing keys
* Handles guest/anonymous users who return non-array from getusrinfo()
• Add is_array() + !empty() guard for $umassiv before foreach loop
• Fix missing newline at end of file
4. Template avatar display (templates/lite/index.php):
• Add is_array() + !empty() guard on $userinfo before avatar access
* Prevents file_exists() warning when getusrinfo() returns non-array
• Extract avatar value into $uavatar with safe fallback
Benefits:
• Eliminates PHP notice/warning log noise in production
• Prevents potential errors for guest or edge-case user states
• Consistent defensive initialization pattern across modules
Technical notes:
• No behavioral changes for normal authenticated users
• All fallback values match existing implicit PHP defaults
• Backward compatible with current template and module contracts
array access across core attachment handler, forum, account, and
template modules.
Core changes:
1. Attachment encoder (core/system.php):
• Initialize $timg, $width, $height before conditional branches
* Prevents "undefined variable" notices when attachment is not an image
• Add isset() guards for $date[4][$i] and $date[5][$i]
* Avoids "undefined index" when optional dimensions are missing
• Cast $timg to (string) for str_replace() safety
2. Account profile view (modules/account/index.php):
• Initialize $rgroup as empty array and $uranks as empty string
* Prevents notices when user has no rank groups or point system is off
3. Forum module (modules/forum/index.php):
• Initialize $massiv, $cmassiv, $where, $umassiv as empty arrays
* Prevents "undefined variable" if early return paths are taken
• Add is_array() + !empty() guard for $userinfo before accessing keys
* Handles guest/anonymous users who return non-array from getusrinfo()
• Add is_array() + !empty() guard for $umassiv before foreach loop
• Fix missing newline at end of file
4. Template avatar display (templates/lite/index.php):
• Add is_array() + !empty() guard on $userinfo before avatar access
* Prevents file_exists() warning when getusrinfo() returns non-array
• Extract avatar value into $uavatar with safe fallback
Benefits:
• Eliminates PHP notice/warning log noise in production
• Prevents potential errors for guest or edge-case user states
• Consistent defensive initialization pattern across modules
Technical notes:
• No behavioral changes for normal authenticated users
• All fallback values match existing implicit PHP defaults
• Backward compatible with current template and module contracts
Refactor: Move SEO settings from static config to admin-managed $conf
SEO-related settings (rewrite, sep, tsep, title, ctitle, ltitle, keys,
akeys, dkeys, etc.) are migrated from config_seo.php into the global
$conf array, making them editable via the admin panel.
Core changes:
1. Admin config UI (admin/modules/config.php):
• Add input fields for title separator (tsep) and SEO title toggles
• Change default URL separator from '|' to '-'
• Save new fields (tsep, title, ctitle) to database
2. SEO config cleanup (config/config_seo.php):
• Comment out all settings now managed via $conf
• Retain file structure for reference
3. Global config (config/global.php):
• Add 'title' and 'ctitle' keys to $conf array
4. URL generation (core/system.php):
• getSeoUrl() reads from $conf instead of $confse
5. Language file (admin/language/ru.php):
• Add translations for _TSEP, _SEOTITLE, _SEOCTITLE
Benefits:
• SEO settings are now configurable through the admin interface
• No more manual file editing required for SEO configuration
• Consistent with existing admin-managed configuration pattern
Technical notes:
• config_seo.php entries commented out, not deleted, for reference
• Backward compatible via ?? default operators in getSeoUrl()
akeys, dkeys, etc.) are migrated from config_seo.php into the global
$conf array, making them editable via the admin panel.
Core changes:
1. Admin config UI (admin/modules/config.php):
• Add input fields for title separator (tsep) and SEO title toggles
• Change default URL separator from '|' to '-'
• Save new fields (tsep, title, ctitle) to database
2. SEO config cleanup (config/config_seo.php):
• Comment out all settings now managed via $conf
• Retain file structure for reference
3. Global config (config/global.php):
• Add 'title' and 'ctitle' keys to $conf array
4. URL generation (core/system.php):
• getSeoUrl() reads from $conf instead of $confse
5. Language file (admin/language/ru.php):
• Add translations for _TSEP, _SEOTITLE, _SEOCTITLE
Benefits:
• SEO settings are now configurable through the admin interface
• No more manual file editing required for SEO configuration
• Consistent with existing admin-managed configuration pattern
Technical notes:
• config_seo.php entries commented out, not deleted, for reference
• Backward compatible via ?? default operators in getSeoUrl()
06.02.2026
Style: Shorten PATH_INFO guard comment in security.php
Condense the inline comment for the PATH_INFO rejection block
to a concise single-line description.
Core changes:
1. Comment update (security.php):
• Replace verbose multi-clause comment with shorter form
* Keeps same technical meaning in fewer words
to a concise single-line description.
Core changes:
1. Comment update (security.php):
• Replace verbose multi-clause comment with shorter form
* Keeps same technical meaning in fewer words
Docs: Update TESTS.md with test suite inventory
Add detailed test suite descriptions covering all Unit and Validation
tests, including the new safety net tests for Phase 1 refactoring.
Core changes:
1. Test documentation (docs/TESTS.md):
• Add Test Suites section with two subsections: Unit and Validation
* List every test file with test count and purpose
* Include PasswordHashTest, InputFilterTest, TemplateIfTest
• Add commands for running individual suites and files
Benefits:
• New contributors can quickly understand test coverage
• Clear mapping between test files and CMS components
tests, including the new safety net tests for Phase 1 refactoring.
Core changes:
1. Test documentation (docs/TESTS.md):
• Add Test Suites section with two subsections: Unit and Validation
* List every test file with test count and purpose
* Include PasswordHashTest, InputFilterTest, TemplateIfTest
• Add commands for running individual suites and files
Benefits:
• New contributors can quickly understand test coverage
• Clear mapping between test files and CMS components
Test: Add safety net tests for Phase 1 security refactoring
Add 41 new unit tests covering password hashing, input filtering, and
template conditionals to establish a regression baseline before the
upcoming security hardening changes.
Core changes:
1. Password hash tests (PasswordHashTest.php):
• Verify md5_salt() algorithm: md5(md5(salt) . md5(pass))
* Consistency, hex format, salt dependency, known values
* Unicode and special character handling
• Validate future bcrypt format for migration readiness
2. Input filter tests (InputFilterTest.php):
• num_filter: digit extraction, non-numeric handling, edge cases
• var_filter: allowed chars, Unicode support, XSS prevention
• isVar: alphanumeric validation, array handling
• text_filter: HTML escaping, BBCode stripping, type modes
• url_filter: protocol prefixing, empty handling
• save_text: quote/dollar/backslash escaping
3. Template conditional tests (TemplateIfTest.php):
• setTemplateIf: true/false branches, else blocks
* Nested conditions, string true/false coercion
* Undefined flags, multiple independent ifs
* Whitespace tolerance in tags
Benefits:
• Regression safety net before password_hash migration
• Baseline for eval() removal in template system
• Validates filter behavior before SQL parameterization
Technical notes:
• Uses algorithm replicas to avoid system.php dependency chain
• All 113 project tests pass (54 new + 59 existing)
• No changes to production code
template conditionals to establish a regression baseline before the
upcoming security hardening changes.
Core changes:
1. Password hash tests (PasswordHashTest.php):
• Verify md5_salt() algorithm: md5(md5(salt) . md5(pass))
* Consistency, hex format, salt dependency, known values
* Unicode and special character handling
• Validate future bcrypt format for migration readiness
2. Input filter tests (InputFilterTest.php):
• num_filter: digit extraction, non-numeric handling, edge cases
• var_filter: allowed chars, Unicode support, XSS prevention
• isVar: alphanumeric validation, array handling
• text_filter: HTML escaping, BBCode stripping, type modes
• url_filter: protocol prefixing, empty handling
• save_text: quote/dollar/backslash escaping
3. Template conditional tests (TemplateIfTest.php):
• setTemplateIf: true/false branches, else blocks
* Nested conditions, string true/false coercion
* Undefined flags, multiple independent ifs
* Whitespace tolerance in tags
Benefits:
• Regression safety net before password_hash migration
• Baseline for eval() removal in template system
• Validates filter behavior before SQL parameterization
Technical notes:
• Uses algorithm replicas to avoid system.php dependency chain
• All 113 project tests pass (54 new + 59 existing)
• No changes to production code
