Relicense SLAED CMS from GPL-3.0 to MIT and remove the runtime license lock. The project author relicenses their own work, so attribution enforcement is dropped and the obfuscated copyright config is retired.
Core changes:
- License text and metadata (LICENSE, composer.json, package.json, README.md):
- Replace the GPL-3.0 text with the MIT license and update license fields/badges
- Source headers (~396 .php, .htaccess, setup/sql/.sql):
- Change "# License: GNU GPL 3" to "# License: MIT"
- Normalize the copyright line to "# 2005 - 2026 SLAED"
- Runtime license lock removal (core/system.php, setup/index.php):
- Remove the _NO_LICENSE admin and setup lock checks
- Drop the lic_h/lic_f config keys and their forced rewrite on config save
- Replace the four footer builders with a single getLicenseHtml()
- Decouple the legacy md5 password salt into a frozen PASS_SALT constant
- Remove the now-dead _NO_LICENSE constant from all locale files
- Documentation (README, CONTRIBUTING, SECURITY, UPGRADING, CODE_OF_CONDUCT, .rules/architecture.md):
- Replace GPL references with MIT
Technical notes:
- Legacy md5 logins keep working through the frozen PASS_SALT value
- Historical news seed data in setup/sql/insert.sql is left intact on purpose
- Third-party code under plugins and vendor is not touched
Adjust footer CSS so the MIT license line reads cleanly after the relicense changed the text length.
Core changes:
- Site footer (templates/lite/assets/css/theme.css):
- Center .sl-copyright/.sl-license and balance the wrapped lines
- Admin login footer (templates/admin/assets/css/theme.css):
Reduce .sl-admin-login-copyright font-size so the line fits one row on desktop and narrow widths
Benefits:
- Footer license stays readable and centered without clipping
Replace the hardcoded 'pages-v1' prefix in the page-cache key with the CMS version, so every SLAED release automatically invalidates stale page caches on update without a developer remembering to bump a magic string or admins running a manual cache wipe.
Core changes:
- Cache key composition (core/system.php):
- Use $conf['version'] as the first hash part in getPageHash() instead of 'pages-v1'
- Add $conf to the function globals and fall back to an empty string when unset
- Update the function comment to list the real identity parts
Benefits:
- Page cache regenerates lazily after every version upgrade, fleet-wide
- No buried version literal to maintain by hand
Technical notes:
Content edits keep invalidating through the epoch counter; the version part covers code/release level invalidation
- Regeneration is lazy per request; old files are reclaimed by the GC sweep
Surface the single-flight page-cache rebuild as an admin setting and harden the runtime so it is safe to enable on production sites. Default stays off; the behavior itself was added in the prior page-cache overhaul.
Core changes:
- Admin toggle (admin/modules/config.php):
- Add a yes/no control with hint for cache_l in the cache settings block
- Persist cache_l from the config save handler
- Read with a '0' fallback so the form is safe before local.php is regenerated
- Localized strings (admin/lang/de.php, en.php, fr.php, pl.php, ru.php, uk.php):
- Add _CACHELOCK label and _CACHELOCKINFO hint across all six languages
- Phrase the label per locale; keep the English "single-flight" term only in en
- Runtime hardening (core/system.php, core/classes/cache.php):
- Skip serving an empty stale body so waiting requests never get a blank page
- Keep held rebuild locks fresh with touch() so the sweeper leaves them alone
- Garbage-collect stale lock files via deleteStale('locks') and a SWEEP list
- Documentation (admin/info/config/ru.md):
- Describe cache_l as recommended for high-traffic projects, off by default
Benefits:
- Admins can enable single-flight rebuilds without editing config files
- No blank pages under concurrent expiry; lock directory stays bounded
Technical notes:
- cache_l default lives in config/global.php and is read via empty()
- Lock files live under storage/cache/pages/locks and are swept by the GC job
Cold-start (no stale file yet) is not de-duplicated by design; single-flight only applies once a previous version exists
Rework the full-page HTML cache so it scales for high traffic: normalize the cache key, serve correct browser/CDN headers, retain files by age, invalidate on content change, and collapse concurrent rebuilds. Generation timing now shows on cached responses without baking a stale value into the stored file.
Core changes:
- Generation timing on cached pages (core/system.php):
- Replace the per-render time string with a GEN_MARK sentinel baked into the body
Add getTimedHtml() to swap the marker for live timing right before output, or strip it when generation timing (db_t) is off
- Inject on both the live echo and the page-cache hit path
- Cache key normalization (core/classes/cache.php, core/system.php):
Add Cache::filterCacheUrl() to drop tracking parameters (utm_*, gclid, yclid, fbclid, _openstat) and order query groups while preserving array order
- Feed it into getPageHash() so equivalent URLs map to one cache file
- Browser/CDN headers and conditional GET (index.php, core/classes/cache.php, core/system.php):
- Replace the premature public header in index.php with a safe no-store default
Send public Cache-Control plus a real Last-Modified (file mtime) only for cacheable guest pages, and answer If-Modified-Since with 304
Add Cache::checkNotModified(); suppress browser caching while db_t is on so the timing line never goes stale
- Retention-based garbage collection (core/classes/cache.php, core/system.php, admin/info/config/ru.md):
- Add Cache::deleteStale() to remove page-cache files older than max(cache_t
, 86400) - Switch addCacheGcTask() from a full wipe to the retention sweep
Document that cache_t is HTML freshness, cache_d is browser max-age, and GC retention derives from cache_t
- Global epoch invalidation (core/classes/cache.php, core/system.php, core/classes/pdo.php, index.php):
Add Cache::getEpoch()/addEpoch() with a once-per-request flock bump; include the epoch in getPageHash() so a bump invalidates every cached page
Bump from the DB layer on successful state-changing SQL under ADMIN_FILE, which covers all admin content modules through one hook
- Bump on frontend comment, post and voting submissions
- Single-flight rebuild (core/classes/cache.php, core/system.php, config/global.php):
Add Cache::getRebuildLock()/setRebuildFree() using a non-blocking flock with shutdown release; serve the stale file when another worker already rebuilds
- Gate behind the new cache_l config flag, default off
Benefits:
- Tracking-only URL variants share one cache file instead of fragmenting it
- Cached pages can be revalidated by the browser/CDN with 304 instead of full sends
- Disk stays bounded; content edits no longer wait up to cache_t to refresh
- Concurrent expiry no longer triggers a thundering herd of full rebuilds
Technical notes:
New config flag cache_l (default 0); cache_b now also fixes public headers on non-cacheable HTML
Epoch and lock files live under storage/cache/pages; deleteStale and deleteAll preserve .htaccess and index.html
Single-flight serves stale only when cache_l is enabled; otherwise behavior is unchanged
Render the consolidated user actions menu as a popover trigger and rework the comment and forum-post header layout for symmetric, browser-independent alignment.
Core changes:
- Popover fragment (templates/lite/fragments/popover.html, templates/admin/fragments/popover.html):
- Add is_user_menu flag: user-menu trigger class and bi-menu-button-wide-fill icon
- Wrap items/view/edit/delete menu entries in li for valid list markup
- Comment header (templates/lite/fragments/comment.html, templates/lite/assets/css/theme.css):
- Place the user and editor gear cluster before the post number
Lay out the header on a 1fr auto 1fr grid: fixed-width author column, meta aligned from the left, action cluster on the right
- Forum post (templates/lite/fragments/forum-post.html, templates/lite/assets/css/theme.css):
- Move the user menu into the meta cluster before the post number
Flex the meta bar and drop its fixed height so date and cluster never overlap the post body
- Center the nickname plate with flexbox for consistent cross-browser rendering
- Gear styling (templates/lite/assets/css/theme.css):
- User gear shares the editor gear styling (grey, brand-blue on hover)
Benefits:
- Symmetric, consistent post headers regardless of nickname length
- Valid li/a menu markup in both lite and admin themes
Technical notes:
- Template markup and CSS only; no behavior change
Replace the duplicated action-menu builders (add_menu, getUserMenu and two inline $actionMenu closures) with a single getActionMenu() helper and route comment, forum, private-message and clients menus through it.
Core changes:
- Action-menu helper (core/system.php):
Add getActionMenu(array $items, bool $user = false)
- Wraps each prepared HTML item in list-item and builds the popover
- Editor gear by default, user menu (is_user_menu, _USER) when $user is true
- Remove add_menu() and getUserMenu()
Replace the inline implode(list-item) menu builds in getComments and getVotingView with getActionMenu()
- Comment author menu (core/system.php):
Build the user actions menu (personal/message/profile/site) and pass it as btn_user instead of separate btn_personal/btn_pm/btn_profile/btn_web
- Forum (modules/forum/index.php):
Fold author actions plus quote-reply into the user menu via getActionMenu(..., true); route the editor menu through getActionMenu
- Private messages (core/user.php):
- Remove both $actionMenu closures; use getActionMenu() for every menu
- Build the PM author menu (profile/site) via getActionMenu(..., true)
- Clients (modules/clients/index.php):
- Route the row action menu through getActionMenu(explode('||', ...))
Benefits:
- One menu builder instead of four near-duplicates
- Consistent user-menu contract across all front-end modules
Technical notes:
- Behavior preserved; popover fragment items_html API unchanged
Replace the cache-only getCompressHtml() with a single getOutputHtml() that normalizes the assembled page in setFoot() before echo and before page-cache write, so users always receive processed HTML even when page-cache is off.
Core changes:
- Output normalizer (core/system.php):
Add getOutputHtml(string $html, bool $full = false) replacing getCompressHtml()
- Protect script/style/pre/code/textarea bodies and comments first, exposing
only the opening tag so multiline <script src> tags get normalized too- Squeeze multiline class lists and multiline tags to a single line
- Keep the template's own indentation; only drop blank lines from false {% if %}
- full=true keeps the legacy maximal-compression path and strips non-IE comments
- Output and cache wiring (core/system.php):
- Echo the readable (full=false) output to the user on every request
Compress (full=true) only the copy written to storage/cache/pages/html when cache_c=1, restoring the original cache-only compression contract
Benefits:
- Heavy parsing runs only on the few multiline matches, not on every tag
- Real homepage normalization measured at ~0.32 ms vs ~4.3 ms for a tokenizer
- view-source has no multiline tags, no multiline class, no giant glued lines
Technical notes:
- storage/cache/templates keeps compiled PHP only; final HTML is never written there
- Output is idempotent; script/style/pre/code/textarea bodies stay byte-for-byte
Behavior change: live echo is now normalized for readability on every request; with cache_c=1 a cache hit still serves compressed HTML while a miss serves readable HTML, matching the previous cache-only compression semantics
This commit refines lite theme layout spacing, rating control presentation, and floating feedback links. It removes the separate contact-block partial now that both layouts render the feedback link directly.
Core changes:
- Theme spacing and controls (theme.css, base.css):
Add a shared grid gap variable and apply it to card and post grids.
- Adjust full-view width and metadata alignment rules.
- Refine rating badges, star hover preview, and mobile metadata stacking.
Update floating idea and feedback tabs to grow from the screen edge.
- Uses sideways writing mode where supported.
- Avoids edge gaps during hover and focus states.
- Lite layouts (app.html, home.html):
- Render the feedback tab directly in both layouts.
- Keep the layout output independent of a separate partial payload.
- Theme foot variables (index.php, contact-block.html):
- Remove contactblock generation from theme foot variables.
- Delete the unused contact-block partial.
Benefits:
- Reduces one template indirection in the lite footer path.
- Improves consistency of grid spacing and floating controls.
- Keeps rating UI states clearer for interactive and static displays.
Technical notes:
- No database or storage changes.
- Template output changes are limited to the lite theme.
- Backward compatible for existing theme data except the removed internal contactblock variable.
This commit unifies rating rendering and voting request handling so star and like controls share one data contract. It also switches live rating actions to POST requests with CSRF headers.
Core changes:
- Rating rendering helper (core/helpers.php):
Collapse duplicate star and like rendering branches into one shared template payload.
- Builds a common vote query and live-state wrapper.
- Provides CSRF token data for live HTMX requests.
- Rating request handler (core/system.php):
Replace repeated module-specific branches with a table and field map.
- Keeps duplicate-vote checks by user, ip, and cookie.
- Persists votes through prepared statements and returns the refreshed rating block.
- Rating fragments (rating-bar.html, rating-like.html):
Use the shared vote_query payload for live interactions.
- Sends votes with hx-post instead of hx-get.
- Adds CSRF headers to live rating containers.
Benefits:
- Removes duplicated rating control rendering logic.
- Makes rating vote handling easier to audit and extend.
- Aligns state-changing rating actions with POST semantics.
Technical notes:
- No database schema changes.
- The template payload for rating controls is updated.
- Backward compatible for existing persisted rating values.