-
BC Breaks:
- there should be none
-
Fixes:
- [CoreBundle] More robust autoloader detection.
- [CoreBundle] Add
flex-wrap
class to pagination for responsive behaviour (bs#23504). - [Blocks] Strip script tags from XSLT block stylesheets.
- [Categories] Sanitize context menu in admin category list.
- [Extensions] Disable caching headers in
AbstractTheme
if user is logged in. - [Theme] Fix resolving assets location on Windows if Zikula is installed in a sub directory (#4480).
- [Permissions] Correctly handle non-existing username during permission testing.
- [Users] Dispatch
UserPostLoginFailureEvent
after login failure as expected. - [Users] Add missing check in
CurrentUserApi
to avoid an error in PHP8. - [Users] Fix possibly open redirect in login function.
- [ZAuth] Fix wrong
DateTime
argument inUserVerificationRepository
.
-
Features:
- there should be none
-
Security fixes from Symfony:
- Prevent RCE when calling untrusted remote with CachingHttpClient (CVE-2020-15094).
-
Fixes:
- [Users] Minor correction in user online block template.
- Fixes:
- [Categories] Fix hiding registry label in form (#4452).
- [CoreBundle] More robust autoloader detection.
- [Menu] Fix error during creation of new menus.
- Fixes:
- [CoreBundle] Fix broken autoloader recognition of additional extensions for distribution-based installations.
- [CoreBundle] Fix wrong generated directory name (docs instead of doc) in ExtensionMaker.
- [CoreBundle] Fix wrong path to possible
routes.php
file in the Kernel class. - [CoreBundle] Update maker (
make:zikula-extension
) to discourage use of Zikula as vendor (#4382). - [CoreInstallerBundle] Fix invalid access to obsolete parameter when upgrading from 3.0 to a newer version.
- [CoreInstallerBundle] Fix invalid reset of start controller settings when upgrading from 3.0 to a newer version.
- [CoreInstallerBundle] Fix wrong link to upgrade docs in the upgrader (#4364).
- [CoreInstallerBundle] Fix upgrade procedure (#4406).
- [CoreInstallerBundle] Remove blocks with properties that cannot be unserialized on upgrade.
- [CoreInstallerBundle] Remove legacy modvars beginning with 'systemplugin'.
- [FormExtensionBundle] Fix textarea width problem (#4421).
- [HookBundle] Add missing argument for assigning object ID to
FormAwareHook
constructor. - [HookBundle] Avoid JS error when editing hook provider which is not a subscriber, too.
- [Admin] Fix error when extension is not categorized.
- [Blocks] Include jQuery-UI in the block position editing template (#4400).
- [Blocks] Fixed orphan properties removal for blocks that do not use any properties.
- [Extensions] Fix outputting invalid html in modulelinks navbar (e.g.
<li icon="foo-bar"...
) - [Extensions] Fix too strict requirement of URL field for theme extensions (#4353).
- [Extensions] Fix wrong translator usage in abstract content type.
- [Extensions] Improve behaviour of
VariableApi
when system is not installed yet (#4360). - [Extensions] Improve responsive design of the extensions list.
- [HookBundle] Fix reordering assigned hook provider areas for a hook subscriber area.
- [Mailer] Improved help texts for mailer configuration (#4356).
- [Routes] Fix behavior of
prependBundlePrefix
in Routes (#4381). - [Routes] Fix sanitizing logic for routes editing (#4380).
- [Routes] Fix exception when editing routes with allowed but unset specific creation date (#4380).
- [Routes] Fix broken support for key value pairs for editing custom route parameter settings (defaults, requirements, options).
- [SecurityCenter] Fixed config setup problem defining the cache.
- [Theme] Fix wrong modvar name when setting theme.
- [Theme] Install extension assets on installation and upgrade (#4367).
- [Theme] Throw more descriptive exception when non-zasset asset is not found (#4366).
- [ZAuth] Allow creating and changing user mappings without setting a password (#4395).
-
BC Breaks:
- [General] Minimum PHP version is now 7.2.5 instead of 5.5.9 (#3935). PHP 7.2.5+ is also required by Symfony 5.
- [General] The directory structure is dramatically different (reflecting changes from Symfony).
- The
public/
directory is now the web root. Set your server/htaccess/etc accordingly. public/index.php
is the entry point to the site.- See https://symfony.com/doc/current/setup/web_server_configuration.html for more information.
- The
- [General] Changes regarding directory layout
- Non-core themes and modules are now both stored in
src/extensions
. - The
src/app/config/
directory has been moved toconfig/
. - The
src/app/Resources/<BundleName>/views/
directory is now located attemplates/bundles/<BundleName>/
. - The
src/app/Resources/translations/
directory becametranslations/
. - The
src/app/Resources/views/
directory becametemplates/
. - The
src/app/Resources/workflows/
directory becameconfig/workflows/
. - The
src/lib/Zikula/Bundle/
directory has been moved tosrc/Zikula/
. - The
src/web/
directory has been moved topublic/
.
- Non-core themes and modules are now both stored in
- [General] Changes regarding configuration files
- Configuration for specific packages has been moved into
config/packages/*.yaml
. - The
parameters.yml
file has been renamed toservices.yaml
. - The
custom_parameters.yaml
file has been renamed toservices_custom.yaml
. - YAML files use the
.yaml
extension instead of.yml
. - The
%temp_dir%
parameter has been removed. If you need a temporary folder usesys_get_temp_dir()
. - The parameters
system.chmod_dir
andurl_secret
have been removed without any replacement. - Symfony 5.* uses environment variables for local configuration in a
.env
or.env.local
file at the root of the project. - Some other parameter have been removed in favour of environment variables
env
becameAPP_ENV
.debug
becameAPP_DEBUG
.secret
becameAPP_SECRET
.database_*
becameDATABASE_URL
.installed
is re-purposed. It now holds the value of%env(ZIKULA_INSTALLED)%
and is no longer abool
but astring
- To determine a bool if needed, compare the value to '0.0.0', e.g.
$isInstalled = '0.0.0' !== $installed;
- To determine a bool if needed, compare the value to '0.0.0', e.g.
core_installed_version
is removed in favor ofinstalled
or%env(ZIKULA_INSTALLED)%
- Configuration for specific packages has been moved into
- [General] Service definitions have been updated to use Symfony autowiring and autoconfiguring functionality (#3940, #3872). This includes autowiring entity repositories by inheriting from
Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository
. - [General] Several namespaces changed their location.
- Please see refactoring docs for the details.
- [General] Several event changes (requires listener modifications).
- Please see refactoring docs for the details.
- [General] Interface extensions and amendments
- [General] Interfaces and APIs implement argument type-hinting in all methods. This can break an implementation of said interfaces, etc.
- [CoreBundle] Removed second argument (
$first = true
) fromZikulaHttpKernelInterface
methodsgetModule
,getTheme
andisBundle
(#3377). - [CoreBundle]
ZikulaHttpKernelInterface
has droppedgetConnectionConfig()
method. Use environment variableDATABASE_URL
instead. - [Blocks]
Zikula\BlocksModule\Api\ApiInterface\BlockApiInterface
has droppedgetModuleBlockPath()
method. - [Blocks]
Zikula\BlocksModule\Api\ApiInterface\BlockFactoryApiInterface
has changed signature ofgetInstance()
method. - [Blocks]
Zikula\BlocksModule\BlockHandlerInterface
requires a new methodgetPropertyDefaults()
to be implemented. - [HookBundle]
Zikula\Bundle\HookBundle\HookProviderInterface
requires a new methodgetAreaName()
to be implemented. - [HookBundle]
Zikula\Bundle\HookBundle\HookSubscriberInterface
requires a new methodgetAreaName()
to be implemented. - [HookBundle]
Zikula\Bundle\HookBundle\HookProviderInterface
has droppedsetServiceId
andgetServiceId
methods. - [HookBundle]
Zikula\Bundle\HookBundle\Collector\HookCollectorInterface
has changed signature ofaddProvider()
andaddSubscriber()
methods. - [Extensions]
Zikula\ExtensionsModule\ModuleInterface\Content\ContentTypeInterface
requires a new methodgetBundleName()
to be implemented. - [Permissions]
Zikula\PermissionsModule\Entity\RepositoryInterface\PermissionRepositoryInterface
requires new methodsgetAllColours()
anddeleteGroupPermissions()
to be implemented. - [Search]
Zikula\SearchModule\SearchableInterface
requires a new methodgetBundleName()
to be implemented. - [Search]
Zikula\SearchModule\SearchableInterface
has changed signature ofgetResults()
method. - [Users]
Zikula\UsersModule\MessageModule\MessageModuleInterface
requires a new methodgetBundleName()
to be implemented. - [Users]
Zikula\UsersModule\ProfileModule\ProfileModuleInterface
requires a new methodgetBundleName()
to be implemented.
- [General] Entity changes
- [Blocks]
Zikula\BlocksModule\Entity\BlockEntity
changed some obsolete accessors for PSR-1 compatibility. Please use nowgetLastUpdate/setLastUpdate
. - [Categories]
Zikula\CategoriesModule\Entity\CategoryEntity
changed some obsolete accessors for PSR-1 compatibility. Please use nowgetLocked/setLocked
,getLeaf/setLeaf
,getDisplayName/setDisplayName
,getDisplayDesc/setDisplayDesc
,getCreatedDate/setCreatedDate
,getUpdatedDate/setUpdatedDate
,getCreatedBy/setCreatedBy
,getUpdatedBy/setUpdatedBy
. - [Categories]
Zikula\CategoriesModule\Entity\CategoryRegistryEntity
removed some obsolete accessors for PSR-1 compatibility. Please use nowgetStatus/setStatus
,getCreatedDate/setCreatedDate
,getUpdatedDate/setUpdatedDate
,getCreatedBy/setCreatedBy
,getUpdatedBy/setUpdatedBy
. - [Extensions]
Zikula\ExtensionsModule\Entity\ExtensionEntity
has renamedcore_min
tocoreCompatibility
and removedcore_max
property (#3649).- The table name has been renamed from
modules
toextensions
.
- The table name has been renamed from
- [Permissions]
Zikula\PermissionsModule\Entity\PermissionEntity
removed therealm
andbond
properties. - [Search]
Zikula\SearchModule\Entity\SearchResultEntity
has changed theextra
field fromtext
toarray
. ThesetExtra()
method takes care of that though. - [Theme]
Zikula\ThemeModule\Entity\ThemeEntity
is removed along with its Repository and RepositoryInterface classes.- The data is now stored in the
extensions
table and managed by the ExtensionsModule.
- The data is now stored in the
- [Users]
Zikula\UsersModule\Entity\UserEntity
changed some obsolete accessors for PSR-1 compatibility. Please use nowgetApprovedDate/setApprovedDate
,getApprovedBy/setApprovedBy
,getRegistrationDate/setRegistrationDate
,getLastLogin/setLastLogin
. - [ZAuth]
Zikula\ZAuthModule\Entity\UserVerificationEntity
changed some obsolete accessors for PSR-1 compatibility. Please use nowgetCreatedDate/setCreatedDate
.
- [Blocks]
- [General] Removed custom translation system (#4042). Use Symfony's translation system directly.
- Default translation domain is now always
messages
. Use specific other domains (e.g.mail
,config
,hooks
etc.) where appropriate.
- Default translation domain is now always
- [CoreBundle] Removed
Zikula\Core\Response\Ajax\*Response
classes (#3772). Use Symfony'sJsonResponse
with appropriate status codes instead. - [CoreBundle] Removed all classes from the
Zikula\Core\Token
namespace. If you need custom CSRF tokens use isCsrfTokenValid() instead (#3206). - [CoreBundle]
CoreBundle/Composer/Metadata
has removed$basePath
and$rootPath
properties and their getters. - [CoreBundle]
$kernel::isCoreModule()
is renamed to$kernel::isCoreExtension()
.- The corresponding Twig filter is similarly renamed.
- [CoreBundle] Old
pager
Twig function has been removed in favour of a new Pagination utility. - [CoreBundle] Old
abcpager
Twig function has been removed in favour of a new AlphaFilter utility. - [CoreBundle]
dispatchEvent
Twig function changed to dispatch any type of event. Old functionality still available indispatchGenericEvent
. - [CoreBundle] Removed
Zikula\Core\Exception\FatalErrorException
in favour of direct usage ofSymfony\Component\ErrorHandler\Error\FatalError
- [CoreBundle] Removed the
languageName
Twig filter (uselanguage_name
instead (docs)) - [CoreBundle] Removed the
polyfill
Twig tag (#3925). - [CoreBundle] Removed
ZikulaKernel::VERSION_SUB
constant. - [CoreBundle]
Bundle\CoreBundle\Helper\PersistedBundleHelper::getConnection
visibility set to private - [CoreBundle]
Bundle\CoreBundle\Helper\PersistedBundleHelper::addAutoloaders
visibility set to private - [CoreBundle]
Bundle\CoreBundle\Helper\BundlesSchemaHelper::createSchema
visibility set to private - [HookBundle] The
Zikula\Bundle\HookBundle\ServiceIdTrait
trait has been removed. - [Blocks]
Zikula\BlocksModule\AbstractBlockHandler
is not ContainerAware anymore. - [Mailer] MailerApi and Swift_Mailer is fully removed in favor of the Symfony Mailer Component. Mailer is configurable in MailerModule (#4000).
- [Extensions]
Zikula\ExtensionsModule\Installer\AbstractExtensionInstaller
is not ContainerAware anymore. - [Extensions]
Zikula\ExtensionsModule\Event\ModuleStateEvent
is renamed toZikula\ExtensionsModule\Event\ExtensionStateEvent
.- Its methods also renamed:
getModule
->getExtension
andgetModInfo
->getInfo
.
- Its methods also renamed:
- [Extensions] All the Events in
Zikula\ExtensionsModule\ExtensionEvents
are changed - both the name and the ConstantName. - [Extensions] Replaced
LinkContainer
withExtensionMenu
for collecting module menus (admin, user, account). See companion docs. - [Extensions] Changes to
composer.json
- Removed use of
admin.png
and replaced by adding icon class >>extra/zikula/icon: "fas fa-user"
.- Themes now also need to include an icon.
- Setting >>
extra/zikula/capabilities/admin/url
is no longer supported. Useextra/zikula/capabilities/admin/route
. - Change how themes define user and admin capabilities.
- old: e.g.
capabilities/admin:true
- new: e.g.
capabilities/admin/theme:true
- old: e.g.
- Removed use of
- [Settings] The
Zikula\SettingsModule\Validator\ValidController*
classes have been removed. - [Users] Support for ancient Macintosh-type line-endings (\r) on user CSV file import has been dropped.
- [ZAuth]
Zikula\ZAuthModule\Api\PasswordApi
andZikula\ZAuthModule\Api\ApiInterface\PasswordApiInterface
are deprecated and will be removed in Core-4.0.0- Use
Symfony\Component\Security\Core\Encoder\EncoderFactoryInterface
orbin2hex(random_bytes(8))
- Use
- [Theme] There is no
web/bootstrap-font-awesome.css
file generated anymore. Instead, Bootstrap and Font Awesome are always included independently.
-
Fixes:
- [CoreBundle] Fixed "remember me" problem caused by faulty session regeneration with custom lifetime in PHP 7.2+ (#3898, #4078).
- [HookBundle] Fixed problem where hooks tables are not updated when upgrading from Core-1.x.x (#3977).
- [HookBundle] Introduced
Zikula\Bundle\HookBundle\Event\HookPostChangeEvent
to allow reactions on changed hook bindings. - [CoreBundle] Provide more kernel information in coredata (#3651).
- [CoreBundle] Removed workaround for older DBAL versions (#2185).
- [Admin] Readded missing permission checks for specific admin area categories.
- [Blocks] Made JavaScript functionality more robust (#3911).
- [Blocks] When updating a block, orphan properties are removed (#3892).
- [Categories] Fixed broken drag n drop of categories when target position is the top of a subtree.
- [Categories] Fixed logic of
CategoryProcessingHelper#mayCategoryBeDeletedOrMoved
(#3920). - [Mailer] Set correct port for Gmail transport type (#4142).
- [Mailer] Setting to enable logging of sent mail actually logs sent mail.
- [Menu] Fixed broken drag n drop of menu items when target position is the top of a subtree.
- [Permissions] Properly handle deleted user groups (#3963).
- [Printer] Removed ancient workaround in printer theme (#3653).
- [Search] Fixed behaviour of recent searches list.
- [Search] Fixed broken functionality of hiding submit button in search block.
- [Settings] Fixed non-default languages being available when multilingual is disabled (#3938).
- [Settings] Start page controllers now get properly set the
_route
request argument (#3955). - [Settings] Updated listener priorities to fix non-working variable localisation (#3934).
- [Theme] Fixed problem with preview of theme (#3957).
- [Theme] Improved asset merger with regards to negative weights (#3978).
- [Theme] Readded missing functionality for configurable page title schemes (#3921).
- [Theme] Refactored page title handling (#3969).
- [Users] Fixed admin notification email for new registrations which was not done in some cases.
- [Users] Fixed duplicate emails allowed when registering with different authentication methods (#3720).
- [Users] Fixed import of users from a file (#4161).
- [Users] Fixed orphaned users on attempt to delete stale pending registrations (#4218).
- [Users] Fixed problem where stale pending registrations were not deleted (#4069).
- [Users] Fixed problem with deleting user(s) from a very large database (#3953).
- [Users] Cosmetical corrections for account link graphics.
- [ZAuth] Check if verification record is already deleted when confirming a changed mail address.
- [ZAuth] Default minimum length for passwords is now raised to 8. Absolute minimum length is still 5 (#2842).
- [ZAuth] Fixed broken JavaScript in user modification form (#3992).
- [ZAuth] Properly consider "user must verify" flag during user creation (#3964).
-
Features:
- [General] Utilise autowiring and autoconfiguring functionality from Symfony (#3940).
- [General] Scalar type hints have been added to all method arguments and return values; corresponding docblocks have been dropped (#3960).
- [General] Migrated all templates to Bootstrap 4 and Font Awesome 5 (#3530, #4037).
- [General] Added twig-inspector for easy debugging of Twig templates (#4051).
- [CoreBundle] Added ability to create dynamic site properties (e.g. titles, meta descriptions etc.) by subclassing
Zikula\Bundle\CoreBundle\Site\SiteDefinition
(#519). - [CoreBundle] Added CLI command to generate an Extension skeleton with instruction on using Symfony MakerBundle to complete development (#4034).
- [CoreBundle] Added new Doctrine Paginator wrapper
Zikula\Bundle\CoreBundle\Doctrine\Paginator
and paginator template. See docs. - [CoreBundle] Added new
AlphaFilter
classZikula\Bundle\CoreBundle\Filter\AlphaFilter
and template. See docs. - [CoreBundle] Added
Zikula\Bundle\CoreBundle\Helper\LocalDotEnvHelper
to assist in writing to the.env.local
file. - [CoreBundle] Extended site definition and added means for site-wide branding (#3972).
- [CoreBundle] Introduced a new
\Zikula\Bundle\CoreBundle\Site\SiteDefinitionInterface
for dynamic site attributes (#3972). - [CoreBundle] Reworked
Zikula\Bridge\HttpFoundation\DoctrineSessionHandler
to extendSymfony\Component\HttpFoundation\Session\Storage\Handler\AbstractSessionHandler
(#3870). - [CoreBundle] Using
utf8mb4
charset on MySQL platforms for real utf8 support (#3784). - [CoreInstallerBundle] Added possibility to specify custom database port in installer.
- [FormExtensionBundle] Centralised dynamic form field handling from Profile module in FormExtensionBundle (#3945).
- [HookBundle] Added Twig function for creating a
RouteUrl
instance (#3802). - [Blocks] Blocks can now specify default property defaults used for custom form fields (#3676).
- [Bootstrap] Added all styles from Bootswatch to the Bootstrap theme (#4037).
- [Bootstrap] Added option to allow users individually switching between available Bootswatch styles (#4037).
- [Extensions] Added ability to choose a Font Awesome icon for admin categories, categories and extensions (#3598, #4061).
- [Extensions] Added CLI commands to manage extension installation, upgrade and uninstall and sync (#3517).
- [Extensions] Added "Connections" menu to ExtensionsMenu so extensions can add menu children to other connected extension's admin UI.
- [Extensions] Added support for separators in dropdown menus of extensions interface / module links (#3904).
- [Extensions] Automatic contribution of admin menu item to display Markdown docs for other extensions. Help UI can be configured to use either a modal window or a fixed sidebar (#3739).
- [Extensions] In general, 'module' and 'theme' are now generically referred to as 'extensions' and many methods or properties have been renamed to align.
- [Extensions] System themes (Bootstrap, Atom, Printer, Rss) are now located in
system/
and are loaded directly into the kernel. - [Permissions] Added new fields for optional comments and colours to permission rules (#914).
- [Permissions] Added
@PermissionCheck
annotation for use in Controllers. SeeZikula\PermissionsModule\Annotation\PermissionCheck
and examples in Core. - [Routes] Added automatic setting of locale parameter when generating routes in JavaScript (#3453).
- [Search] Support arrays and longer strings in the
extra
field of search results (#3619, #3900). - [Settings] Added support for creating and changing translations on-site using "Edit in Place" and/or a WebUI (#4012, #2425).
- [Settings]
LocaleApi
is now able to work with regions, too (#4012, #2425). - [Settings] New and removed locales are automatically reflected in the configuration (#4012, #2425).
- [Settings] Start page arguments can now be defined more flexible (GET parameters and request attributes) (#3955).
- [Settings] Start page can now be configured for each available language (#3955).
- [Settings] Start page can now be defined much easier (a dropdown allows to choose a route/controller combination) (#3955).
- [Theme] Allow
zasset
syntax for relative assets also for normal bundles. - [Theme] Moved calling
adminHeader()
andadminFooter()
into theme layer (#4255). - [Theme] The location for choosing the default theme and admin theme has been moved to the Theme module settings.
- [Users] Added display of authentication method to user list (#3704).
- [Users] Added CLI command to create any number of users for testing purposes
bin/console zikula:users:generate
. - [Users] Added CLI command to delete any number of users
bin/console zikula:users:delete
. - [Users] Added CLI command to import users
bin/console zikula:users:import
. - [Users] Added email notification to deleted pending registrations (#2915).
- [Users] Allow users to delete themselves (with admin setting) (#1322).
- [Users] Persist the locale a user used during his registration (#4098).
- [Users/ZAuth] Added common header/footer templates for login templates (#3937).
- [Users/ZAuth] Added common header/footer templates for user registration and login related email templates (#3937).
- [ZAuth] A new password strength meter is implemented (see GitHub repo) (#2842).
- [ZAuth] Added a simple password generator in all places where a new password might be needed (#2842).
- [ZAuth] Added ability to force a group of users to change their password on next login (#2842).
- [ZAuth] Added CLI Command to edit password, email, username properties of user mappings (a replacement for the old Zikula Recovery Console).
- [ZAuth] Added
UserCreationApi
to assist with the manual creation of ZAuth-method users (#3265). - [ZAuth] More user-friendly response messages during account information recovery (#3723).
- [ZAuth] Passwords are now always hashed with the the most up-to-date algorithm available (via Symfony security component) and automatically updated on login (#2842).
- [ZAuth] Passwords can optionally be validated with Symfony's NonCompromisedPassword validator (docs) (#2842).