Elefant Versions Save

Improvements:

• I18n filters now accept DateTime objects in addition to date strings
• Added Form::generate_csrf_token() for custom use cases
• Minimal grid supports every column size increment of 5%
• Image::resize() defaults to auto-detecting the correct format
• Access control on WYSIWYG editor plugins so the editor can still be used by non-admins
• Updated Google OAuth2 login support and added Google auth credentials to user settings form
• Added admin/util/select-buttons helper to convert select boxes to button groups
• Let users set jquery_source = Off to disable jQuery completely on the front-end
• Force jQuery source to be local if admin
• Admin toolbar and admin area usability improvements
• Added admin/modal template for admin pages in frames
• Upgraded URLify to version 1.1.2-stable
• Upgraded Analog to version 1.0.11-stable

Bug fixes:

• Fixed error marking file manager app upgraded
• Fixed exception in admin toolbar template
• Removed PHP 5.3 from travis-ci config, fixed PHPUnit issues on travis-ci
• Fixed issue with dollar signs in some database passwords
• Fixed warning on templates not always quoting array keys

Security updates:

• Fixed remote execution in file manager (#287)
• Fixed remote execution in stylesheet editor (#286)

Improvements:

• Added "Now" button next to date field in blog posts

Bug fixes:

• Fixed open graph image dimension tags

Improvements:

• Added emoji support to page titles and descriptions, block titles, and blog post titles
• Added one-click Bitly link generator to file manager
• Revamped Elefant backend UI with larger inputs, buttons, and spacing for improved usability
• Updated minimal-grid.css to accommodate wider screen widths
• Added og:image:width and og:image:height Open Graph tags to blog posts
• Added I18n::short_date_year_time filter for short dates including years + times

Bug fixes:

• Fixed timecodes in embedded YouTube videos
• Fixed upload validation error in filemanager/util/browser

• Additional CSRF protection on uploads and other forms
• Fixed pager on on user chooser widget for sites with thousands of users
• Added first/last page buttons to user chooser and dynamic objects widgets

Security updates:

• Fixed url decoding happening after validation on some file uploads
• Increased restrictions in htaccess files
• Added .phtml, .pht, .php3, .php4, and .phar to restricted uploads
• Limit profile photo uploads to .jpg and .png
• Verify .csv and .vcf user imports

Improvements:

• Added responsive embed code for YouTube videos
• Added superscript button to wysiwyg editor
• Added social/cookienotice helper for cookie law compliance
• Added .e-col-15 to minimal-grid.css
• Added $.recenter_modal() to modal.js and auto-resize on window resize
• Close modal dialogs by clicking away
• User ID from API tokens is now available via user\Auth\HMAC::$user_id
• Added --no-symbols option to ./elefant generate-password
• Allow $page->add_style() with ?v= appended to stylesheet links for cache busting
• Added month limit to blog archives sidebar
• Re-enabled caching on blog archives sidebar

Bug fixes:

• Fixed thumbnail preview in blog edit form
• Fixed potentially skewed profile photos in accounts
• Fixed validation errors in RSS output
• Admins should be able to preview scheduled posts
• Fixed admin toolbar not correctly fetching list of apps
• Fixed use of undefined constant in admin toolbar
• Strip script and style tags from open graph post descriptions

Changes:

• Added 'Twitter: Tweet This' option to Dynamic Objects menu to display tweetable quotes in posts and pages.
• Improved HMAC validation by making data lowercase to avoid urlencoding differences in other programming languages.
• Added client-side validation to filetype validation rule.
• Added Facebook Pixel tracking support.
• Upgraded MediaElement video player to version 4.2.7
• Added new fcallback input validation rule to validate file uploads with a callback (e.g., to validate file contents)
• Added 'Video GIF (MP4)' option to Dynamic Objects for mp4 videos as gifs (autoplays, loops, muted, and no player controls)

Fixes:

• Fixed an error cancelling forms.
• Fixed image size ratio differences in blog sidebar thumbnails.

Changes:

• Upgraded Redactor wysiwyg editor to version 2.11
• Upgraded jQuery-filedrop plugin to latest version

Bug fixes:

• Additional type check on $ext in ExtendedModel
• Namespace fix in HMAC authenticator

Upgraded MediaElement video player, added new thumbnails view to blog app's sidebar options, minor fixes.

Minor fix to fall back to HTTP_HOST on sites without a domain name set, but print a warning to the error log to set it in Administration > Site Settings.