v1.0.456

UX/UI Improvements:

• Added default "hard" (artisan down) maintenance mode view, able to be overridden by a maintenance.php file placed in the project root.
• Added support for previewing SVG images in the Media Library

API Changes:

• Added Url::buildUrl() method (along with helper http_build_url()) as a polyfill for the PECL HTTP http_build_url() function.
• Added support for database-driven theme templates, enable cms.databaseTemplates to use it

Bug Fixes:

• Fixed issues with hasMany relationship management by reverting some performance PRs to that process that were causing issues.
• Fixed adding new dashboard widgets defaulting to full screen width instead of 5/6th of full screen.

v1.0.455

UX/UI Improvements:

• Implemented easy impersonation of backend users through the backend - feature controlled by the new backend.impersonate_users permission
• Open rowlink rows in a new tab when the Command or Ctrl key is held down (previously only did it for the Ctrl key)
• Added disabled style for switch field types

API Changes:

• Changed the FileUpload FormWidget to process uploads with a onUpload AJAX handler instead of the checkUploadPostback method
• Changed the default value of cache.disableRequestCache to be null which now disables the in memory request cache during CLI requests and enables it during HTTP requests. Other values are explicit true or false.
• Brought the AuthManager and User classes more in line with Laravel's Auth library; full support is still a far ways off though.
• Removed the mediafinder buttons from the RichEditor and MarkdownEditor FormWidgets when the user does not have permission to use the media library.

Bug Fixes:

• Fixed issue with retaining transparency when making thumbnails for some image files
• Fixed issue that could cause potential data loss with complicated implementations of the Repeater formwidget.
• Fixed issue where the DatePicker was ignoring the value of ignoreTimezone when in mode date

Translation Improvements:

• Improved Dutch translation

v1.0.454

API Changes:

• Moved RichEditor extending JS plugins into their own compiled file to eleminate the need to have the DRM vendor files present in order to build Winter's specific JS add-ons to the RichEditor
• Added support for Filter widgets in the RelationController view and manage options

Bug Fixes:

• Fixed issue where CSRF protection would prevent uploads directly in the RichEditor from succeeding by including the CSRF token in those requests
• Fixed issue with scrolling backend lists on mobile devices
• Fixed issue where the subject and / or user password in the user welcome email could be HTML encoded
• Fixed typo in FormWidget's JS & CSS stub files

Translation Improvements:

• Improved Finnish translation

v1.0.453

Bug Fixes:

• Truncate URLs in the Request Log to 191 characters instead of 255 to reflect the default DB schema of utf8mb4
• Fixed issue introduced in Build 1.0.452 where all themes would have their configuration cached under the same key causing issues when switching themes.
• Improve tab usability on mobile by disabling the swipe-to-change-tabs feature as it conflicted with tabs that had horizontal scrollable content.

Security Improvements

• Escape more user provided inputs in the backend to minimize potential XSS

Translation Improvements:

• Improved Viatnamese & Serbian input preset character mapping

Community Improvements:

• Setup a Discord server to experiment with potentially moving to Discord: https://discord.gg/D5MFSPH6Ux

v1.0.452

UX/UI Improvements:

• Force values that would overflow a .form-control container to wrap to the next line instead of overflowing the field
• Fixed minor visual glitch in the Insert URL popup of Froala

API Changes:

• Added oc.inputPreset.beforeUpdate JS event to the input.preset.js logic
• Added support for optional $options parameter to the FormController's formRenderField($name, $options) method to be passed to the Form widget's renderField($name, $options) method.
• Added role="form" attribute to output of Form::open()
• Added automatic conversion of array notation to dot notation in validation rules (attribute[nested] to attribute.nested, etc)
• Added cache attribute to attributes supported by addJs($script, $attributes) to enable disabling the CloudFlare RocketLoader which causes issues in the backend.
• Simplified how the Repeater FormWidget works internally which should resolve some sporadic issues.
• Now using an embedded Form widget to process FileUpload file properties (like title and description). This enables dynamic extension of this form.
• Added automatic mimetype detection of .svg files as image/svg+xml
• Added relationGetManageWidget() and relationGetViewWidget() methods to the RelationController behavior.
• Added hasFatalError() and getFatalError() methods to the ErrorMaker trait
• Return 404 when attempting to visit /error directly when debug mode disabled
• Added ability to make wildcard URL parameters optional.
• Added support for morphOne relations in backend list columns

Bug Fixes:

• Fixed issue with the DataTable FormWidget being unable to dynamically get dropdown options
• Fixed issue where Form widgets attached to the CMS backend controller would have a different alias on every request causing features that relied on consistent aliases to break (namely grouped repeaters in the CMS / RainLab.Pages section)
• Fixed issue where the text filter used a hardcoded widget alias instead of getEventHandler()
• Fixed issue where when inserting an image with the mediafinder into a richeditor field, the image could sometimes be inserted at the top of the content instead of where the cursor was when it was originally selected
• Fix ability to clear RecordFinder fields when useRelation is set to false
• Fixed issues introduced in Build #449 with regards to the "Image not found" message showing up at incorrect times for the MediaFinder formwidget
• Fixed a bug where track-input triggered requests could return incorrect results by waiting until input is finished to fire requests triggered by tracking input
• Fixed bug where inserting a link reference to a home page (/) in the RichEditor through the page selection dialog would actually insert an empty link reference instead.
• Fixed issue where a scheduled command could be run before the database is initially populated which could cause issues if that command attempted to access the database.
• Fixed support for Laravel's automatic package discovery feature

Security Improvements

• Prevent public functions on backend ControllerBehaviors from being run as controller actions unless intended to do that.

Translation Improvements:

• Improved Arabic translation
• Improved Hungarian translation
• Improved Spanish (Argentina) translation

Performance Improvements:

• Added preloading of all essential scripts in the backend to improve performance
• Improved performance when utilizing remote storage drivers by caching the results of hasFile().
• Cached the parsed theme configuration to improve performance on subsequent page loads

Dependencies

• Updated jQuery from V3.3.1 to V3.4.0

v1.0.451

UX/UI Improvements:

• Added support for previewMode to the markdown FormWidget

API Changes:

• Added new configuration option database.useConfigForTesting to change the default behaviour of using the in-memory Sqlite DB driver for running automated tests to using whatever connection is defined by your configuration.
• Added defaultFormatOptions to the ImportExportBehavior to override the default format options to be used when exporting

Bug Fixes:

• Fixed support for migration files in subdirectories
• Fixed colorpicker FormWidgets being unable to be manually updated while inside of a popup modal
• Fixed issue with getting request input from get() and post() that were introduced in Build 1.0.450.
• Fixed issue where grouped repeaters stopped working in Build 1.0.449

Translation Improvements:

• Improved Russian translation

v1.0.450

API Changes:

• input(), get(), & post() now pull values from the Request app container instead of directly from the PHP superglobals
• Execution context is now handled in the application container
• All uses of of exit() or die() removed to support being run under a concurrent server (i.e. Swoole)

Bug Fixes:

• Updated Froala license key

v1.0.449

UX/UI Improvements:

• Redirect users with the manage_theme_options (but not the manage_themes) permission directly to the Customize theme page
• Dashboard now uses a 12-column layout instead of a 10-column layout
• Show a "not found" message when the image selected by a mediafinder FormWidget does not exist
• Added link to backend updates page to see a detailed changelog for the current build
• Minor improvements to the styling of the clear search button

API Changes:

• Support enableDefaults on repeaters using grouped mode
• Simplified the Repeater item's data saving process by calling each item's Form widget's getSaveData() method instead of attempting to process the data directly.
• Disabled FormWidgets are now ignored in the Form widget's getSaveData() method just like regular form fields are.
• Backend Controller middleware support has been changed to only support 'after' middleware as it requires instantiating plugin controllers in order to retrieve the middleware that they have registered, which calls the constructor for those controllers; which is where the problem is (Controller constructors often, for one reason or another, do things that require the session to be started, for instance, getting the current user)
• Added support for headCssClass in the Lists widget's column definitions to specify a CSS class to be added to the table header cell for that column.
• Added allowTrashedSlugs property to models that use the Sluggable and SoftDelete database traits to include the slugs of records that have been soft deleted when checking to see if a slug already exists.

Bug Fixes:

• Fixed Save & Close button on the ThemeOptions update view
• Fixed long standing issue with being unable to update translated values with the RelationController
• Fixed issue where Repeaters with the same field names being bound to the same controller would cause confusing conflicts as they tried to process each other's data.
• Fixed issue where having the CMS module present but disabled would still try to handle backend 404's with the CMS controller.
• Fixed issue where multiple Filter widgets could not exist on the same page at the same time.
• Fixed support for migration files with extra .s in their file names (ex. 1.0.5.update_posts.php)
• Fixed issue where the popup loading indicator would sometimes not close after the request had finished loading
• Improved FireFox & IE11 support by fixing race conditions in backend JS

Translation Improvements:

• Improved French translation

Community Improvements:

• Added guidelines for updating JS dependencies used in the Winter CMS core

Dependencies

• Fixed issue with Twig 2.7.4
• Replaced all deprecated Twig PSR-0 class references with the new PSR-4 class references.
• Updated Froala to 2.9.3

v1.0.448

UX/UI Improvements:

• Improved consistency of file size displayed in the FileUpload FormWidget between upload and page load actions
• Added Inline (No icons) navigation mode to the branding settings

API Changes:

• Changed filter.js to fire AJAX requests on the filter control element instead of the closest form element
• Changed the datepicker FormWidget when in mode date to send a DateTime string with zeroed time (according to the app.timezone configuration) using the client's timezone. This is a change from the previous behaviour of sending the current time.
• Added ability to specify a permissions array when registering ReportWidgets to force the user to have at least one of the specified permissions to be able to utilize the ReportWidget in question.
• Added support for counter and counterLabel to main menu items, counter will default to the sum of the relevant side menu counters unless counter is set to false.
• Added support for multi-line update messages in plugin's version.yaml file
• Now firing the backend.list.extendRecords event from the export() method when useList: true in the ImportExportController behavior.
• abort(404) now returns the backend 404 view when called in the backend (module and plugin backend controllers)
• Added plugin:list, plugin:disable Author.Plugin, plugin:enable Author.Plugin Artisan CLI commands
• Added backend.layout.extendHead view event (passes $layout = 'auth.htm' | 'default.htm')
• Changed Backend\Classes\Controller to extend the base Illuminate\Routing\Controller class instead of being its own root class in order to support the middleware() method on the controllers.

Bug Fixes:

• Fixed field default values when adding new items with the Repeater or when using minItems over 0
• Fixed support for nested jsonable properties as list columns (i.e. additional_data[level_1][level_2])
• Fixed support for DataTable FormWidgets within Repeaters
• Fixed an issue where SVG menu icons wouldn't display on page load and required a repaint to actually display
• Fixed issue where the password in invitation emails was getting HTML encoded leading 123&test to become 123&test
• Fixed issue with AJAX handlers in ReportWidgets, specifically related to issues with the widget aliases not being set correctly
• Fixed issue with being unable to use the second datepicker field's popup for a daterange filter inside of a popup
• Fixed issue with multibyte slugs, reduced default max length from 240 to 175 to account for the default DB charset of utf8mb4
• Fixed the hasMany relationship when not using the model's primary key as the the relationship's key
• Fixed issue where attempting to install plugins from the winter:install CLI command wouldn't work due to plugins attempting to install themselves before Winter itself was configured.
• Return a 500 response instead of a 200 response when an exception is thrown during the compiling of an asset file using the AssetCombiner
• Fixed minor CSS bug in Firefox (user deleted message on the user detail's page)
• Fixed error "Invalid security token" when trying to login to the backend by instructing the browser to clear it's cache on signin and signout as well as unregistering any service workers on the login action

Translation Improvements:

• Improved Hungarian translation
• Improved Turkish translation
• Improved French translation
• Improved Arabic translation

Performance Improvements:

• Refactored stripe-loading-indicator to use CSS transforms instead of animating the width property to improve rendering performance.

v1.0.447

UX/UI Improvements:

• Added Backend 404 page, throw 404 instead of an exception on missing backend controller actions when debug mode is disabled.
• Added "Go to previous page" link to the Backend Access Denied page

API Changes:

• Renamed the Lists widget's prepareModel() method to prepareQuery() instead.
• Provided the containing Form widget to FormWidgetBases instances as $widget->getParentForm() to enable complex FormWidgets to correctly obtain their containing Form widget instance.
• Implemented automatic backend URL generation for protected file's getPath() and getThumb() methods
• Added returnResponse parameter to output() and outputThumb() methods on the Winter\Rain\Database\Attach\File class to return Response objects instead of outputting the response headers and content directly.
• Added validateUserModel() method to the AuthManager class to provide an opportunity to reject a user's login
• Added step, min, & max options to the number field type.
• Added support for the recordfinder FormWidget to be used without a relationship definition through the useRelation: false and modelClass config properties
• Added support for the brand.faviconPath config option (and backend customization option) to load a custom favicon for the backend to use
• Added support for the data-request-url attribute to change the URL that the AJAX API fires an AJAX request to
• Added getClassMethods() method to the ExtendableTrait as a replacement for get_class_methods() to include the dynamic methods that are available within the class as well
• File models will now attempt to get the backend files controller path instead of the public path for private files. This may be a breaking change if you had previously misconfigured your server so that the private upload directory was publicly accessible and you were relying on private files being visible to public visitors.

Bug Fixes:

• Fixed issue when the user's current page number for the list widget no longer existed (for any number of reasons) causing them to become stuck on a non-existent page. Fixed by using the last available page number in that case.
• Fixed Filter options being escaped twice (once by Mustache, once by the internal options retrieval logic)
• Fixed being unable to detect the Enter and Backspace / Delete keys in the keydown.oc.richeditor event by attaching the event before internal Froala capturing events are run.
• Fix the input trigger API where a form element doesn't exist
• Fixed returning false from model.beforeValidate not halting the validation process.
• Fixed FormWidgets not picking up the correct previewMode setting from their parent Form on AJAX requests that do not call the parent Form's render() method.
• Reduced reliance on the CMS module from the Backend module to improve stability of instances that just use the Backend and System modules (i.e. web applications)
• Only translate default values when they are strings (not arrays as in the case of default values for Repeaters).
• Fixed display of the "Clear search" button in various contexts
• Improved error messages in the YAML parser
• Fixed issue from Build 1.0.444 where tabs and tables were no longer horizontally scrollable on touch devices
• Fixed issue with simplePaginate using Laravel's translation system for Next & Previous which doesn't work in Winter
• Fixed insidious bug where HasOne relationship's getSimpleValue would return the key of the parent record, not of the actual related record.
• Fixed issue introduced in Build 1.0.446 where some media URLs would contain the base folder twice in a row
• Fixed issue with expanding / collapsing the side menu items within the backend settings section
• Fixed the Repeater's "Add item" (grouped mode) popover in a popup context
• Fixed dropdown's support for the placeholder attribute.

Security Improvements

• Added escaping to more variables to prevent potential XSS attacks

Community Improvements:

• Now running automatic CI tests with PHP 7.3

Documentation Improvements:

• Added better documentation on how to register custom validation rules within plugins, credit to Ben Thomson