v0.1.0-beta.7.1

Security

• Fixed a vulnerability that allows an attacker to bypass the email verification step during registration. (@clarkwinkelmann) (more details)

v0.1.0-beta.7

Added

• Add "remember me" checkbox in login from.
• Update notification count when discussion list refresh button is clicked. (@datitisev)
• Add event to allow custom user password validation.
• Support module prefixing of locale resources.
• Allow accessing the session via the actor.
• Add group gambit to support search user by group name. (@liji)
• Ability to manually activate users. (@renyuneyun)
• Add dir and lang attribute in app.blade.php. (@datitisev)
• Prevent crawlers from indexing nojs pages.
• Add option to hide the language selector. (@datitisev)
• Add link() and setCanonicalUrl() methods to the WebAppView.
• Add viewUserList permission. (@datitisev)
• Allow JSON config to be used for command-line installation. (@dav-is)
• Add API for extensions to mark discussions and posts as private. (@luceos)
• Improve password reset validation/error handling.
• Added a migration helper for adding default permissions.
• Turn Rename Discussion dialog into a modal. (@datitisev)

Fixed

• Prevent deletion of default locale. (@dav-is)
• Prevent overwriting of user attributes on authenticated registration. (@dav-is)
• Prevent notice if bootstrapping app in command line environment.
• Make Add Extension modal's title translatable. (@milescellaro)
• Fix asset path when unpublishing. (@clarkwinkelmann)
• Update affix sidebars when window is resized.
• Fix login remember in MS EDGE.
• Prevent reverting editable user bio on click.
• Fix API sorting of users by post count.
• Support PNG avatars with transparent backgrounds and fix EXIF rotation. (@oanhnn, @Zeokat)
• Fix /api/posts returning 500. (@datitisev)
• Make extension event attributes public.
• Prevent admins from demoting themselves through the API. (@datitisev)
• Fix incorrect migration notes for extensions without any migrations.

Changed

• Upgrade s9e\TextFormatter to 0.8.1. (@JoshyPHP)
• Upgrade zendframework/zend-stratigility to 1.3.
• Update minimum required PHP version to 5.6.
• Add specific error message for username validation.
• Remove fa-fw class from all icons. Manually apply the fa-fw class or other styles if needed.
• Simplify global back button behaviour and appearance.

Also see the release notes for: approval flags lock mentions sticky suspend tags

v0.1.0-beta.6

Added

• Allow separation of public and base directories. (@bmalex88)
• Introduce superficial permission dependency tree to make UI more intuitive.
• Add specific error message when an email address is not found in forgot password modal. (@datitisev)
• Pull in FontAwesome as a Composer dependency, and update to 4.6.
• Add ability to view the IP address for a post in its meta dropdown. (@dav-is)
• Show an upload icon instead of a user's default avatar on their own profile. (@datitisev)
• Add admin pane to configure SMTP settings. (@datitisev)
• Add ability to upload forum logo and favicon.
• Add ability to add custom HTML above the Flarum header.
• Log exceptions in error handler middleware.
• Add CLI installer option to write the config file to a different path.
• Allow extensions to add default model attributes.
• Add Server extend API to allow skeleton to customise the Application instance.
• Automatically support basic HTML tags in translations.
• Add cache:clear CLI command.

Changed

• Updated s9e\TextFormatter to 0.5.0. (@JoshyPHP)
• Improve inline code styling. (@datitisev)
• Use group ID instead of name in generated class names.
• Scroll to reply preview immediately when opening composer.
• Change post edited icon into text. (@datitisev)
• Clean up discussion renamed posts to only show the new title.
• Extract list keyboard navigation code from search into a reusable class.
• Improve text contrast, especially in dark mode.
• Change permission logic priorities; change policy catch-all method from before to after.
• Simplify deleted post toggle CSS.
• Refactor web app bootstrapping code.

Deprecated

• Deprecated ConfigureClientView event; use ConfigureWebApp instead.

Removed

• Removed AbstractPolicy@before method; use after instead.
• Removed broken extension generator CLI command.

Fixed

• Prevent scrubber post count from exceeding maximum value. (@augiwan)
• Validate password when resetting. (@poush)
• Only check for reply permission for actual replies.
• Fix post controls not being clickable in some circumstances.
• Don't show username/email fields when editing own account.
• Prevent images from loading when generating excerpt post content. (@dav-is)
• Fix avatar upload on Windows servers. (@KazeFlame)
• Prevent humanTime helper from generating future times.
• Fix settings not automatically showing when an extension is enabled.
• Fix post header items sometimes getting out of order.
• Remove temporary file after avatar upload failure.
• Make search dropdown filtering case-insensitive.
• Automatically focus on composer textarea when tapped on iOS.
• Prevent page zoom on input focus in iOS 10.

Also see the 0.1.0-beta.6 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags

v0.1.0-beta.5

Added

• Users who haven't confirmed their email address are now able to log in and get their confirmation email resent. (@sijad)
• created:YYYY-MM-DD gambit to search for discussions by their creation date. (@Albert221)
• Allow provision of an avatar URL to upload during # via avatarUrl attribute.
• php flarum info console command to help debug broken installations.
• Inline user online indicators. (@petermein)
• AbstractOAuth2Controller class to provide a generic OAuth2 login implementation for extensions.
• Support for new minifiers. (@JoshyPHP)
• ConfigureLocales::loadLanguagePackFrom helper method.
• Pop animation when scrolling to post preview. (@sijad)
• Add rel="nofollow" to user bio links. (@sijad)
• Ask for confirmation before "Mark all as Read". (@bogdanteodoru)
• Allow existing users to be activated via the API isActivated attribute.
• Support multiple comma-separated names in author: search gambit. (@Albert221)
• Admin-only email: gambit to look up users by email.
• Allow custom redirection after logging out via return query parameter.
• Event to configure server middleware (ConfigureMiddleware).
• Allow forum to be taken offline by setting offline to true in config.php.
• Garbage-collect email/password/auth tokens.

Changed

• Overhaul extension management code. (@luceos)
• New migration structure. Details
• Improve post composer appearance/usability on mobile.
• Upgrade to flarum-gulp 0.2.0, Babel 6, and Mithril 0.2.3.
• Refactor ListPostsController to make filtering extensible.
• Lighten discussion list hover color.
• Increase avatar upload max file size from 1MB to 2MB.
• Refactor Composer rendering for smoother animations.
• Don't automatically activate users created by admins; require an attribute to be set.
• Extract notification settings into an item list.
• Improvements to colored header styles.
• Rename HTTP method override header.
• Tweak mobile drawer appearance.
• Change value field in settings table from BLOB to TEXT to allow for easier user editing. (@ahsanity)
• Tweak badge appearance: remove border, decrease shadow radius.
• Delete a discussion when its last post is deleted.
• Slightly widen index sidebar, overflow buttons properly.
• Store discussion slug in database table.
• Add priorities to user page sidebar items.

Fixed

• Deleting users will now delete discussions that became empty.
• Admin now no longer shows incorrect information on how to install extensions.
• Support prefix in URL generators. (@Albert221)
• Fix autocompletion bugs in Firefox. (@sijad)
• Add specific error message when an email address is not found in forgot password modal.
• Show dropdown menus in front of post composer.
• Prevent long forum title in mobile drawer from entering viewport.
• Fix search box overlapping forum title in some cases.
• Fix JSON serialization error on PHP 7.
• Fix "sort by" dropdown being empty on the latest versions of Chrome.
• Dramatically improve performance when typing in a modal.
• Fix browser back button losing scroll position.
• Don't require a previous Post when saving event posts.
• Fix crash when sending notification to non-existent user.
• Fix username validation to disallow problematic characters.
• Fix crash when displaying a discussion with no posts.
• 401 for unauthorised request to settings, notifications page.
• Better post scrubber size calculations.
• Tweak padding on user dropdown button so avatar is flush with border radius.
• Clear search when input is empty and enter is pressed.
• Give GetPermission event priority when determining permissions.
• Key item lists to maintain identity across redraws.
• Ensure routes are only populated after extensions have registered listeners.
• Ensure a new asset revision identifier is generated if there is none.
• Allow username capitalisation to be changed.
• Prevent some translations being compiled unnecessarily.
• Prevent unapproved discussions from dropping to the bottom of the discussion list.

Security

• Rework authentication/session/cookies code for better security and stability.
• Add password confirmation when changing email address.
• Prevent users from being incorrectly able to delete their own discussions.
• Fix posts being incorrectly visible on user page on private forums.

Also see the 0.1.0-beta.5 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags

v0.1.0-beta.4

Added

• Add an icon/label to the back button to indicate where it leads
• Add "Loading..." text while the JavaScript payload is loading

Fixed

• Fix some admin actions resulting in "You do not have permission to do that"
• Fix translation keys persisting after enabling an initial language pack
• Fix translation => references not being parsed in some cases

v0.1.0-beta.3

Architecture improvements

• Composer-driven extension architecture. All extensions are Composer packages installable via Packagist.
• Backend codebase & API refactoring. Classes, namespaces, and events systematically tidied up.

Improved internationalization

A huge thanks to @dcsjapan for the countless hours he put in to make this stuff happen. You're amazing!

• New systematic translation key naming scheme.
• Make many hardcoded strings translatable, including administration UI and validation messages.
• More powerful pluralization via use of Symfony's Translation component instead of a proprietary one.

New moderation tools

• Hide/restore discussions. Discussions can be soft-deleted by moderators or by the OP if no one has replied.
• Flags. New bundled extension that allows posts to be flagged for moderator review.
• Approval. New bundled extension that hides/flags new posts to be approved by the moderation team.
• Akismet. New bundled extension that checks new posts for spam with Akismet.
• IP address logging. IP addresses are stored with posts for use by extensions (e.g. Akismet).
• Flood control. Users must wait at least ten seconds between consecutive posts.

Other features

• Social login. New bundled extensions that allow users to log in with Facebook, Twitter, and GitHub.
• More compact post layout. All controls are grouped over to the right.
• Improved permissions. The admin Permissions page has been improved with icons and other tweaks.
• Improved extension management. The admin Extensions page has a new look and is easier to use.
• Easier debugging. The "oops" error message has a Debug button to inspect a failed AJAX request.
• Improved JavaScript minification. Minification is done by ClosureCompiler only when debug mode is off, resulting in easier debugging and smaller production assets.

Added

• Allow HTML tag syntax in translations (#574)
• Add gzip/caching directives to webserver configuration (#514)
• API to set the asset compiler's filename
• Migration generator, available via generate:migration console command
• Tags: Ability to set the tags page as the home page
• bidi attribute for Mithril elements as a shortcut to set up bidirectional bindings
• route attribute for Mithril elements as a shortcut to link to a route
• Abstract SettingsModal component for quickly building admin config modals
• Model::afterSave() API to run callback after a model instance is saved
• Sticky: Allow permission to be configured
• Lock: Allow permission to be configured
• Add a third state to header icons (#500)
• Allow faking of PATCH/DELETE methods (#502)
• More reliable form validation and error handling

Changed

• Rename notification_read_time column in discussions table to notifications_read_time.
• Update to FontAwesome 4.4.0.

Fixed

• Output forum description in meta description tag (#506)
• Allow users to edit their last post in a discussion even if it's hidden
• Allow users to rename their discussion even if their first post is hidden
• API links correctly include the /api path (#579)
• Tags: Fix sub-tag ordering algorithm in Chrome (#325)
• Fix several design bugs

0.1.0-beta.2

Added

• Check prerequisites (PHP version, extensions, etc.) before installation (#364)
• Enforce maximum title and post length through validation (#53, #338)
• Ctrl+Enter submits posts (#276)
• Syntax highlighting for code blocks (#248)
• All links open in new window, receive rel=nofollow attribute (#247)
• Default build script for extensions (#438)
• Input validation in installer

Changed

• Ask for admin password confirmation in installer (#405)
• Increased some text contrasts for accessibility (#390)

Fixed

• Discussion list did not work with non-empty database prefix (#269, #380)
• Non-admins could not reset their password (#229)
• Requests ending with a slash resulted in a 404 (#334)
• In rare cases, posts did not load correctly (#295)
• Avatars did not show up when installed in a subfolder (#291)
• Installer crashed when views directory was not writable (#376)
• Table prefix could not be set in web installer (#269)
• Enabling an extension disabled all other extensions (#402)
• Invalid custom CSS could crash the application (#400)
• First posts could not be restored or deleted
• Several design bugs
• Set cookies to be HTTP-only
• Tags: Sometimes, tags could not be dragged for reordering in the admin panel (#341)
• Suspend: Use correct column name in when migrating database
• Lock: Check for correct permission when displaying lock control
• Likes: Allow liking permissions to be configured

0.1.0-beta

v0.1.0-beta

Fix incorrect chmod instruction