Releases: getkirby/kirby
4.0.0-rc.1
✨ Enhancements
- Exclude UI docs and lab from regular bundle #5909
k-stat
supports newicon
prop #5908- Tweaked style of Toggle input #5916
k-header
: add warning for removed tabs support #5918- New activation tooltip and better design for the activation button in the menu. #5921
- Switch to “Activate” wording instead of “register” #5922
- Dom: New
allowHostRelativeUrls
sanitization option (true
by default) to perform less strict checks when the HTML<base>
element is used - Dom: Custom sanitization callbacks for attributes, elements and the doctype now also receive the
$options
array - Sane: New
$isExternal
mode specifically for external files that may be accessed directly
🐛 Bug fixes
- Calendar input dropdown doesn't close without effect on click
- Calendar input dropdown stays open when selecting a date
- Calendar input dropdown: when clicking today button, also update the dropdown to show that date
- Clicking a button in the textarea no longer changes the scroll position #5906
- The textarea restores the size again after reverting changes #5871
- The textarea scrolls to a new line again #5868
- Removes breaking change:
this.$library.autosize
is back - Fix grid and border radius in the TOTP dialog #5911
- Fix drag to empty blocks list #5910
- UUID permalinks added via the link dialog of the writer field are no longer removed in subfolder setups #5208
- Structure fields with gap fields can be added again
- The pagination dropdown no longer disappears before a selection can be made #5940
- Fix field states without options #5947
- Page move dialog: fix currently selected #5573
- Highlight selected values in multiselect field instead of hiding them #5744
- Fix keyboard navigation in the Tags field filter input #5741
- Proper scrolling overflow in the Multiselect and Tags dropdown #5627
- Fixed overflow issue for the Multiselect and Tags dropdown on mobile #5629
- Fixed tags field focus issue #5939
🚨 Breaking changes
- When sanitizing DOM objects (e.g. in the writer field, but not
during the sanitization/validation of uploaded files), host-relative
URLs that point outside the site root are now allowed as the use of the
HTML<base>
element is assumed for sites in a subfolder. To revert to the old, strict behavior, set theallowHostRelativeUrls
option tofalse
. - New
$isExternal
argument for theSane\Handler::sanitize()
and::validate()
methods that custom Sane handlers need to implement; it allows to
differentiate between strings from external files that may be accessed
directly and strings that will end up directly on the page
3.9.8-rc.1
🎉 Features
- New
A::every()
,A::find()
andA::some()
methods that implement the functionality of the JavaScript functions with the same names (thanks to @rasteiner) #5724 - New option to add a CLI specific config file (thanks to @lukaskleinschmidt) #5581
// config.cli.php
return [
'option.one' => 1,
'option.two' => 2,
];
✨ Enhancements
- The System view in the Panel now warns when the used PHP version is end-of-life and no longer receives security updates. #5728
- Files with the
.pht
extension can no longer be uploaded to a Kirby site to provide additional protection in older server setups beyond our recommendations in the security guide (thanks to @akabe1). #5925
🐛 Bug fixes
- Blocks field: pasting HTML does not remove crucial spaces anymore in inline contexts #4702
- The "Session ... is currently read-only because it was accessed via an old session" error is circumvented when the PHP
sodium
extension is available #5319 $collection->remove()
and$collection->__unset()
in Toolkit collections behave like$collection->set()
/$collection->__set()
by default and ignore the key case #5704- Append copy suffix of duplicated pages #5787
- Fix searching for Unicode characters #5780
- The backup copy of changed content now includes a JSON output for fields with structured data instead of scrambled data. #5791
- The validation error "Please enter a date between ... and ..." for the date field now correctly includes the maximum date. #5920
4.0.0-beta.3
🎉 Features
Second-factor auth via time-based one-time codes
TOTP (time-based one-time codes) are now supported for two-factor authentication via the new Kirby\Toolkit\Totp
class #5654
<?php
// /site/config/config.php
return [
'auth' => [
'methods' => [
'password' => ['2fa' => true]
]
]
];
PHP 8.3 support
Kirby 4 now supports PHP 8.3 and drops support for PHP 8.0. #5774
New Panel Lab
Syntax highlighting in the k-code
with prism
New Str::camelToKebab
method
<?= Str::camelToKebab('fooBar') // output: foo-bar ?>
New k-text-drawer
this.$panel.drawer.open({
component: "k-text-drawer",
props: {
text: "Hello world"
}
});
New lab
icon
Plugin assets get easily exposed via the PHP API #5641
- New
$plugin->assets()
collection - New
$plugin->asset('styles.css')
method - New
PluginAsset
object with many methods, e.g.$plugin->asset('styles.css')->url()
- Plugin asset's media url contains a modification timestamp to easily cachebust (e.g.
https://getkirby.com/media/plugins/getkirby/test-plugin/2375797551-472389240/styles.css
) css()
andjs()
helpers support passing plugin and plugin assets objects to include all assets of the plugin
css([
'assets/css/index.css',
$kirby->plugin('foo/bar')
]);
css([
'assets/css/index.css',
$kirby->plugin('foo/bar')->assets(),
]);
css([
'assets/css/index.css',
$kirby->plugin('foo/bar')->asset('styles.css'),
]);
New SymmetricCrypto class
User-friendly and safe abstraction for symmetrical authenticated encryption using the PHP sodium extension
use Kirby\Toolkit\SymmetricCrypto;
// encryption/decryption with a password
$crypto = new SymmetricCrypto(password: 'super secure');
$ciphertext = $crypto->encrypt('a very confidential string');
$plaintext = $crypto->decrypt($ciphertext);
// encryption with a random key
$crypto = new SymmetricCrypto();
$ciphertext = $crypto->encrypt('a very confidential string');
$secretKey = $crypto->secretKey();
// encryption/decryption with a previously generated key
$crypto = new SymmetricCrypto(secretKey: $secretKey);
$ciphertext = $crypto->encrypt('a very confidential string');
$plaintext = $crypto->decrypt($ciphertext);
More
- New
F::safeExtension()
method #5760 - New
F::safeBasename()
method #5760 - New
$date->formatWithHandler()
method for Kirby date objects that allows to use different date handlers or even the globally configured one (default).
✨ Enhancements
panel.menu
config option can be a closure now that receives the$kirby
object as argument- Floating notifications #5600
- Tweaked styles for choice inputs #5756
- UX improvements for the multiselect and tags inputs #5742
- Remove the label on top of the selector.
- Don't show "no options" when query doesn't show any matches and
creating a new option is allowed. The create button already provides
enough context of what action is available. Foraccept: options
keep the empty text to give context what's happening. - When replacing an existing tag that is an option, the replace button no longer shows #5743
- Fixed disable state #5749
- Text block: consistent padding for writer #5727
- Items without links will now automatically be disabled in the breadcrumb
- Search inputs: turn off autocomplete #5775
Str::date()
and its dependents (e.g.F::modified()
,File::modified()
,Dir::modified()
) now respect the globally configured date handler- Upgrade to Symfony YAML to v6 #5778
- The "Session ... is currently read-only because it was accessed via an old session" error is circumvented when the PHP
sodium
extension is available #5319 - Removed the error boundary from
k-fieldset
The error boundary kills the entire field/input if an error occurs, which is way too aggressive and also makes it more difficult to handle errors properly. #5790 - New
k-stat
component #5801 - New
layout
prop mixin #5802 - New dumb
k-toolbar
#5806 k-navigate
: support custom HTML element viaelement
prop- Textarea supports toggling command, e.g. bold, code… #5837
- New items size
full
#5849 - New
panel.isOffline
state - Checking and writing content lock is skipped when Panel is offline #5890
- Fix
PluginAssets::clean()
#5836 - Writer supports directly switching from a list to paragraph #5886
- New
$helper.field.defaultValue(field)
method - Better default value creation in
$helper.field.form(fields)
🐛 Bug fixes
$site->search()
allows to provide a string with field names as$params
again #5713- Exceptions don't prefix i18n keys with error prefix if already prefixed
$collection->remove()
and$collection->__unset()
in Toolkit collections behave like$collection->set()
/$collection->__set()
by default and ignore the key case #5704- Keep layout settings after changing layout #5726
- Link field: doesn't display
site
as option anymore #5717 - Writer: adding link, insert text when no selected #5684
- Disabled calendar and time pickers in disabled date and time fields #5735
- Fix custom writer marks and nodes name #5733
- Options, e.g. page
options
, won't override other roles' permissions anymore #5759 - The tags and multiselect fields hide the add button when disabled #5723
- Page create dialog: validate fields when directly publishing to not create orphaned page on errors #5616
- Selector dropdown: fix glitch when resizing window #5746
- Heading block: support
toolbar
option for writer #5703 - Consistent @
k-string-input
padding - Writer toolbar: active nodes are correctly handled #5751
- Writer toolbar: paragraph node gets removed when editor doc doesn't support it
- Select options with integer values work properly now #5013
- Fixed reactivity in the fieldset component. This also fixes an issue with auto-filled inputs #5689
- Fix pasting blocks when a required fieldset is not available #5769
- Fix
Panel::go()
calls in dialog and drawer submit code. - Plugin asset CSS files no longer miss timestamps in the URL #5164 #148
- Fixed option slot in the items table. The options column was always visible, no matter if the slot was set or not. #5792
- Search now takes access permissions into account what types can be shown #5757
k-navigate
: focusable elements are correctly detected for dynamic content- Fix styling glitches on
k-tag
- The thumb cached is only cleared when the focus point changed #5311
- Toggle field preview: don’t open drawer when the toggle is clicked #5813
- Fix random structure ids #5702
- Fix outside click for blocks #5621
- Fix multiselect for nested blocks #5626
- Fix Search view [#5833](https://...
3.9.7
🎉 Features
Adds support for whoops.blocklist
config option to mask variables that are displayed when showing errors with Whoops. (thanks to @HYR)
return [
// mask everything
'whoops' => [
'blocklist' => [
'_COOKIE' => array_keys($_COOKIE),
'_SERVER' => array_keys($_SERVER),
'_ENV' => array_keys($_ENV),
]
]
];
return [
// mask specific things
'whoops' => [
'blocklist' => [
'_SERVER' => [
'AWS_ACCESS_KEY_ID',
'AWS_SECRET_ACCESS_KEY',
],
]
]
];
✨ Enhancements
- Prevent
kirby
as user id #5514 - Supports passing callable to
Database\Query::fetch()
#5651 (thanks @adamkiss) Str::pool()
: Newbase32
andbase32hex
pools (useful when aStr::random()
needs to be printed in a human-readable way without easy to confuse0/O
and1/I
). #5715
🐛 Bug fixes
- Use
k-text-input
for text field if no specific component exists for itstype
#5369 - Invalid cached UUIDs are now corrected when index lookup succeeds #5430
- Allow plugin assets with the
.mjs
extension #5473 - Fixed
$page->isUnlisted()
which falsely would returntrue
for drafts #5506 - List field: fix disabled writer #5526
- Fix
$collection->group()
for case-sensitive #5631 - Calling a single database row when using a fetch closure works now #5640 (thanks @adamkiss)
- Fix layout dropdown in structure field #5267
📚 Docs
- Add note on dist files to contributing guide #5480
4.0.0-beta.2
🎉 Features
- QR code generation built into Kirby: New
Kirby\Image\QrCode
class,qr()
helper function and>toQrCode()
field method #5666$qr = new Kirby\Image\QrCode('https://getkirby.com'); $qr->toSvg(color: '#ff00ff'); $qr->toDataUri(color: '#ff00ff'); $qr->write(file: 'qr.png', size: 750, back: '#efefef') qr('https://getkirby.com')->toSvg(); $page->myLinkField()->toQrCode()->toSvg();
- New
k-alpha-input
andk-hue-input
#5693 - New
k-color-frame
component to preview color swatches #5686 - New
k-coloroptions-input
#5696 andk-colorname-input
#5699 - New
k-search-input
component #5705 - New
LazyValue
class that can be used to resolve a value lazily. Collections and controllers use it to resolve many of Kirby's objects only when the collection/controller requests them, improving performance #5608
✨ Enhancements
k-tabs
is now fully responsive #5583k-pagination
always can be navigated by keys (no extra prop needed anymore) #5578- ModelsSection: use
Filter
as label #5612 - Text fields: new
font: monospace
option https://kirby.nolt.io/558 panel.css
andpanel.js
config options now also support arrays with multiple entries as well as absolute URLs #5602- Responsive: show only text for language dropdown #5577
- Notification: support custom icons #5601
- Files, pages and users fields more consistent #5637
- Blocks field: improve UI for no fieldsets #5679
k-calendar-input
is now set up as a proper fieldset with legend and additional aria labels for improved accessibility. #5695k-tag
supports an image/icon frame #5686- Link field uses native
k-tag
image for preview #5686 - Color field preview uses
k-tag
withk-color-frame
in image slot #5686 - Improved grids: Only break to single column at 30rem, not 40rem
- Improved focus styles for links and the flag preview in tables
- Improved text overflow behavior for links in tables
- The color field now also translates valid CSS color names
- Various table improvements
- Better focus styles for the option and flag buttons in the table
- Simplified CSS styles for the table
- New
--table
CSS properties for more control - Better mobile responsiveness for tables with a scrollable container instead of hiding cells
- Better disabled state with
aria-disabled
property - New disabled property for the
k-options-dropdown
component - More reliable margin rules for
k-text
- Full
k-text
style support for thek-html-field-preview
component - The table rows are now the same height as inputs, boxes and items, which cleans up the design quite a bit
- All field previews now use the
--table-cell-padding
property to control their padding, which leads to more reliable styling options - All table setup variants have examples in the lab
- New
selected
prop fork-button
to set thearia-selected
attribute. #5698
🐛 Bug fixes
- Color field: added backend validation #5570
- Color field: support
grad
,rad
andturn
angels forhsl
format #5589 - Fix color field border radius #5655
- Fixed dropdown positioning in RTL languages #5599
- Fixed return type for create methods #5586
- Creating listed pages no longer bypasses permissions #5365
- Fix regression for automatic plugin assets #5620
- Fixed problem deleting images in pages/files field #5623
- Fixed overflow issue in grids #5633
- Upload dialog: fix error overflow #5622
- The file upload now creates files with the right extension if the format is converted #5593
- Fixed reading invalid block types #5660
- Blocks field: max option respected when pasting blocks #5673
- Allow to use SVG fill attributes again #5668
- Blocks can be pasted before the selected block via the “insert before” dialog #5678
$page->search()
allows to provide a string with field names as$params
again getkirby.com#2094- Fix collapsing block fields preview #5669
- Fix sticky columns #5664
- Fixed translation string for the blocks field
- The link field shows up correctly if no options are defined
- The current scroll position is now correctly restored when opening a dropdown. This will no longer cause the main view to scroll up when a dropdown is opened. #5691
k-calendar-input
can now receive a regular iso date as value.- File preview: fixed thumb placement and sizing in Safari #5605 #5604 #5603
- File view: fixed issues with the Panel menu when resizing in Safari #5606
k-bubbles-field-preview
and all other previews that extend it now correctly display when there are no bubblesk-color-field-preview
correctly displays the pattern when no color is set- The sticky header in the table now uses the
--header-sticky-offset
to fix it's stickiness. - Various block fixes
- Added default values for object props to avoid breaks
- Fixed various inconsistencies in
k-block-title
styles - Better defaults and removed outdated props in
k-block-figure
- Fixed padding in the block header of the field block type component.
♻️ Refactored
k-pagination
: removed unusedalign
anddropdown
props #5578- Clean up type hints for
Str::short()
#5688 k-color
is nowk-colorpicker-input
#5685k-coords
is nowk-coords-input
#5685- Better reset for range inputs, stored in styles/rests/range.css
k-colorpicker-input
now uses the new inputs- The basic choice styles have been moved to
styles/reset/choice.css
k-time-field-preview
now extendsk-date-field-preview
and improves time parsing and the default formatting- The
fieldPreview
mixin defines proper defaults for column and field k-toggle-field-preview
uses the low levelk-toggle-input
instead ofk-input
to avoid unnecessary markupk-timeoptions-input
replacesk-times
.k-times
is still available as deprecated alias. #5698- Date and Time fields use the new
k-timeoptions-input
#5698
☠️ Deprecated
<k-dropdown>
was deprecated. Use<k-dropdown-content>
as standalone instead.k-calendar-input
replacesk-calendar
.k-calendar
is still available but only as deprecated alias.
🚨 Breaking changes
k-pagination
doesn't support setting custom labels/titles vianextLabel
,prevLabel
orpageLabel
#5578- Removed deprecated
DS
constant. Use/
instead. #5590 Panel\Assets::custom()
now returns an array #5602- When impersonating the almighty
kirby
user, any permission check will succeed even if permission has been disabled for regular admins #5511 - Renamed parameter of
::group()
method of all collection classes to$caseInsensitive
#5634 k-range
is gone and replaced byk-alpha-range
andk-hue-range
k-choice
has been removed. Usek-choice-input
instead- The unused theme prop has been removed from
k-choice-input
🧹 Housekeeping
- Uses lightningcss for Vite instead of postcss
4.0.0-beta.1
🎉 Features
- Each Panel area can now define additional
requests
for simple data endpoints or actions #5531 - New
assets
extension that allows plugins to specify assets from custom paths and with a wider range of extensions than previously supported #5557
✨ Enhancements
- Async
$helper.upload()
JS #5487 - Correct autofocus handling for blocks, layout, structure and picker fields #5524
$panel.upload()
will now only start up to 20 uploads concurrently and adding additional uploads consecutively whenever a previous one finishes #5491- New design for the range field #5539
- All minified panel assets now add .min to the filename. This will avoid auto-minification in Cloudflare and possibly other environments #5536
- Page move dialog now disables all pages that are invalid new parents for the page #5531
- The multiselect and tag dropdowns now offer more space to not cut off longer options #5533
- New
html
prop fork-bubble
,k-bubbles
andk-bubbles-field-preview
. #5493 - Increase the font size for help text in sections and fields #5549
- New
translate
icon #5565 Str::template()
support single and double curly braces as start/end delimiters by default #5556sortBy
in structure fields works now #5567- More type hints #5559
- Input CSS refactoring #5553
- Simplified and cleaned up input CSS
- Better configuration options for inputs through CSS variables
- Increased font size to 16px on mobile #5395
- Refactored
k-text
styles to cover more marks and general text styles for the writer and text blocks #5569
🐛 Bug fixes
- Structure field: translate column label correctly #5485
- Load container query polyfill only when needed #5505
- Expose dialog and drawer mixins to plugins #5498
- Fixed deleting user avatars #5496
- Custom icons with 24x24 viewbox are supported now #5492
- Link dialog: show expand toggle for pages with just drafts as children #5504
- Fixed block field preview in fields and columns #5417
- The header no longer disappears when a modal is being opened #5447
- Following a link in drawer now closes the drawer again #5497
- Fixes missing preview icons for users, pages and files in structure tables #5525
- Sets the focus correctly when the structure field drawer is opened #5524
- Firefox: long dialog’s top isn’t cut off anymore #5523
- Select dropdowns now always have a white background and black text on Windows, which make them readable again everywhere #5522
- When choosing to show only some nodes in the toolbar, the node selector is now correctly displayed again #5521
- Fixed pages and files section error when search filtering a paginated section #5519
- Writer toolbar in block drawer no longer jumps down on focus. #5501
- The autofocus is now correctly set when the drawer in the object field opens. #5527
- The multi select field does no longer show the create button, unless the accept option is setup to accept additional entries. #5533
- Fixed nesting order of marks in the writer #5481
- The page tree only shows listable pages #5546
- Styling fix for the toolbar in the text block #5502
- Page preview field: fixed escaping #4041
- Removed unnecessary tabindex on main element #5548
- Label for the menu toggle and the menu element #5548
- Add type=button to the header button #5548
- Turn up contrast for the edit icon in the header #5548
- Use a div instead of a meaningless fieldset without legend in k-fieldset #5548
k-collection
andk-items
:options
slot gets properly exposed also for table layout #5561- Fixed link field when UUIDs are switched off #5489
- Fixed overflow in breadcrumbs
- Fixed broken
window.panel.$vue
reference for kirbyup - Fixed contrast for the info text in stats
- Fixed progress bar style in Firefox
- Fixed option issue in uploader
- Fixed dropzone style
♻️ Refactored
- Reduce JS
forEach
usage #5494 - Various fixes for PHP types #5495
- Improve main view bottom padding #5542
☠️ Deprecated
- Custom icons using a 16x16 viewbox have been deprecated. In an
upcoming version, Kirby will only support custom icons with a 24x24
viewbox by default. If you want to continue using icons with a different viewport, please wrap them in an<svg>
element with the correspondingviewBox
attribute.
🚨 Breaking changes
- Files in a plugin's
assets
directory are now always assumed to be public, independent of their file extension. If your plugin needs to store other files in the assets directory, please use the newassets
extension to explicitly define the public assets. #5557
🧹 Housekeeping
- Whoops is now generally disabled during PHPUnit test runs to reduce memory usage during tests #5554
4.0.0-alpha.7
🎉 Features
- Load Panel area
views
dynamically with newwhen
prop #5425
✨ Enhancements
- Panel: New icon set based on https://remixicon.com/
- New icons
megaphone
,sparkling
- Info field and section: new
icon
option
🐛 Bug fixes
- Fix sort loop in structure field #5448
- Fix link field with options #5468
- Fix unpublishing multiple children #5470
- Custom marks and nodes receive the right editor instance #5457
- Upload dialog: preview for other file types than images #5461
☠️ Deprecated
- Deprecated
circle-outline
icon, usecircle
instead - Deprecated
heart-outline
icon, useheart
instead - Deprecated
star-outline
icon, usestar
instead
🚨 Breaking changes
- Removed
road-sign
icon circle
icon is now namedcircle-filled
heart
icon is now namedheart-filled
star
icon is now namedstar-filled
🧹 Housekeeping
- More JS unit tests #5462
3.8.4.2
🎉 Features
The Content-Security-Policy: frame-ancestors
header sent by the Panel (introduced in 3.8.4.1) can now be customized with an option if needed:
return [
'panel' => [
// allow frame embedding from the same domain
'frameAncestors' => true,
// allow frame embedding from the same *and* from the specified domains
'frameAncestors' => ['*.example.com', 'https://example.com'],
// allow frame embedding on any domain (not recommended)
'frameAncestors' => '*',
]
];
3.7.5.3
🎉 Features
The Content-Security-Policy: frame-ancestors
header sent by the Panel (introduced in 3.7.5.2) can now be customized with an option if needed:
return [
'panel' => [
// allow frame embedding from the same domain
'frameAncestors' => true,
// allow frame embedding from the same *and* from the specified domains
'frameAncestors' => ['*.example.com', 'https://example.com'],
// allow frame embedding on any domain (not recommended)
'frameAncestors' => '*',
]
];
3.6.6.4
🎉 Features
The Content-Security-Policy: frame-ancestors
header sent by the Panel (introduced in 3.6.6.3) can now be customized with an option if needed:
return [
'panel' => [
// allow frame embedding from the same domain
'frameAncestors' => true,
// allow frame embedding from the same *and* from the specified domains
'frameAncestors' => ['*.example.com', 'https://example.com'],
// allow frame embedding on any domain (not recommended)
'frameAncestors' => '*',
]
];