3.6.4

✨ Enhancements

• Support for a model. entry for model queries (as placeholder alias for page., file., user. or site.), which allows a query syntax that can be shared between different model types
• Support for multiple extends at once in a blueprint:

fields:
  layout:
    type: layout
    label: Layout
    extends:
      - layout/layouts
      - layout/fieldsets
      - layout/settings

• Improve structure field columns on mobile #3638
• More consistency for fieldset options by introducing title as alias for name #4177
• Support label as new, better alternative to headlinefor sections #4194
• The license registration now directly calls the new hub server and no longer the old license server with a redirect.

🐛 Fixes

• Fixed extending top-level blueprint options #4217
• Fixed autofocus in picker dialogs search #3985
• Image and gallery blocks picker only shows images for selection #4189
• The title field value no longer disappears in the file view #4140
• Html::video() supports the allowfullscreen attribute again, used by YouTube #4212
• Fixed droppable files when disabled #4231
• Fixed fields section form content on multi language #2575
• Fixed text field converter prop for PHP 8.1 #4226
• Fixed uncaught type error in JS in views with a blocks field #4233
• Tabs now immediately get hidden behind "More" button on mobile #4230

📈 Stats

• 30 commits
• 28 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @afbora
• @bastianallgeier
• @distantnative

3.6.3.1

This release is a patch release for 3.6.3. We introduced a regression that broke parameters in URLs. I.e. https://example.com/blog/page:2 and thus also pagination and all kinds of URL filters based on such parameters.

3.6.3

UPDATE: Patch available

Unfortunately, we introduced a regression in this release that broke parameters in URLs. I.e. https://example.com/blog/page:2 and thus also pagination and all kinds of URL filters based on such parameters. A patch is now available: https://github.com/getkirby/kirby/releases/tag/3.6.3.1

🎉 Features

Allow list of secure URLs

Kirby auto-detects the base URL for your site unless you hard-code it in your config with the url option. This auto-detection is based on the your SERVER_NAME settings by default. This is totally safe unless your server is not correctly configured. In order to protect you from security issues with an insecure server configuration, you get more options to set allowed base URLs now. By default, the auto-detection will just work as before. Here are the new and existing options you have.

Auto-detected URL based on the SERVER_NAME

Just like before, you can just ignore the URL option or use the Server::HOST_FROM_SERVER constant to let Kirby find the correct base URL, based on the SERVER_NAME.

return [
];

// or

return [
  'url' => Server::HOST_FROM_SERVER
];

This can be combined with the new Server::HOST_ALLOW_EMPTY option to accept empty hostnames. This will lead to relative URLs i.e. /some-url for your installation:

return [
  'url' => Server::HOST_FROM_SERVER | Server::HOST_ALLOW_EMPTY
];

Hard-coded URL

You can also still set the base URL for your site. This will disable any form of auto-detection of URLs. But it also means that you might have to keep different versions for your local installation, staging and your production server.

return [
  'url' => 'https://example.com'
];

This also still works for relative URLs without a host.

return [
  'url' => '/'
];

URL allow list

With the new option to define a set of allowed base URLs, your Kirby installation will automatically pick the right one based on HTTP_HOST, HTTP_X_FORWARDED_HOST or SERVER_NAME (whatever is provided) and makes sure to send an error on an invalid hosts. This is perfect when you cannot fully trust your server configurations on various environments.

return [
  'url' => [
     'https://example.com',
     'https://staging.example.com',
     'http://example.test'
  ]
];

Wildcard option

If you fully trust your server setup, you can allow any host name coming from HTTP_HOST or HTTP_X_FORWARDED_HOST. This could be necessary in some situations, but is insecure if you don't know what you are doing with your server configuration.

return [
  'url' => Server::HOST_FROM_HEADER
];

Again, this can be combined with the Server::HOST_ALLOW_EMPTY option to allow the host name to be left empty. It will lead to relative URLs for your installation:

return [
  'url' => Server::HOST_FROM_HEADER | Server::HOST_ALLOW_EMPTY
];

✨ Enhancements

• Upgraded JS dependencies
• Switched to PSR-12 code style for PHP
• Improved table block preview #4096
• Supports $locale parameter in t() and tc() helpers #4160
• Updated PR template & contributing guidelines #4153
• More accessible style for the selected data in the calendar #4202
• Updated contributing.md #4197
• New license.md which replicates the license terms on our site
• contributing.md & readme.md are now back in the main directory of the repo instead of the .github subdirectory
• Improved imagemagick performance thanks to @silllli #4106
• Updated translations

🐛 Fixes

• Continues passing $inline parameter to Markdown component plugins #4127
• Fixed today’s date is no longer highlighted on date picker #4124
• Fix vertical alignment for today text in calendar #4205
• Fixed npm run dev #4134
• Fixed path ending with params separator #4138
• Focussing a k-button-link element in dropdown now works #4148
• Fixed copying of multiple blocks #4129
• Fixed removing multiple blocks #4131
• Fixed copying blocks with Writer preview in Chrome #3941
• Fixed table block throws error when value is empty #4164
• Fixed Kirby and PHPMailer differ in their $text initialisation which fails in PHP8.1 #4155
• Fixes javascript mime type detection in Mime class. #4174
• Fixed layout/reading direction for Korean and Esperanto #4159
• Overwriting the URL in the config is now correctly working in the Panel as well. #4185
• The new Environment class now checks for correct subfolder installations #4191
• Fixed inactive Whoops debugger when throwing an exception in the Environment class #4180
• Fixed Vimeo ID extraction thanks to @Basics09 #4187
• Fixed phpmailer message body empty exception #4183

📈 Stats

• 128 commits
• 49 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @afbora
• @Basics09
• @bastianallgeier
• @distantnative
• @lukasbestle
• @neildaniels
• @rasteiner
• @silllli
• @tasinttttttt
• @texnixe
• @sebastiangreger

3.6.2

🎉 Features

New date & time fields

The date and time fields have been a constant struggle in the past. We dedicated this release to fix various bugs and enhance the overall look and UX of those fields. Smart input parsing supports various date formats while writing or pasting dates. Navigate through parts of a date or time with tab and modify year, month, day, hour, minute and second with arrow keys. Combined with a new time dropdown, full support for am/pm, various display options and other features, the new fields are a major step ahead.

dates.mp4

Alternate stylesheet support

You can now add rel="alternate stylesheet" in the css() helper #4099

css('assets/css/index.css', ['rel' => 'alternate stylesheet', 'title' => 'High contrast']);

New markdown safe mode

The markdown parser now supports a safe mode, which escapes any custom HTML, while still parsing markdown correctly. Safe mode can now be enabled like this:

// helpers
kirbytext($text, [
  'markdown' => [
    'safe' => true
  ]
]);

kirbytextInline($text, [
  'markdown' => [
    'safe' => true
  ]
]);

markdown($text, [
   'safe' => true
]);

// field methods
$page->text()->kirbytext([
  'markdown' => [
    'safe' => true
  ]
]);

$page->text()->kirbytextInline([
  'markdown' => [
    'safe' => true
  ]
]);

$page->text()->markdown([
   'safe' => true
]);

The safe mode is now also available as global markdown setting:

<?php

// config.php
return [
  'markdown' => [
    'safe' => true
  ]
];

New Fiber dialog features

There are new options to define custom submit and cancel handlers for Fiber dialogs

// short version
this.$dialog('some/dialog', ({ dialog, value }) => { 
  // custom submit handler 
});

// in options
this.$dialog('some/dialog', {
  cancel: () => {
    // custom cancel handler
  },
  submit: ({ dialog, value }) => { 
    // custom submit handler 
  }
});

Dialogs can now also be defined synchronously instead of loading them from the server.

this.$dialog({
  component: 'k-remove-dialog', 
  props: {
    text: 'Do you really want to delete this entry?'
  },
  cancel: () => {
    // custom cancel handler
  },
  submit: ({ dialog, value }) => { 
    // custom submit handler 
  }
});

New Kirby\Toolkit\Date class #4040

• extension for PHP's DateTime class
• helps with all kinds of date and time related tasks
• is now used by our date and time fields and the timestamp() helper
• New iso plugin for dayjs to parse and format ISO date/time/datetime strings

New slug transliteration rules for Inuktitut syllabics

Thanks to @PaulMorel for his support: #4091

✨Enhancements

• Add missing locale parameter to Cms\File::niceSize, Cms\Files::niceSize() and Filesystem\Dir::niceSize() #4045
• Adds several dayjs plugins for handle logic that we will need for refactoring the dates and time fields #4036:
  • a.merge(n, "time"): merges a defined part (date or time) of dayjs object b into dayjs object a
  • dayjs.pattern('YYYY-MM-DD"): class that supports analysing and interpreting a specific dayjs format pattern
  • dayjs.round("minute", 5): method to round current dayjs object to nearest step (unit and size)
  • dayjs.units(is12h): a map between units and dayjs tokens given 12/24h clock
  • dayjs.validate(): helper to validate a current dayjs object against a min/max boundary
  • `dayjs.interpret('12.02.2020'): to convert an array of date input formats to a dayjs object
• The JSON unexpected error message is now translatable #4081
• New this.$fiber global in Vue
• Shell arguments that get passed to ImageMagick are now individually escaped #4109

🐛 Fixes

• Various date and time field fixes
  • Fix computed separator in date field #3946
  • Improved input rules
  • Better tabbing
  • Fixed typing issues
  • Dozens of unit and e2e tests
  • Fixed display of date & time in narrow columns
  • Fixed previews for time and date fields in structures
  • Fixed CSS for the date field to wrap more reliably #4118
  • The calendar dropdown of date fields closes properly inside a structure field when focussing another field
  • Date field value gets properly saved inside structure fields when hitting Cmd+S
  • Fixed issue when only displaying year in date field
  • Fixed issue with storing seconds in date/time fields
  • Fixed timezone handling, removed introduction of UTC timezone pinning
  • Throws proper error when passing not an object as step prop to inputs
• Avoid gender star issues with italic markdown shortcuts #4112
• Fixed passing null to parameter to is_file() function in Tpl::load() method on PHP 8.1 #4032
• No longer throws deprecation warning passing null to Str functions
• No longer throws deprecation warning implicit float to int conversion when scaling dimensions for an SVG
• Creating the user no longer collides with the content language in multi-language setups #4050
• Fixed calling url() helper throws deprecation warning with PHP 8.1 #4047
• Enabling link in pages, files and users fields works correctly again #4062
• Fixed changing slug with unsaved changes leads to Panel error #4006
• Fixed selected tab when switching languages #4071
• Fixed image back option with html color names that start with 'light' don't apply #4073
• Fixed $page->prevUnlisted() returns wrong collection item #4086
• Fixed redirects in fetch requests to non-fiber resources: #4084
• No longer uses POST requests for dropdowns: #4083
• Fixed z-index issue for in dropdowns #4072
• Fixed string type check warning in Page::findById() in PHP 8.1 #4119
• Fixed passing null parameters in YAML parser to avoid deprecation warnings in PHP 8.1
• panel.favicon option now supports single string as value

return [
  'panel' => [
    'favicon' => 'assets/favicon.ico'
  ]
];

♻️ Refactoring

• Explicit CSS data attr selectors for styling #4027
• We now use https://vitest.dev for JS unit tests #4064
  • CI integration
  • First component tests #4069
  • Tweaks for $helpers and their unit tests #4057
• We use more PHP 7.4 arrow functions where it makes sense #4028
• Update composer.json to Composer API 2.2 #4066
• Refactored Fiber class for better testability and added additional unit tests
• Removed outdated wait-on dependency #4094
• Refactored Spyc YAML parser
  • Removed mustangostang/spyc repository from composer
  • Moved Spyc class into /dependencies
  • Removed spyc_load(), spyc_load_file(), spyc_dump() functions
  • Removed enabling from command line
  • Added more PHP unit tests

📈 Stats

• 253 commits
• 69 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @afbora
• @bastianallgeier
• @damiendart
• @DavidBroz
• @distantnative
• @lukasbestle
• @neildaniels
• @sebastiangreger
• @PaulMorel
• @pReya
• @tobiastom

3.6.2-rc.3

🐛 Fixes

• Fixed z-index issue for in dropdowns #4072
• Fixed string type check warning in Page::findById() in PHP 8.1 #4119
• Fixed CSS for the date field to wrap more reliably #4118

3.6.2-rc.2

🎉 Features

• Allow rel="alternate stylesheet" in css() helper #4099

css('assets/css/index.css', ['rel' => 'alternate stylesheet', 'title' => 'High contrast']);

• New slug transliteration rules for Inuktitut syllabics #4091
• New date & time field style

• New times dropdown

✨Enhancements

• Shell arguments that get passed to ImageMagick are now individually escaped #4109

🐛 Fixes

• Various additional date field fixes
  • Improved input rules
  • Better tabbing
  • Fixed typing issues
  • Dozens of unit and e2e tests
  • Fixed display of date & time in narrow columns
  • Fixed previews for time and date fields in structures
• Avoid gender star issues with italic markdown shortcuts #4112

♻️ Refactoring

• Spyc: Minor enhancements to the forked code #4103
• Vitest optimizations and CI integration #4108

3.6.2-rc.1

🎉 Features

New markdown safe mode

The markdown parser now supports a safe mode, which escapes any custom HTML, while still parsing markdown correctly. Safe mode can now be enabled like this:

// helpers
kirbytext($text, [
  'markdown' => [
    'safe' => true
  ]
]);

kirbytextInline($text, [
  'markdown' => [
    'safe' => true
  ]
]);

markdown($text, [
   'safe' => true
]);

// field methods
$page->text()->kirbytext([
  'markdown' => [
    'safe' => true
  ]
]);

$page->text()->kirbytextInline([
  'markdown' => [
    'safe' => true
  ]
]);

$page->text()->markdown([
   'safe' => true
]);

The safe mode is now also available as global markdown setting:

<?php

// config.php
return [
  'markdown' => [
    'safe' => true
  ]
];

New Fiber dialog features

There are new options to define custom submit and cancel handlers for Fiber dialogs

// short version
this.$dialog('some/dialog', ({ dialog, value }) => { 
  // custom submit handler 
});

// in options
this.$dialog('some/dialog', {
  cancel: () => {
    // custom cancel handler
  },
  submit: ({ dialog, value }) => { 
    // custom submit handler 
  }
});

Dialogs can now also be defined synchronously instead of loading them from the server.

this.$dialog({
  component: 'k-remove-dialog', 
  props: {
    text: 'Do you really want to delete this entry?'
  },
  cancel: () => {
    // custom cancel handler
  },
  submit: ({ dialog, value }) => { 
    // custom submit handler 
  }
});

New Kirby\Toolkit\Date class #4040

• extension for PHP's DateTime class
• helps with all kinds of date and time related tasks
• is now used by our date and time fields and the timestamp() helper
• New iso plugin for dayjs to parse and format ISO date/time/datetime strings

✨Enhancements

• Add missing locale parameter to Cms\File::niceSize, Cms\Files::niceSize() and Filesystem\Dir::niceSize() #4045
• Adds several dayjs plugins for handle logic that we will need for refactoring the dates and time fields #4036:
  • a.merge(n, "time"): merges a defined part (date or time) of dayjs object b into dayjs object a
  • dayjs.pattern('YYYY-MM-DD"): class that supports analysing and interpreting a specific dayjs format pattern
  • dayjs.round("minute", 5): method to round current dayjs object to nearest step (unit and size)
  • dayjs.units(is12h): a map between units and dayjs tokens given 12/24h clock
  • dayjs.validate(): helper to validate a current dayjs object against a min/max boundary
• Frontend tests with Vitest #4064
• The JSON unexpected error message is now translatable #4081
• First component tests #4069
• New this.$fiber global in Vue
• Unit tests for all main Fiber parts

🐛 Fixes

• Various date and time field fixes
  • Fix computed separator in date field #3946
• Fixed passing null to parameter to is_file() function in Tpl::load() method on PHP 8.1 #4032
• No longer throws deprecation warning passing null to Str functions
• No longer throws deprecation warning implicit float to int conversion when scaling dimensions for an SVG
• Creating the user no longer collides with the content language in multi-language setups #4050
• Fixed calling url() helper throws deprecation warning with PHP 8.1 #4047
• Enabling link in pages, files and users fields works correctly again #4062
• Fixed changing slug with unsaved changes leads to Panel error #4006
• Fixed selected tab when switching languages #4071
• Fixed image back option with html color names that start with 'light' don't apply #4073
• Fixed $page->prevUnlisted() returns wrong collection item #4086
• Fixed redirects in fetch requests to non-fiber resources: #4084
• No longer uses POST requests for dropdowns: #4083
• Date field value gets properly saved inside structure fields when hitting Cmd+S
• Calendar dropdown of date fields closes properly inside a structure field when focussing another field
• Throws proper error when passing not an object as step prop to inputs
• Fixed issue when only displaying year in date field
• Fixed issue with storing seconds in date/time fields
• Fixed timezone handling, removed introduction of UTC timezone pinning
• panel.favicon option now supports single string as value

return [
  'panel' => [
    'favicon' => 'assets/favicon.ico'
  ]
];

• Fixed passing null parameters in YAML parser to avoid deprecation warnings in PHP 8.1

♻️ Refactoring

• Explicit CSS data attr selectors for styling #4027
• Use https://vitest.dev for JS unit tests #4064
• Use more PHP arrow functions where it makes sense #4028
• Tweaks for $helpers and their unit tests #4057
• Update composer.json to Composer API 2.2 #4066
• Refactored Fiber class for better testability
• Removed outdated wait-on dependency #4094
• Refactored Spyc YAML parser
  • Removed mustangostang/spyc repository from composer
  • Moved Spyc class into /dependencies
  • Removed spyc_load(), spyc_load_file(), spyc_dump() functions
  • Removed enabling from command line
  • Added more PHP unit tests

3.6.1.1

🐛 Fixes

• PHP 8.1: Fix more arguments of built-in functions #4023
• Fix minor Prettier weirdnesses #4022
• Upgraded phpmailer #4021
• Fix HTTPS check in SystemView #4019
• Declare PHP 8.1 compatibility in composer definition #4017
• Upgraded Cypress #4010
• Upgraded claviska/simpleimage #4008
• Fixed plugins.js regression #1062

3.6.1

🎉 Features

• Support for PHP 8.1 #3979
• New system.exception hook that can be used to log an error or exception in a log file or via a service like Sentry #3952

✨ Enhancements

• Added Toolkit\Html::$inlineList with array of tags that are allowed in inline context #3884
• System view: Renamed the "SSL" status to "HTTPS" for clarity: #3960
• The blocks field now only shows the currently selected block options bar on nested blocks preview #3931
• The gallery block preview uses srcset for potentially smaller preview images
• router.php now allows the document root to be set manually #3963
• Improved line wrapping for title and info texts on card items #3949
• New Str::date($time, $format, $handler) method to format a timestamp as date string #3992
• Run npm run format during pre-commit hook. #3995
• The Kirby\Sane\Svg class now supports more attributes like xml:space and enable-background. #3982
• Kirby\Toolkit\Dom: Added support for the special xml: namespace
• Thumbs created with the ImageMagick driver now include the ICC color profile for better color accuracy. Note that this currently does not work for PNG images. #2537
• Updated translations (sv_SV, ko, is_IS, fi, es_ES, es_419, cs) Thank you to all our translators 💛

🐛 Fixes

• pages() helper does not throw deprecation warning for arrays as single parameter #3938
• Asset objects can be used as Panel preview images again #3933
• Fixed non-standard MIME type "application/force-download" header in Response::download() #3956
• Converting blocks from non-existing type (e.g. after renaming) doesn't throw an error #3962
• Item dropdown icon doesn't overlap downdown itself anymore #3966
• Panel::go() and other exceptions are supported in the panel.route:before hook #3964
• route:before and route:after hooks only get called for core routing calls #3951
• Str methods handle an empty $needle string #3459
• Fixed passing null as second parameter which is deprecated since PHP 8.0 #3975
• The empty writer field no longer contains paragraph #3943
• Fixed script-src warning when setting a CSP header with our nonce #3986
• Area dropdowns can now be created with a simple closure instead of defining a full route (as already advertised) #3970:

'dropdowns' => [
    'example' => function () {
        return [ ... ]
    }
]

• Fixed prop type check for number text in the button component #4000

♻️ Refactoring

• Use strip_tags with array of tags #3884
• Use PHP arrow functions #3886
• Switched to Optional chaining operator on Frontend #3908
• Refactored plugin loading JS #3937
• Use Prettier for consistent JS formatting #3812
• Use null coalescing assignment operator in PHP #3885
• Upgraded claviska/simpleimage dependency #3989
• Type hint for Iterator::getIterator() https://github.com/getkirby/kirby/pull/3991/files
• Upgraded NPM dependencies #3993
• Don't pass null to native functions that actually don't accept null but a specific type (string, int...). #3990
• Replaced true/punycode with symfony/polyfill-intl-idn dependency #3988

📈 Stats

• 111 commits
• 53 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @afbora
• @bastianallgeier
• @distantnative
• @fabianmichael
• @johannschopplich
• @lukasbestle
• @neildaniels
• @rasteiner
• @sebastiangreger
• @thathoff

3.6.0 – Jungle Calumma

We've prepared a special site for this release with all new features and changes:
https://getkirby.com/releases/3.6