3.7.0.2

🐛 Fixed bugs

• Url::query() and $uri->query() no longer return empty results #4446

3.7.0.1

🐛 Fixed bugs

• Image KirbyTag with caption doesn't trigger deprecation warning anymore #4435
• Files field - change button works again when uploads: false is set #4436

3.7.0 – Kinyongia

We've prepared a special site for this release with all new features and changes: https://getkirby.com/releases/3.7

📈 Stats

• 390 commits
• 107 closed issues and PRs

3.6.6

🎉 Features

• New A::random() and $collection->random() methods to get one or multiple random items from arrays and collections, optionally shuffled. Unless shuffled, the overall order of the returned items is kept. #4270
• Added support for getting multiple properties from Toolkit\Obj objects and derived objects, like so: #4268

$thing = new Obj(['one' => '👋', 'two' => 'Kirby']);

$properties = $thing->get(['one', 'three'], ['three' => 'fallback']);
// results in ['one' => '👋', 'three' => 'fallback']

✨ Enhancements

• When creating new instances of the Uri class, the params prop can now be set to false to treat colons/semicolons in the path as literals and not as param separators. This is useful for parsing external non-Kirby URIs. #2948
• Support returning blueprint file path in callback for programmable blueprints #4281

🐛 Fixes

• Panel redirects to non-origin URLs caused a network exception. They now trigger a full redirect instead of sending the Fiber request. #4280
• User blueprints can now use a callback (programmable blueprints) #4281

📈 Stats

• 22 commits
• 7 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @adamkiss
• @afbora
• @bastianallgeier
• @lukasbestle

3.6.5

🎉 Features

• New intl date handler (e.g. for date.handler config option) using the ICU date/time format syntax

// different ways to use it:
// passing format string
Str::date($time, 'M/d/yy', 'intl');
$page->myDateField()->toDate('M/d/yy');

// passing IntlDateFormatter instance
$formatter = new IntlDateFormatter(null, IntlDateFormatter::LONG, IntlDateFormatter::SHORT);
$page->myDateField()->toDate($formatter);

• New A::filter($array, $callback) method #4236
• New A::without($array, $keys) method #4236

✨ Enhancements

• Support for SQLite views in database classes #2799
• Removed development files from the production release #4251
• Panel: current tab is preserved when navigating to previous/next model https://kirby.nolt.io/412

🐛 Fixes

• Fixed list padding in the writer field #4254
• Fixed database pagination bug for $query->page() method #2738
• Fixed database $query->where() with callback duplicating the where queries #2831
• The Database class no longer generates an invalid insert command if the there's non-existent column data #4265
• When uploading the same file again (same filename, same content) an
  error is thrown when the assigned template doesn't match with the
  existing file #4076
• API responses now contain the Cache-Control: no-store header like other responses with an active session #4101
• The globally configured headers from $kirby->response() are now also respected when a route returns a full Response object #4101

📈 Stats

• 30 commits
• 18 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @adamkiss
• @afbora
• @bastianallgeier
• @distantnative
• @lukasbestle

3.6.4

✨ Enhancements

• Support for a model. entry for model queries (as placeholder alias for page., file., user. or site.), which allows a query syntax that can be shared between different model types
• Support for multiple extends at once in a blueprint:

fields:
  layout:
    type: layout
    label: Layout
    extends:
      - layout/layouts
      - layout/fieldsets
      - layout/settings

• Improve structure field columns on mobile #3638
• More consistency for fieldset options by introducing title as alias for name #4177
• Support label as new, better alternative to headlinefor sections #4194
• The license registration now directly calls the new hub server and no longer the old license server with a redirect.

🐛 Fixes

• Fixed extending top-level blueprint options #4217
• Fixed autofocus in picker dialogs search #3985
• Image and gallery blocks picker only shows images for selection #4189
• The title field value no longer disappears in the file view #4140
• Html::video() supports the allowfullscreen attribute again, used by YouTube #4212
• Fixed droppable files when disabled #4231
• Fixed fields section form content on multi language #2575
• Fixed text field converter prop for PHP 8.1 #4226
• Fixed uncaught type error in JS in views with a blocks field #4233
• Tabs now immediately get hidden behind "More" button on mobile #4230

📈 Stats

• 30 commits
• 28 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @afbora
• @bastianallgeier
• @distantnative

3.6.3.1

This release is a patch release for 3.6.3. We introduced a regression that broke parameters in URLs. I.e. https://example.com/blog/page:2 and thus also pagination and all kinds of URL filters based on such parameters.

3.6.3

UPDATE: Patch available

Unfortunately, we introduced a regression in this release that broke parameters in URLs. I.e. https://example.com/blog/page:2 and thus also pagination and all kinds of URL filters based on such parameters. A patch is now available: https://github.com/getkirby/kirby/releases/tag/3.6.3.1

🎉 Features

Allow list of secure URLs

Kirby auto-detects the base URL for your site unless you hard-code it in your config with the url option. This auto-detection is based on the your SERVER_NAME settings by default. This is totally safe unless your server is not correctly configured. In order to protect you from security issues with an insecure server configuration, you get more options to set allowed base URLs now. By default, the auto-detection will just work as before. Here are the new and existing options you have.

Auto-detected URL based on the SERVER_NAME

Just like before, you can just ignore the URL option or use the Server::HOST_FROM_SERVER constant to let Kirby find the correct base URL, based on the SERVER_NAME.

return [
];

// or

return [
  'url' => Server::HOST_FROM_SERVER
];

This can be combined with the new Server::HOST_ALLOW_EMPTY option to accept empty hostnames. This will lead to relative URLs i.e. /some-url for your installation:

return [
  'url' => Server::HOST_FROM_SERVER | Server::HOST_ALLOW_EMPTY
];

Hard-coded URL

You can also still set the base URL for your site. This will disable any form of auto-detection of URLs. But it also means that you might have to keep different versions for your local installation, staging and your production server.

return [
  'url' => 'https://example.com'
];

This also still works for relative URLs without a host.

return [
  'url' => '/'
];

URL allow list

With the new option to define a set of allowed base URLs, your Kirby installation will automatically pick the right one based on HTTP_HOST, HTTP_X_FORWARDED_HOST or SERVER_NAME (whatever is provided) and makes sure to send an error on an invalid hosts. This is perfect when you cannot fully trust your server configurations on various environments.

return [
  'url' => [
     'https://example.com',
     'https://staging.example.com',
     'http://example.test'
  ]
];

Wildcard option

If you fully trust your server setup, you can allow any host name coming from HTTP_HOST or HTTP_X_FORWARDED_HOST. This could be necessary in some situations, but is insecure if you don't know what you are doing with your server configuration.

return [
  'url' => Server::HOST_FROM_HEADER
];

Again, this can be combined with the Server::HOST_ALLOW_EMPTY option to allow the host name to be left empty. It will lead to relative URLs for your installation:

return [
  'url' => Server::HOST_FROM_HEADER | Server::HOST_ALLOW_EMPTY
];

✨ Enhancements

• Upgraded JS dependencies
• Switched to PSR-12 code style for PHP
• Improved table block preview #4096
• Supports $locale parameter in t() and tc() helpers #4160
• Updated PR template & contributing guidelines #4153
• More accessible style for the selected data in the calendar #4202
• Updated contributing.md #4197
• New license.md which replicates the license terms on our site
• contributing.md & readme.md are now back in the main directory of the repo instead of the .github subdirectory
• Improved imagemagick performance thanks to @silllli #4106
• Updated translations

🐛 Fixes

• Continues passing $inline parameter to Markdown component plugins #4127
• Fixed today’s date is no longer highlighted on date picker #4124
• Fix vertical alignment for today text in calendar #4205
• Fixed npm run dev #4134
• Fixed path ending with params separator #4138
• Focussing a k-button-link element in dropdown now works #4148
• Fixed copying of multiple blocks #4129
• Fixed removing multiple blocks #4131
• Fixed copying blocks with Writer preview in Chrome #3941
• Fixed table block throws error when value is empty #4164
• Fixed Kirby and PHPMailer differ in their $text initialisation which fails in PHP8.1 #4155
• Fixes javascript mime type detection in Mime class. #4174
• Fixed layout/reading direction for Korean and Esperanto #4159
• Overwriting the URL in the config is now correctly working in the Panel as well. #4185
• The new Environment class now checks for correct subfolder installations #4191
• Fixed inactive Whoops debugger when throwing an exception in the Environment class #4180
• Fixed Vimeo ID extraction thanks to @Basics09 #4187
• Fixed phpmailer message body empty exception #4183

📈 Stats

• 128 commits
• 49 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @afbora
• @Basics09
• @bastianallgeier
• @distantnative
• @lukasbestle
• @neildaniels
• @rasteiner
• @silllli
• @tasinttttttt
• @texnixe
• @sebastiangreger

3.6.2

🎉 Features

New date & time fields

The date and time fields have been a constant struggle in the past. We dedicated this release to fix various bugs and enhance the overall look and UX of those fields. Smart input parsing supports various date formats while writing or pasting dates. Navigate through parts of a date or time with tab and modify year, month, day, hour, minute and second with arrow keys. Combined with a new time dropdown, full support for am/pm, various display options and other features, the new fields are a major step ahead.

dates.mp4

Alternate stylesheet support

You can now add rel="alternate stylesheet" in the css() helper #4099

css('assets/css/index.css', ['rel' => 'alternate stylesheet', 'title' => 'High contrast']);

New markdown safe mode

The markdown parser now supports a safe mode, which escapes any custom HTML, while still parsing markdown correctly. Safe mode can now be enabled like this:

// helpers
kirbytext($text, [
  'markdown' => [
    'safe' => true
  ]
]);

kirbytextInline($text, [
  'markdown' => [
    'safe' => true
  ]
]);

markdown($text, [
   'safe' => true
]);

// field methods
$page->text()->kirbytext([
  'markdown' => [
    'safe' => true
  ]
]);

$page->text()->kirbytextInline([
  'markdown' => [
    'safe' => true
  ]
]);

$page->text()->markdown([
   'safe' => true
]);

The safe mode is now also available as global markdown setting:

<?php

// config.php
return [
  'markdown' => [
    'safe' => true
  ]
];

New Fiber dialog features

There are new options to define custom submit and cancel handlers for Fiber dialogs

// short version
this.$dialog('some/dialog', ({ dialog, value }) => { 
  // custom submit handler 
});

// in options
this.$dialog('some/dialog', {
  cancel: () => {
    // custom cancel handler
  },
  submit: ({ dialog, value }) => { 
    // custom submit handler 
  }
});

Dialogs can now also be defined synchronously instead of loading them from the server.

this.$dialog({
  component: 'k-remove-dialog', 
  props: {
    text: 'Do you really want to delete this entry?'
  },
  cancel: () => {
    // custom cancel handler
  },
  submit: ({ dialog, value }) => { 
    // custom submit handler 
  }
});

New Kirby\Toolkit\Date class #4040

• extension for PHP's DateTime class
• helps with all kinds of date and time related tasks
• is now used by our date and time fields and the timestamp() helper
• New iso plugin for dayjs to parse and format ISO date/time/datetime strings

New slug transliteration rules for Inuktitut syllabics

Thanks to @PaulMorel for his support: #4091

✨Enhancements

• Add missing locale parameter to Cms\File::niceSize, Cms\Files::niceSize() and Filesystem\Dir::niceSize() #4045
• Adds several dayjs plugins for handle logic that we will need for refactoring the dates and time fields #4036:
  • a.merge(n, "time"): merges a defined part (date or time) of dayjs object b into dayjs object a
  • dayjs.pattern('YYYY-MM-DD"): class that supports analysing and interpreting a specific dayjs format pattern
  • dayjs.round("minute", 5): method to round current dayjs object to nearest step (unit and size)
  • dayjs.units(is12h): a map between units and dayjs tokens given 12/24h clock
  • dayjs.validate(): helper to validate a current dayjs object against a min/max boundary
  • `dayjs.interpret('12.02.2020'): to convert an array of date input formats to a dayjs object
• The JSON unexpected error message is now translatable #4081
• New this.$fiber global in Vue
• Shell arguments that get passed to ImageMagick are now individually escaped #4109

🐛 Fixes

• Various date and time field fixes
  • Fix computed separator in date field #3946
  • Improved input rules
  • Better tabbing
  • Fixed typing issues
  • Dozens of unit and e2e tests
  • Fixed display of date & time in narrow columns
  • Fixed previews for time and date fields in structures
  • Fixed CSS for the date field to wrap more reliably #4118
  • The calendar dropdown of date fields closes properly inside a structure field when focussing another field
  • Date field value gets properly saved inside structure fields when hitting Cmd+S
  • Fixed issue when only displaying year in date field
  • Fixed issue with storing seconds in date/time fields
  • Fixed timezone handling, removed introduction of UTC timezone pinning
  • Throws proper error when passing not an object as step prop to inputs
• Avoid gender star issues with italic markdown shortcuts #4112
• Fixed passing null to parameter to is_file() function in Tpl::load() method on PHP 8.1 #4032
• No longer throws deprecation warning passing null to Str functions
• No longer throws deprecation warning implicit float to int conversion when scaling dimensions for an SVG
• Creating the user no longer collides with the content language in multi-language setups #4050
• Fixed calling url() helper throws deprecation warning with PHP 8.1 #4047
• Enabling link in pages, files and users fields works correctly again #4062
• Fixed changing slug with unsaved changes leads to Panel error #4006
• Fixed selected tab when switching languages #4071
• Fixed image back option with html color names that start with 'light' don't apply #4073
• Fixed $page->prevUnlisted() returns wrong collection item #4086
• Fixed redirects in fetch requests to non-fiber resources: #4084
• No longer uses POST requests for dropdowns: #4083
• Fixed z-index issue for in dropdowns #4072
• Fixed string type check warning in Page::findById() in PHP 8.1 #4119
• Fixed passing null parameters in YAML parser to avoid deprecation warnings in PHP 8.1
• panel.favicon option now supports single string as value

return [
  'panel' => [
    'favicon' => 'assets/favicon.ico'
  ]
];

♻️ Refactoring

• Explicit CSS data attr selectors for styling #4027
• We now use https://vitest.dev for JS unit tests #4064
  • CI integration
  • First component tests #4069
  • Tweaks for $helpers and their unit tests #4057
• We use more PHP 7.4 arrow functions where it makes sense #4028
• Update composer.json to Composer API 2.2 #4066
• Refactored Fiber class for better testability and added additional unit tests
• Removed outdated wait-on dependency #4094
• Refactored Spyc YAML parser
  • Removed mustangostang/spyc repository from composer
  • Moved Spyc class into /dependencies
  • Removed spyc_load(), spyc_load_file(), spyc_dump() functions
  • Removed enabling from command line
  • Added more PHP unit tests

📈 Stats

• 253 commits
• 69 closed issues and PRs

👨‍💻 Contributors

(in alphabetical order)

• @afbora
• @bastianallgeier
• @damiendart
• @DavidBroz
• @distantnative
• @lukasbestle
• @neildaniels
• @sebastiangreger
• @PaulMorel
• @pReya
• @tobiastom

3.6.2-rc.3

🐛 Fixes

• Fixed z-index issue for in dropdowns #4072
• Fixed string type check warning in Page::findById() in PHP 8.1 #4119
• Fixed CSS for the date field to wrap more reliably #4118