A multilingual, extensible, community oriented CMS developed in PHP

Overview

license GitHub release GitHub tag (latest SemVer pre-release) Test Coverage Maintainability Twitter Follow FaceBook Slack

ImpressCMS is a community developed Content Management System. With this tool maintaining the content of a website becomes as easy as writing a word document. ImpressCMS is the ideal tool for a wide range of users: from business to community users, from large enterprises to people who want a simple, easy to use blogging tool.

ImpressCMS has these features:

πŸ“¦ Modules support
Website content is managed by separate content modules/web applications. Simply install the module which has the features you need: a news module, forum module, photo album module, there are many many third party modules to choose from.
πŸ—ƒοΈ Database-driven
ImpressCMS uses a database to store the data required for running your ImpressCMS site. MySQL and MariaDB is currently supported. Support for other DBMS's is coming soon.
🌈 Theme-based skinnable interface
ImpressCMS is driven by a powerful theme system. Both admins and users can change the look of the entire web site with just a click of a mouse. There are also hundreds of quality themes available for download!
πŸ‘₯ Versatile Group Permissions System
Powerful and user-friendly permissions system which enables administrators to set permissions by group for any registered or all anoymous users.
🌐 Multi-byte Language Support
Fully supports multi-byte languages, including Japanese, Simplified and Traditional Chinese, Korean, etc.

What can you do with it?

ImpressCMS can be used for many types of web sites. The system is highly scalable and it can be used for example as an intranet for a company with 20,000 employees as well as for building a simple 5-page website for the promotion of your company. The system is extremely useful for managing online communities because it has the ability to create user groups and assign permissions for managing content to each different group.

For each type of website ImpressCMS offers different functionality with a collection of free modules that are available on https://www.impresscms.org/modules/downloads/. A few examples of what you can do with them:

  • Publish news of your organization
  • Let visitors contact you through a state of the art customizable contact form
  • Create and manage articles
  • Add a forum to your site
  • Sell products through your web site using an online store
  • ...and many more

Installation

To install and use this package, we recommend to use Composer:

composer create-project -s dev impresscms/impresscms

More detailed installation instructions are available on the ImpressCMS site

Do you need any help?

You can find our official documentation at our wiki.

Also, help could be found on our official forums.

How to contribute?

Open an issue or send us a pull request

All development for 2.0 version happens on the master branch, so it is always the most up-to-date.

If you are going to be submitting a pull request, please branch from master, and submit your pull request back to same branch.

License

FOSSA Status ImpressCMS is licensed right now in GPL 2.0 license but is depended on libraries that uses other compatible open source licenses.

Quick summary what GPL 2.0 really means can be found at TLDRLegal website.

We use FOSSA to detect if there are any incompatibilities and if there is any solve them. The graphic on the right is used to iliustrate what licenses are used when project is installed.

Comments
  • How ICMS 2.0 should manage front-end assets?

    How ICMS 2.0 should manage front-end assets?

    We have composer for all PHP libraries, but what about front-end libraries like jquery? What we should use?

    From what I know, we have right now two main options with few suboptions:

    1. Use composer for that: a) fxp/composer-asset-plugin - most popular variant, however it needs to be installed globally on the server b) beelab/bowerphp - doesn't need global install, but doesn't work with all assets and also only bower, which looses popularity c) foxy/foxy - acts more like proxy between composer and npm
    2. Use native like many standalone networks does. I think this is most elegant way however I'm not sure how to make possibility to add it easy into modules. And another problem - not every shared hosting has preinstalled such tool.
    enhancement question stale 
    opened by MekDrop 16
  • form elements should be constructed from a template, and not in-code

    form elements should be constructed from a template, and not in-code

    The calendar uses javascript that dates back to 2005. We need to have an updated implementation, that can be configured to integrate with the choice of front-end technology (jquery, bootstrap, material, react, angular, ...). Most calender implementations use javascript, so if we can define the output that or calendar will give, to integrate easier in the frontend technology, that will be great. Different plugins handled by composer can be an option : a plugin 'impresscms-plugin-calendar-bootstrap3', that handles (in PHP) the inclusion of the correct files, and also the generation of the specific html and javascript code to run the calendar.

    enhancement stale 
    opened by fiammybe 15
  • Routes defined in composer.json

    Routes defined in composer.json

    From now is possible to define routes in composer.json extra section.

    Every route must have a handler and path defined. All handlers should be defined in CONTROLLERCLASS::METHOD format. It's callable that returns \Psr\Http\Message\ResponseInterface. Paths defines how route will be accessed from browser.

    Example of such definition

    [
         {
            "path": "/error.php",
            "handler": "\\ImpressCMS\\Core\\Controllers\\DefaultController::getError"
          }
    ]
    

    Every route can also have such defined options:

    • method - HTTP method used for accessing this route (default GET)
    • port - One or more ports list for this route
    • host - One or more host list to be used with this route
    • scheme - HTTP or HTTPS?
    • strategy - json or app (default app). See https://route.thephpleague.com/4.x/strategies/
    • middlewares - list of middleware classes (all middleware classes must be registered in container first) to be used with this route

    For old modules there is already predefined LegacyController that is registered for most active modules files.

    Probably speed should be improved before release.

    enhancement composer 
    opened by MekDrop 14
  • Added ping to extend sessions automatically

    Added ping to extend sessions automatically

    At current moment ImpressCMS doesn't automatically extends session if you leave your computer or browser tab for some time. This will helps users for such case. This could also help when you writing some big documents. From now sessions are extended automatically by periodically pinging server with ajax requests.

    In future I think it would be cool it could work with websockets too - but at current moment I think it would be good enough for us.

    enhancement 
    opened by MekDrop 13
  • I can not install Alpha 6 - why is that?

    I can not install Alpha 6 - why is that?

    Hello Developers,

    I can not install Alpha 6 on root server. I have the directory /htdocs in the root directory and this I surf in the browser. It will probably then forward to /install.

    Unfortunately, the server only shows errors and no installation routine.

    What am I doing wrong?

    Is it possibly due to the .htaccess file?

    Thanks in advance.

    bug question 
    opened by ghost 12
  • Stored XSS on ImpressCMS 1.4.0

    Stored XSS on ImpressCMS 1.4.0

    Payload =

    Vulnerable URL :modules/system/admin.php?fct=adsense&op=mod&adsenseid=4 Vulnerable TextBar : ID of the [adsense tag to display this ad]

    Vulnerable URL :/modules/system/admin.php?fct=customtag&op=mod Vulnerable TextBar : Name

    Reference https://medium.com/@tehwinsam/impresscms-1-4-0-3aaf1825e6d5

    bug security vulnerability 
    opened by Applebois 11
  • Fatal error during installation at page_tablescreate.php

    Fatal error during installation at page_tablescreate.php

    Describe the bug

    Uncaught exception Message: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'rank smallint(5) unsigned NOT NULL default '0', level varchar(3) NOT NULL defa' at line 16 Code: 42000 File: /var/www/html/dev/vendor/aura/sql/src/AbstractExtendedPdo.php Line: 649 Trace:

    #0 /var/www/html/dev/vendor/aura/sql/src/AbstractExtendedPdo.php(649): PDO->query('CREATE TABLE de...') #1 /var/www/html/dev/libraries/icms/db/Connection.php(53): Aura\Sql\AbstractExtendedPdo->query('CREATE TABLE de...') #2 /var/www/html/dev/htdocs/install/class/dbmanager.php(96): icms_db_Connection->query('CREATE TABLE de...') #3 /var/www/html/dev/htdocs/install/page_tablescreate.php(61): db_manager->queryFromFile('./sql/mysql.str...') #4 {main}

    To Reproduce

    Steps to reproduce the behavior:

    1. Fresh installation
    2. composer install from the root
    3. proceed through the installation until you reach page_tablescreate

    Expected behavior

    Tables get added to the database

    Screenshots

    If applicable, add screenshots to help explain your problem.

    Server

    • PHP version: 7.3.11-0ubuntu0.19.10.1
    • PHP is 32/64bit: 64
    • HTTP Server : Apache
    • HTTP Server version: Apache/2.4.41 (Ubuntu)
    • HTTP Server is 32/64 bit: 64

    Desktop (please complete the following information):

    • OS: [e.g. iOS] Ubuntu 19.10
    • Browser Firefox
    • Version 71.0 (64-bit)
    bug 
    opened by skenow 10
  • Db fixes for installer php 7.0+

    Db fixes for installer php 7.0+

    Fixes #79 and also some related bugs.

    Protector module was removed from installer because it uses many lines with old mysql + icms 2.0 runs with new properties system that can replace at least all things about database protection. But otherwise we need to find newer solutions for things that protector was used.

    bug 
    opened by MekDrop 10
  • feature/863-composer-autoloader

    feature/863-composer-autoloader

    Replace the homegrown ImpressCMS autoloader with the composer one. No other integration of external libraries as of yet, those will need to be done in different tickets.

    opened by fiammybe 10
  • Added exception handler

    Added exception handler

    This will help easier to figure out what a blank page really means.

    Example screen: image

    P.S.: syntax exceptions are handled >= 7.0; 5.6 handles most others; If exception happens before logger initialization also would not be handled in such way.

    bug 
    opened by MekDrop 9
  • Include new editor CKEditor as option

    Include new editor CKEditor as option

    Describe the bug

    The current default editor is the old and rusty HTML editor. Other options are FCK editor, which is ancient as well. Upgrade this please!

    To Reproduce

    Create content

    Expected behavior

    The base editor is the CKEditor

    enhancement 
    opened by fiammybe 9
  • undefined constant in PHP 8 on install/page_tablesfill.php page

    undefined constant in PHP 8 on install/page_tablesfill.php page

    Describe the bug

    Running the installer, I get a undefined constant error (since PHP 8.0) on the install/page_tablesfill.php page

    This page cannot be displayed due to an internal error.
    
    You can provide the following information to the administrators of this site to help them solve the problem:
    
    Error: Undefined constant "_CO_ICMS_WARNING_FINAL"
    
    File: C:\xampp80\htdocs\150final\modules\system\icms_version.php
    Line: 71
    Backtrace:
    /install/makedata.php (110)
    /install/page_tablesfill.php (66)
    

    To Reproduce

    Steps to reproduce the behavior:

    1. Just follow the installation steps on a PHP 8.0 installation
    2. See error

    Expected behavior

    This constant is defined, so we don't get the error

    blocking 
    opened by fiammybe 0
  • cloning a template set results in an error

    cloning a template set results in an error

    When I clone a template set, that results in the following error :

    Fatal error: Uncaught PDOException: SQLSTATE[23000]: Integrity constraint violation: 1048 Column 'tplset_desc' cannot be null in /home/impresseu/domains/impresscms.eu/vendor/aura/sql/src/AbstractExtendedPdo.php:558 Stack trace: #0 /home/impresseu/domains/impresscms.eu/vendor/aura/sql/src/AbstractExtendedPdo.php(558): PDOStatement->execute() #1 /home/impresseu/domains/impresscms.eu/core/Models/AbstractExtendedHandler.php(1078): Aura\Sql\AbstractExtendedPdo->perform('INSERT INTO `i4...', Array) #2 /home/impresseu/domains/impresscms.eu/core/Models/AbstractExtendedHandler.php(984): ImpressCMS\Core\Models\AbstractExtendedHandler->doInsert(Array) #3 /home/impresseu/domains/impresscms.eu/core/Models/AbstractExtendedHandler.php(1202): ImpressCMS\Core\Models\AbstractExtendedHandler->save(Array, false) #4 /home/impresseu/domains/impresscms.eu/modules/system/admin/tplsets.php(491): ImpressCMS\Core\Models\AbstractExtendedHandler->insert(Object(ImpressCMS\Core\Models\TemplateSet)) #5 /home/impresseu/domains/impresscms.eu/modules/syste in /home/impresseu/domains/impresscms.eu/vendor/aura/sql/src/AbstractExtendedPdo.php on line 558

    bug 
    opened by fiammybe 2
  • All pages return 302 instead of the expected 200

    All pages return 302 instead of the expected 200

    Describe the bug

    All the pages on a 2.0 site return the code 302 (found), instead of the correct code 200. This is not only incorrect, it also creates problems for monitoring tools that consider a site that doesn't return a 200 code as being down or in trouble.

    the issue is present on https://www.impresscms.eu

    bug 
    opened by fiammybe 1
  • Forms should not be hard-coded to generate html tables

    Forms should not be hard-coded to generate html tables

    When building the bulma theme, I was trying to generate a form following the bulma way of working, by adapting the system_common_form.html and system_default_form.html templates. Nothing happened. Looking into the icms library code, the render procedures of the icms_form_Theme and the icms_form_Simple classes simply generate hardcoded HTML tables with the element data. These procedures should be updated to make use of the Smarty templates that are available.

    enhancement 
    opened by fiammybe 7
Releases(v1.5.0-rc)
  • v1.5.0-rc(Nov 13, 2022)

    What's Changed

    • Prepare the documentation for 1.5.0 by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1215
    • Updated branch references & readme by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/1223
    • Delete htdocs/editors/tinymce directory by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1273
    • Remove openid by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1274
    • align syntax of DB interface and mysql implementation with PDO by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1287
    • prepare for 1.5.0 beta by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1286
    • Fix mailuser by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1288
    • Cleanup all deprecated files and functions in the core by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1320
    • Fixes DB interfaces incompatibilies between different PHP versions by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/1321
    • Fixes DB crash if DB encoding value is empty by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/1322
    • Fix: notice undefined index utf8 in htdocs/install/page_dbsettings.php on line 138 by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/1323
    • Remove get_magic_quotes_gpc calls by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/1327
    • Cookie hardening by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1331
    • removing files from previous versions that are no longer there by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1330

    Full Changelog: https://github.com/ImpressCMS/impresscms/compare/v1.4.4...v1.5.0-rc

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.5.0-beta(Oct 1, 2022)

    The 1.5 branch will move to support PHP 7.4 and PHP 8.0, alongside support for MySQL 8. We also did some housekeeping by removing rarely-used external parts such as the OpenID login or the outdated TinyMCE integration.

    What's Changed

    • Prepare the documentation for 1.5.0 by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1215
    • Updated branch references & readme by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/1223
    • Remove TinyMCE by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1273
    • Remove openid by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1274
    • align syntax of DB interface and mysql implementation with PDO by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1287
    • prepare for 1.5.0 beta by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1286
    • Fix mailuser by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1288

    Full Changelog: https://github.com/ImpressCMS/impresscms/compare/v1.4.4...v1.5.0-beta

    Source code(tar.gz)
    Source code(zip)
  • v1.4.4(Mar 9, 2022)

    What's Changed

    • Applying the filters to inner elements of arrays by @skenow in https://github.com/ImpressCMS/impresscms/pull/1162
    • Additional input filtering - mailusers, findusers, checkVarArray inner elements by @skenow in https://github.com/ImpressCMS/impresscms/pull/1163
    • Filtering updates for blocksadmin and mailusers by @skenow in https://github.com/ImpressCMS/impresscms/pull/1164
    • Prepare 1.4.4 by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1171

    Full Changelog: https://github.com/ImpressCMS/impresscms/compare/v1.4.3...v1.4.4

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
    impresscms_1.4.4.zip(23.01 MB)
  • v1.4.3(Feb 5, 2022)

    What's Changed

    • Fixed some warnings and notices in installer for newer PHP versions by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/882
    • Protector get_magic_quotes_gpc fix for php 7.4 by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/884
    • Smiles in misc.php now are escaped by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/890
    • Fix "#881 trying to send mails with SMTP auth gives missing smtp class" by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/889
    • Added exception handler by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/888
    • Fixed bug when handlers from module separate files cant be loaded by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/887
    • Fixes 'Notice: Only variables should be passed by reference in /home/vagrant/impresscms/htdocs/libraries/icms/config/Handler.php on line 237' by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/886
    • Fixed bug when admin menu can't regenerate when module folder is removed before uninstalling by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/897
    • Fixed syntax error in include/registerform.php by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/896
    • fix vulnerability in autoloader by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/913
    • block path traversal in image editor, transform .. to _ by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/915
    • Fixes/ipf table filtering - limitsel missing POST value by @skenow in https://github.com/ImpressCMS/impresscms/pull/937
    • Adjusted template file inclusion for correct path. Fixes #603 by @skenow in https://github.com/ImpressCMS/impresscms/pull/944
    • Increase input sanitizing for system module and submodules by @skenow in https://github.com/ImpressCMS/impresscms/pull/943
    • Dev/jquery inclusion by @skenow in https://github.com/ImpressCMS/impresscms/pull/935
    • Fix for modules admin; user language files - fix #948 by @skenow in https://github.com/ImpressCMS/impresscms/pull/949
    • Update release_notes.md by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1058
    • Added filtering to the input in setSortOrder in icms_ipf_table by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/966
    • filter url variable in findusers.php by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/967
    • Remove the old FCKEditor - no longer supported by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/833
    • add CKEditor 4.17.1 by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1095
    • Protector updates - PHP8 compatibility, update and remove legacy code by @skenow in https://github.com/ImpressCMS/impresscms/pull/1098
    • Preparations for the 1.4.3 RC release by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1099
    • Add a default parameter to addSlashes by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1108
    • Improvements in findusers logic and filtering by @skenow in https://github.com/ImpressCMS/impresscms/pull/1110
    • Undefined language constants for CKeditor in general preferences by @skenow in https://github.com/ImpressCMS/impresscms/pull/1111
    • Accept token for valid users only by @skenow in https://github.com/ImpressCMS/impresscms/pull/1115
    • User cookie could be contaminated - filter added by @skenow in https://github.com/ImpressCMS/impresscms/pull/1117
    • Protector enhancements and added security by @skenow in https://github.com/ImpressCMS/impresscms/pull/1118
    • Prepare 1.4.3 RC2 release by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1109
    • Making sure protector gets installed during the site installation by @skenow in https://github.com/ImpressCMS/impresscms/pull/1137
    • Changing filter method for request_uri to filter_sanitize_string by @skenow in https://github.com/ImpressCMS/impresscms/pull/1136
    • Fix for information displayed in protector admin and debug console by @skenow in https://github.com/ImpressCMS/impresscms/pull/1154
    • release 1.4.3 by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1155

    Full Changelog: https://github.com/ImpressCMS/impresscms/compare/v1.4.2...v1.4.3

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.4.3-rc2(Jan 12, 2022)

    What's Changed

    • Fixed some warnings and notices in installer for newer PHP versions by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/882
    • Protector get_magic_quotes_gpc fix for php 7.4 by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/884
    • Smiles in misc.php now are escaped by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/890
    • Fix "#881 trying to send mails with SMTP auth gives missing smtp class" by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/889
    • Added exception handler by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/888
    • Fixed bug when handlers from module separate files cant be loaded by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/887
    • Fixes 'Notice: Only variables should be passed by reference in /home/vagrant/impresscms/htdocs/libraries/icms/config/Handler.php on line 237' by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/886
    • Fixed bug when admin menu can't regenerate when module folder is removed before uninstalling by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/897
    • Fixed syntax error in include/registerform.php by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/896
    • fix vulnerability in autoloader by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/913
    • block path traversal in image editor, transform .. to _ by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/915
    • Fixes/ipf table filtering - limitsel missing POST value by @skenow in https://github.com/ImpressCMS/impresscms/pull/937
    • Adjusted template file inclusion for correct path. Fixes #603 by @skenow in https://github.com/ImpressCMS/impresscms/pull/944
    • Increase input sanitizing for system module and submodules by @skenow in https://github.com/ImpressCMS/impresscms/pull/943
    • Dev/jquery inclusion by @skenow in https://github.com/ImpressCMS/impresscms/pull/935
    • Fix for modules admin; user language files - fix #948 by @skenow in https://github.com/ImpressCMS/impresscms/pull/949
    • Update release_notes.md by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1058
    • Added filtering to the input in setSortOrder in icms_ipf_table by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/966
    • filter url variable in findusers.php by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/967
    • Remove the old FCKEditor - no longer supported by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/833
    • add CKEditor 4.17.1 by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1095
    • Protector updates - PHP8 compatibility, update and remove legacy code by @skenow in https://github.com/ImpressCMS/impresscms/pull/1098
    • Preparations for the 1.4.3 RC release by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1099
    • Add a default parameter to addSlashes by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1108
    • Improvements in findusers logic and filtering by @skenow in https://github.com/ImpressCMS/impresscms/pull/1110
    • Undefined language constants for CKeditor in general preferences by @skenow in https://github.com/ImpressCMS/impresscms/pull/1111
    • Accept token for valid users only by @skenow in https://github.com/ImpressCMS/impresscms/pull/1115
    • User cookie could be contaminated - filter added by @skenow in https://github.com/ImpressCMS/impresscms/pull/1117
    • Protector enhancements and added security by @skenow in https://github.com/ImpressCMS/impresscms/pull/1118
    • Prepare 1.4.3 RC2 release by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1109

    Full Changelog: https://github.com/ImpressCMS/impresscms/compare/v1.4.2...v1.4.3-rc2

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v2.0.0-alpha.12(Jan 19, 2022)

    What's Changed

    πŸš€ Features

    • Themes installed as composer dependencies @MekDrop (#1106)
    • Added posibility to specify default block weight, position and visibility @MekDrop (#1105)
    • Enable migrations for modules in module installer/updating/removing @MekDrop (#1104)
    • RedirectResponse now can be used for same things as redirect_header @MekDrop (#1092)
    • Move content.php to content module @MekDrop (#1082)
    • Misc.php as controller @MekDrop (#1080)
    • Rewrite admin.php as controller @MekDrop (#1079)
    • Add smarty url function @MekDrop (#1078)
    • Replaced league router with sunrise http router @MekDrop (#1077)
    • Install system module from composer @MekDrop (#1075)
    • Rewritten privpolicy.php with controller @MekDrop (#1071)
    • Corrected DataFilter class usage @MekDrop (#1070)
    • image.php rewritten as controller action @MekDrop (#1068)
    • PHP 8.0 & PHP 8.1 support @MekDrop (#1053)

    πŸ› Bug Fixes

    • Fixed incorrect urls for PageNav generated links @MekDrop (#1107)
    • Enable migrations for modules in module installer/updating/removing @MekDrop (#1104)
    • Fixed module block titles/names from constants resolving @MekDrop (#1103)
    • Fixes few issues with page_modulesinstall.php for installer @MekDrop (#1102)
    • Add IcmsPersistableController to legacy class resolving map @MekDrop (#1101)
    • Remove few system module services that was previously defined in core @MekDrop (#1093)
    • Fixes system module upgrading from installer @MekDrop (#1091)
    • Fixes some old class references resolving for some older modules @MekDrop (#1087)
    • Fixes crash when not correct order comes from user data for table @MekDrop (#1086)
    • Fixed namespaces issues for never PHP in footer.php and header.php @MekDrop (#1083)
    • Fixed legacy url index.php resolving when they are described as paths @MekDrop (#1084)
    • Use new version imponeer/smarty-db-resource @MekDrop (#1013)
    • Corrected DataFilter class usage @MekDrop (#1070)
    • Fixed crashing translator when translation folder contains index file @MekDrop (#1072)
    • Fixed bug when HTTP headers for modules that doesn't use controllers where stripped @MekDrop (#1061)
    • Fixed media uploader sizes checks when there is no limit set @MekDrop (#1069)
    • image.php rewritten as controller action @MekDrop (#1068)
    • Fixed 'Class "ImpressCMS\Core\Database\Legacy\Updater\ReflectionClass" not found' bug @MekDrop (#1066)
    • Fixed fatal error (PHP 8.x) when config item doesn't have a description @MekDrop (#1067)
    • Fixed bug when legacy module crashed due translations constants not loaded at correct time @MekDrop (#1065)
    • Fixed rights check for legacy URL modules @MekDrop (#1064)
    • Fixed module model resolving to be able to work with PHP 8.x @MekDrop (#1063)
    • Fixed module submenu counting bug for PHP 8.x @MekDrop (#1062)
    • Fixed bug when version getting failed for never PHP in system admin @MekDrop (#1060)
    • Fixed translation loading for module admin menus @MekDrop (#1059)
    • PHP 8.0 & PHP 8.1 support @MekDrop (#1053)

    🧰 Maintenance

    • Bump .homestead from 9cbb84c to 6dd850d @dependabot (#1116)
    • Bump .homestead from 56650de to 9cbb84c @dependabot (#1097)
    • Bump actions/cache from 2.1.6 to 2.1.7 @dependabot (#1094)
    • Add smarty url function @MekDrop (#1078)
    • Bump .homestead from ee603d7 to 56650de @dependabot (#1076)

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.4.3-rc(Dec 5, 2021)

    What's Changed

    • Fixed some warnings and notices in installer for newer PHP versions by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/882
    • Protector get_magic_quotes_gpc fix for php 7.4 by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/884
    • Smiles in misc.php now are escaped by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/890
    • Fix "#881 trying to send mails with SMTP auth gives missing smtp class" by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/889
    • Added exception handler by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/888
    • Fixed bug when handlers from module separate files cant be loaded by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/887
    • Fixes 'Notice: Only variables should be passed by reference in /home/vagrant/impresscms/htdocs/libraries/icms/config/Handler.php on line 237' by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/886
    • Fixed bug when admin menu can't regenerate when module folder is removed before uninstalling by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/897
    • Fixed syntax error in include/registerform.php by @MekDrop in https://github.com/ImpressCMS/impresscms/pull/896
    • fix vulnerability in autoloader by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/913
    • block path traversal in image editor, transform .. to _ by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/915
    • Fixes/ipf table filtering - limitsel missing POST value by @skenow in https://github.com/ImpressCMS/impresscms/pull/937
    • Adjusted template file inclusion for correct path. Fixes #603 by @skenow in https://github.com/ImpressCMS/impresscms/pull/944
    • Increase input sanitizing for system module and submodules by @skenow in https://github.com/ImpressCMS/impresscms/pull/943
    • Dev/jquery inclusion by @skenow in https://github.com/ImpressCMS/impresscms/pull/935
    • Fix for modules admin; user language files - fix #948 by @skenow in https://github.com/ImpressCMS/impresscms/pull/949
    • Update release_notes.md by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1058
    • Added filtering to the input in setSortOrder in icms_ipf_table by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/966
    • filter url variable in findusers.php by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/967
    • Remove the old FCKEditor - no longer supported by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/833
    • add CKEditor 4.17.1 by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1095
    • Protector updates - PHP8 compatibility, update and remove legacy code by @skenow in https://github.com/ImpressCMS/impresscms/pull/1098
    • Preparations for the 1.4.3 RC release by @fiammybe in https://github.com/ImpressCMS/impresscms/pull/1099

    Full Changelog: https://github.com/ImpressCMS/impresscms/compare/v1.4.2...v1.4.3-rc

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v2.0.0_alpha_11(Oct 16, 2021)

    What's Changed

    πŸš€ Features

    • Added ImpressCMS/codemirror-integration to default installation & fixed installer bug for installing from there @MekDrop (#1051)
    • Added asset-packagist repo to composer for installing frontend assets as composer packages (if there is a need) @MekDrop (#1019)
    • Added phpseclib/bcmath_compat to make it possible to install without bcmath extension @MekDrop (#1000)
    • Remove all editors from core @MekDrop (#800)
    • PARTIAL use editor contracts from imponeer to make editors plugable @MekDrop (#1007)
    • Do not show module version for unreleased modules in modules admin @MekDrop (#1012)
    • Available modules list function now uses module describers @MekDrop (#1011)
    • Added possibility for module to copy assets from vendor/ @MekDrop (#1005)
    • Use criteria lib from Imponeer @MekDrop (#927)
    • Using Composer 2.x API for internal operations @MekDrop (#796)
    • Most of Smarty plugins now implemented as composer libraries from @imponeer + xoops_link smarty function removed @MekDrop (#919)
    • add install instructions to readme for 2.0 @fiammybe (#917)
    • Added smarty 'trans' block and 'trans' variable modifier for translations @MekDrop (#874)
    • Added ping to extend sessions automatically @MekDrop (#869)
    • Fix/Improvement for cases when a theme was selected but than removed @MekDrop (#855)
    • Removed reflex theme from core @MekDrop (#854)
    • Site closed view functionality as dynamic SiteClosedMiddleware @MekDrop (#725)
    • Code about multi_login moved from common.php into separate HTTP Middlware @MekDrop (#724)
    • Session moved from container to middleware + theme changing now from HTTP middleware @MekDrop (#723)
    • Added possibility to describe themes (also support for composer themes!) @MekDrop (#770)
    • Added possibility to load modules definitions from different type of info files (like icms_version.php or composer.json) @MekDrop (#768)
    • Smarty plugins can now be defined as services in container @MekDrop (#752)
    • System waiting block is now can be expanded with services defined in container @MekDrop (#750)
    • Upgraded middlewares/referrer-spam to 2.0.2 for PHP 8.0 and Composer 2.0 supporr @MekDrop (#826)
    • Replace "ICMS_URL . '/modules/' -> ICMS_MODULES_URL . '/'" and "ICMS_ROOT_PATH . '/modules/' -> ICMS_MODULES_PATH . '/'" @MekDrop (#749)
    • Using properties instead of setVar when setting database object properties everywhere where is possible @MekDrop (#745)
    • Added new translator service @MekDrop (#801)
    • Use league/mime-type-detection for dealing with mimetype detection & deprecated icms_Utils @MekDrop (#738)
    • Using object property instead of getVar everywhere where is possible @MekDrop (#744)
    • Fixed #733: Rename using the proper naming convention (This is a public var) @MekDrop (#736)
    • Removed some old openid related code + migration to update openid related fields @MekDrop (#747)
    • Added Roave Security Advisories to composer [dev] @MekDrop (#742)
    • Encrypt cookies automatically with middleware if such preference is set @MekDrop (#740)
    • Timers visible as Server-Timing header (using HTTP Middleware) @MekDrop (#727)
    • Messengers fields from user settings where removed @MekDrop (#746)
    • Fixed 'Rename using the proper naming convention (this is a public var)' for #731 @MekDrop (#737)
    • Removed old style redirect @MekDrop (#726)
    • Using FireWall middleware for bad ips checking instead of Security class @MekDrop (#720)
    • Replaced DB_SALT env variable with APP_KEY @MekDrop (#739)
    • Removes textsanitizer plugins and default DHTMLEditor @MekDrop (#735)
    • Removed checkSuperGlobals from Security class @MekDrop (#721)
    • Checks referers with HTTP middleware instead of security class @MekDrop (#719)
    • Upgraded phpunit to 9.4 and test to make sure PHP 8.0 compatible @MekDrop (#802)
    • Changed way how paths in subfolder would be handled @MekDrop (#797)

    πŸ› Bug Fixes

    • Added ImpressCMS/codemirror-integration to default installation & fixed installer bug for installing from there @MekDrop (#1051)
    • Fixes few installer errors @MekDrop (#1020)
    • Fixed template file source resolving for tplsets @MekDrop (#1018)
    • Use editor contracts (second part) @MekDrop (#1017)
    • Fixed wrong constant for uptating module config data @MekDrop (#1016)
    • Fixes bug with constants translations for console @MekDrop (#1015)
    • Fixed bug when module model couldn't load unreleased module info @MekDrop (#1014)
    • If database was already initialized, do not go back in installer without message @MekDrop (#1009)
    • Better non installed icms detection @MekDrop (#1008)
    • Added phpseclib/bcmath_compat to make it possible to install without bcmath extension @MekDrop (#1000)
    • Remove all editors from core @MekDrop (#800)
    • Available modules list function now uses module describers @MekDrop (#1011)
    • Fixed bug when composer.json module describer failed with unreleased modules due release date @MekDrop (#1010)
    • Fixed bug when there are no editors of type @MekDrop (#1006)
    • Fixed a bug for templates during installation @MekDrop (#1003)
    • Fix bug with mindplay/composer-locator old version @MekDrop (#1001)
    • Fixed few security issues with packages @MekDrop (#974)
    • Fixed tuupola/server-timing-middleware requirements @MekDrop (#975)
    • CacheClearSetup steps moved to same namespace/path as other steps @MekDrop (#892)
    • Smiles in misc.php now are escaped @MekDrop (#891)
    • Fixed bug when was not possible to automatically resolve correct Route Strategy service due missing escape character in beginning @MekDrop (#870)
    • Fix/Improvement for cases when a theme was selected but than removed @MekDrop (#855)
    • Fixed includeq not working in smarty anymore bug @MekDrop (#849)
    • Fixed null response bug for root path instalations @MekDrop (#844)
    • Fixed bug with too long cookie names for Table component @MekDrop (#842)
    • Upgraded middlewares/referrer-spam to 2.0.2 for PHP 8.0 and Composer 2.0 supporr @MekDrop (#826)
    • Fixed #733: Rename using the proper naming convention (This is a public var) @MekDrop (#736)
    • Remove whitesource config @MekDrop (#837)
    • Removed some old openid related code + migration to update openid related fields @MekDrop (#747)
    • Messengers fields from user settings where removed @MekDrop (#746)
    • Fixed 'Rename using the proper naming convention (this is a public var)' for #731 @MekDrop (#737)
    • Fixed short if bug for newer PHP in BlockHandler @MekDrop (#798)
    • Prevents using submitted filenames with ../ for modelcontroller @MekDrop (#813)
    • Fixed possible file system exposing due language cookie on installer (reported by hackerone_success) @MekDrop (#822)
    • switch to a more explicit form of comparison @fiammybe (#809)
    • Changed way how paths in subfolder would be handled @MekDrop (#797)
    • Fix '0.0.0/composer-include-files 1.5.0 requires composer-plugin-api ^1.0 -> found composer-plugin-api[2.0.0] but it does not match the constraint.' with newer composer @MekDrop (#787)
    • Fixes deprecation 'Array and string offset access using curly braces' @MekDrop (#786)

    🧰 Maintenance

    • Bump monolog/monolog from 2.3.2 to 2.3.4 @dependabot (#995)
    • Bump symfony/translation from 5.3.7 to 5.3.9 @dependabot (#996)
    • Bump league/mime-type-detection from 1.7.0 to 1.8.0 @dependabot (#997)
    • Bump phpunit/phpunit from 9.5.4 to 9.5.10 @dependabot (#998)
    • Bump .homestead from 42def2e to ee603d7 @dependabot (#994)
    • Bump .homestead from 7192301 to 42def2e @dependabot (#986)
    • Bump symfony/translation from 5.2.6 to 5.3.7 @dependabot (#987)
    • Bump symfony/console from 5.2.6 to 5.3.7 @dependabot (#988)
    • Bump phpmailer/phpmailer from 6.5.0 to 6.5.1 @dependabot (#991)
    • Bump lulco/phoenix from 1.9.0 to 1.10.0 @dependabot (#989)
    • Bump league/flysystem from 1.1.4 to 1.1.5 @dependabot (#990)
    • Bump lulco/phoenix from 1.7.0 to 1.9.0 @dependabot (#980)
    • Bump league/container from 3.3.5 to 3.4.1 @dependabot (#982)
    • Bump http-interop/http-factory-guzzle from 1.0.0 to 1.2.0 @dependabot (#983)
    • Bump monolog/monolog from 2.2.0 to 2.3.2 @dependabot (#981)
    • Bump .homestead from cb987fb to 7192301 @dependabot (#979)
    • Bump symfony/polyfill-iconv from 1.22.1 to 1.23.0 @dependabot (#984)
    • Bump actions/stale from 3.0.19 to 4 @dependabot (#977)
    • Bump phpmailer/phpmailer from 6.4.1 to 6.5.0 @dependabot (#976)
    • Fixed few security issues with packages @MekDrop (#974)
    • Fixed tuupola/server-timing-middleware requirements @MekDrop (#975)
    • Bump .homestead from 47ce122 to cb987fb @dependabot (#973)
    • Use criteria lib from Imponeer @MekDrop (#927)
    • Bump .homestead from 51bc66d to 47ce122 @dependabot (#970)
    • Bump actions/cache from 2.1.5 to 2.1.6 @dependabot (#969)
    • skip vulnerable versions of composer/composer @fiammybe (#968)
    • Bump actions/stale from 3.0.18 to 3.0.19 @dependabot (#964)
    • Bump phpmailer/phpmailer from 6.4.0 to 6.4.1 @dependabot (#963)
    • Bump middlewares/base-path from 2.0.1 to 2.1.0 @dependabot (#960)
    • Bump defuse/php-encryption from 2.2.1 to 2.3.1 @dependabot (#961)
    • Bump symfony/console from 5.2.3 to 5.2.6 @dependabot (#959)
    • Bump league/mime-type-detection from 1.5.1 to 1.7.0 @dependabot (#957)
    • Bump actions/cache from v2.1.4 to v2.1.5 @dependabot (#956)
    • Bump .homestead from 9923e00 to 51bc66d @dependabot (#958)
    • Bump lulco/phoenix from 1.5.0 to 1.7.0 @dependabot (#962)
    • Bump phpunit/phpunit from 9.5.2 to 9.5.4 @dependabot (#951)
    • Bump symfony/translation from 5.2.3 to 5.2.6 @dependabot (#952)
    • Bump phpmailer/phpmailer from 6.3.0 to 6.4.0 @dependabot (#953)
    • Bump league/container from 3.3.3 to 3.3.5 @dependabot (#954)
    • Bump .homestead from 455252c to 9923e00 @dependabot (#950)
    • Bump symfony/polyfill-iconv from 1.20.0 to 1.22.1 @dependabot (#955)
    • Bump actions/stale from v3.0.17 to v3.0.18 @dependabot (#938)
    • Bump symfony/translation from 5.2.2 to 5.2.3 @dependabot (#931)
    • Bump league/route from 4.5.0 to 4.5.1 @dependabot (#930)
    • Bump phpmailer/phpmailer from 6.2.0 to 6.3.0 @dependabot (#932)
    • Bump symfony/console from 5.2.1 to 5.2.3 @dependabot (#933)
    • Bump phpunit/phpunit from 9.5.1 to 9.5.2 @dependabot (#934)
    • Bump .homestead from 29b731f to 455252c @dependabot (#929)
    • Bump smarty/smarty from 3.1.36 to 3.1.39 @dependabot (#928)
    • Bump actions/stale from v3.0.16 to v3.0.17 @dependabot (#926)
    • Bump actions/stale from v3.0.15 to v3.0.16 @dependabot (#921)
    • Bump actions/cache from v2.1.3 to v2.1.4 @dependabot (#920)
    • Bump smottt/wideimage from 1.1.3 to 1.1.4 @dependabot (#911)
    • Bump symfony/translation from 5.2.1 to 5.2.2 @dependabot (#909)
    • Bump phpunit/phpunit from 9.5.0 to 9.5.1 @dependabot (#908)
    • Bump vlucas/phpdotenv from 3.6.7 to 3.6.8 @dependabot (#910)
    • Bump lulco/phoenix from 1.4.0 to 1.5.0 @dependabot (#907)
    • Bump .homestead from 9244785 to 29b731f @dependabot (#906)
    • Bump actions/stale from v3.0.14 to v3.0.15 @dependabot (#902)
    • Fixed release drafter config to use correct GitHub labels when sorting tickets @MekDrop (#865)
    • Bump actions/stale from v1 to v3.0.14 @dependabot (#873)
    • Bump actions/cache from v1 to v2.1.3 @dependabot (#872)
    • Added dependabot v2 config @MekDrop (#868)
    • Added filter-by-commitish option in release drafter config @MekDrop (#866)
    • Bump .homestead from b2b3f19 to 9244785 @dependabot-preview (#867)
    • Bump phpunit/phpunit from 9.4.4 to 9.5.0 @dependabot-preview (#858)
    • Bump league/mime-type-detection from 1.4.0 to 1.5.1 @dependabot-preview (#860)
    • Bump lulco/phoenix from 1.3.0 to 1.4.0 @dependabot-preview (#861)
    • Bump symfony/console from 5.2.0 to 5.2.1 @dependabot-preview (#864)
    • Bump symfony/translation from 5.2.0 to 5.2.1 @dependabot-preview (#863)
    • Bump middlewares/encoder from 2.1.0 to 2.1.1 @dependabot-preview (#859)
    • Bump monolog/monolog from 2.1.1 to 2.2.0 @dependabot-preview (#857)
    • Bump middlewares/firewall from 2.0.1 to 2.0.2 @dependabot-preview (#862)
    • Bump middlewares/client-ip from 2.0.0 to 2.0.1 @dependabot-preview (#856)
    • Code Climate steps are now not required in GitLabCI test action @MekDrop (#851)
    • Remove whitesource config @MekDrop (#837)
    • Added Roave Security Advisories to composer [dev] @MekDrop (#742)
    • Temp fix: use composer v1.0 for tests @MekDrop (#823)
    • Bump middlewares/referrer-spam from 2.0.0 to 2.0.1 @dependabot-preview (#816)
    • Bump symfony/console from 5.1.8 to 5.2.0 @dependabot-preview (#817)
    • Bump cerdic/css-tidy from 1.7.2 to 1.7.3 @dependabot-preview (#818)
    • Bump phpmailer/phpmailer from 6.1.8 to 6.2.0 @dependabot-preview (#819)
    • Bump phpunit/phpunit from 9.4.3 to 9.4.4 @dependabot-preview (#820)
    • Upgraded phpunit to 9.4 and test to make sure PHP 8.0 compatible @MekDrop (#802)
    • Bump cerdic/css-tidy from 1.7.1 to 1.7.2 @dependabot-preview (#794)
    • Bump phpmailer/phpmailer from 6.1.7 to 6.1.8 @dependabot-preview (#792)
    • Bump symfony/polyfill-iconv from 1.18.1 to 1.20.0 @dependabot-preview (#793)
    • Bump symfony/console from 5.1.6 to 5.1.8 @dependabot-preview (#791)
    • Bump simplepie/simplepie from 1.5.5 to 1.5.6 @dependabot-preview (#790)
    • Remove greetings actions due actions/first-interaction#23 bug @MekDrop (#788)

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.4.2_bis(Dec 24, 2020)

    This release fixes several bugs that were found during the HackerOne initial penetration test run on the 1.4.1 release. Some improvements and bugfixes are present as well.

    This is a repackaged version of 1.4.2, because a small fix in the installer was necessary.

    Fixes

    • #574 Test 1.4 on PHP 7.4 PHP7 (fiammybe)
    • #692 Include new version of profile PHP7 (fiammybe)
    • #845 PHP 7.4 : access array offset on value of type null in include/functions.php 1037 php 7.4 (fiammybe)
    • #852 anti-clickjacking security vulnerability (report #1055589 by jrckmcsb on HackerOne) (fiammybe)
    • #825 Improve path sanitizing bug security vulnerability (MekDrop)
    • #814 Better sanitize database queries in installer bug (report #983710 by solov9ev on HackerOne) (fiammybe)
    • #637 Notice on admin pages in PHP 7.4 duplicate php 7.4 (fiammybe)
    • #843 Fix the amount of cookies (fiammybe)
    • #805 Missing templates in system module (skenow)
    • #838 Remove whitesource config (Mekdrop)
    • #834 + #836 Limit maximum length of password (report #1033373 by f1v3 on HackerOne) (fiammybe)
    • #821 Fixed possible file system exposing due language cookie on installer (MekDrop)
    • #812 Prevents using submitted filenames with ../ for controller (report #1035311 by siva12 on HackerOne) (MekDrop)
    • #815 Better sanitize database queries in installer (report #983710 by solov9ev on HackerOne) (fiammybe)
    • #811 Remove phpopenid example folder bug (report #1042838 by hackerone_success on HackerOne) (fiammybe)
    • #810 more strict comparison of variables (report #1036883 by hodorsec on HackerOne) (fiammybe)
    • #806 Include the missing templates for the image manager (skenow)
    • #603 Issue with image inclusion on TinyMCE (fiammybe)

    Improvements

    • #636 errors in form fields on admin account creation page of the installer (fiammybe)
    • #848 Cleanup deprecated functions in functions.php (fiammybe)
    • #694 remove the icms_banner reference. No longer present (fiammybe)

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
    impresscms-1.4.2.tar.gz(20.75 MB)
    impresscms-1.4.2.zip(23.09 MB)
  • v1.4.2_rc(Dec 14, 2020)

    A bugfix and security release :

    • Limit Maximum length of password (#836)
    • Fixed possible file system exposing due language cookie on installer (#821)
    • Better sanitize DB queries in installer (#815)
    • Prevents using submitted filenames with ../ (#812 )
    • Stricter comparison of variables (#810)
    • Include the missing templates for the image manager (#806)
    • Remove the icms_banner references - no longer present (#694)

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v2.0.0_alpha_10(Oct 20, 2020)

    What's Changed

    • Prepare for the 2.0a10 release @fiammybe (#783)
    • Bump league/container from 3.3.1 to 3.3.3 @dependabot-preview (#775)
    • Bump composer/composer from 1.10.10 to 1.10.13 @dependabot-preview (#776)
    • Bump dompdf/dompdf from 0.8.5 to 0.8.6 @dependabot-preview (#777)
    • Bump symfony/console from 5.1.5 to 5.1.6 @dependabot-preview (#778)
    • Added PHP 8.0 for tests @MekDrop (#741)
    • Bump typo3/class-alias-loader from 1.1.2 to 1.1.3 @dependabot-preview (#761)
    • Bump composer/composer from 1.10.9 to 1.10.10 @dependabot-preview (#760)
    • Bump league/flysystem from 1.0.70 to 1.1.3 @dependabot-preview (#759)
    • Bump symfony/polyfill-iconv from 1.18.0 to 1.18.1 @dependabot-preview (#757)
    • Bump symfony/console from 5.1.3 to 5.1.5 @dependabot-preview (#758)
    • Run CI tests also for composer.json and composer.lock file changes @MekDrop (#743)
    • [ImgBot] Optimize images @imgbot (#751)
    • Bump league/route from 4.3.1 to 4.5.0 @dependabot-preview (#715)
    • Bump league/flysystem from 1.0.69 to 1.0.70 @dependabot-preview (#713)
    • Bump monolog/monolog from 2.1.0 to 2.1.1 @dependabot-preview (#714)
    • Bump phpmailer/phpmailer from 6.1.6 to 6.1.7 @dependabot-preview (#712)
    • Bump symfony/polyfill-iconv from 1.17.1 to 1.18.0 @dependabot-preview (#716)
    • Bump vlucas/phpdotenv from 3.6.6 to 3.6.7 @dependabot-preview (#711)
    • Bump composer/composer from 1.10.8 to 1.10.9 @dependabot-preview (#709)

    πŸš€ Features

    • change link to Hackerone to the security form @fiammybe (#782)
    • Added 'Security Policy' file @MekDrop (#779)
    • Clears cache when saving config items @MekDrop (#718)
    • Clears cache when installing, uninstalling or updating module @MekDrop (#708)
    • Using request middleware for detecting module + tags middleware.global support for all routes @MekDrop (#707)
    • Message confirm screen use build in form elements instead of internally hardcoded HTML elements @MekDrop (#706)
    • Gzip/Deflates encoder based on HTTP Middlewares @MekDrop (#717)
    • Renders legacy routes as groups in cache file @MekDrop (#704)
    • there is now a possible way to define required permissions for routes @MekDrop (#698)
    • sanitizePath in Logger now works faster (caches real path) @MekDrop (#697)
    • Removed old theme functions @MekDrop (#763)
    • Most core classes now moved into namespaces (with backward compability) @MekDrop (#691)
    • Filesystems doesn't use Mountmanager. Instead we using container services for each filesystem. @MekDrop (#696)
    • IPF Handler uses in most cases mysql param bindings @MekDrop (#626)
    • Routes defined in composer.json @MekDrop (#620)
    • Update CONTRIBUTING.md @fiammybe (#690)

    πŸ› Bug Fixes

    • Replace | to || @idetinkin (#781)
    • Fixed URLs for GPLv2 license in php files @MekDrop (#773)
    • Fixes license in composer.json @MekDrop (#772)
    • Fixed bug when ImpresCMS was installed in subfolder and route grouping functionality prevendted to add correct prefixes @MekDrop (#771)
    • Fixed #767: logging into admin gives db error @MekDrop (#769)
    • correct the interface path for the setupsteps @fiammybe (#766)
    • Fixes 'Deprecation Notice: Unparenthesized a ? b : c ? d : e is deprecated. Use either (a ? b : c) ? d : e or a ? b : (c ? d : e) in include/cp_functions.php:277' @MekDrop (#700)
    • When handling HTTP errors index.php now correctly detects status code @MekDrop (#699)
    • Removed todo 'Use language constants for messages' from IPF Handler @MekDrop (#748)
    • Composer now has local storage path @MekDrop (#755)
    • Replaced mibe/feedwriter with suin/php-rss-writer because of license conflicts @MekDrop (#756)
    • Fixes bug when if value in criteria is not a string some comparisons fails @MekDrop (#753)
    • Replace tecnickcom/tcpdf with dompdf/dompdf due license incompatibility @MekDrop (#762)
    • Fixes session cookies path for modules @MekDrop (#705)
    • IPF Handler uses in most cases mysql param bindings @MekDrop (#626)
    • Fixed downloading and cloning in admin tplsets @MekDrop (#624)

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • 1.4.1(Jul 7, 2020)

    This release resolves some regressions that were introduced with 1.4.0, makes sure everything works fine with PHP 7.3 and also resolves a long-lasting bug with blank pages after login.

    • Stored XSS on ImpressCMS 1.4.0 ( #659 ) @Mekdrop
    • Existence of banners folder results in errors ( #600 ) @fiammybe
    • module admin menu is not shown in 1.4 ( #604 ) @skenow
    • ImageManager : admin can no longer preview images ( #590 ) @skenow
    • Fatal error during installation at page_tablescreate.php ( #576 ) @skenow
    • Test 1.4 on PHP 7.3 ( #573 ) @fiammybe
    • Login in Chrome points to blank page ( #100 ) @fiammybe
    • update profile module to support PHP 7.3 @fiammybe

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
    impresscms-1.4.1.zip(23.12 MB)
  • v1.4.1_beta(Jul 4, 2020)

    This release fixes several bugs in the 1.4.0 release

    Fixes

    • Stored XSS on ImpressCMS 1.4.0 ( #659 )
    • Existence of banners folder results in errors ( #600 )
    • module admin menu is not shown in 1.4 ( #604 )
    • ImageManager : admin can no longer preview images ( #590 )
    • Fatal error during installation at page_tablescreate.php ( #576 )
    • Test 1.4 on PHP 7.3 ( #573 )
    • Login in Chrome points to blank page ( #100 )

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.3.12(May 22, 2020)

    Security Release

    This release is a security release to fix a SQL Injection vulnerability when using a PDO database, discovered by Sebastian Fabry at RIPStech. It is recommended to upgrade to ImpressCMS 1.4, where the vulnerability is not present.

    If, for some reason, upgrading to ImpressCMS 1.4 is not possible, the vulnerability is also fixed in this release for the 1.3 branch.

    Please note that the 1.3 branch does not support PHP7. Support for PHP7 is available starting with ImpressCMS 1.4.0.

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
    impresscms-1.3.12.zip(23.42 MB)
  • v2.0.0_alpha9(May 22, 2020)

    What's Changed

    • Bump smarty/smarty from 3.1.34 to 3.1.36 @dependabot-preview (#640)
    • Bump simplepie/simplepie from 1.5.4 to 1.5.5 @dependabot-preview (#641)
    • Bump league/flysystem from 1.0.66 to 1.0.67 @dependabot-preview (#642)
    • Bump lulco/phoenix from 1.2.0 to 1.3.0 @dependabot-preview (#639)
    • Bump vlucas/phpdotenv from 3.6.2 to 3.6.3 @dependabot-preview (#643)
    • Bump lulco/phoenix from 1.1.1 to 1.2.0 @dependabot-preview (#631)
    • Bump vlucas/phpdotenv from 3.6.0 to 3.6.2 @dependabot-preview (#634)
    • Bump symfony/polyfill-iconv from 1.14.0 to 1.15.0 @dependabot-preview (#635)
    • Bump league/flysystem from 1.0.64 to 1.0.66 @dependabot-preview (#633)
    • Bump phpmailer/phpmailer from 6.1.4 to 6.1.5 @dependabot-preview (#632)
    • Bump tecnickcom/tcpdf from 6.3.2 to 6.3.5 @dependabot-preview (#609)
    • Bump league/flysystem from 1.0.63 to 1.0.64 @dependabot-preview (#611)
    • Bump symfony/polyfill-iconv from 1.13.1 to 1.14.0 @dependabot-preview (#610)
    • Bump league/flysystem from 1.0.62 to 1.0.63 @dependabot-preview (#597)
    • Bump monolog/monolog from 2.0.1 to 2.0.2 @dependabot-preview (#598)
    • Bump lulco/phoenix from 1.1.0 to 1.1.1 @dependabot-preview (#599)
    • Increase stale GitHub action run period to every 4 months @MekDrop (#595)
    • Run tests only for master branch and if new commits has correct extensions @MekDrop (#596)

    πŸš€ Features

    • Improved bad code handling in autotasks @MekDrop (#628)
    • Added console commands support based on symfony/console @MekDrop (#629)
    • Added setup step to copy/update module assets @MekDrop (#622)
    • Installer use same core module functions to install modules as core @MekDrop (#621)
    • Autotask systems registration with container @MekDrop (#619)
    • Added module migrations support @MekDrop (#616)
    • Container defined editors and sourceeditors @MekDrop (#618)
    • Service providers, services and preloads now can be defined in composer.json @MekDrop (#615)
    • Plug-able module install, update, uninstall functionality + possibility to use module change, activate, deactivate methods not only in web @MekDrop (#614)
    • icms_getModuleHandler use container functionality @MekDrop (#521)
    • Replace existing Smarty files with Smarty 3 composer instalation @MekDrop (#249)
    • Automatic API documentation to Wiki @MekDrop (#602)
    • Rewritten logger to use Monolog @MekDrop (#561)

    πŸ› Bug Fixes

    • Improved bad code handling in autotasks @MekDrop (#628)
    • When property is string with highlighting field correct control will be selected @MekDrop (#627)
    • Fixed bug in smarty template touch function @MekDrop (#617)
    • Fixes release drafter @MekDrop (#594)

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v2.0.0-alpha.8(Jan 26, 2020)

    Lots and lots of bugfixes and improvements.

    • PHP 7.3 compatibility
    • Database migrations
    • Better PSR-4 definitions for core classes
    • moving to Aura.SQL for database support
    • Bootstrap upgraded to 3.4.1
    • now using .env library for environment variable handling
    • moving multiple external libraries from inclusion in the core to inclusion via composer

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.4.0(Dec 24, 2019)

    The main point of the 1.4.0 release is the support for PHP7. Next to that, this release contains bugfixes, improvements and some removals. This is a re-release with a fix for the display of the version checker.

    Improvements

    • curl extension in installer now is requirement not optional (#530) @MekDrop
    • PHP7 improvements based on mamba7x PR (#507) @fiammybe
    • make expiration header dynamic in the past (#504) @fiammybe
    • check mysql using PDO now (#487) @fiammybe
    • Add a warning when PHP used is below 7.2

    Fixes

    • Move prototype inclusion so trust_path creation works fixes #569 (#571) @skenow
    • Fixed PathStuffController's constructor (#528) @MekDrop
    • Fixed suppressed warning if variable $options['folderName'] is undefined or empty when creating theme (1.4.x) (#510) @MekDrop
    • Fixed function signatures in icms_image_Handler (1.4) (#512) @MekDrop
    • Fixed installer collation selection (#529) @MekDrop
    • Fix the template handling in the system module (#503) @fiammybe
    • Add a warning when PHP used is below 7.2
    • Added missing template for version checker @fiammybe

    Update

    • Protector update for PDO SQL sanitizing Close #496 (#497) @skenow
    • Update Protector for PHP7 (#492) @skenow
    • Update php requirements to 5.6 (#505) @fiammybe
    • Update of Smarty to 2.6.31 (the latest 2.x release)
    • Update of CSS-tidy to work in PHP7
    • PHPMailer update to 5.2.7
    • PHPOpenID updated for better PHP7 compatibility

    Removed

    • Removed installation_notify (#566) @MekDrop
    • Remove admin template folder in system module on upgrade (#509) @fiammybe

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
    impresscms-1.4.0.tar.gz(20.55 MB)
    impresscms-1.4.0.zip(22.91 MB)
  • v1.4.0-rc(Dec 15, 2019)

    What's Changed

    • Move prototype inclusion so trust_path creation works fixes #569 (#571) @skenow
    • Prepare 1.4 RC release (#567) @fiammybe
    • Fixed installer collation selection (#529) @MekDrop
    • Removed installation_notify (#566) @MekDrop
    • Remove admin template folder in system module on upgrade (#509) @fiammybe
    • curl extension in installer now is requirement not optional (#530) @MekDrop
    • Fixed PathStuffController's constructor (#528) @MekDrop
    • Fixed suppressed warning if variable $options['folderName'] is undefined or empty when creating theme (1.4.x) (#510) @MekDrop
    • Fixed function signatures in icms_image_Handler (1.4) (#512) @MekDrop

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.4.0-beta(Oct 15, 2019)

    What's Changed

    • Prepare the release of 1.4 beta (#506) @fiammybe
    • PHP7 improvements based on mamba7x PR (#507) @fiammybe
    • Update php requirements to 5.6 (#505) @fiammybe
    • Fix the template handling in the system module (#503) @fiammybe
    • make expiration header dynamic in the past (#504) @fiammybe
    • Protector update for PDO SQL sanitizing Close #496 (#497) @skenow
    • Update Protector for PHP7 (#492) @skenow
    • check mysql using PDO now (#487) @fiammybe

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.4.0-alpha.2(Aug 19, 2019)

    The second alpha release of ImpressCMS 1.4.0, with improvements and bugfixes. Please test under different environments (PHP 5.6, PHP 7.3, MariaDB, MySQL) and let us know your findings.

    Improvements

    • Update of Smarty to 2.6.31 (the latest 2.x release)
    • Update of CSS-tidy to work in PHP7
    • PHPMailer update to 5.2.7
    • PHPOpenID updated for better PHP7 compatibility

    Bugfixes

    • succesful upgrade does now update the version number
    • code fixes to improve PHP7 compatibility

    Known issue:

    • Protector is not yet working under PHP 7
    • Better handling of the protector preload is needed

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.4.0-alpha(May 15, 2019)

    First alpha release for this branch, which is based upon v1.3.11, and adds some enhancements, for which the major one is PHP 7 support

    • Adjusting code tag processing to accurately handle pre-existing content
    • PHP 7.2 support
    • disable protector when on PHP7+
    • Add a warning when PHP used is below 7.2

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.3.11(Dec 8, 2018)

  • v1.3.11-rc2(Nov 29, 2018)

    This maintenance release for ImpressCMS 1.3 introduces Integration of multiple languages in the core, resolves several security vulnerabilities in the installer, thanks to Omar Kurt, security researcher at Netsparker for finding them and letting us know!

    Source code(tar.gz)
    Source code(zip)
  • v1.3.11-rc(Oct 3, 2018)

    DB Version: 44 Build Version: 89

    Improvements

    #109 - Add extra metadata types property and itemprop #121 - System module now shows the correct version number after install

    Fixes

    #102 - pagination in the backend generates wrong URLs #116 - Update the links to our website #119 - Update system requirements in installer #117 - update links to translations in installer

    Update

    #296 - Update HTMLPurifier to 4.10 #297 - Update GeSHI to 1.0.8.13 #299 - Update jQuery to 3.3.1 #125 - Upgrade PHPMailer to 5.2.26

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
    impresscms-1.3.11-rc.zip(22.24 MB)
  • v1.3.11-beta2(Jun 29, 2018)

  • v2.0.0-alpha.7(Apr 26, 2018)

    This Alpha 7 comes more or less a month after alpha6, and quite a few changes have been implemented now.

    • caching for objects is now available
    • we now use a more flexible filesystem
    • the old and obsolete FCKEditor was removed
    • we cleaned up our code files on some points (more to come in the future)

    In order to run this version, you will need

    • an Apache web server (2.4) with mod_rewrite enabled
    • PHP 5.6+, we recommend PHP 7.1 - the 7.2 issues should be resolved, but more tests are needed (anyone?)
    • composer installed on the machine

    How to install:

    • Unzip in a folder above your htdocs folder (ImpressCMS now places many files outside of the htdocs folder that is acessible from the internet, for security reasons.
    • run 'composer update' in the htdocs folder
    • go to your htdocs folder, and start the installation program.

    For bug reports or if you want to help us develop ImpressCMS 2 to its full potential, join us at the forums on https://www.impresscms.org/modules/iforum/viewall.php . The team is there waiting to help you in case of questions or problems.

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v2.0.0-alpha.6(Mar 21, 2018)

    After several years of silence, we start up the development machine with this new alpha release for ImpressCMS 2.0.

    In order to run this version, you will need

    • an Apache web server (2.4) with mod_rewrite enabled
    • PHP 5.6+, we recommend PHP 7.1 - some known issues with PHP 7.2
    • composer installed on the machine

    How to install:

    • Unzip in a folder above your htdocs folder (ImpressCMS now places many files outside of the htdocs folder that is acessible from the internet, for security reasons.
    • run 'composer update' in the htdocs folder
    • go to your htdocs folder, and start the installation program.

    We hope you see the major advances that were made during this development cycle, we have lots more waiting to show you!

    For bug reports or if you want to help us develop ImpressCMS to its full potential, go to the website at https://www.impresscms.org and use the forums. The team is there waiting to help you in case of questions or problems.

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.3.11-beta(Oct 6, 2017)

    #109 Add Extra Metadata properties #89 update module admin to handle double digit version numbers #102 pagination in the backend generates wrong URLs #93 Lower the required PHP to 5.5 again #90 Suspicious concatenation detected by AppChecker #106 handling default pages with groups better

    Download ImpressCMS

    Source code(tar.gz)
    Source code(zip)
  • v1.3.10(Dec 31, 2016)

  • 1.3.10-beta(Dec 2, 2016)

Owner
ImpressCMS
ImpressCMS is a community-built CMS with a focus on speed and security
ImpressCMS
Multilingual PHP CMS built with Laravel and bootstrap

Lavalite This is an open source of Content Management System developed with Laravel framework. Documentation Visit Documentation section in the websit

LavaLite 2.6k Jan 4, 2023
Multilingual CMS built with Laravel.

TypiCMS TypiCMS is a modular multilingual content management system built with Laravel. Out of the box you can manage pages, events, news, places, men

TypiCMS, Laravel multilingual CMS 1.1k Jan 7, 2023
Multilingual CMS built with Laravel.

TypiCMS TypiCMS is a modular multilingual content management system built with Laravel. Out of the box you can manage pages, events, news, places, men

TypiCMS, Laravel multilingual CMS 973 Jun 25, 2021
Polymorphic and Multilingual CMS powered by Laravel

Nuclear CMS Polymorphic and multilingual content management system. Nuclear is a polymorphic and multilingual content management system powered by Lar

Nuclear CMS 36 Nov 29, 2022
A modular multilingual CMS built with Laravel 5.

AsgardCMS Platform View the documentation at AsgardCMS.com/docs. Join the conversation on Slack License The AsgardCMS is open-sourced software license

AsgardCMS 770 Jan 2, 2023
A Concrete CMS package to add interfaces to translate multilingual content. You can translate content manually, or use cloud API.

Concrete CMS add-on: Macareux Content Translator Concrete CMS has powerful features to manage multilingual content by its default. You can add languag

ζ ͺεΌδΌšη€Ύγƒžγ‚«γƒ«γƒΌγƒ‡γ‚Έγ‚Ώγƒ« 3 Nov 28, 2022
A Laravel 4 CMS – WARNING: This project is no longer being developed because there are many good alternatives now.

This is the main larapress repository. Warning: This Application is under development and not yet production ready! Important Links Installation Contr

Martin Hettiger 155 Sep 27, 2022
Baicloud CMS is a lightweight content management system (CMS) based on PHP and MySQL and running on Linux, windows and other platforms

BaiCloud-cms About BaiCloud-cms is a powerful open source CMS that allows you to create professional websites and scalable web applications. Visit the

null 5 Aug 15, 2022
Bootstrap CMS - PHP CMS powered by Laravel 5 and Sentry

Bootstrap CMS Bootstrap CMS was created by, and is maintained by Graham Campbell, and is a PHP CMS powered by Laravel 5.1 and Sentry. It utilises many

Bootstrap CMS 2.5k Dec 27, 2022
GetSimple CMS - a flatfile CMS that works fast and efficient and has the best UI around, it is written in PHP

GetSimple CMS is a flatfile CMS that works fast and efficient and has the best UI around, it is written in PHP.

null 370 Dec 30, 2022
Flextype is an open-source Hybrid Content Management System with the freedom of a headless CMS and with the full functionality of a traditional CMS

Flextype is an open-source Hybrid Content Management System with the freedom of a headless CMS and with the full functionality of a traditional CMS. Building this Content Management System, we focused on simplicity. To achieve this, we implemented a simple but powerful API's.

Flextype 524 Dec 30, 2022
PHPVibe Open source video CMS / Video Sharing CMS / Youtube Api v3 / Video Embeds

PHPVibe Video CMS Free Video Sharing CMS The modern choice of design inspired by Youtube and a social videos sharing module that may just cut it for y

MediaVibe 71 Dec 18, 2022
NukeViet 132 Nov 27, 2022
BaiCloud-cms is a powerful open source CMS that allows you to create professional websites and scalable web applications. Visit the project website for more information.

BaiCloud-cms About BaiCloud-cms is a powerful open source CMS that allows you to create professional websites and scalable web applications. Visit the

null 5 Aug 15, 2022
Doptor CMS is a Laravel 5 based CMS

Introduction Doptor CMS is a Laravel 5 based CMS. Find out more about Doptor by reading below. ;) About Doptor CMS Doptor is an Integrated and well-de

DOPTOR 4 Sep 11, 2022
Bismuth CMS is a ready-made Website CMS based on Yii 2 Advance Template

Bismuth CMS is a ready-made Website CMS based on Yii 2 Advance Template, it's the simplest and easy to set up CMS you may come across.

Hamadas Telebrain 1 Feb 11, 2022
Amila Laravel CMS - Free, open-source Simple Bootstrap Laravel CMS

Simple Bootstrap Laravel CMS. Support Laravel 8.x Can integrate into any existing Laravel project. Only add few database tables with prefixes, not affect your existing database tables. Support Laravel 7.x & Laravel 6.x & Laravel 5.x & MySql & PostgreSql - Amila Laravel CMS

Alex Zeng 96 Sep 6, 2022
L'Air du Bois is a Community Driven Woodworkers Sharing Platform.

L'Air du Bois is a Community Driven Woodworkers Sharing Platform.

L'Air du Bois 215 Dec 14, 2022
An advanced yet user-friendly content management system, based on the full stack Symfony framework combined with a whole host of community bundles

An advanced yet user-friendly content management system, based on the full stack Symfony framework combined with a whole host of community bundles. It provides a full featured, multi-language CMS system with an innovative page and form assembling process, versioning, workflow, translation and media managers and much more.

Kunstmaan | Accenture Interactive 374 Dec 23, 2022