| mail | by dg | added CLAUDE.md | | | |
| mail | by dg | Message: setHtmlBody() avoids catastrophic backtracking on large data: URIs [Closes #79] | | | |
| mail | by dg | Message: setHtmlBody() embeds images whose quoted src/url() contains parentheses [Closes #89] | | | |
| mail | by dg | Message: setHtmlBody() embeds images whose quoted src/url() contains spaces [Closes #97] | | | |
| mail | by dg | SendmailMailer: sign full message so DKIM covers Subject and To [Closes #99] mail() adds 'To' and 'Subject' itself from its first two arguments,
so they were removed before signing to avoid duplicate headers. That
also excluded them from the DKIM signature, which some validators
(e.g. Thunderbird) flag as unsafe. Now the full message is signed and
the two headers are stripped from the header block afterwards. | | | |
| mail | by Daaarkling | MimePart: quote address phrase containing special chars before MIME-encoding (#102) When a name in From/To/Cc contained characters outside RFC 2822 atext
(e.g. comma or quote in a UTF-8 name), it was base64-encoded as-is. After
the recipient decoded it, the raw special chars reappeared in the phrase
and could be misparsed (a comma would split one address into two).
Wrap such phrases in quoted-string before encoding, so the decoded form
is a valid quoted phrase. Applies only to the phrase part of address
headers, not to Content-Disposition filename values. | | | |
| mail | by dg | CssInliner: skip selectors unsupported by the DOM engine (e.g. ::marker, :hover) | | | |
| mail | by dg | CssInliner: fixed tokenizer regex for long strings and invalid url() quotes - use possessive quantifiers (++, *+) in T_String and T_Url patterns
to prevent PCRE JIT stack exhaustion on large data URIs (#104)
- exclude quotes from unquoted url() fallback pattern [^)]*? → [^)"']*?
so invalid quoted strings don't silently match as unquoted content
- added comprehensive tokenizer tests | | | |
| latte | by dg | added |json filter with context-aware attribute encoding In HTML attribute context (via ExpressionAttributeNode), `|json` routes to
HtmlHelpers::formatJsonAttribute() which uses the same JSON + smart-quoting
mechanism as formatDataAttribute(). Elsewhere it uses Helpers::encodeJson(),
refactored out of escapeJs() without the HtmlStringable unwrap branch. | | | |
| latte | by dg | Released version 3.1.4 | | | |
| latte | by dg | PrintContext: added optional $escaper parameter to constructor | | | |
| latte | by dg | TemplateGenerator: don't emit /** source */ comment for multi-line names | | | |
| latte | by dg | SwitchNode: generate `===` instead of `in_array()` for single-value {case} | | | |
| latte | by dg | generated templates: moved declare(strict_types=1) to the same line as <?php | | | |
| latte | by dg | StatementNode: added tagRanges | | | |
| latte | by dg | added Range | | | |
| latte | by dg | improved TagParser::parseType() | | | |
| latte | by dg | Dedent: fixed inline content and atLineStart tracking [Closes #412][Closes #413][Closes #414] | | | |
| latte | by davidkvasnovsky | PhpHelpers::checkCode: fixed proc_open to use array syntax for PHP binary path (#415) proc_open with a string command goes through the shell, which splits
the path at spaces. Using an array bypasses the shell entirely,
which is also what the existing bypass_shell option was intended to do. | | | |
| latte | by dg | |limit accepts strings | | | |
| latte | by dg | moved enums to enums.php | | | |
| latte | by dg | readme: added editor integration section | | | |
| tracy | by beastbytes | readme: added Yii3 Integration (#599) * opened 3.0-dev
* requires PHP 8.1
* uses PascalCase constants
* removed bridge for Latte
* Logger: added typehints
* Logger: md5 replaced with xxHash
* error.log changed to warning.log
* bar: errors panel => warnings
* readme: added link to Joomla integration (#583)
Link to Joomla! integration.
* used attribute Deprecated
* Update readme.md
Add link to Yii3 integration
---------
Co-authored-by: David Grudl <david@grudl.com>
Co-authored-by: n3t <n3t@n3t.cz> | | | |
| tracy | by dg | used attribute Deprecated | | | |
| tracy | by dg | error.log changed to warning.log | | | |
| tracy | by dg | Logger: added typehints WIP | | | |
| tracy | by dg | uses PascalCase constants | | | |
| tracy | by dg | open in editor: added support for columns | | | |
| tracy | by dg | opened 3.0-dev | | | |
| tracy | by dg | wip | | | |
| tracy | by dg | CSS: added @layer for cascade priority control | | | |
| tracy | by dg | removed inner containers and ID-based CSS scoping from Bar and BlueScreen | | | |