framework

Added

• Users who haven't confirmed their email address are now able to log in and get their confirmation email resent. (@sijad)
• created:YYYY-MM-DD gambit to search for discussions by their creation date. (@albert221)
• Allow provision of an avatar URL to upload during sign up via avatarUrl attribute.
• php flarum info console command to help debug broken installations.
• Inline user online indicators. (@petermein)
• AbstractOAuth2Controller class to provide a generic OAuth2 login implementation for extensions.
• Support for new minifiers. (@JoshyPHP)
• ConfigureLocales::loadLanguagePackFrom helper method.
• Pop animation when scrolling to post preview. (@sijad)
• Add rel="nofollow" to user bio links. (@sijad)
• Ask for confirmation before "Mark all as Read". (@bogdanteodoru)
• Allow existing users to be activated via the API isActivated attribute.
• Support multiple comma-separated names in author: search gambit. (@Albert221)
• Admin-only email: gambit to look up users by email.
• Allow custom redirection after logging out via return query parameter.
• Event to configure server middleware (ConfigureMiddleware).
• Allow forum to be taken offline by setting offline to true in config.php.
• Garbage-collect email/password/auth tokens.

Changed

• Overhaul extension management code. (@Luceos)
• New migration structure. Details
• Improve post composer appearance/usability on mobile.
• Upgrade to flarum-gulp 0.2.0, Babel 6, and Mithril 0.2.3.
• Refactor ListPostsController to make filtering extensible.
• Lighten discussion list hover color.
• Increase avatar upload max file size from 1MB to 2MB.
• Refactor Composer rendering for smoother animations.
• Don't automatically activate users created by admins; require an attribute to be set.
• Extract notification settings into an item list.
• Improvements to colored header styles.
• Rename HTTP method override header.
• Tweak mobile drawer appearance.
• Change value field in settings table from BLOB to TEXT to allow for easier user editing. (@ahsanity)
• Tweak badge appearance: remove border, decrease shadow radius.
• Delete a discussion when its last post is deleted.
• Slightly widen index sidebar, overflow buttons properly.
• Store discussion slug in database table.
• Add priorities to user page sidebar items.

Fixed

• Deleting users will now delete discussions that became empty.
• Admin now no longer shows incorrect information on how to install extensions.
• Support prefix in URL generators. (@albert221)
• Fix autocompletion bugs in Firefox. (@sijad)
• Add specific error message when an email address is not found in forgot password modal.
• Show dropdown menus in front of post composer.
• Prevent long forum title in mobile drawer from entering viewport.
• Fix search box overlapping forum title in some cases.
• Fix JSON serialization error on PHP 7.
• Fix "sort by" dropdown being empty on the latest versions of Chrome.
• Dramatically improve performance when typing in a modal.
• Fix browser back button losing scroll position.
• Don't require a previous Post when saving event posts.
• Fix crash when sending notification to non-existent user.
• Fix username validation to disallow problematic characters.
• Fix crash when displaying a discussion with no posts.
• 401 for unauthorised request to settings, notifications page.
• Better post scrubber size calculations.
• Tweak padding on user dropdown button so avatar is flush with border radius.
• Clear search when input is empty and enter is pressed.
• Give GetPermission event priority when determining permissions.
• Key item lists to maintain identity across redraws.
• Ensure routes are only populated after extensions have registered listeners.
• Ensure a new asset revision identifier is generated if there is none.
• Allow username capitalisation to be changed.
• Prevent some translations being compiled unnecessarily.
• Prevent unapproved discussions from dropping to the bottom of the discussion list.

Security

• Rework authentication/session/cookies code for better security and stability.
• Add password confirmation when changing email address.
• Prevent users from being incorrectly able to delete their own discussions.
• Fix posts being incorrectly visible on user page on private forums.

Also see the 0.1.0-beta.5 release notes for: akismet approval auth-facebook auth-github auth-twitter bbcode emoji english flags likes lock markdown mentions pusher sticky subscriptions suspend tags

Added

• Add an icon/label to the back button to indicate where it leads
• Add "Loading..." text while the JavaScript payload is loading

Fixed

• Fix some admin actions resulting in "You do not have permission to do that"
• Fix translation keys persisting after enabling an initial language pack
• Fix translation => references not being parsed in some cases

Architecture improvements

• Composer-driven extension architecture. All extensions are Composer packages installable via Packagist.
• Backend codebase & API refactoring. Classes, namespaces, and events systematically tidied up.

Improved internationalization

A huge thanks to @dcsjapan for the countless hours he put in to make this stuff happen. You're amazing!

• New systematic translation key naming scheme.
• Make many hardcoded strings translatable, including administration UI and validation messages.
• More powerful pluralization via use of Symfony's Translation component instead of a proprietary one.

New moderation tools

• Hide/restore discussions. Discussions can be soft-deleted by moderators or by the OP if no one has replied.
• Flags. New bundled extension that allows posts to be flagged for moderator review.
• Approval. New bundled extension that hides/flags new posts to be approved by the moderation team.
• Akismet. New bundled extension that checks new posts for spam with Akismet.
• IP address logging. IP addresses are stored with posts for use by extensions (e.g. Akismet).
• Flood control. Users must wait at least ten seconds between consecutive posts.

Other features

• Social login. New bundled extensions that allow users to log in with Facebook, Twitter, and GitHub.
• More compact post layout. All controls are grouped over to the right.
• Improved permissions. The admin Permissions page has been improved with icons and other tweaks.
• Improved extension management. The admin Extensions page has a new look and is easier to use.
• Easier debugging. The "oops" error message has a Debug button to inspect a failed AJAX request.
• Improved JavaScript minification. Minification is done by ClosureCompiler only when debug mode is off, resulting in easier debugging and smaller production assets.

Added

• Allow HTML tag syntax in translations (#574)
• Add gzip/caching directives to webserver configuration (#514)
• API to set the asset compiler's filename
• Migration generator, available via generate:migration console command
• Tags: Ability to set the tags page as the home page
• bidi attribute for Mithril elements as a shortcut to set up bidirectional bindings
• route attribute for Mithril elements as a shortcut to link to a route
• Abstract SettingsModal component for quickly building admin config modals
• Model::afterSave() API to run callback after a model instance is saved
• Sticky: Allow permission to be configured
• Lock: Allow permission to be configured
• Add a third state to header icons (#500)
• Allow faking of PATCH/DELETE methods (#502)
• More reliable form validation and error handling

Changed

• Rename notification_read_time column in discussions table to notifications_read_time.
• Update to FontAwesome 4.4.0.

Fixed

• Output forum description in meta description tag (#506)
• Allow users to edit their last post in a discussion even if it's hidden
• Allow users to rename their discussion even if their first post is hidden
• API links correctly include the /api path (#579)
• Tags: Fix sub-tag ordering algorithm in Chrome (#325)
• Fix several design bugs

Added

• Check prerequisites (PHP version, extensions, etc.) before installation (#364)
• Enforce maximum title and post length through validation (#53, #338)
• Ctrl+Enter submits posts (#276)
• Syntax highlighting for code blocks (#248)
• All links open in new window, receive rel=nofollow attribute (#247)
• Default build script for extensions (#438)
• Input validation in installer

Changed

• Ask for admin password confirmation in installer (#405)
• Increased some text contrasts for accessibility (#390)

Fixed

• Discussion list did not work with non-empty database prefix (#269, #380)
• Non-admins could not reset their password (#229)
• Requests ending with a slash resulted in a 404 (#334)
• In rare cases, posts did not load correctly (#295)
• Avatars did not show up when installed in a subfolder (#291)
• Installer crashed when views directory was not writable (#376)
• Table prefix could not be set in web installer (#269)
• Enabling an extension disabled all other extensions (#402)
• Invalid custom CSS could crash the application (#400)
• First posts could not be restored or deleted
• Several design bugs
• Set cookies to be HTTP-only
• Tags: Sometimes, tags could not be dragged for reordering in the admin panel (#341)
• Suspend: Use correct column name in when migrating database
• Lock: Check for correct permission when displaying lock control
• Likes: Allow liking permissions to be configured