Contao 3.4.0
26 November 2014
Contao version 3.4.0 is now available (major release).
Upgrading to Contao 3.4.0
Contao 3.4.0 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Contao updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Contao install to test the 3.4.0 upgrade prior to applying it live. Get started managing your Contao installations with Installatron
What's New in Contao 3.4.0
Highlights
- SVG support: Thanks to Tristan Lins' initiative, Contao 3.4 supports SVG and SVGZ images. The images can not only be resized (thumbnails) but are also editable with the source editor in the file manager.
- Responsive images: Martin Auswöger and Yanick Witschi have created the biggest pull request in the history of Contao to support new technologies like the 'picture' element as well as the sizes and the srcset attribute. In combination with the picturefill.js script, you can implement responsive images, which are sent to the client in different sizes depending on the device and resolution. As an additional highlight, the two have enhanced the automatic thumbnail generation so you can now mark any section of an image as "important part" in the file manager. Then, when cropped, the image will be focused on this part. An introduction to responsive images is available on responsiveimages.org.
- Style sheet order: The order of the internal and external style sheets is now configurable in the page layout, so the internal style sheets can be injected after the external ones if needed. In addition, there is now an option to export internal style sheets.
- Asynchronous JavaScript: Analogous to the |static flag, which allows to include JavaScripts and style sheets statically, an |async flag has been added in Contao 3.4, which allows to load JavaScript files asynchronously using the async attribute.
- Image links in TinyMCE: It is now possible to switch between the page and file picker when needed, so you can not only link pages in TinyMCE but also files.
- Active page in the navigation menu: The active page in the navigation menu is now always rendered as a link, if the URL contains query parameters (e.g. when reading a news article). If you e.g. open the page news/james-wilson-returns.html, it is now possible to click the link to the news.html page in the navigation menu.
- Theme export with SQL files: It is possible in Contao 3.4 to store SQL files in the templates folder, which is associated with a theme. The SQL files will then be included in the export and the install tool will automatically find them after the theme import.
- Timing attack prevention: In PHP 5.5, new functions to create and verify password hashes have been added to prevent timing attacks. We are using these functions in Contao 3.4, together with appropriate fallback routines for PHP 5.4 and 5.3.
- Login to comment: If a visitor is not logged in and the "login to comment" option is enabled, the comment form will be hidden. Contao 3.4 will additionally display a "please log in to comment" message.
- Skip images without meta data: There is now an option to skip images without meta data in an image gallery. This corresponds to the behavior of Contao 2.
- Registration and password mails: The e-mail texts of the member registration and lost password modules now support simple tokens, which means that they can be personalized.
- Insert tag link_name: The new insert tag {{link_name}} outputs the name of a page (in contrast to the {{link_title}} tag, which outputs the page title).
- DCA flag "doNotTrim": With the "doNotTrim" flag of the DCA, you can suppress the automatic removal of whitespace at the beginning and end of the user input.
- Non-negative natural numbers: A new regular expression to validate non-negative natural numbers has been added, which can be used in the DCA as 'rgxp'=>'natural'.
- New hooks and callbacks: The following hooks have been added in Contao 3.4: compareThemeFiles, extractThemeFiles, exportTheme, sendNewsletter. The DCA now also triggers an "onundo_callback" when restoring a deleted record.
Change Log
- Fixed: Consider image size IDs when overriding the default image size (see #7470).
- Fixed: Do not require to set a media query in the image sizes.
- Fixed: Fixed a potential directory traversal vulnerability.
- Fixed: Fixed a severe XSS vulnerability. In this context, the insert tag flags base64_encode and base64_decode have been removed.
- Fixed: Also use simple tokens for the newsletter subscription modules (see #7446).
- Fixed: Only show the root page languages in the meta wizard (see #7112).
- Fixed: Correctly create the initial version in the personal data module (see #7415).
- Fixed: Check if a DB driver has been configured in Config::isComplete() (see #7412).
- Fixed: Correctly mark deleted versions in Versions::addToTemplate() (see #7442).
- Fixed: Replace insert tags of RTE fields in the back end preview (see #7428).
- Fixed: Handle nested insert tags in strip_insert_tags().
- Fixed: Correctly store the model in Dbafs::addResource() (see #7440).
- Fixed: Send the request token when toggling the visibility of an element (see #7406).
- Fixed: Always apply the IE security fix in the Environment class (see #7453).
- New: Added the CSS units vw, vh, vmin and vmax (see #7417).
- Fixed: Replace leafo/lessphp with oyejorge/less.php (see 7012).
- Fixed: Show the correct root icon in the page/file picker (see #7409).
- Fixed: Add an empty option to the image size select menu (see #7436).
- Fixed: Nest wrapper elements in the back end preview (see #7434).
- Fixed: Correctly handle archives being part of multiple RSS feeds (see #7398).
- Fixed: Correctly handle 0 in utf8_convert_encoding() (see #7403).
- Fixed: Send a 301 redirect to forward to the language root page (see #7420).
- Fixed: Handle SVG images in the default back end uploader.
- New: Pass the parent ID of a page to the navigation template (see #7391).
- Improved: Support the "min", "max" and "step" attributes on number fields (see #7363).
- Improved: Show the database query duration in debug mode (see #7323).
- New: Added the "executeResize" hook (see #7404).
- Fixed: Handle disabled modules in the module loader.
- New: Support responsive images and the
- New: Added the "compareThemeFiles", "extractThemeFiles" and "exportTheme" hooks.
- Improved: Use the image meta data in Controller::addEnclosuresToTemplate() (see #6746).
- New: Add the dir="rtl" attribute if the page language is RTL (see #7171).
- Improved: Export .sql files in the theme folder and allow to reimport them (see #7048).
- Changed: Do not mark pages as active if there are query parameters (see #7189).
- Changed: Use addImageToTemplate() in the ContentHyperlink class (see #7296).
- Changed: Removed the H2 sub-headlines in the back end (see #7248).
- Improved: Only create one DcaExtractor instance per table (see #7324).
- Improved: Add a CSS class indicating the number of columns in a gallery (see #7138).
- Improved: Allow to switch between the page and file picker in TinyMCE (see #6974).
- Improved: Show a message if logging in is required to comment (see #7031).
- New: Added the "sendNewsletter" hook (see #7222).
- Improved: Make the pagination template more flexible (see #7174).
- Improved: Limit the selectable file types depending on the element type (see #7003).
- New: Prevent timing attacks when verifying passwords (see #7115, #5853).
- Changed: Hide the "start" and "stop" fields if an element is not published (see #7148).
- New: Support the backlink configuration setting in the parent view (see #7083).
- New: Added a regex to check for nonnegative natural numbers (see #4392). This also includes the "minval" and "maxval" flags to specify a miminum or maximum value.
- Improved: Optionally hide files without matching meta data in downloads (see #6874).
- New: Preserve the original CSS ID and classes in the alias elements (see #6638).
- Improved: Do not directly query the INFORMATION_SCHEMA database (see #7302).
- New: Added the "doNoTrim" flag to the Widget class (see #4287).
- Improved: Support simple tokens in registration and lost password mails (see #7101).
- Changes: Consider the options array in Model::countBy() (see #7033).
- New: Support SVG and SVGZ images (see #7108, #5908).
- Changed: Move the mime types array to a configuration file (see #6843).
- New: Added the sort flag to the eval section of the DCA (see #4072).
- New: Added the "onundo_callback" (see #7258).
- Improved: Consider the values of referenced fields in the back end search (see #4376).
- New: Add an option to export style sheets (see #7049).
- New: Added widget-* CSS classes to front end form fields (see #7041).
- Improved: Make the loading order of the style sheets configurable (see #6937).
- Removed: Remove the rel="author support (see #7291).
- New: Added $item['isTrail'] to the navigation menu templates (see #7096).
- Improved: Handle data- and ng- attributes in Widget::addAttributes() (see #7095).
- Changed: Add the class "tableless" to the member_ templates (see #7207).
- Improved: Added the |async flag to $GLOBALS['TL_JAVASCRIPT'] (see #7172).
- New: Added the "link_name" insert tag (see #7218).
- Improved: Simplify the "member_grouped" template (see #7015).
- Changed: Make the front controller classes overwritable.