SCHLIX CMS https://www.schlix.com SCHLIX CMS News Schlix Mon, 19 Feb 2024 15:56:22 -0700 en-us Mon, 19 Feb 2024 15:56:22 -0700 February 2024 - bug fix release https://www.schlix.com/news/release/february-2024-bug-fix-release.html https://www.schlix.com/news/release/february-2024-bug-fix-release.html SCHLIX CMS v2.2.8-2 has been released. List of fixes:

  • PHP version 8.2, 8.3 and 5.6 compatibility fixes. It's still compatible with PHP 7.x as well. Please note that while we try to maintain compatibility even with PHP 5.6 (which was released 10 years ago in 2014), may not be guaranteed to be v5.6 compatible next year.
  • Fix for a low-risk SQL injection bug in the Configuration section. Thanks to devious.ch for reporting this. This is considered lower risk as it still requires an administrator privilege to execute it.
  • JQuery - updated to v3.7.1
  • PHPMailer - updated to v6.9.1

To upgrade your existing installation, simply click Settings - System Update.

]]>
Sat, 25 Feb 2023 18:27:01 -0700 CVE-2022-45544 for SCHLIX CMS v2.2.7-2 is FALSE https://www.schlix.com/news/security/cve-2022-45544-for-schlix-cms-v2-2-7-2-is-false.html https://www.schlix.com/news/security/cve-2022-45544-for-schlix-cms-v2-2-7-2-is-false.html The following is a response to CVE-2022-45544 (2022-11-09) authored by Francisco Marinho, who claimed that there is an "Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 [that] allows attacker to upload arbitrary files and execute arbitrary code." The analysis is incorrect due to the following reasons:

  1. You need an admin access and his proof of concept didn't demonstrate any unauthorized access to the Theme Manager within SCHLIX CMS.
  2. If you write a piece of code in the theme's index.php (e.g. system($_GET['tristao']) ) and upload it, of course you can execute it. In any PHP-based CMS where PHP code is allowed in the theme, you can write anything you want, including system ("rm -rf /") and this is NOT AN ERROR and there is NO UNEXPECTED BEHAVIOUR. You can test this with other PHP-based CMS such as Wordpress, Joomla, or Drupal and the behaviour is identical and this is NOT a vulnerability. If you want to disable a certain PHP function deemed dangerous, do it with disable_functions in php.ini.
  3. There is already a warning in the upload form that you should upload only from a trusted source. We're not responsible for any vulnerability caused by 3rd party plugins. See the second screenshot below.

Francisco's proof of concept, as described in https://github.com/tristao-marinho/CVE-2022-45544/blob/main/README.md and https://www.youtube.com/watch?v=_0X6AzXmhrU, is as follows:

  1. Login with your account
  2. Access the directory in url http://[examplewebsite].com/admin/app/core.thememanager
  3. Download theme Superhero in https://www.schlix.com/extensions.releases/action/download/filename/theme_superhero-1.1.zip
  4. Unzip theme_superhero-1.1.zip
  5. Edit file in path superhero/themes/superhero/index.php, adding "system($_GET['tristao']);" on line three.
    • Our response: You can add any code here because it's a PHP script. You can execute system ("rm -rf /") or whatever and it will call the system(...) function unless you disable it via php.ini

      Incorrect POC
  6. Zip theme_superhero-1.1.zip
  7. Click in "INSTALL A PACKAGE"
    • Our response: It prompts for the admin password again and there is a warning to upload files only from a trusted source and that we're not responsible for any security vulnerability caused by 3rd party plugins. This is why we put the warning here. People who have access to this are usually web developers who know what they're doing.

      Upload stage of invalid POC
  8. Upload theme_superhero-1.1.zip
  9. Active theme superhero
  10. Acess homepage index.php
    Our response: You are an admin of this website and you put an arbitrary code in the theme file, which is index.php, and you should be able to execute it. This behaviour is the same whether you use Wordpress, Drupal, Joomla, or SCHLIX CMS.
    Sample output of incorrect analysis - CVE-20222-45544

Not only the analysis is faulty and demonstrated a lack of due dilligence and programming knowledge on the so called "pentester" part, we weren't even contacted to verify his claim, which is usually the standard procedure for reporting a vulnerability. We have dealt with much more professional and knowledgable individuals in the past and we will acknowledge if there is a vulnerability, but Francisco's analysis for CVE-2022-45544 is completely faulty.

It's best for security researchers to contact us first to validate a vulnerability before publishing it.

]]>
Tue, 31 Jan 2023 05:38:17 -0700 January 2023 Update - SCHLIX CMS v2.2.8 release with GPLv3 license https://www.schlix.com/news/release/january-2023-update-schlix-cms-v2-2-8-release-with-gplv3-license.html https://www.schlix.com/news/release/january-2023-update-schlix-cms-v2-2-8-release-with-gplv3-license.html SCHLIX CMS v2.2.8 has been released with the following changes:

  • License has been changed to GPLv3
  • Fixed a few PHP 8.1 compatibility issues
  • JQuery, PHPMailer and HTMLPurifier have been updated to the latest version
  • A few bug fixes
]]>
Sun, 10 Jan 2021 21:06:38 -0700 PHP8.0 compatibility release - v2.2.6 https://www.schlix.com/news/release/php8-0-compatibility-release-v2-2-6.html https://www.schlix.com/news/release/php8-0-compatibility-release-v2-2-6.html SCHLIX CMS v2.2.6 has been released and it is the first release of 2021 with major focus on the new PHP 8.0 compatibility.

With the v2.2.6 release, the core SCHLIX content management system will be compatible with PHP from version 5.6 to 8.0. However, this may not always be the case with its add-ons (especially if it uses composer), which are not always developed in house.

There could a secondary compatibility release in February or March once we've completed further testing with the next release of PHP 8.0.x. The main issue for the current PHP version (8.0.0) is the incompatibility if the JIT is enabled (off by default). Please note that during our testing, we encountered segmentation fault as described in https://bugs.php.net/bug.php?id=80480. Other than this issue, everything else seems to works.

]]>
Thu, 15 Oct 2020 16:59:46 -0600 Time to upgrade again - SCHLIX CMS v2.2.5 has been released with support for OAUTH2-based email authentication https://www.schlix.com/news/release/time-to-upgrade-again-schlix-cms-v2-2-5-has-been-released-with-support-for-oauth2-based-email-authentication.html https://www.schlix.com/news/release/time-to-upgrade-again-schlix-cms-v2-2-5-has-been-released-with-support-for-oauth2-based-email-authentication.html SCHLIX CMS v2.2.5 has been released and it has a new feature: support for SMTP authentication with OAUTH2, which is needed if you use SMTP servers of Google Workspace/GSuite or Outlook.com/Office365. You can read more about how to set it up in here: https://www.schlix.com/documentation/v2/configuration/using-gmail-as-the-default-smtp-server.html. Other than this feature, the new version also contains many updates including:

  • New constant SCHLIX_DEFAULT_CA_BUNDLE containing the path location /system/libs/data/ca-bundle/ca-bundle.pem, which is the most up-to-date certificate authority bundle file in the current release. This is necessary as the default file location varies among different operating systems. This is also needed for some of the shipping & payment plugins of Shoperatus.
  • Support for Samesite Cookie = None for different browsers
  • A more descriptive error for session timeout for AJAX requests
  • Fixed: SMTP settings error when changing the SSL option in Site Manager
  • Fixed: Initial menu base path settings
  • Updated - CKEditor 4.11 to 4.15
  • Updated - Bootstrap 4.3.1 to 4.5.2
  • Updated - TinyMCE 4.9.2 to 4.9.8
  • Updated - CodeMirror 5.25 to 5.57
  • Updated - PHPMailer 6.1.4 to 6.1.7
  • Updated - Fontawesome Free 5.11.2 to 5.15.1

Screenshot of the SMTP OAuth test:

GMail SMTP OAUTH2 settings test

To upgrade your existing installation, simply click Settings - System Update.

]]>
Tue, 22 Sep 2020 20:48:27 -0600 First BETA release of Shoperatus v0.9 (e-commerce for SCHLIX CMS) https://www.schlix.com/news/general/beta-release-of-shoperatus-v0-9-e-commerce-for-schlix.html https://www.schlix.com/news/general/beta-release-of-shoperatus-v0-9-e-commerce-for-schlix.html As planned earlier, we finally released the first generally available e-commerce for SCHLIX CMS for the first time. We were a few days behind our schedule (we were supposed to have released this last Friday) but it's finally here. The first Shoperatus v0.9 BETA has been released. Please note that in order to use this, you must have already have ionCube loader on the server (or on your local workstation).The good news is 99% of PHP web hosting companies have ionCube loader pre-installed by default. 

Unlike SCHLIX CMS, which source is pretty much open, Shoperatus is a closed source software. However, you can still edit and customize the view templates as with other SCHLIX CMS extensions we previously released. The platform itself is still open so that you will be able to create your own payment, shipping and other types of plugins. We will also publish documentation and training manual for this. Since this is the first day of the beta release, not much documentation is available yet, but we're working on it. Note that although Shoperatus is the generally available e-commerce extension, there has been another e-commerce extensions of SCHLIX CMS with slightly different purpose since 2018 but it's only available to commercial clients. You can see this on the demo/showcase screenshot of this website.

Some of the shipping plugins in the screenshots such as AsiaXpress, SpeedPost, IndiaPost and ThailandPost as well as a couple of payment plugins (Xendit - token and Moneris hosted tokenization) will only be available with a commercial license. Note - the free version of Xendit and Moneris hosted payment page are just as good for starters.

We will also release most commonly used shipping plugins such as Purolator, DHL, Fedex and USPS soon.

E-commerce for SCHLIX CMS (PHP/MySQL)

]]>
Tue, 01 Sep 2020 20:26:13 -0600 E-commerce extension progress update (September 2020) https://www.schlix.com/news/general/e-commerce-extension-progress-update-september-2020.html https://www.schlix.com/news/general/e-commerce-extension-progress-update-september-2020.html We've almost completed the development of the e-commerce extension for SCHLIX, with internal code schtore. This is an update to the previous post back in May 2020. Last week, all features have been finalized and frozen and we're going to release the first beta version in about two weeks from now.

Expected timeline

  • Between September 13 - 18, 2020: first beta release
  • End of September/early October 2020: final release (as extension, fully usable)
  • Mid-Late October 2020: additional shipping options: USPS (America), Fedex, DHL, UPS, Purolator, British Royal Mail will be available.
  • December 2020/January 2021: automated refund, dashboard - integrated with our mapping server.
  • 2021: gift card, store credit, subscription

Current features (frozen as of August 27)

  • E-commerce catalog with multiple images (dynamic image size can be set in the config section).
    • One product can be assigned to multiple categories.
    • Product specifications (each sub-variant has a unique URL)
    • Product variance
    • CTO (Configure-to-order) product options
    • Each product can be optionally assigned a product type. You can assign only 1 product type per product. If you want to have multiple product types per product, use the category (folder) instead of product type sub-application.
    • Downloadable materials attached to product and/or product type (e.g. PDF warranty statements for all product).
  • 127 tax rules for different countries, automatic setup
  • Country, state/province, city database - this is different from most e-commerce as the city input is free-text.
  • Discount - % or fixed.
  • Coupon - must be attached to product for the initial release. We will enable store coupons later.
  • Payment plugins (alphabetical order): Alipay, BluePay (CardConnect), Braintree, G2APay, Midtrans, Moneris, Paypal, Stripe, 2Checkout, Xendit. Offline payments are supported as well (bank cheque, wire transfer, Interac e-Transfer). Note: the available Moneris payments are for Canadian merchants only. We can build the US one as well if there's a request.
  • Shipping plugins (alphabetical order): AsiaXpress, Australia Post, Flat Rate, GoSend, Hongkong Post, India Post, Malaysia Post, Pakistan Post, PHLPost, Postmen, RajaOngkir, Singapore Post, SpeedPost Singapore and Thailand Post
  • All transactions are logged.
  • Security: we test for basic XSS and SQL injection. XXE (XML injection) prevention is already built-in to SCHLIX CMS.
  • Configurable email templates (must use SCHLIX CMS v2.2.4 or later)

Note: some of the payment & shipping plugins will be commercial release.

Caveats for the first version

  • Reporting will be available in the next release. Information can already be extracted via SQL and we can build add-ons suitable to your needs.
  • No gift card & loyalty point functionality yet - that will be done in 2021 if there's a request.

Here's what schtore looks like as of September 2020:

  1. Catalog - product listing
    SCHLIX E-commerce - Catalog

  2. Catalog - Images
    SCHLIX E-commerce - product images

  3. Product Type - Options (CTO)
    SCHLIX E-commerce - product options

  4. Product type - CTO option choice
    SCHLIX E-commerce - product option choice

  5. Product - Options (CTO)


  6. Config
    SCHLIX E-commerce - config

  7. Payment plugins
    SCHLIX E-commerce - payment plugins (Alipay, Paypal, Braintree, Moneris, Xendit)

  8. Shipping plugins
    SCHLIX E-commerce - shipping plugins

Stay tuned for more info! 😄

]]>
Tue, 01 Sep 2020 19:42:29 -0600 SCHLIX CMS v2.2.4 has been released with subtle user experience enhancements https://www.schlix.com/news/release/schlix-cms-v2-2-4-has-been-released-with-a-few-subtle-use-experience-enhancements.html https://www.schlix.com/news/release/schlix-cms-v2-2-4-has-been-released-with-a-few-subtle-use-experience-enhancements.html SCHLIX CMS v2.2.4 has been released with a few enhancements:

  • Some icons on the toolbar now have been assigned colour so it's easier for the user to find which toolbar button to click.
  • The datetime picker is now a lot more user friendly. Previously, the calendar would pop up automatically whenever the user clicks a datetime input. This behavious has now been changed to requiring the user to click the handle bar if the datetime picker needs to be used. With this behaviour change, it's easier for the user to type freely on the input box without the datetime picker getting in the way.
  • There are various other internal changes as well and this will be  the minimum version required to run SCHLIX CMS e-commerce extension when we release it next month (we'll release the beta version in 2 weeks)

SCHLIX CMS v2.2.4

]]>
Tue, 07 Jul 2020 15:48:41 -0600 SCHLIX CMS v2.2.3-1 is now available https://www.schlix.com/news/release/schlix-cms-v2-2-3-1-is-now-available.html https://www.schlix.com/news/release/schlix-cms-v2-2-3-1-is-now-available.html SCHLIX CMS v2.2.3-1 has been released. This is a minor update release that fixes a few minor bugs and typos. We are still developing the Schtore e-commerce extension (will be done in September) and this update is required before the extension can be used.

  • Some highlights:
  • Visual - menu appearance on the backend admin
  • Composer packages can now be installed (comand line option has been removed). Please note that PHAR is required
  • PHP 8.0 compatibility issue (str_contains, str_starts_with, str_ends_with)
  • For developers:
    • cmsCurl and cmsXMLTool class. This is used to handle web service calls for the upcoming e-commerce extension, mostly for payment and shipping.
    • Javascript class ___$HTML and ___$INPUT to create html string tags programmatically. SCHLIX.Util.escapeHTML now has a shortcut ___h, similar to the PHP one.
]]>
Thu, 07 May 2020 01:12:09 -0600 May 2020 update - Schtore e-commerce extension release delay and COVID-19 https://www.schlix.com/news/general/may-2020-update-schtore-e-commerce-extension-release-delay-and-covid-19.html https://www.schlix.com/news/general/may-2020-update-schtore-e-commerce-extension-release-delay-and-covid-19.html Greetings,

It has been a little over 3 months since we last released v2.2.2-1 in late January and we finally had the chance to provide some news. First of all, we'd like to apologize for the slower responses for forum replies as well as commercial support between February until April. Even though all of our team members have already been working remotely since 2 years ago, the "new normal" still required some adjustments. COVID-19 took us by surpise and we were scrambling for alternative arrangements for many things, so work stopped for nearly 5 weeks and hence we delayed the release of our e-commerce extension (Schtore). Things are somewhat returning to almost normal now and our response time should be better now.

We realize that everyone is in this together and that there are others who experience even more hardship, so back in April we made a small donation of $2020.04 to Boyle Street Community Service, a non-profit organization for the homeless in the city of Edmonton. Homeless people are very vulnerable in this kind of situation and deserve our help.

Schtore

Schtore is our new e-commerce extension. It's quite massive (custom user-defined table fields, 127 tax rules for different countries (including EU), complete list of currencies and countries (down to the city level, user privacy features, etc). Initially, Schtore will contain the following payment plugins:

  • Paypal Express (global)
  • Braintree (global)
  • Stripe (global)
  • Alipay (China)
  • Moneris (we've only tested the Canadian version, not the US version)
  • Xendit (Indonesia) - as requested in the forum

Shipping plugins:

  • Canada Post
  • Postmen
  • Rajaongkir

There's not that many shipping modules when we release it for the first time, but Postmen should cover most of it.

We may need a volunteer who's willing to test our the EU tax rules.

Schtore Beta - screenshot 1

Schtore Beta - screenshot 2

Schtore Beta - screenshot 5

Schtore Beta - screenshot 4

Please note that this is the temporary layout. It may change once we really release this for general public availability.

]]>
Sun, 19 Jan 2020 02:16:24 -0700 Time to upgrade - SCHLIX CMS v2.2.2 has been released (now compatible with PHP 7.3 and 7.4) https://www.schlix.com/news/release/time-to-upgrade-schlix-cms-v2-2-2-has-been-released-now-compatible-with-php-7-3-and-7-4.html https://www.schlix.com/news/release/time-to-upgrade-schlix-cms-v2-2-2-has-been-released-now-compatible-with-php-7-3-and-7-4.html SCHLIX CMS v2.2.2 has been released and it is now compatible with PHP 7.3 and 7.4. With this change, SCHLIX CMS is now compatible with PHP 5.6, 7.0, 7.1, 7.2 and 7.3. Other notable changes include the newly included newspaper theme. The previously included company profile theme still exists. You can check the demo (frontend only) at https://demo3.schlix.com. Note to packagers: since it now comes with 3 sample data (newspaper, company profile, blank company profile), the parameter for automated installation has been changed. Please refer to the following article: https://www.schlix.com/documentation/v2/configuration/automated-installation.html. If you have any questions, just head to the forum!

Newspaper CMS

]]>
Sat, 21 Dec 2019 01:10:31 -0700 6th revision for SCHLIX CMS v2.2.1 has been released https://www.schlix.com/news/release/6th-revision-for-schlix-cms-v2-2-1-has-been-released.html https://www.schlix.com/news/release/6th-revision-for-schlix-cms-v2-2-1-has-been-released.html Today we've released the 6th revision for SCHLIX CMS v2.2.1. This should be the final release for 2019. Happy New Year 2020 and we'll catch up with you next year with new e-commerce extensions and other goodies.

List of all revisions for SCHLIX CMS v2.2.1-x:

  • Errata #6: Updated typo in the automated installer (not regular installer) for the email address input.
  • Errata #5: Updated Google Analytics block, fixed installer and site manager PHP version detection and backslash escape function, minor correction for gallery package name (comment only), HTML encoding issue for SCHLIX_SITE_NAME in the default theme.
  • Errata #4: Blog category may not appear on the backend during new item creation (Nov 12, 2019)
  • Errata #4: UI layout was incorrect for the password reset form, removed the inner row/column
  • Errata #4: File type check for media manager upload
  • Errata #4: Fixed zh-CN (simplified Chinese) translations
  • Errata #3: fixed layout where the treeview on the left has many items exceeding the browser's viewport. The left column has a scrollbar now and the tag has been changed to the default div. This actually caused an extra scrollbar to be displayed on Firefox and it is a known issue. Fixed blog primary category not being updated after the document has been saved.
  • Errata #2 - fixed Fontawesome 5 iconpicker that caused an icon to be generated when saving a menu item.
]]>
Fri, 25 Oct 2019 16:53:04 -0600 CVE-2019-11021 for older SCHLIX CMS v2.1.8-7 (November 2018) https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html https://www.schlix.com/news/security/cve-2019-11021-for-older-schlix-cms-v2-1-8-7-november-2018.html In regards to CVE-2019-11021 for older SCHLIX CMS v2.1.8-7 (November 2018 - last year), which claimed that "admin/app/mediamanager in Schlix CMS 2.1.8-7 allows Authenticated Unrestricted File Upload, leading to remote code execution.", the analysis needs to also mention that the user who can access admin area will require an elevated superuser permission (the user must belong to [Administrators]before he/she can upload the PHP file. We also allow uploading of zipped PHP scripts to install extensions, by the way, and it's still the case even in 2.2.x.

While inadvertently allowing a PHP file to be uploaded via Media Manager was an oversight, it still requires an admin permission. We think it's pretty rare for an administrator to exploit a bug on his/her own site to own his/her own site.

It's best for security researchers to contact us first to validate a vulnerability before publishing it. Regardless, we still thank for the effort.

For SCHLIX CMS users, simply click Settings - System Update to keep your system secure all the time. Also, subscribe to this RSS news feed for the latest news including security related advisories.

]]>
Wed, 09 Oct 2019 14:00:58 -0600 SCHLIX CMS v2.2.1 with Extension Gallery has been released https://www.schlix.com/news/release/schlix-cms-v2-2-1-with-extension-gallery-has-been-released.html https://www.schlix.com/news/release/schlix-cms-v2-2-1-with-extension-gallery-has-been-released.html SCHLIX CMS v2.2.1 has been released with an integrated Extension Gallery (App Store) where you can download extension directly from the CMS without having to manually download it from our Extension Directory. We also now welcome publishers who'd like to publish their work to showcase their work and be linked from our website. The first phase, which lasts until end of December 2020, will be open for open source extensions, with commercial offering planned to be open in January 2021.

Other notable changes include:

  • Installation/removal of extension now requires administrator password
  • Automated installer bug fix - missed 1 parameter during config file generation
  • French translation bug fix
  • Font Awesome Free has been updated to v5.11.2
  • Change email and change password dialog under Users administration have been improved with better user interface
  • Inclusion of manual_upgrade.php for manual upgrade in a more restricted hosting environment or if the automated upgrade fails for any reason

Download it here.

]]>
Wed, 25 Sep 2019 01:18:34 -0600 CentOS 8 - compatible with SCHLIX CMS v2.2.x https://www.schlix.com/news/general/centos-8-compatible-with-schlix-cms-v-2-2-x.html https://www.schlix.com/news/general/centos-8-compatible-with-schlix-cms-v-2-2-x.html CentOS 8 has just been released yesterday. We've tested it and the new SCHLIX CMS v2.2.x series works out of the box (including with the new MySQL 8.0) with only minimal changes to the default configuration. Check out the CentOS 8 LAMP server installation guide for SCHLIX CMS.

]]>
Wed, 18 Sep 2019 18:31:48 -0600 Extension Gallery - a marketplace for web design agencies/freelance PHP developers https://www.schlix.com/news/general/extension-gallery-a-marketplace-for-web-design-agencies-freelance-php-developers.html https://www.schlix.com/news/general/extension-gallery-a-marketplace-for-web-design-agencies-freelance-php-developers.html In mid-October, we will release a new SCHLIX CMS version 2.2.1-x with a new marketplace integration application called Extension Gallery. With the new Extension Gallery, website owner can easily install/uninstall extension without having to download a ZIP file manually from our current Extension Gallery. If you're a PHP web agency or a PHP freelance developer, you can submit a SCHLIX CMS plugin (application/block/macro) and get more exposure. It's free and this is a great opportunity to showcase your solutions. Both commercial and open source extensions are accepted.

The extension submission process is already open and we're hoping to get more developers to use SCHLIX CMS.

Sample screenshots:

SCHLIX Extension Gallery - Preview

SCHLIX Extension Gallery - Preview

Social Media Extensions

]]>
Sat, 17 Aug 2019 18:24:02 -0600 New 2.2.x series - SCHLIX CMS v2.2.0-1 has been released https://www.schlix.com/news/release/new-2-2-x-series-schlix-cms-v2-2-0-1-has-been-released.html https://www.schlix.com/news/release/new-2-2-x-series-schlix-cms-v2-2-0-1-has-been-released.html SCHLIX CMS v2.2.0-1 has been released, marking the new v2.2.x series. It is considered a significant change from the previous v2.1.x series as many internals have been updated. The 2.2.x is a transitional release, ensuring backward compatibilities with earlier version of plugins developed for SCHLIX CMS.

Highlight of new features

Custom header image

Previously, designers had to rely on using either a macro or a custom code to insert an expanded banner/header image above the content. This was cumbersome as a slight change to the HTML code means that the content items need to be updated individually. In the new v2.2.x series, they can do it easily by simply choosing to upload a custom media header and any change to the HTML tag can simply be performed in the template itself. Please have a look at the code comments inside the newly included companyprofile theme.

Custom header banner image

The following is a screenshot of the editor page where you can easily change the header image. You can configure the width, height and quality from Settings - Custom Header.

Sample header image

To enable this feature in your own application, simply specify the following code in the constructor:

$this->has_versioning = true;

Spell Checker

We have added a spell checker functionality.

Spell Checker

It's still in BETA mode, so you will have to manually enable it from Settings - Editor Manager.

TinyMCE 4 Spell Checker

Custom Field

You can now specify a custom field to be used in many applications. This is useful when you need to add a field to a contact form, etc. We're currently still testing this feature and will enable this feature on other applications as well. Please note that all custom fields will have the xcf_ prefix in the actual database. In your view template, you can simply output it manually. For example:

<?php $custom_fields = $this->getItemCustomFields(); ?>
<?php foreach ($custom_fields as $cf): ?>
<?php $field_name = 'xcf_'.$cf['field_name']; $field_label = $cf['field_label'] ?>
<div class="contacts_info_label custom_field">
   <i class="fa fa-file"></i>
   <?= ___h($item[$field_name]); ?>
</div>

To enable this feature in your own application, simply specify the following code in your view.admin.template.php file:

<x-ui:schlix-explorer-menu-command data-schlix-command="custom-table-config" data-custom-table="gk_contact_items" fonticon="fas fa-terminal" label="<?= ___('Custom table fields: Contact') ?>" />

<x-ui:schlix-explorer-menu-command data-schlix-command="custom-table-config" data-custom-table="gk_contact_messages"  fonticon="fas fa-terminal" label="<?= ___('Custom table fields: Messages') ?>" />

Custom Field 1

Screenshot of the edit function:

Custom Field 2

Screenshot of backend editor with a custom field:

Custom Field 3

Hooks

You can now extend an application functionality from another class (e.g. on the custom field function). Simply create a function with hook_ prefix and it will be executed.

Hook example

To create an application that calls a hook function, simply call \SCHLIX\cmsHooks::execute( ... ). We will write a documentation on this later.

X-UI tags

We have now switched to a framework-independent X-UI tag to future-proof our CMS. We used to heavily depend on Bootstrap 3, but as we realized

 <x-ui:schlix-multi-source-media-uploader data-field="url_media_file" name="image_file" id="image_file" data-dir-key="image_medium" accept="image/png, image/jpeg, image/gif" data-disable-option-existing-file="true" data-disable-option-none="true" data-allow-url-variable-dimension="true" data-preview-width="<?= $preview_width ?>" data-preview-height="<?= $preview_height ?>" />

Simple examples:

<x-ui:textbox id="meta_description" name="meta_description"  data-field="meta_description" label="<?= ___('Meta Description') ?>" />

<x-ui:schlix-tab-container>
<x-ui:schlix-tab id="tab_content" fonticon="far fa-file-alt" label="<?= ___('Content') ?>">
 Tab content
</x-ui:schlix-tab>
</x-ui:schlix-tab-container>

GDPR (Personal Data Request)

We have provided basic functionality for user data request. This application is disabled by default upon installation & upgrade.

Configuration

  • Additional 6 new languages (Georgian, Kazakh, Mongolian, Arabic, Hebrew, Persian) have been added.
  • You can now change the theme colour of the backend. This is useful especially if you need to open different SCHLIX CMS sites.
  • You can specify whether the frontend uses Bootstrap 3 or 4. We will also expand the functionality to include other CSS frameworks such as Bulma and Zurb Foundation.
  • If you need your site to be online but invisible to the search engine during the development, you can specify its visiblity as hidden and turn it back on when needed.

SCHLIX v2.2.x - global configuration

Backward incompatible changes

If you have installed an application and you have the following lines in the *.admin.class.php onModifyDataBeforeSaveItem or onModifyDataBeforeSaveCategory, please either comment it out or simply delete them. You have until the end of December 2021 before this backward compatibility is removed.

/* NO LONGER NEEDED AS OF 2.2.0 - please remove these lines completely or comment them out */
if ($datavalues['permission_read_everyone'])        
      $datavalues['permission_read'] = 'everyone';
      $datavalues['permission_read'] = serialize($datavalues['permission_read']);
 $datavalues['permission_write'] = serialize($datavalues['permission_write']);

Download and read the full change log now.

]]>
Wed, 01 May 2019 22:10:08 -0600 SCHLIX CMS v2.1.9-0 with a revamped admin interface https://www.schlix.com/news/release/schlix-cms-v2-1-9-0-with-a-revamped-admin-interface.html https://www.schlix.com/news/release/schlix-cms-v2-1-9-0-with-a-revamped-admin-interface.html SCHLIX CMS v2.1.9-0 has been released. A couple of notable changes:

  • Revamped admin interface for better editing experience. Quite a few of our users have made a comment last year that the dark interface has made it harder to read and navigate on the backend. We've restored the original theme and provided a new styling as well. We will make the dark theme as a configurable option later.
  • Free map hosting for the Contacts application. If you are web design agency or even just a regular user who can't to pay hundreds of dollars of billing for Google Maps, we've replaced Google Maps with OpenStreetMap, hosted on our own tile server (map.schlix.website), with CDN delivery to ensure fast browsing experience across different geographic regions. You don't need to enter Google Maps API key anymore in the Contacts application. Since this took quite some effort to implement, we've pushed back other features that we promised earlier. If you have any extensions that require mapping solution, you can use our server for free as long as your website is implemented with SCHLIX CMS and that the load requirement is reasonable.

SCHLIX CMS v2.1.9-0

If you have any questions, please post your question in the forum.

]]>
Tue, 20 Nov 2018 18:08:34 -0700 SCHLIX CMS v2.1.8-1 has been released https://www.schlix.com/news/release/schlix-cms-v2-1-8-1-has-been-released.html https://www.schlix.com/news/release/schlix-cms-v2-1-8-1-has-been-released.html SCHLIX CMS v2.1.8-1 has been released. We have added a few new security features in this release. When you login to the backend, the system will perform the following checks:

  • Possible malicious users (only for sites with registration enabled) including their IP address.
  • Possible malicious files (e.g. PHP script uploaded to image folder)
  • List of all world writable files and directories

The system will then attempt to fix them automatically and the report can be downloaded from /web/[your-website-name]/data/private/quarantine. This folder is inaccessible from the user's browser and the content must be manually downloaded via SFTP or FTP.

Note - there's v2.1.8-2 release that fixed the false positives and System Updater user interface issue as the automated security check ran immediately after the upgrade and thus causing a JSON error. If you've upgraded to v2.1.8-1 and got an error message right after the upgrade, you can ignore that error.

]]>
Sun, 16 Sep 2018 00:21:12 -0600 SCHLIX CMS v2.1.8-0 has been released https://www.schlix.com/news/release/schlix-cms-v2-1-8-0-has-been-released.html https://www.schlix.com/news/release/schlix-cms-v2-1-8-0-has-been-released.html SCHLIX CMS v2.1.8-0 has been released. This is a maintenance only release with the following changes:

  • Updated: JQuery 3.2.x to 3.3.1
  • Updated: Font Awesome 4.7 to 5.2.0 (free) with adblock compatiblity
  • Updated: TinyMCE 4.8.2
  • Updated: PHPMailer 6.0.5
  • Updated: Bootstrap 3 update (now compatible with JQuery 3.x). We're still working on Bootstrap 4 update
  • Fixed: Applications built derived from cmsApplication_Basic missing title during install
  • Fixed: Block instance configuration was being saved incorrectly if the title was not all in lowercase or contain non-ASCII characters
  • Fixed: Forgot password link on HTTPS website didn't display for the full URL
  • Fixed: Menu editor (backend) duplicate tree child item when clicking View a specific item/category
  • Fixed: Compatibilities with PHP 7.2
  • Enhancement: The method \SCHLIX\cmsPageOutput::HTMLHeader() can now be split into \SCHLIX\cmsPageOutput::HTMLHeaderNonScript() and \SCHLIX\cmsPageOutput::HTMLFooterScripts(). See the samplemagazine theme for more info

We realized that we're a bit behind in terms of the promised e-commerce implementation. Please note that the following is still in the works: Google Maps replacement, UTF8MB4 conversion (currently still using UTF8), GDPR and new Google Analytics tag.

]]>