Monday 27 August 2012 by

Textpattern CMS 4.5.0 is immediately available for download. Please note that the PHP system requirements have changed for this release to v5.2 minimum. Please check your hosting environment.

Download

Security

Textpattern 4.5.0 fixes four XSS security vulnerabilities which would allow maleficent attackers to gain administrative access to the site by tricking a legitimate publisher into clicking on a carefully crafted link. We thank Jukka Svahn, Mauro Gentile, Jonathan Claudius, and Sasha Zivojinovic for their responsible disclosure of these issues. An update is highly recommended.

Visual and markup alterations

As part of an ongoing effort to modernise the admin side, strides have been made on standardising and improving the markup. The first thing you’ll notice after your CSS has been refreshed will be a much tidier, sharper interface. If this is your first installation, the improved setup process will guide you through the few steps required to have content management up and running in no time.

For the installed userbase, upgrades are the same as ever: replace files, refresh, login. Due to the new markup we expect some plugins and themes will probably look a bit, well, squished for a while until they adopt the new wrappers and class names, but we have a design pattern guide to help. Please be patient as authors bring their code in line with the changes—use the social channels and forum to highlight any issues.

The ‘Sections’ panel has been completely overhauled to bring it in line with the other list-style panels, and plugin authors can now do much more than ever before on all list panels—including being able to hook into the ‘with selected’ select list to offer custom bulk edit functionality, and altering the info that’s on the page for custom data filtering.

The ‘Check for updates’ feature has been moved from the ‘Preferences’ to an automatic check as part of the ‘Diagnostics’ panel. If a new version is available, it’ll appear here in future along with other system messages, so check back periodically. Also, the ‘Languages’ panel has been improved and you may now remove installed languages.

Plugin authors should note that the callbacks image_ui.image_edit and image_ui.thumbnail_edit have changed to encompass different portions of the markup than before. This is a consequence of the improved layout.

Theme bonanza

As well as tweaking Classic and Remora, Phil has brought Hive as a third core admin theme option. Hive is a modern, responsive admin theme that’s also been designed to work well on touch screen devices such as smartphones and tablets. It’s resolution independent, so should look lovely on high resolution (HiDPI) displays.

Textpattern Hive theme

Classic is still the default theme selection when you install a fresh copy of Textpattern but we encourage you to try Hive and see what you think. We also have great plans for further improvements to all the core themes beyond v4.5.

And that’s not all! The default public-side theme has been modernised too. The original Textpattern theme served us well for 8 years but now is the time to bring the public-side theme right up to date, with a modern HTML5 codebase, CSS3 enhancements and responsive page layouts. The theme templates (pages, forms and CSS files) have been extensively commented throughout to help users, new and existing alike, easily understand and adapt the code to their own unique needs.

Textpattern front side theme 2012

Phil maintains a collection of extra ‘bolt-on’ modules that you can use to enhance the basic theme with popular features like sliders and social media integration. A full list can be found here, with more planned in the future. The CSS files are also available here as modular Sass files if that’s your thing. It’s a great way to get started on building your own site designs with relative ease.

Improved responsiveness

Writing articles is what Textpattern is all about. To help speed up the process, the ‘Write’ panel now performs background saves without refreshing the page. Article creation is the same, but thereafter every time you update the article, Textpattern uses AJAX to communicate with the database. The Yes/No switches on the ‘Plugins’ and ‘Sections’ panels also benefit from AJAX so toggling things on and off is much faster.

Plugin authors can take advantage of the core’s asynchronous interface by specifying new plugin types. For reference, the types are:

  • 0: Public side code only
  • 1: Public and admin side code, no AJAX permitted
  • 2: Library plugin
  • 3: Admin side code only, no AJAX permitted (N.B. changed!)
  • 4: Admin side code only, with AJAX support
  • 5: Public and admin side code, with AJAX support

Improved sort ordering and tag changes

The <txp:link_to_prev> and <txp:link_to_next> tags now adhere to the sort order set by <txp:article> so you can step through articles in more logical orders. Other tags such as <txp:images />, <txp:linklist />, <txp:article_custom>, and <txp:file_download_list> have also been upgraded to maintain the sort order from their id attributes.

A <txp:author_email> tag makes an appearance, <txp:file_download> may be used as a container tag, <txp:css> can take a comma-separated list of sheet names <txp:die> has a new url attribute, and <txp:comment_form /> has a set of attributes to allow customisation of the labels.

And behind the scenes

Plugin authors and themers have a tonne of new things to play with.

textpattern.Relay is a client-side publish/subscribe hub with two methods register and callback. They mimick the well-known functionality of register_callback and callback_event on the server.

gTxtScript() pushes localized strings from the server to the client and makes them available to Javascript application there.

txpAsyncForm and txpAsyncHref are two plugins for jQuery to easily add AJAX functionality to HTML forms and links.

The Validator class verifies values against a set of constraints. The core comes with a choice of basic constraint rules which can easily be extended/subclassed to cater for more specific validation rules.

Release the bees

There’s a lot to get excited about in this release. Of course, Textile and jQuery have also been upgraded to the latest available versions, various other UX improvements, plus a few security and bug fixes too. So please take the time to install Textpattern 4.5.0; we hope it serves you well.

Full changelog

See the HISTORY.txt file included within your Textpattern download for a full list of changes in Textpattern CMS version 4.5.0.

Errata

Credits to Jukka Svahn were missing from an initial version of this article.