| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| scriptlog-v1.3.0.zip | 2026-07-01 | 10.1 MB | |
| README.md | 2026-07-01 | 3.9 kB | |
| v1.3.0 source code.tar.gz | 2026-07-01 | 11.3 MB | |
| v1.3.0 source code.zip | 2026-07-01 | 12.6 MB | |
| Totals: 4 Items | 34.1 MB | 0 | |
[1.3.0] - 2026-07-01
Added
referrer_policy()function: New security header function for Referrer-Policy configurationpermissions_policy()function: New security header function for Permissions-Policy configuration- Security headers to API entry point: X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, and Permissions-Policy headers integrated into
api/index.php - Bootstrap security header integration:
referrer_policyandpermissions_policywired intoBootstrap::applySecurity() - CSRF protection for API write endpoints:
validateCsrfForWrite()andgenerateCsrfToken()methods inApiAuth - CSRF validation in API controllers: Integrated CSRF validation into MediaApiController and other API controllers
create_encoded_key()hardening: Defuse cipher key derivation with_try_decrypt()helper for multi-path backward-compatible decryption- Controller test suite: 5 new test files (PostController, UserController, CommentController, MediaController, TopicController) — 34 tests
- Core class test suite: 6 new test files (SessionMaker, Paginator, Sanitize, DbFactory, Dispatcher, View) — 65 tests
- phpunit.xml suite directories: Added Controller Tests and Core Tests directories to the PHPUnit configuration
Changed
- Password hashing: Upgraded from md5 to sha256 in
protect_post()andsetPassPhrase()for stronger hashing - CSP hardening: Removed
unsafe-evalfrom Content-Security-Policy; added Report-Only header for migration monitoring - Dynamic tests badge: Replaced static badge with dynamic GitHub Actions badge in README
Fixed
- Test infrastructure:
Registry::set('dbc')added for Dao, MediaDao, Authentication constructors in integration tests - Locale column length: Shortened
lang_codefrom VARCHAR(20) to VARCHAR(10) to match schema - Unique locale collision: Fixed via counter in test data setup
is_htmlcast: Cast to integer 0 instead of boolean false in translation tests- DownloadUtilityTest race condition: Resolved
time() + 1race condition in data provider - DownloadCreateLinkTest paths: Corrected file paths for
src/directory structure - Theme auto-activate test: Deactivate all themes first to ensure clean state
- Removed stale tests: Removed tests for non-existent
setCredential()method andcrendentialproperty - Translation insert transaction: Wrapped translation insert in transaction in setup-db; added hard lock detection for fully installed databases
generate_request()null safety: Removed redundantisset($data) &&beforearray_key_exists()calls
Security
- Password hashing: Upgraded from md5 to sha256 for protected post passwords
- CSP hardening: Removed
unsafe-evalfrom Content-Security-Policy - Security headers: X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy added to API
- API CSRF protection: CSRF validation for API write endpoints
Tests
- 950 unit tests passing (2031 assertions)
- 5 new controller test files, 6 new core class test files
- Security headers, CSRF, encrypt-decrypt, password hashing test coverage
Notes
Feature release with security hardening (CSRF API protection, CSP hardening, password hashing upgrade, security headers), expanded test suite (+99 tests across controllers and core classes), and code quality improvements.
Codename
Maleo Senkawor – Honoring Macrocephalon maleo, the critically endangered megapode endemic to Sulawesi, Indonesia.
Comparison
- Previous release: v1.2.3
- Changes since v1.2.3: 50 commits