The 8.6 branch of Zenario contains better security for file uploads, improvements for managing phrases on multilingual sites, more control over generating user identifiers, and improved audit trail for users, companies & locations.
In Zenario 8.6 we've added better security for file uploads.
When a user uploads a file, we now do a full type/consistency check to see if the files contents match the file's extension. (This is a big improvement on the simple check that was introduced in a 8.3 patch.)
We now also have functionality to perform a virus scan, and reject any uploaded file if a virus is found inside.
(Both of these features require a UN*X server to work, and the virus scan needs the clamAV antivirus scanner to be installed and running.)
If you have a multilingual site where not every content item has a translation, in Zenario 8.5 and earlier you would still be prompted by the phrases system to translate every single phrase used on the site.
In Zenario 8.6 and later, a phrase will now only be created if it is spotted on a content item that uses translations.
This means that if you have an English-only page on an otherwise multilingual site, any plugins that only appear on the English-only page will not need translating.
If you edit a menu node's properties and go to the advanced tab, you can enable an option to use that menu node as the suggested position when creating new blog or news type content items.
There is also an option in the content type settings to enforce these suggestions (i.e. stop administrators from creating those content items in any other position in the menu).
This is not new, however in version 8.6 the UI for this has been given an overhaul and is now friendlier to use.
One small change has also been made, now the newly created items will appear at the start of the lists. (Previously they appeared at the end of the lists.)
In Zenario, when you create a user or a contact, an identifier will be created for that user and will be visible in the admin backend.
For example, John Smith might have an identifier of "JohnSmith".
In version 8.6 you now have a bit more control over this; you can specify whether the first name, last name or both names are used, and also change how many characters from each are included.
For example, you could use two from the first name and three from the second name, in which case John Smith would have an identifier of "JoSmi".
When a user, company or location is created or edited, Zenario now stores the date and the identity of the user/admin who did it.
This information is available in admin boxes and on the front-end.
We've introduced a small new feature where an Organizer panel can now have an info-bar at the top in certain situations.
We've added a warning-bar in the email template panel, that appears to remind you when a site is placed into email debug mode.
We've added a warning-bar on the scheduled tasks panel, that appears when scheduled tasks are not enabled or running properly, and a confirmation-bar that appears when they are running properly.
Zenario now uses the clamdscan program to scan files for viruses.
To use this feature, you will need to install clamAV, and ensure that the clamd daemon is running.
There is now a scheduled task called jobCleanDirectories that handles deleting old files from the cache/ and private/ directories.
Enabling this task may improve site performance and page load time for visitors, as these tasks will no longer be performed during page loads.
If you've moved your site and the images from the public directory are missing, there is now a button in the image library panel of Organizer that will automatically restore them.
There is also now a warning on the diagnostics screen alerting you if you need to do this.
Our default .htaccess file now contains some suggested rules for security policy headers and other security headers.
This release of Zenario fixes several PHP notices that were appearing when running using PHP version 7.3.
We've added a new feature called TUIX Snippets. TUIX Snippets allow you to override labels, tweak functionality by changing properties, hide existing objects or and even add entirely new custom objects to any TUIX-based plugin.
Anywhere you have a Front-end Administration (FEA) plugin that is TUIX-based, you can now customise it by choosing a TUIX Snippet in the plugin settings.
TUIX Snippets can be created and edited in a Organizer panel that lets you manage them. (They're kept separate to the plugin settings, so you can write one TUIX Snippet to cover multiple plugins.)
The TUIX inspector now has a new icon and a tooltip that tells you whether a TUIX Snippet is being used on each plugin or not. If a TUIX Snippet is in use, we've also added an edit button next to it that lets you quickly jump to the right place to edit it.
Finally, we've also added a new module called the Advanced interface tools FEA, which allows superusers to edit TUIX Snippets without logging into admin mode. (Though this functionality is currently somewhat limited, as they cannot currently choose nor change which TUIX Snippet each plugin uses.)
Breadcrumb separators in the breadcrumb plugins no longer default to an arrow (ยป). They now default to an empty string, on the assumption that you will style them.
Note: this update won't change the settings of any plugins where you've previously saved the settings.
You can now go into a slide's properties and set a CSS class name on the slide.
This should help if you need to add styles to specific slides in a conductor, nest or slideshow.
You can now create a directory/file called adminstyles/admin_frontend.css in your skins.
This file will be included in the front-end of your site, only in admin mode.
Any code you write will only be visible in admin mode.
In Zenario 8.6 we've updated to the latest versions of jQuery and jQueryUI.
For the most part everything should work as before, however this will break compatibility with a small number of very old jQuery plugins.
There's been a small change to how breadcrumbs are generated in the conductor navigation.
We had a small issue where there were two places that you could set the label that appears on a breadcrumb in the conductor:
The issue was that for some breadcrumbs there was a little overlap, and the system was picking different sources for the same breadcrumb in different situations, which could lead the the name shown being inconsistent where the breadcrumbs were different.
In version 8.6, the second option now always has priority over the first option, so even if you accidentally set the names differently in the settings, visitors to your site will not see this difference.
In this version, we've added a Thousands separator setting and a Decimal point setting into the languages settings.
These settings are compatible with the PHP number_format() function, and can be used to format numbers in the visitors language.
For example, in English with the default settings, 12345 would be formatted as 12,345.