Zenario 8.4

The 8.4 release of Zenario has the following new features and changes.

New Default Skin

Anyone doing a fresh install of Zenario will now see Black Dog, a new skin and default layout with a fresher look and feel.

Lazy Loading of images in Banners

The Banner module now has an option to use lazy loading for images. This is useful for images that will appear under the cut of the page, and thus do not need to be loaded straight away.

Changes to slideshows

The Slideshow 2 module has been renamed to the Slideshow (simple) module and has had a few changes made under the hood. It now uses the jQuery Cycle library, the same library as the Advanced Slideshow module, however it still has its more friendly interface.

Friendlier admin login URL

The admin login URL for Zenario sites is now at /admin.php.

(Our default .htaccess file now contains a redirect rule to ensure anyone accessing the link via an old bookmark is redirected to the new location, so no need to go around updating your bookmarks.)

The emails for two-factor authentication are more friendly

We've made some changes to the authentication email that is sent when you enable two-factor authentication on your site and attempt to log into admin mode.

There is now also an authenticate button in the email, which will allow you to authenticate with just a click, instead of having to copy/paste or type in the 5 letter code. (You can still manually type the code if needed, e.g. if you are opening the email on a different machine.)

More features to prevent email address enumeration attacks

The Extranet Password Reset plugin and the admin password reset screen now have a security feature where we can block enumeration attacks that are trying to obtain the email addresses of the site's users.

Any attacker who is trying to check which email addresses are in use on a site will now no longer receive any useful feedback. This improves security as the existence of an account is harder for an intruder to establish.

In addition, we've added a warning in the plugin settings of the Extranet Login plugin if your settings leave you vulnerable to email address enumeration on extranet logins. (Note: this was also patched back to 8.3.)

This feature is optional for the extranet system (you can turn it off in the plugin settings if you feel it is unfriendly and are not worried about the security concerns), however it is mandatory for the admin login (there are no settings to turn this on or off).

Improvements to the Layouts panel in Organizer

The Layouts panel in Organizer has had a small redesign to be more user-friendly. The initial view has been tweaked, and we've added information/links against the layouts so you can quickly see at a glance where each layout is used.

Minor changes

  • If a plugin in a nest is hidden in admin mode due to a setup error, the buttons to change its settings will now remain visible (previously they were hidden as well).
  • The URL fields in any TUIX form will now stop you from accidentally entering "http://" in twice. (This was actually quite easy to do by mistake when copy-pasting URLs in from Chrome.)
  • It's now possible to hide the Your Orders and Privacy Policy special pages, if you don't want to have them on your site.
  • Administrators can now export what they see in the the Orders and Products panels in the E-Commerce section of Organizer as a CSV file or Excel Spreadsheet.
  • The option to enable friendly URLs and the option to enable the site-map have been moved into the same category in the site settings, so they now appear together.
  • Also, the site settings for newsletters have now been moved into the Email category.
  • When writing an email template, you can now use Twig code.

Bug fixes

  • Fixed a bug where ReCAPTCHAs would not appear under certain conditions when placed on a form in a plugin nest.
  • Fixed a bug where using the Call a module's static method option to customise a menu node would cause page caching to operate incorrectly, if used in the same menu as private menu nodes..

Notes for hosting providers

More & better information on the diagnostics screen

We've added a lot more helpful information onto the diagnostics screen, such as missing files or missing functions.

Where possible, we've also added clickable links against each message, leading to where you might need to go to fix an issue.

Warnings when unrecognised files are found in Zenario's root directory

The diagnostics screen now warns you if any unrecognised files are found in the CMS root directory. (A file is classified as unrecognised if it's not listed under Configuration -> File types in Organizer.)

The diagnostics screen will also warn you if you leave what looks like a backup file in the CMS root directory.

Friendly URLs

We are now recommending that everyone enable the option for friendly URLs.

The diagnostics screen will now warn you if you have not turned this on, or if your .htaccess file is missing.

Zenario now prefers InnoDB tables

If you are using MySQL 5.7 or later, Zenario will now use InnoDB as its table engine.

We've added a migration script that will automatically run and convert all of Zenario's tables to use InnoDB when you update a site to Zenario 8.4.

We haven't dropped support for MySQL 5.5 and 5.6; if you are still using MySQL 5.5 or 5.6 then Zenario will keep using MyISAM as before.

Notes for designers

Changes to Simple Slideshows

Simple slideshows are now powered by the jQuery Cycle library, (the same library that the advanced slideshows use), instead of the Jssor library that they previously used.

There is a migration script for all of the settings in Zenario, so you may not need to change any for existing plugins, but they will likely need their CSS to be updated.

New libraries for animations

The animate.css and WOW.js libraries are now included with the Zenario download.

They're not included on the page by default, but you'll always be able to link to them from your header & footer slots without needing to manually upload their files for each client site.

Notes for developers

Changes to development mode

When putting a site into development mode, you can now set development mode to automatically end after a set amount of time.

The option to leave a site in development mode permanently is now only available if you are running on the HEAD branch of Zenario, and has been removed if you are running on of the stable branches.

The new ZENARIO_TABLE_ENGINE constant

We've added a new constant called ZENARIO_TABLE_ENGINE that you can use when writing a database update.

The value of this constant will be set to "MyISAM" when running on MySQL 5.5, and to "InnoDB" when running on MySQL 5.6 or later.