Zenario 8.6

The 8.6 branch of Zenario contains better security for file uploads, improvements for managing phrases on multilingual sites, more control over generating user identifiers, and improved audit trail for users, companies & locations.

Better security for file uploads

In Zenario 8.6 we've added better security for file uploads.

When a user uploads a file, we now do a full type/consistency check to see if the files contents match the file's extension. (This is a big improvement on the simple check that was introduced in a 8.3 patch.)

We now also have functionality to perform a virus scan, and reject any uploaded file if a virus is found inside.

(Both of these features require a UN*X server to work, and the virus scan needs the clamAV antivirus scanner to be installed and running.)

Improvements to how translations of phrases are created on multilingual sites

If you have a multilingual site where not every content item has a translation, in Zenario 8.5 and earlier you would still be prompted by the phrases system to translate every single phrase used on the site.

In Zenario 8.6 and later, a phrase will now only be created if it is spotted on a content item that uses translations.

This means that if you have an English-only page on an otherwise multilingual site, any plugins that only appear on the English-only page will not need translating.

More control over User Identifiers

In Zenario, when you create a user or a contact, an identifier will be created for that user and will be visible in the admin backend.

For example, John Smith might have an identifier of "JohnSmith".

In version 8.6 you now have a bit more control over this; you can specify whether the first name, last name or both names are used, and also change how many characters from each are included.

For example, you could use two from the first name and three from the second name, in which case John Smith would have an identifier of "JoSmi".

Audit trail for users, companies and locations

When a user, company or location is created or edited, Zenario now stores the date and the identity of the user/admin who did it.

This information is available in admin boxes and on the front-end.

Panels in Organizer can now show an info-bar at the top

We've introduced a small new feature where an Organizer panel can now have an info-bar at the top in certain situations.

We've added a warning-bar in the email template panel, that appears to remind you when a site is placed into email debug mode.

We've added a warning-bar on the scheduled tasks panel, that appears when scheduled tasks are not enabled or running properly, and a confirmation-bar that appears when they are running properly.

Minor changes

  • On sites where you the admin login is protected by both a captcha and two-factor authentication, when you complete both checks the captcha will not be shown again until while your two-factor authentication cookie is still valid.
  • When duplicating a form which makes use of CRM integration, the CRM settings will now be copied accordingly.

Notes for hosting providers

Zenario now uses clamdscan for virus scanning

Zenario now uses the clamdscan program to scan files for viruses.

To use this feature, you will need to install clamAV, and ensure that the clamd daemon is running.

Improvements to the garbage collection of the files in the cache and private directories

There is now a scheduled task called jobCleanDirectories that handles deleting old files from the cache/ and private/ directories.

Enabling this task may improve site performance and page load time for visitors, as these tasks will no longer be performed during page loads.

Improvements for handling missing public images

If you've moved your site and the images from the public directory are missing, there is now a button in the image library panel of Organizer that will automatically restore them.

There is also now a warning on the diagnostics screen alerting you if you need to do this.

Changes to Security Policy Headers

Our default .htaccess file now contains some suggested rules for security policy headers and other security headers.

Better support for PHP version 7.3

This release of Zenario fixes several PHP notices that were appearing when running using PHP version 7.3.

Notes for designers

New feature : TUIX Snippets

We've added a new feature called TUIX Snippets. TUIX Snippets allow you to override labels, tweak functionality by changing properties, hide existing objects or and even add entirely new custom objects to any TUIX-based plugin.

Anywhere you have a Front-end Administration (FEA) plugin that is TUIX-based, you can now customise it by choosing a TUIX Snippet in the plugin settings.

TUIX Snippets can be created and edited in a Organizer panel that lets you manage them. (They're kept separate to the plugin settings, so you can write one TUIX Snippet to cover multiple plugins.)

The TUIX inspector now has a new icon and a tooltip that tells you whether a TUIX Snippet is being used on each plugin or not. If a TUIX Snippet is in use, we've also added an edit button next to it that lets you quickly jump to the right place to edit it.

Finally, we've also added a new module called the Advanced interface tools FEA, which allows superusers to edit TUIX Snippets without logging into admin mode. (Though this functionality is currently somewhat limited, as they cannot currently choose nor change which TUIX Snippet each plugin uses.)

Changes to breadcrumb plugins

Breadcrumb separators in the breadcrumb plugins no longer default to an arrow (»). They now default to an empty string, on the assumption that you will style them.

Note: this update won't change the settings of any plugins where you've previously saved the settings.

Styling specific slides in Conductors, Nests and Slideshows

You can now go into a slide's properties and set a CSS class name on the slide.

This should help if you need to add styles to specific slides in a conductor, nest or slideshow.

Adding admin-specific styles to the front-end

You can now create a directory/file called adminstyles/admin_frontend.css in your skins.

This file will be included in the front-end of your site, only in admin mode.

Any code you write will only be visible in admin mode.

Notes for developers

We've updated to the latest version of jQuery

In Zenario 8.6 we've updated to the latest versions of jQuery and jQueryUI.

For the most part everything should work as before, however this will break compatibility with a small number of very old jQuery plugins.

Changes to how breadcrumbs are generated in conductors

There's been a small change to how breadcrumbs are generated in the conductor navigation.

We had a small issue where there were two places that you could set the label that appears on a breadcrumb in the conductor:

  • By typing the name into the text field in the slide properties.
  • By writing the formatBreadcrumbRow() method in a module, and then choosing the Use for smart breadcrumbs option in the conductor.

The issue was that for some breadcrumbs there was a little overlap, and the system was picking different sources for the same breadcrumb in different situations, which could lead the the name shown being inconsistent where the breadcrumbs were different.

In version 8.6, the second option now always has priority over the first option, so even if you accidentally set the names differently in the settings, visitors to your site will not see this difference.

Functionality for multilingual number formats

In this version, we've added a Thousands separator setting and a Decimal point setting into the languages settings.

These settings are compatible with the PHP number_format() function, and can be used to format numbers in the visitors language.

For example, in English with the default settings, 12345 would be formatted as 12,345.