* `strftime()` has been replaced with a polyfill based on `DateTime`.
* Explicit type casts/assertions added where required by PHP 8.1
* `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()`
or HTML entity encoding of quotation marks, depending on a guess of
what the intended "sanitization" was
* `http_build_query()` usage type mismatches fixed
* Removed usages of the `FILE_TEXT` constant
* To avoid breaking PHP 5.6 compatibility (function return types),
`e_session_db` no longer implements `SessionHandlerInterface`.
Instead, the alternative non-OOP invocation of
`session_set_save_handler()` is used instead to apply the session
handler.
* The shim for `strptime()` still calls the native function if available
but now suppresses the deprecation warning.
* `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to
maintain consistent behavior with past versions of PHP.
* `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to
maintain consistent behavior with past versions of PHP.
* Removed pointless random number generator seed from `banner` plugin
* Workaround for `COUNT(*)` SQL query in
`validatorClass::dbValidateArray()` without a proper API for avoiding
SQL injection
`e_parse::toJS()`, documented with the description
> Convert text blocks which are to be embedded within JS
, does not protect strings from injections, which appears to be its
primary use. Additionally, it performs multiple unrelated string
modifications:
* Replace Windows line breaks with a literal `\\n` (which would later be
parsed as `\n` in JavaScript/JSON)
* Does not modify Unix line breaks (`\n`), which is inconsistent with
the Windows line break behavior
* Removes HTML tags
* Replaces HTML entities as `htmlentities()` does
This method cannot be fixed because its usages are inconsistent. Most
notably, some usages surround the method's output in single quotes while
others surround it with double quotes. Strings cannot be JSON-encoded
without confounding quotation mark styles.
All core usages of `e_parse::toJS()` have been replaced with
alternatives, which are also documented in the method's DocBlock.
Fixes: #4546
Tagcloud menu can now be sorted via shortcode parms. eg. {MENU: path=tagcloud&order=tag,asc&limit=20}
Animate.css library loading example added to bootstrap5/theme.xml
InnoDB storage engine
Components affected:
* `db_verify` now checks and corrects the table storage engine
* `db_verify` now checks and corrects the table default character set
* Note: Field character sets can still be overridden
* Note: When correcting, the entire table is converted to the target
charset.
* The alt_auth plugin now connects via PDO using the e107 default
charset, utf8mb4
* `e_db_pdo` now sets the charset to utf8mb4. This is currently not
customizable because it was previously not customizable.
* `install.php` now generates an `e107_config.php` file with
`$mySQLcharset = 'utf8mb4';`, though this option is not actually used.
* `install.php` now removes plugin tables before installing plugins.
* `e_db_mysql` now only accepts the `utf8mb4` charset. Previously, it
only accepted the `utf8` charset.
* `e_db_mysql` now configures `mysqli_real_escape_string` to match the
new default charset, `utf8mb4`.
* Plugin installations now use the preferred MySQL table storage engines
and charsets.
The preferred MySQL table storage engines are now mapped like so:
* If `ENGINE=MyISAM` is specified, the actual storage engine set will be
the first available of: InnoDB, Aria, Maria, MyISAM
* If `ENGINE=Aria` is specified, the actual storage engine set will be
the first available of: Aria, Maria, MyISAM
* If `ENGINE=InnoDB` is specified, the actual storage engine set will be
the first available of: InnoDB, XtraDB
* If `ENGINE=XtraDB` is specified, the actual storage engine set will be
the first available of: XtraDB, InnoDB
The preferred MySQL character set is now aliased like so:
* `utf8` => `utf8mb4`
* `utf8mb3` => `utf8mb3`
* `utf8mb4` => `utf8mb4`
Fixes: #4501
