Previous updates

What's new in v3.1.0

May 18, 2020

This update brings a lot of speed and easier editing improvements. We have finally detached the WonderCMS Settings panel from requiring Bootstrap or jQuery and have completely rewritten the CSS/JavaScript part of the Settings. For the first time ever, we're now also providing translation plugins, which will translate your Settings panel into one of the mentioned languages below. Special thanks to Stephan Stanisic. Additionally, there's a new default theme, along with some new variants - previews and screenshots below. Happy WonderCMS-ing 🚀

Features and fixes

Faster WonderCMS - settings are now completely independent and detached of jQuery and Bootstrap.

Translations: German, Russian, Dutch, French, Polish, Slovenian.

Easier editing - edit icons from "Website title", "Menu" will open the modal window directly to the editable locatation.

Settings/Logout buttons are now floating/fixed to avoid theme compatibility issues.

Footer is now directly editable.

Optimized - admin JavaScript and CSS rewritten from scratch.

All alerts are now dismissible until a page refresh is done.

Autofocus on input field when logging in.

Improved loader when saving and checking for updates.

Improved file uploader allowed extensions.

New themes & updates

New default theme: Essence - can be installed via Settings and Themes.

- can be installed via Settings and Themes. New theme: Violet .

. New theme: Universe Gradient .

. These themes are similar with different color schemes.

New plugins & updates

German, Russian, Dutch, Polish, French and Slovenian plugin translations.

Simple blog - improved user experience.

Summernote editor - updated to support latest version of WonderCMS.

Simple statistics - fixed bug with special characters/UTF-8 encoding.

Additional contents - improved buttons without icons.

Hits counter - text changes.

Download / Update instructions

Login to your WonderCMS website and click "Update". Create a backup prior to updating.

If you can't see the update, open Settings -> Themes or Plugins and click "Check for updates".

What's new in v3.0.6 + 3.0.7 patch

February 16 & March 3, 2020

Features/fixes

bug fix: keep/retain br tags after editing

tags after editing 3.0.7 bug fix/patch: reverted including jQuery and Bootstrap at all times

Theme updates

3.0.7 patch/revert: All themes have been updated: the order of the $Wcms->css is back to default place in theme.php.

Download / Update instructions

Log into your WonderCMS website and click "Update". Always create a backup prior to updating.

If you can't see the update, open Settings -> Themes and click "Check for updates".

3.0.5 February 10, 2020

Features/fixes

added IDs to menu items

improved the theme version update checker

bug fix: renaming page/slug

bug fix: spaces being added automatically to footer (on edit)

bug fix: order of admin CSS library in all themes

Theme updates

All themes have been updated: the order of the $Wcms->css has been bumped higher.

Download / Update instructions

Log into your WonderCMS website and click "Update". Always create a backup prior to updating.

Thanks to

Slaven Stančič for the code fixes and improvements.

Thanks to our active community members which have started working on new themes and plugins.

3.0.4 January 1st, 2020

New features

built in theme and plugin installer

speed improvements

caching/update system for themes and plugins

new dropdown for selecting default page

improved notifications

shortcuts to opening tabs in the Settings panel

major code clean up and optimization - special thanks to Slaven Stančič

improved updating system for WonderCMS

numerous bug fixes

animated loaders (when logging in and checking for updates)

log out admin of all devices after password change

improved getter function

improved theme activator

redirect after logout/password change

additional hooks

IP logging for last 5 logins

settings/admin panel design improvements

New plugins

Blog plugin (by Stephan Stanisic)

Summernote air editor (by Stephan Stanisic)

Statistics plugin (by Stephan Stanisic)

Rewritten and improved contact form plugin (by Stephan Stanisic)

New themes

Fallout (by turboblack)

Parallax (by Stephan Stanisic)

w3css (by Stephan Stanisic)

Download / Update instructions / Manual update

Thanks to

Slaven Stančič for all the code re-writing, implementation, genius on the spot programming, fixing most bugs and issues.

Stephan Stanisic for the inspiration, new ideas, plugins, themes, helping out with user support and bringing so much excitement to the project.

Nicolas Carpi for re-writing a major part of WonderCMS.

Anusya Angamuthu and Ashe Safe for reporting vulnerabilities.

Turboblack for all the themes and promoting WonderCMS in other markets.

3.0.0/3.0.3 BETA - November/December 7th, 2019

built in theme and plugin installer

speed improvements

caching/update system for fetching themes and plugins

default page can be now selected from drop down

improved notifications

shortcuts to opening specific tabs for the Settings panel

major code clean up and optimization - special thanks to Slaven Stančič

improved updating system for WonderCMS

developer friendlier

numerous bug fixes

3.0.1: loaders when logging in and checking for updates

3.0.2: log out admin of all devices after password change

3.0.2: improve getter function

3.0.3: awesome theme activator, redirect after logout/password change, IP logging for last 5 logins.

New plugins

Blog plugin (by Stephan Stanisic)

Summernote air editor (by Stephan Stanisic)

New themes

Fallout (by turboblack)

Parallax (by Stephan Stanisic)

Download 3.0.3 beta

Thanks to

Slaven Stančič for all the code re-writing, implementation, genius on the spot programming and fixing for fixing bugs and issues.

Stephan Stanisic for the inspiration, new ideas, plugins, themes, helping out with user support and bringing so much excitement to the project.

Nicolas Carpi for re-writing a major part of WonderCMS.

Anusya Angamuthu and Ashe Safe for reporting vulnerabilities.

Turboblack for all the themes and promoting WonderCMS in other markets.

2.7.0 - March 31st, 2019

Random password generator for first time installs.

"Get external file" function improved.

Minimum password length changed to 8 characters.

Minor code improvements and optimizations.

Fixed a possible bypass (on top of an already patched) bug.

Removing auto update function, the next WonderCMS version (3.0.0) will require manual updating due to significant restructuring.

No special actions are required for this update Simply use the one click update from your admin panel. Make sure to always backup before updating.

IMPORTANT: future version (3.0.0) will require manual updating Due to some awesome restructuring done by Nicolas Carpi, WonderCMS 3.0.0 will not be backwards compatible and will require manual updating. Instructions will appear here once version 3.0.0 is ready to be released.

Notes

Thanks to Nicolas Carpi, an awesome developer that joined in on helping with WonderCMS. He's responsible for most of the code refactoring that is going to be included in the next milestone version (3.0.0) and all of the incoming improvements.

Thanks to Ashe Safe for responsibly reporting a possibility of a self-attack, which that bypassed an existing patch. More info on GitHub.

2.6.0 - January 1st, 2019

Added popup/functionality for naming a page before creating it.

Minor text and settings panel visual changes.

Code optimisation/cleanup.

Updated autosize library to latest version.

Increased randomness of backup file names.

No special actions are required for this update Simply use the one click update from your admin panel. Make sure to always backup before updating.

2.5.2 - July 18th, 2018

Fixed session fixation vulnerability.

Fixed mixed content warning for NGINX servers.

Improved main URL function and added multiple string case checks for the HTTPS protocol and port forwarding.

No actions are required for this update Simply use the one click updater from your admin panel.

Notes

Thanks to Anusya Angamuthu for reporting the session fixation vulnerability.

Thanks to Senthil Nathan for reporting the mixed content issue, providing a fix and testing.

2.5.0 and 2.5.1 patch - May 2nd, 2018

New feature (Apache only): better security mode and HTTPS redirect ON/OFF switch in Settings->Security. Read more about enabling better security mode.

switch in Settings->Security. Read more about enabling better security mode. New feature: view version number when updating. It's now easier to see to what WonderCMS version you're updating to next.

Minor text and style changes to the update notification and settings panel.

Upgraded logic when checking for directory traversal attacks. Other minor code fixes.

Moved location of backup action in index.php, this removes the "Delete backup files" notification bug when a backup file is removed.

Moved location of delete page action index.php, this remove the "Page deleted" notification when a corrupted database is recovered.

Changed most REQUEST['token'] checks to POST types.

Fixed bug in better security function.

Improved function for password changing.

Added keyword and description for 404 pages (for fresh WonderCMS installs only).

Improved function for installing themes and plugins.

Fixed bug with function for deleting files and folders.

8 theme updates available: check themes page 2016 default theme, Dark blue, Gold, Green, Light blue, Pink, Purple, Red

Notes

Thanks to Vekien for the upgraded code logic for checking directory traversal attacks.

2.4.1 - February 21st, 2018 (and 23rd - minor 2.4.2 patch)

Fixed bug with "double update" notification (2.4.2 patch). The double notification bug will be displayed one last time after updating.

Fixed vulnerability - logged in admin could delete files from any directory.

Added SRI hashes to external JavaScript and CSS files: jquery.min.js, bootstrap.min.js, autosize.min.js, taboverride.min.js, jquery.taboverride.min.js, bootstrap.min.css).

Removed unnecessary session unset.

Minor text changes.

Default theme update available

Copy the link below and paste it in Settings->Themes & plugins, select "Theme" and click update. https://github.com/robiso/wondercms-themes/releases/download/default-2/default.zip

NOTE 1: If you are not using the default theme, there is no need to update it.

NOTE 2: If you have made any changes to the default theme, they will be overwritten .

. NOTE 3: If you are using a custom theme, check these easy 3 steps for enhancing theme library security.

2.4.0 - January 1st, 2018 (Happy New Year!)

Removed old version update support compatibility.

A better definition of public/private functions.

Corrected code logic in theme/plugin installer with an array check.

Added hash_equals checks to prevent CSRF timing attacks.

Added link to WonderCMS homepage in the Settings panel.

Minor text changes to the Settings panel and error messages.

Minor Settings panel design changes.

Prettified code fixes.

CSS fix, removed bottom border on the settings panel links. The border was visible only when designing a new theme/template from scratch.

Functions re-sorted alphabetically for easier overview.

Added 404 page editing support.

Added whitelist for allowed file type uploads.

Restructured function for deleting files, themes and plugins.

Updated taboverride and autosize to latest version.

Updated Summernote plugin to latest version and added tables to the Summernote editor toolbar.

2 plugins need manual updating (copy/paste link)

NOTE 1: If you don't have these plugins, there is no need to update them.

NOTE 2: Update WonderCMS before updating plugins.

1. Update link for Summernote editor plugin

Copy the link below and paste it in your Settings->Themes & plugins, select "Plugin" and click update.

https://github.com/robiso/wondercms-plugins/releases/download/summernote-2.4/summernote.zip

2. Update for Additonal contents plugin

Copy the link below and paste it in your Settings->Themes & plugins, select "Plugin" and click update.

https://github.com/robiso/wondercms-plugins/releases/download/additional-contents-2.4/addition_contents.zip

Notes

Note 1: Thanks to Vekien for the corrected code logic in the theme/plugin installer, helping implement hash_equals and restructuring the function for deleting files/themes/plugins.

Note 2: Thanks to ayeshrajans for spotting the hash_equals improvement.

2.3.2 - October 11th, 2017

two additional ISSET checks to prevent PHP notices

changed HTTP 1.0 headers to HTTP 1.1

updated links to themes and plugins in the Settings panel (new links are: https://wondercms.com/themes and https://wondercms.com/plugins)

removed converted case for page titles

core code in WonderCMS prettified - providing a better level of readability

minor text changes

No actions are required for this update

Notes

Note 1: Thanks to Samrat Das for sparking a debate about file type limits in the file uploader. Share your opinion on the file uploader file type limits.

Note 2: We are dropping old version support in January 2018.

2.3.0 + 2.3.1 patch - August 23rd, 2017

one click backup

re-designed settings panel

theme installer + updater + remover

plugin installer + updater + remover

file uploader + remover

tab/indentation support

additional security token checks

added "Visit page" link next to each page in menu

added success message when deleting a page

logout link moved to top right corner

fixed title case when creating new pages

files autosize.js , taboverride.min.js and taboverride.jquery.min.js are now loaded after the admin is logged in, resulting in faster website loading

, and are now loaded after the admin is logged in, resulting in faster website loading minor code logic fixes

minor text fixes

added two additional checks if the request for token is set (2.3.1 patch)

double space removal / converted to tabs (2.3.1 patch)

Special thanks to Janez Čas (HttpMaster author), Davide Vago, Robbie Antenesse and Andreas Lenhardt.

1 plugin needs to be updated from your settings panel

Summernote WYSIWYG editor - Simply COPY/PASTE the below link into your Settings->Themes&plugins, select plugin and click update. https://github.com/robiso/wondercms-plugins/releases/download/Summernote/summernote.zip

2 changes in theme.php // only for custom themes

In theme.php: remove autosize.js ( https://cdn.jsdelivr.net/jquery.autosize/3.0.17/autosize.min.js ) In style.css: replace .navbar-right li a:hover, .navbar-right li.active a with ul.nav.navbar-nav.navbar-right li a:hover, ul.nav.navbar-nav.navbar-right li.active a

2.2.1 - June 23rd, 2017

Custom port support. WonderCMS now works on non-standard HTTP ports - thanks to Grzegorz Kowalski.

JavaScript hook fix - thanks to Grzegorz Kowalski.

Show admin CSS and JS only when logged. Great for even faster website load times.

Minor text and tab fixes.

1 plugin needs to be updated manually

Additional contents plugin - DOWNLOAD the updated plugin, unzip it, and overwrite your existing addition_contents plugin folder with the new files.

2.2.0 - June 18th, 2017

Added additional tokens to prevent/fix CSRF vulnerabilities thanks to Luka Mrovlje from Mobinia inter for the fix. Special thanks to Ehsan Hosseini from Zerox Security Lab (ZeroxSecLab Twitter) for reporting this and confirming the issue is resolved. Added CSS style (text align left) the settings panel. This is to prevent the admin settings panel text alignment from being overwritten by a custom theme. New created pages are now visible in the menu by default. Added extra help on the example page for new WonderCMS installations.

Plugins that need to be updated manually

Summernote (WYSIWYG editor and file uploader). DOWNLOAD the new plugin, unzip it, and overwrite your existing summernote plugin folder with the new files.

2.1.0 - May 30th, 2017

Easy page adding and hiding | thanks to Pascal Jordin. Easy page re-ordering | thanks to Pascal Jordin. Cleaner URLs | thanks to Pascal Jordin. Improved URL function | thanks to Luka Mrovlje. Minor code improvements. Additional thanks to turboblack (Dannis Danylenko) for all the testing. NOTE: All pages will be visible in your menu after updating. You can hide pages easily from your settings panel. This is necessary due to the new menu functionality.

2.0.6 - April 28th, 2017

Fixed bug $_SERVER[REQUEST_URI] to $_SERVER['REQUEST_URI'] because of errors reported on some sites. Thanks to turboblack (Dannis Danylenko) for reporting this.

2.0.5 - April 28th, 2017

Fixed display login URL in settings panel thanks to Robbie Antenesse.

2.0.4 - April 27th, 2017

Update system changed from using file_get_contents to cURL - thanks to Robbie Antenesse for providing us with a more stable update system. Fixed absolute URLs to relative, this bug happened on some servers/environments and made WonderCMS URLs unusable - another thanks to Robbie Antenesse for this awesome fix.

2.0.3 - April 20th, 2017

Fixed CSRF vulnerability with low severity - thanks to Ashutosh Singh for reporting this. Fixed in less than 24 hours from the time of the report. Changed/fixed span wrappers to div wrappers around editable areas - thanks to scsmash3r. Fixed bug which returned a 404 header to the logged in user.

New themes available, check them out in the WonderCMS demo. They're all downloadable for free in the WonderCMS themes repository.

2.0.2 - March 31st, 2017

Additional hook added: page - this makes plugin developers lives easier.

New plugin available - easily create new editable areas

- Test this plugin in our WonderCMS demo. The green pluses which enable you to create new editable areas are visible after you log in.

- Download additional contents plugin and upload it to your plugins folder to activate it.

2.0.1 - March 28th, 2017

Fixed bug in function name that caused errors for some users. Added default font size for settings panel. Removed unnecessary spaces and semicolons in settings CSS.

2.0.0 - March 18th, 2017

This is the first non-beta release in 9 years. Major code clean up. New default theme. Improved settings panel. We now update the default theme (default theme.php, style.css) and .htaccess, we used to update only index.php. database.js versioning, which makes it really easy to define what user gets what update. "Powered by WonderCMS" link removed from footer. Wohoo freedom. Developer friendlier. Plugins are easier to develop.

Important theme.php changes - 8 tags need changing for version 2.0.0 - Easy instructions for replacement can be - Easy instructions for replacement can be found here

Important plugin changes for version 2.0.0 - The following plugins need to be updated:

Hits plugin to version 2.0.0 - unzip and upload to plugins

MediumEditor - unzip and upload to plugins

- The following plugins are unavailable until developers update their plugins: