51
Recent Posts
52
News and announcements / Re: Elxis 5.6 Oxylus released!
« Last post by datahell on August 19, 2025, 21:39:22 »Revisions 2732 and 2733 released today after the initial revision 2731. They both contain small fixes. Please always use the latest Elxis version.
Current version: Elxis 5.6 Oxylus rev2733.
elxis.org and elxis.net proudly run Elxis 5.6 Oxylus
Current version: Elxis 5.6 Oxylus rev2733.
elxis.org and elxis.net proudly run Elxis 5.6 Oxylus
53
News and announcements / Elxis 5.6 Oxylus released!
« Last post by datahell on August 18, 2025, 20:55:45 »Elxis 5.6 Oxylus released. You can download it from elxis.org.
In Elxis 5.6 (Oxylus) we have strengthen CMS security even more.
This is a quick change-log. Detailed presentation of Elxis 5.6 Oxylus will be available from elxis.org soon.
Security related
Other
Fixes
In Elxis 5.6 (Oxylus) we have strengthen CMS security even more.
This is a quick change-log. Detailed presentation of Elxis 5.6 Oxylus will be available from elxis.org soon.
Security related
- Password policy configuration option (chars length, complexity, expiration)
- Enforce password expiration policy
- New exit page "pwchange" (for expired password change)
- Lock user account for 5 minutes after 3 unsucessfull login attempts
- Crypt helper: added sha256, sha384 and sha512 encryption arlgorithm
- Plugin Contact: Added security token
- Always set header X-Content-Type-Options: nosniff regardless the security level
- x-frame-options = SAMEORIGIN by default
- sha256 integrity hash html attribute in CSS and JS files
- nonce html attribute in CSS and JS files
- crossorigin="anonymous" in CSS ans JS files
- Added CSP nonce and {nonce} replacement for elxis config option
- Minifier: Calculate CSP sha-256 checksums
- Removal of inline events in all Elxis extensions and libraries
- New method preAuthCheck for the elxisAuth library
Other
- Page generators for content Categories, Articles, Tags and Archive
- Provide an ID to all module DIV wrappers (id="moduleX")
- Added Czech language
- Update JQuery from v3.6.0 to v3.7.1
- ElxisForm library: Option to add html attributes in Yes/No checkboxes
- Database tables: DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci
Fixes
- HTML helper: Fix unclosed tag
- Messages helper: Fix GROUP BY issue when sql_mode=only_full_group_by
- Administration login: Fix user trying to login from wrong URL
- Component user: Add missing label for Country
- Template Five: Fix possible XSS attack
- Fix Google maps plugin
54
Language / Re: SOLVED Second language OFF and then ON
« Last post by Luca on August 17, 2025, 12:01:03 »Quote
So, I've found out the reason because I've lost the translation.
I don't want this to happen
55
Language / Re: SOLVED Second language OFF and then ON
« Last post by datahell on August 17, 2025, 10:16:57 »I will explain to you what may happened.
There is no delete button for translations. A translation gets deleted when the value is empty. When saving an article, or whatever, the translations system checks the strings that have been submitted for all languages. If the value for a language is empty, or not provided, it is marked for deletion.
en: Hello
el: Γειά
de: Hallo
it: Ciao
If you set de = "" (empty) then the corresponding translation will be deleted from the database.
Example
You have an article title in 4 languages, de, en, it, es
You unpublish Italian language (it)
You go and edit the article. As Italian is unpublished only values for de, en and es get proceeded (there is no "it"). Therefor the saved in database value for it is empty and so gets deleted.
When you re-enable Italian language and go to edit the same article you will see that there is no value for the "it".
If you lost many translations due to the above reason it means that you have the language set to OFF for a long time and in the meanwhile you edit many items.
This is absolutely normal behavior and this is how the translations system works. The deletion of empty/unused strings is in order to remove items from the database not needed any more.
There is no delete button for translations. A translation gets deleted when the value is empty. When saving an article, or whatever, the translations system checks the strings that have been submitted for all languages. If the value for a language is empty, or not provided, it is marked for deletion.
en: Hello
el: Γειά
de: Hallo
it: Ciao
If you set de = "" (empty) then the corresponding translation will be deleted from the database.
Example
You have an article title in 4 languages, de, en, it, es
You unpublish Italian language (it)
You go and edit the article. As Italian is unpublished only values for de, en and es get proceeded (there is no "it"). Therefor the saved in database value for it is empty and so gets deleted.
When you re-enable Italian language and go to edit the same article you will see that there is no value for the "it".
If you lost many translations due to the above reason it means that you have the language set to OFF for a long time and in the meanwhile you edit many items.
This is absolutely normal behavior and this is how the translations system works. The deletion of empty/unused strings is in order to remove items from the database not needed any more.
56
Language / Re: SOLVED Second language OFF and then ON
« Last post by Luca on August 17, 2025, 08:28:29 »Yes, indeed, also there's a warning about it, below the primary language setup .
I can recall years ago when I "tested"
that. It really messed up everything and, moreover IS NOT easily recoverable 
Back on
So, I've found out the reason because I've lost the translation. But
With the other languages switched off, shouldn't respective translations deserve to be protected in some way? On editing, you only actually have visible those active, ... If they are not in use this doesn't necessarily mean you don't want them any more...
OR, leaving visible on editing all the translations no matter if they are on or off, wouldn't prevent these kind of behavior?
.I can recall years ago when I "tested"
that. It really messed up everything and, moreover IS NOT easily recoverable Back on
So, I've found out the reason because I've lost the translation. But
With the other languages switched off, shouldn't respective translations deserve to be protected in some way? On editing, you only actually have visible those active, ... If they are not in use this doesn't necessarily mean you don't want them any more...
OR, leaving visible on editing all the translations no matter if they are on or off, wouldn't prevent these kind of behavior?
57
Language / Re: SOLVED Second language OFF and then ON
« Last post by datahell on August 16, 2025, 21:59:00 »Switching ON and OFF language does not affect translations saved in database. What can mess up things is changing the default language. This creates an inconsistency in translations table.
58
Language / SOLVED Second language OFF and then ON
« Last post by Luca on August 15, 2025, 07:51:07 »SOLVED: I got WHY, thank you anyway for your attention:
Meanwhile the secondary language was disabled, I made some text modifications in the default language of those modules and articles, thus saving the respective secondary language part of them as BLANK, in the db!!! Stupid me.
------------------------------------
Hello everybody, I hope to find you well!
I am facing a curious behaviour, here.
For a matter of a/b testing the seo reflectings, I decided to temporarily limit my website to the default language (EN), disabling the secondary one (IT).
When I reverted back, enabling my second language again, I've found that some (not all) of the translations have been lost (gone) from the database.
Now, I really don't know if it happened in the moment I switched off or back on.
This affected some articles as well as some text modules, and I didn't expect this to happen at all...
Any clue, please?
Thanks so much!
Elxis Version 5.5
Revision number 2585
Codename Hermes
Security level High
Elxis defender GF
PHP version 8.1.2-1ubuntu2.22
Meanwhile the secondary language was disabled, I made some text modifications in the default language of those modules and articles, thus saving the respective secondary language part of them as BLANK, in the db!!! Stupid me.
------------------------------------
Hello everybody, I hope to find you well!
I am facing a curious behaviour, here.
For a matter of a/b testing the seo reflectings, I decided to temporarily limit my website to the default language (EN), disabling the secondary one (IT).
When I reverted back, enabling my second language again, I've found that some (not all) of the translations have been lost (gone) from the database.
Now, I really don't know if it happened in the moment I switched off or back on.
This affected some articles as well as some text modules, and I didn't expect this to happen at all...
Any clue, please?
Thanks so much!
Elxis Version 5.5
Revision number 2585
Codename Hermes
Security level High
Elxis defender GF
PHP version 8.1.2-1ubuntu2.22
59
Elxis 4.x/5.x DEV / Re: Upcoming Elxis 5.6 information
« Last post by datahell on August 13, 2025, 09:42:16 »If you want to write javascript inside html body use the nonce attribute. The value of nonce can be retrieved from elxisDocument::getNonce() method (requires Elxis 5.6 or newer).
Example
<script nonce="<?php echo $eDoc->getNonce(); ?>">
javascript code here
</script>
To check if you have Elxis 5.6:
if ($elxis->getVersion() >= 5.6) {
...
}
The nonce attribute tells the browser that this piece of inline code has not been injected to the content by third parties and it is safe to execute. The value of nonce is cryptographic secure and it changes on every click. Elxis put the nonce value on document headers when using a CSP policy.
Example
<script nonce="<?php echo $eDoc->getNonce(); ?>">
javascript code here
</script>
To check if you have Elxis 5.6:
if ($elxis->getVersion() >= 5.6) {
...
}
The nonce attribute tells the browser that this piece of inline code has not been injected to the content by third parties and it is safe to execute. The value of nonce is cryptographic secure and it changes on every click. Elxis put the nonce value on document headers when using a CSP policy.
60
Elxis 4.x/5.x DEV / Re: Upcoming Elxis 5.6 information
« Last post by datahell on August 13, 2025, 09:29:59 »The CSP option already exists in Elxis configuration since v5.5. However Elxis HTML was not ready for a strict CSP policy. In version 5.6 everything inline removed, even the js events.
Conversion example
Original HTML
<a href="javascript:void(null);" onclick="doSomething();">Do something</a>
New HTML:
<a href="#" id="dolink">Do something</a>
In PHP:
$eDoc->addNativeDocReady('doOnLoad();');
In javascript file:
function doOnLoad() {
document.getElementById('dolink').addEventListener('click', function(e) { e.preventDefault(); doSomething(); });
}
If you have many links executing the same js function it is recommended to use "data-" attributes. Example:
<a href="#" data-something="12">Do 12</a>
<a href="#" data-something="15">Do 15</a>
<a href="#" data-something="18">Do 18</a>
let dnlinks = document.querySelectorAll('a[data-something]');
if (dnlinks.length > 0) {
for (let q=0; q<dnlinks.length; q++) {
dnlinks[q].addEventListener('click', function(e) {
let nid = this.getAttribute('data-something'); e.preventDefault(); doSomething(nid);
});
}
}
Conversion example
Original HTML
<a href="javascript:void(null);" onclick="doSomething();">Do something</a>
New HTML:
<a href="#" id="dolink">Do something</a>
In PHP:
$eDoc->addNativeDocReady('doOnLoad();');
In javascript file:
function doOnLoad() {
document.getElementById('dolink').addEventListener('click', function(e) { e.preventDefault(); doSomething(); });
}
If you have many links executing the same js function it is recommended to use "data-" attributes. Example:
<a href="#" data-something="12">Do 12</a>
<a href="#" data-something="15">Do 15</a>
<a href="#" data-something="18">Do 18</a>
let dnlinks = document.querySelectorAll('a[data-something]');
if (dnlinks.length > 0) {
for (let q=0; q<dnlinks.length; q++) {
dnlinks[q].addEventListener('click', function(e) {
let nid = this.getAttribute('data-something'); e.preventDefault(); doSomething(nid);
});
}
}