From ad357b063cf36235df7039a43f1c58b0cc31d499 Mon Sep 17 00:00:00 2001 From: robinsowell Date: Wed, 11 Feb 2026 15:22:59 -0500 Subject: [PATCH 1/8] Docs for member registration email_as_username parameter See code pr https://github.com/ExpressionEngine/ExpressionEngine/pull/5133 --- docs/member/registration.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/member/registration.md b/docs/member/registration.md index 7a01d8f43..9e466f96c 100644 --- a/docs/member/registration.md +++ b/docs/member/registration.md @@ -31,6 +31,12 @@ Adds the datepicker to your date fields. Defaults to "yes". NOTE: **Note:** If you are manually constructing a date field, in order to apply the date picker you must include `rel="date-picker"`. + +### `email_as_username="yes"` + email_as_username="yes" + +When set to `yes`, if the username is not specified in the submitted form, the value of the submitted email will be automatically used as the username as well. The username field is not required, but is optional, when this parameter is used. + ### `error_handling="inline"` error_handling="inline" From 6141b60efb3adb2cc21a195577f431adc81b184c Mon Sep 17 00:00:00 2001 From: robinsowell Date: Thu, 5 Mar 2026 09:47:09 -0500 Subject: [PATCH 2/8] Adding docs on troubleshooting Live Preview http auth issues --- docs/control-panel/create.md | 4 +++- docs/installation/requirements.md | 6 ++++++ docs/troubleshooting/error-messages.md | 11 +++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/control-panel/create.md b/docs/control-panel/create.md index fd64bf00d..5ce50b976 100755 --- a/docs/control-panel/create.md +++ b/docs/control-panel/create.md @@ -192,10 +192,12 @@ Saves the entry and returns the [Entry Manager](control-panel/entry-manager.md) ### Preview -A live preview of the entry is available if the `channel_prefs_preview_url` is set **or** the [Pages Module](add-ons/pages.md) is installed and a Page URI and template have been set. +A live preview of the entry is available if the relavant Channel's [Preview URL](control-panel/channels.md#settings-tab) is set **or** the [Pages Module](add-ons/pages.md) is installed and a Page URI and template have been set. If neither is set, the preview button will have an exclamation mark (!) and will link to channel preferences page where Preview URL can be set. The preview will open a split screen that allows a live preview of edits. The template used to display the preview is based on the Page fields if set and the channel preview URL otherwise. When the preview is triggered, it is being displayed side-by-side with edit screen. The size of preview container can be adjusted with mouse dragging its border. The preview is dynamically being updated as you change the fields. + +Live Preview does require the [HTTP Authorization Header be enabled](troubleshooting/error-messages.md#http-authorization-header-missing). diff --git a/docs/installation/requirements.md b/docs/installation/requirements.md index f200c79d9..2f9e2f42e 100755 --- a/docs/installation/requirements.md +++ b/docs/installation/requirements.md @@ -117,6 +117,12 @@ If you are hosted on an Apache server, the `AcceptPathInfo` option needs to be e - Ask your web host or server admin to enable the option - Set your site's URLs to use [query strings](general/url-structure.md#query-strings) +If on an Apache server and [Live Preview](control-panel/create.md#preview) shows an error message 'HTTP Authorization Header Missing', you will need to add this line of code to your your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) + +```php +SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 +``` + ### URL Segment Support If the [Server Compatibility Wizard](#server-compatibility-wizard) lists URL Segment Support as _Unsupported_, you will need to set your site's URLs to use [query strings](general/url-structure.md#query-strings). diff --git a/docs/troubleshooting/error-messages.md b/docs/troubleshooting/error-messages.md index e49ac1cc2..8be97dde2 100755 --- a/docs/troubleshooting/error-messages.md +++ b/docs/troubleshooting/error-messages.md @@ -45,6 +45,17 @@ This error---and similar warnings such as **"Warning: imagettftext(): Could not If that is not an option, **Use TrueType Font for Captcha?** should be set to _No_ under `Settings --> CAPTCHA` or CAPTCHAs should be disabled altogether. +## HTTP Authorization Header Missing + +ExpressionEngine returns the following error message when attempting to use [Live Preview](control-panel/create.md#preview): **"HTTP Authorization Header Missing"** + +### Troubleshooting + +The HTTP_AUTHORIZATION environmental variable's value is stripped by some Apache servers, causing an error rendering the Live Preview. This behavior may be overriden in your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) by adding the following line: + +```php +SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 +``` ## Warning: Cannot modify header information ExpressionEngine returns the following warning: **"Cannot modify header information."** From 995e28229ccc1c206ff3aa3edd7c591fceb05f74 Mon Sep 17 00:00:00 2001 From: robinsowell Date: Thu, 5 Mar 2026 11:04:50 -0500 Subject: [PATCH 3/8] Tweaked the troubleshooting for live preview fail description --- docs/troubleshooting/error-messages.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/troubleshooting/error-messages.md b/docs/troubleshooting/error-messages.md index 8be97dde2..e5fd572cd 100755 --- a/docs/troubleshooting/error-messages.md +++ b/docs/troubleshooting/error-messages.md @@ -51,7 +51,7 @@ ExpressionEngine returns the following error message when attempting to use [Liv ### Troubleshooting -The HTTP_AUTHORIZATION environmental variable's value is stripped by some Apache servers, causing an error rendering the Live Preview. This behavior may be overriden in your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) by adding the following line: +The Authorization header is stripped by some Apache servers, causing an error rendering the Live Preview. This behavior may be overriden in your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) by adding the following line: ```php SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 From c73c22d1e15b0c22a7b8afe62b24c1cc5c31bb2a Mon Sep 17 00:00:00 2001 From: TomJaeger Date: Tue, 10 Mar 2026 12:03:25 -0400 Subject: [PATCH 4/8] adding docs for submit_to param on consent tag --- docs/add-ons/consent.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/docs/add-ons/consent.md b/docs/add-ons/consent.md index 73cbe52c4..9941abe7a 100755 --- a/docs/add-ons/consent.md +++ b/docs/add-ons/consent.md @@ -72,6 +72,17 @@ Specify the HTML `id=` attribute. Specify a path to redirect the user to after submission. If not specified, they will be returned to the current page. Unused for Ajax-submitted forms. +#### `submit_to=` + + submit_to='site_index' + +Specify where the form should post. If not specified, the form posts to the current URL. + +| value | result | +| ----------- | ---------------------------------------------------------------------- | +| site_index | Post to your site index URL (for example, `/index.php`) | +| action_id | Post directly to the Consent action URL (for example, `/index.php?ACT=123`) | + #### `user_created=` user_created='only' @@ -228,6 +239,7 @@ If this tag would not output any consent requests due to your filters, the conte {exp:consent:form consent='ee:cookies_functionality|ee:cookies_performance|ee:cookies_targeting' form_id='cookieConsentForm' + submit_to='action_id' }

This website uses a variety of cookies, which you consent to if you continue to use this site. You can read our Privacy Policy for details about how these cookies are used, and to grant or withdraw your consent for certain types of cookies.

@@ -500,4 +512,4 @@ Cookie provider (`ee` or add-on short name) #### `{cookie_lifetime}` -Cookie lifetime in seconds. `0` represents session cookies (killed after browsing session ends). \ No newline at end of file +Cookie lifetime in seconds. `0` represents session cookies (killed after browsing session ends). From 4bb8baf17e00283762969fccb0d629eb816fa057 Mon Sep 17 00:00:00 2001 From: robinsowell Date: Wed, 11 Mar 2026 10:38:20 -0400 Subject: [PATCH 5/8] Added documentation on site switching in the cp --- docs/msm/overview.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/msm/overview.md b/docs/msm/overview.md index 18323a05a..3dc78defb 100755 --- a/docs/msm/overview.md +++ b/docs/msm/overview.md @@ -106,6 +106,10 @@ Open domain2's new index.php file and make the following changes: $assign_to_config['cp_url'] = 'https://domain2.com/admin.php'; $assign_to_config['site_url'] = 'https://domain2.com'; +## Switching Sites in the Control Panel + +When switching between sites in the dropdown, whether or not you need to login between sites depends on several factors. The sites must be using the same control panel session type. If using cookies, the cookies need to have the same settings and the control panel url must have the same domain. The site URLs can have different domains, the `admin.php` files may have different domains for the control panel, but the control panel URL in the site settings must be on the same domain. A site will only show in the dropdown if the user has permission to access the control panel for that site. + ## Multi Site Login If you have multiple sites, you may prefer that when a user logs into one site, they are logged into all sites. From b4f02c68e02219ab1108cbc368847142fffed1f1 Mon Sep 17 00:00:00 2001 From: TomJaeger Date: Mon, 20 Apr 2026 16:46:59 -0400 Subject: [PATCH 6/8] Update live preview troubleshooting docs to include Structure --- docs/control-panel/create.md | 4 ++-- docs/installation/requirements.md | 2 +- docs/troubleshooting/error-messages.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/control-panel/create.md b/docs/control-panel/create.md index 5ce50b976..ea9aa0d41 100755 --- a/docs/control-panel/create.md +++ b/docs/control-panel/create.md @@ -192,11 +192,11 @@ Saves the entry and returns the [Entry Manager](control-panel/entry-manager.md) ### Preview -A live preview of the entry is available if the relavant Channel's [Preview URL](control-panel/channels.md#settings-tab) is set **or** the [Pages Module](add-ons/pages.md) is installed and a Page URI and template have been set. +A live preview of the entry is available if the relevant channel's [Preview URL](control-panel/channels.md#settings-tab) is set **or** the [Pages Module](add-ons/pages.md) or [Structure](add-ons/structure/overview.md) is installed and configured with a URI and template. If neither is set, the preview button will have an exclamation mark (!) and will link to channel preferences page where Preview URL can be set. -The preview will open a split screen that allows a live preview of edits. The template used to display the preview is based on the Page fields if set and the channel preview URL otherwise. +The preview will open a split screen that allows a live preview of edits. The template used to display the preview is based on configured Pages/Structure fields if set and the channel preview URL otherwise. When the preview is triggered, it is being displayed side-by-side with edit screen. The size of preview container can be adjusted with mouse dragging its border. The preview is dynamically being updated as you change the fields. diff --git a/docs/installation/requirements.md b/docs/installation/requirements.md index 2f9e2f42e..d8561c969 100755 --- a/docs/installation/requirements.md +++ b/docs/installation/requirements.md @@ -117,7 +117,7 @@ If you are hosted on an Apache server, the `AcceptPathInfo` option needs to be e - Ask your web host or server admin to enable the option - Set your site's URLs to use [query strings](general/url-structure.md#query-strings) -If on an Apache server and [Live Preview](control-panel/create.md#preview) shows an error message 'HTTP Authorization Header Missing', you will need to add this line of code to your your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) +If on an Apache server and [Live Preview](control-panel/create.md#preview) shows an error message 'HTTP Authorization Header Missing', you will need to add this line of code to your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) ```php SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 diff --git a/docs/troubleshooting/error-messages.md b/docs/troubleshooting/error-messages.md index e5fd572cd..cc7bcab20 100755 --- a/docs/troubleshooting/error-messages.md +++ b/docs/troubleshooting/error-messages.md @@ -51,7 +51,7 @@ ExpressionEngine returns the following error message when attempting to use [Liv ### Troubleshooting -The Authorization header is stripped by some Apache servers, causing an error rendering the Live Preview. This behavior may be overriden in your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) by adding the following line: +The Authorization header is stripped by some Apache servers, causing an error rendering the Live Preview. This behavior may be overridden in your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) by adding the following line: ```php SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 From f0e7cd2bbe611b54a848040fd1cf4811eba6a79f Mon Sep 17 00:00:00 2001 From: TomJaeger Date: Tue, 21 Apr 2026 16:13:30 -0400 Subject: [PATCH 7/8] adding changelog --- docs/installation/changelog.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/docs/installation/changelog.md b/docs/installation/changelog.md index 648e4c797..e25cc0393 100755 --- a/docs/installation/changelog.md +++ b/docs/installation/changelog.md @@ -8,6 +8,34 @@ --> # ExpressionEngine v7 Change Log +## Version 7.5.22 +(Release: April 21st, 2026) +
+
+
    +
+
+
+ +**Enhancements** 🚀 + +- Added `submit_to` support in `exp:consent:form` for `site_index` and `action_id` targets, improving consent form posting flexibility [#5193](https://github.com/ExpressionEngine/ExpressionEngine/pull/5193) +- Added `email_as_username` support to member registration forms so username can be derived from email when configured [#5133](https://github.com/ExpressionEngine/ExpressionEngine/pull/5133) +- Added Live Preview compatibility token header (`EE-Live-Preview-Token`) for environments that strip Authorization headers [#5223](https://github.com/ExpressionEngine/ExpressionEngine/pull/5223) + +**Bug Fixes** 💃🐛 + +- Resolved an issue where Live Preview could fail silently when the Authorization header was unavailable by improving token/header handling and error behavior [#5184](https://github.com/ExpressionEngine/ExpressionEngine/pull/5184) [#5223](https://github.com/ExpressionEngine/ExpressionEngine/pull/5223) +- Resolved file picker drag-and-drop uploads returning incorrect CSRF/404-style failures for oversized requests; upload limit errors are now surfaced correctly [#5215](https://github.com/ExpressionEngine/ExpressionEngine/pull/5215) +- Resolved Pro Search filtered result issues by disabling entry SQL caching during filter processing and restoring it afterward [#4985](https://github.com/ExpressionEngine/ExpressionEngine/pull/4985) +- Resolved CKEditor/Pro Search word concatenation caused by HTML stripping in keyword parsing [#5200](https://github.com/ExpressionEngine/ExpressionEngine/pull/5200) +- Added missing translation strings for two Debug jump menu items [#5212](https://github.com/ExpressionEngine/ExpressionEngine/pull/5212) + +**Developers** 💻 + +- Fixed PHP deprecation warnings by declaring PDO `MYSQL_ATTR_*` database driver properties used by config-driven options [#5217](https://github.com/ExpressionEngine/ExpressionEngine/pull/5217) +- Added/updated automated coverage around Live Preview token handling, member email-as-username fallback behavior, consent form submit targets, and Pro Search filtering behavior [#5223](https://github.com/ExpressionEngine/ExpressionEngine/pull/5223) [#5133](https://github.com/ExpressionEngine/ExpressionEngine/pull/5133) [#5193](https://github.com/ExpressionEngine/ExpressionEngine/pull/5193) [#4985](https://github.com/ExpressionEngine/ExpressionEngine/pull/4985) + ## Version 7.5.21 (Release: March 2nd, 2026)
From f4a4192b8c60505f8ca56fb30c1ee657c5bcbb10 Mon Sep 17 00:00:00 2001 From: TomJaeger Date: Tue, 21 Apr 2026 16:57:35 -0400 Subject: [PATCH 8/8] updapted contributers and contributers script --- docs/installation/changelog.md | 6 ++ scripts/export_core_contributors.sh | 92 +++++++++++++++++++++++------ 2 files changed, 80 insertions(+), 18 deletions(-) diff --git a/docs/installation/changelog.md b/docs/installation/changelog.md index e25cc0393..eb07ddc9b 100755 --- a/docs/installation/changelog.md +++ b/docs/installation/changelog.md @@ -13,6 +13,12 @@
diff --git a/scripts/export_core_contributors.sh b/scripts/export_core_contributors.sh index f54eb1197..a22d7f995 100755 --- a/scripts/export_core_contributors.sh +++ b/scripts/export_core_contributors.sh @@ -11,38 +11,96 @@ ## ## This Script also is expecting the jq library to be installed. https://stedolan.github.io/jq/ -set -eu +set -euo pipefail + +if [[ $# -ne 2 ]]; then + echo "Usage: $0 " >&2 + exit 1 +fi + +for dependency in curl jq mktemp; do + if ! command -v "$dependency" >/dev/null 2>&1; then + echo "Error: Missing required dependency: $dependency" >&2 + exit 1 + fi +done + BASE=$1 HEAD=$2 -here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -curl -s -u "$GHUSER:$GHTOKEN" https://api.github.com/repos/expressionengine/expressionengine/compare/$1...$2 | jq .commits > core_contributors.json -length="$(cat core_contributors.json | jq '. | length')" +URL="https://api.github.com/repos/expressionengine/expressionengine/compare/${BASE}...${HEAD}" + +RESPONSE_JSON="$(mktemp)" +COMMITS_JSON="$(mktemp)" +CORE_CONTRIBUTORS_HTML="$(mktemp)" +cleanup() { + rm -f "$RESPONSE_JSON" "$COMMITS_JSON" "$CORE_CONTRIBUTORS_HTML" +} +trap cleanup EXIT + +USE_BASIC_AUTH=false +USE_BEARER_AUTH=false +if [[ -n "${GHUSER:-}" && -n "${GHTOKEN:-}" ]]; then + USE_BASIC_AUTH=true +elif [[ -n "${GHTOKEN:-}" ]]; then + USE_BEARER_AUTH=true +else + echo "Warning: GHUSER/GHTOKEN not set; using unauthenticated GitHub API requests (rate limited)." >&2 +fi + +if [[ "$USE_BASIC_AUTH" == true ]]; then + curl --fail --silent --show-error -u "${GHUSER}:${GHTOKEN}" "$URL" > "$RESPONSE_JSON" +elif [[ "$USE_BEARER_AUTH" == true ]]; then + curl --fail --silent --show-error -H "Authorization: Bearer ${GHTOKEN}" "$URL" > "$RESPONSE_JSON" +else + curl --fail --silent --show-error "$URL" > "$RESPONSE_JSON" +fi + +if ! jq -e '.commits and (.commits | type == "array")' "$RESPONSE_JSON" >/dev/null; then + API_MESSAGE="$(jq -r '.message // "Unexpected API response: .commits not found"' "$RESPONSE_JSON")" + echo "Error: $API_MESSAGE" >&2 + exit 1 +fi + +jq '.commits' "$RESPONSE_JSON" > "$COMMITS_JSON" #Now lets sort of JSON object alphabetically -tmp=$(mktemp) -jq ". |=sort_by(.commit | .author | .name)" core_contributors.json > "$tmp" && mv "$tmp" core_contributors.json +tmp="$(mktemp)" +jq ". |=sort_by(.commit | .author | .name // \"\")" "$COMMITS_JSON" > "$tmp" && mv "$tmp" "$COMMITS_JSON" +length="$(jq -r 'length' "$COMMITS_JSON")" +if ! [[ "$length" =~ ^[0-9]+$ ]]; then + echo "Error: Unable to determine commit length from GitHub response." >&2 + exit 1 +fi x=0 CONTRIBUTORS="" echo "Starting Loop" declare -a contributorList=() -while [ $x -lt $length ] -do - AUTHOR=$(cat core_contributors.json | jq ".[$x] | .author | .login" | tr -d '"') +while (( x < length )); do + AUTHOR="$(jq -r ".[$x] | .author | .login // \"\"" "$COMMITS_JSON")" + if [[ -z "$AUTHOR" ]]; then + ((x=x+1)) + continue + fi + if [[ ! " ${contributorList[*]-} " =~ " ${AUTHOR} " ]]; then - contributorList[${#contributorList[@]}]=$AUTHOR - IMAGE=$(cat core_contributors.json | jq ".[$x] | .author | .avatar_url" | tr -d '"') - NAME=$(cat core_contributors.json | jq ".[$x] | .commit | .author | .name" | tr -d '"') + contributorList[${#contributorList[@]}]="$AUTHOR" + IMAGE="$(jq -r ".[$x] | .author | .avatar_url // \"\"" "$COMMITS_JSON")" + NAME="$(jq -r ".[$x] | .commit | .author | .name // \"\"" "$COMMITS_JSON")" + if [[ -z "$NAME" ]]; then + NAME="$AUTHOR" + fi - echo $NAME' - '$AUTHOR | tr -d '"' - CONTRIBUTORS+=$'\n

  • '$NAME'

    @'$AUTHOR'

    • ' + echo "$NAME - $AUTHOR" + CONTRIBUTORS+=$'\n

  • '"$NAME"'

    @'"$AUTHOR"'

    • ' fi + ((x=x+1)) done echo "=== Copy html below and insert into changelog ===" -cat > "core_contributors.html" <<- EOF +cat > "$CORE_CONTRIBUTORS_HTML" <<- EOF
      @@ -52,6 +110,4 @@ cat > "core_contributors.html" <<- EOF
    EOF -cat core_contributors.html -rm core_contributors.json -rm core_contributors.html +cat "$CORE_CONTRIBUTORS_HTML"