Version 1.13.2

The core package of Gila CMS



Fixed the menu editing page
Endpoint /lzld/thumb can return svg file


Session file is removed when user creates new session


Fixed an error with asset directories
The old packages and themes directory is cleaned up on upgrades
All static files are copied and reden from assets/ directory
Big refacture on the code (renaming classes, methods, etc)
Note: after upgrading this package, upgrade all the others, and the theme


Revert upload folder to assets


Uploads are saved in a non public folder
Table schemas can extend other tables
Fixed paragraphs bug in widgets
Allow CORS from configuration


List of cross origin resource sharing can be set at config file
List of trusted domains can be set at config file
Updated german language
Managers can be set to users

Support of template engines
File management is restricted in less folders and file types

Fixed bulk select problem in table administration
In registry edit, rows of child table can be created after registry save

Created the upload csv tool for content tables
Support for replicated databases

Added more languages
Added blocks: cards, side-image in package blocks
Fixed the reset password form
On package download it will run the update only if is active

Security updates
A new folder is created in media gallery every month

Can remove folders from media gallery

User can logout from other devices

Add page title to categories and tag pages
Pages can use admin template
Updated facebook comments package
Added block editor package
Fix error uploading images

Deny access to non admin in some pages
Enable CORS on settings

Security updates
Bugfixes of post categories

User can create a generic use token from admin/profile
Many CSRF vulnerabilities fixed with cm endpoint
Webp images can be displayed as thumbnails in administration
Not allowewd svg uploads for security

Uploaded images can autoresize with maximum dimensions
Max image width and heigth is set on admin/settings
Added accesses to editor role: pages, menus, widgets
Added portuguese language
On installation fields are filtered for xss input
Fixed access to media files for multisites
Added canonical link for blog/category

Load faster the pages of content administration

Safer upload and edit for phoos and files
Thumbnail display of posts at administration
Added more translations in german, spanish, french and estonian
Fixed a bug that was not generated the post slug

Avoid local file inclusion by reading files below the installation folder
Avoid xss attack from uploaded filenames
Cm endpoints return hear with content type json
Cm api accepts multiqueries (list,list_rows,describe)

Avoid local file inclusion by reading files below the installation folder
Avoid xss attack from uploaded filenames
Api: cm endpoints return hear with content type json
Api: cm api accepts multiqueries (list,list_rows,describe)

Themes support block editor with correct styling
Add template field for pages
Remove some warnings

Cannot upload a non media file at assets
Fix db backup bug
Widgets are more safe from xss attacks
Only main site can access file manager and phpinfo
Added popup_edit command for table schemas

Dont show error when controller is not found
Remove warnings on installation
Close pop up dialogs by clicking outside of them
Tmp media filenames are saved with their folders

Website favicon can be added
New page: /admin/theme_options
Added icons for default widgets
Updated post-category widget
Multisite support

Reuse the default form token
Added media tabs
Added sendmail event