Download

A minor patch:

Tighten access-control-origin header, close open redirects, improve validation and add resource limits to JS.

Tuskfish CMS now supports login with Windows Hello, Touch ID, Face ID, iOS and Android devices, and hardware security keys like the Yubikey. This is implemented as a second factor after password check for two-factor authentication (2FA) login security.

Users can register and revoke their 2FA credentials by visiting Preferences => Two-Factor Authentication in the Admin panel. Registration of a credential only takes a few seconds. Once a credential is registered, two-factor login becomes mandatory, so it is a good idea to register more than one device to avoid lock out. Users can revert to simple password login by revoking all their 2FA credentials.

Technically this is an implementation of the FIDO 2 / WebAuthn standards. Users register passkeys from platform authenticators (Hello, Touch ID etc) or hardware security keys (CTAP2 authenticators). Credentials are public-key based and origin-bound; no shared secrets are stored.

Minor bugfixes:

Reverted cache writes to avoid use of remove(), as this function is normally disabled in php.ini; tidied cached file names (prevent param separator being used on first param); fixed bug in gallery logic that prevented dynamic changes in columns to suit display width.

Tuskfish V2.2 brings a lot of improvements, including a group permissions system to control access to routes and individual content items, fourteen new colourful themes, and a new default theme preference for flipping the look and fee. of your site. All content types can now be set as 'static' with a new 'in feed' toggle switch, there is optional support for better thumbnail generation and colour space support with ImageMagick 6 available. The entire codebase has been reviewed with AI assistance for bugs, security issues, and compliance with PHP 8.4/8.5, Bootstrap 5 and HTML5. Core libraries have been updated. Note: I pushed a minor bugfix update so the current version is 2.2.1.

Tuskfish 2.1 is a feature release that adds an extensible system for creating and managing blocks (the equivalent of 'widgets' in Wordpress or 'modules' in Joomla). Three block types ship by default: A Spotlight block for highlighting a particular piece of content, and 'Recent Content' block that lists the last X pieces of content filtered by tag and type, and custom HTML blocks. The code base has been updated to use recent language features. The minimum PHP version is now 8.3.

Tuskfish 2.0.8 is an incremental update with a bunch of small fixes and refinements. New features include an alternate compact template option for collections that displays child content as a list, support for a 3rd Yubikey hardware token, and extension of html toggling of content online status extended to admin search results. There are several improvements to the video templates as well: They are now responsive, and alternate selectable templates are available for common aspect ratios including 16:9, 4:3, 21:9 and 1:1.

Optional support for ImageMagick V6 is now available. This gives much better quality thumbnails than PHP's native GD2 library, but at the cost of some manual configuration. You need to:

• Have ImageMagic installed on your webserver (most hosting companies provide this).
• Access to PHP's exec() function must be enabled (it is often disabled by default through the disable_functions setting in php.ini).
• Swap in an alternative ResizeImage.php trait file (provided).
• Configure the file path to an sRGB.icc colour profile on your server (you can download one if necessary).
• Clear the image cache (html/cache), which will cause thumbnails to be rebuilt.

You can adjust the level of compression and sharpening in the trait file method createThumbnailWithExec().

Tuskfish 2.0.7 is a minor update to fix small bugs and add htmx support. Back end toggling of content on/offline now uses a htmx call to avoid reloading the whole page. This makes management easier when you have a large amount of content. The htmx library is now available in /vendor, but it is only used in the back end administrative theme.

Tuskfish 2.0.6 introduces automatic content expiry and sitemap update functionality, via a daily cron job script, updates third party libraries (jQuery 3.7.0, FontAwesome 6.4.0 and TinyMCE 6.4.2). A few bugs were fixed including custom RSS feed error if ID was empty, and indexing of soft 404 and enclosure links has been allowed.