Tuskfish 2.0.7 is a minor update to fix small bugs and add htmx support. Back end toggling of content on/offline now uses a htmx call to avoid reloading the whole page. This makes management easier when you have a large amount of content. The htmx library is now available in /vendor, but it is only used in the back end administrative theme.

Tuskfish 2.0.6 introduces automatic content expiry and sitemap update functionality, via a daily cron job script, updates third party libraries (jQuery 3.7.0, FontAwesome 6.4.0 and TinyMCE 6.4.2). A few bugs were fixed including custom RSS feed error if ID was empty, and indexing of soft 404 and enclosure links has been allowed.

Tuskfish 2.0.5 is a maintenance release with no new features, but updates to third party libaries (Bootstrap 5.2, DICE 4.03, FontAwesome 6.2, HTMLPurifier 4.14, jQuery 3.6.1). It includes one bugfix: .png compression was misconfigured (off), so automatic thumbnail generation in templates will now return vastly smaller file sizes.

Tuskfish 2.0.4 brings a user management module, which allows you to enrol trusted users in an Editorial role, so that they can create and edit content. The core structure has been refactored to improve modularity for development of new extensions. Internal login checks now test admin status against a surrogate password hash, rather than a simple session flag, which is a small security improvement: If an admin/editor changes their password at any time, any existing logged-in sessions are rendered invalid.

Tuskfish 2.0.3 brings compatibility with PHP 8.1, so if you want to wring the last few milliseconds of performance out of your site, use this version. New features include support for embedding Youtube videos, a sitemap generation facility, a 'minimum views' preference before displaying the views counter, and a live character counter for the meta description field. Third party libraries have also been updated, including adoption of Bootstrap 5.1.

A maintenance release, updating all third party libraries in use. No changes to core functionality, but the update of Bootstrap-fileinput has added a nice drag-and-drop target to image and media file uploads, which is something of an improvement. Upgraded libraries were: Bootstrap (v4.6), Bootstrap-datepicker (v1.9), Bootstrap-fileinput (v5.14), DICE (v4.0.2), FontAwesome (v5.15.2), HTMLPurifier (v4.13), jQuery (v3.5.1), TinyMCE (v5.6.2).

Tuskfish 2 is a rewrite of Tuskfish CMS to adopt a strict model-view-viewmodel (+ controller) architecture (MVVM + C). You can think of it as traditional MVC except the view is split into a view and a viewModel to abstract the model/view relationship, which improves flexibility and reuse of components. A front end controller and static router have been added to allow custom URL schemes. With the adoption of namespaces, Tuskfish 2 is now a very modern (if small) PHP application.

A maintenance release. Further internal refactoring to improve the structure and extensibility, and updates to third party libraries. An XSS vulnerability present in Bootstrap 4.0 has been patched through an update to Bootstrap V4.1.3.


  • Add canonical URL link.
  • Clean up base URL / links on index page (remove unnecessary 'index.php').
  • Use title for image alt tag if no caption is set.
  • Refactor of methods towards smaller logical components and improved compliance with the single responsibility principle.
  • Removal of magic method accessors and mutators in favour of manual getters and setters.
  • Improved error messages to increase clarity.
  • Extended bad login count and retry delay to include 2-factor authentication.
  • Fixes to pagination control.
  • Implement admin side content object controller to clean up the admin script.
  • Fix https://tuskfish.biz conversions in content module.
  • Manually set cache limiter in some pages to avoid 'document expired' errors when using the browser back button.
  • Bugfix for taglinks being deleted when a tag is edited.
  • Update to FontAwesome 5.5.
  • Update Bootstrap to V4.1.3 and remove unnecessary files.
  • Remove popper.js library (now bundled in Bootstrap).
  • Update TinyMCE to V4.8.5.

Another round of refactoring has been conducted to improve the structure of Tuskfish and to make it easier to read and to test. No new functionality has been added.


  • The larger methods have been broken down into smaller logical components, to make the code more readable and easier to test.
  • Implemented an admin controller class to clean up the admin controller script and allow reuse for common operations.
  • Extended bad login count and retry delay to the two-factor Yubikey version of the login script.
  • Converted rights to a trait to allow for reuse across system.
  • Error messages have been improved to give a more precise indication of what went wrong.

A minor refactoring and bugfix release with improvements to strengthen password hashing.


  • Switched to more appropriate password hashing algorithm (bcrypt) and the native hash_password() function.
  • Added 'expiresOn' and 'lastUpdated' to the content object table as hooks for future functionality.
  • Added 'module' as an additional column in the taglinks table to allow taglinks to be filtered by module.
  • Locked user-side gallery to image type objects, rather than returning all images from all object types.
  • Adopted usage of null coalescing operator (PHP 7) to shorten relevant ternary expressions.
  • Renamed TfAngryTree to Tftree.
  • Removed TfSecurityUtility (consolidated into TfUtils).
  • Removed TfCriteriaItemFactory (items are now handled as part of TfCriteriaFactory).
  • Added missing TfBlockHandler.
  • Fixed bug related to search operator in TfSearchContent.
  • Fixed offset bug recently introduced to pagination control.