Skip to content

feat:2.0 composer integration #1683

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
fiammybe wants to merge 22 commits into
base: develop
Choose a base branch
from
Open

feat:2.0 composer integration #1683

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
cef288c
feat: initial working integration of composer
fiammybe Jan 4, 2025
d5a2e71
feat: initial get list of uninstalled composer packages
fiammybe Jan 5, 2025
0983059
feat:SimplePie upgrade to 1.8.1 using composer now
fiammybe Jan 5, 2025
111c81e
feat:move htmlpurify to use the composer lib. Doesn't give errors, bu…
fiammybe Jan 12, 2025
ccc6eef
fix:update php requirements to 7.4
fiammybe Jan 12, 2025
e01274b
Replace icms Autoloader with the composer one
fiammybe Jul 24, 2025
b9e2bf0
update composer.json
fiammybe Oct 5, 2025
0fee111
fix: require composer autoload in installer
fiammybe Dec 24, 2025
a6e1616
Merge remote-tracking branch 'upstream/2.0.x' into 2.0-composer-integ…
fiammybe Dec 24, 2025
a199444
fix: the theme block can be empty, resulting in a fatal error in PHP …
fiammybe Dec 24, 2025
c300c73
restored the working code. The include was assuming autoloading via C…
fiammybe Dec 24, 2025
1c3506f
Removed included HTMLPurifier and replaced it with composer variant
fiammybe Dec 24, 2025
519c86a
make getThemesList return always an array
fiammybe Dec 24, 2025
061e876
add simplepie via composer, remove included version
fiammybe Dec 24, 2025
41129f3
add WideImage via composer, remove included version
fiammybe Dec 24, 2025
c9af922
revert to original modulesadmin.php
fiammybe Dec 24, 2025
4d8f83b
Update htdocs/composer.json to be les explicit
fiammybe Jan 11, 2026
77908f2
update composer.json: refine authors section, update license, remove …
fiammybe Jan 11, 2026
f2b4151
fix: close the scripts section in the composer.json
fiammybe Feb 21, 2026
da42fec
removed the license entry until we are certain how to fill it in. Better
fiammybe Feb 21, 2026
7f24acd
Move vendor folder as part of the installer, and make the site work with
fiammybe Feb 21, 2026
24683bf
Move the vendor folder on system module update for existing sites
fiammybe Feb 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
2 changes: 1 addition & 1 deletion htdocs/admin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ function showRSS() {
$feed = new icms_feeds_Simplerss();
$feed->set_feed_url($rssurl);
$feed->set_cache_duration(3600);
$feed->set_autodiscovery_level(SIMPLEPIE_LOCATOR_NONE);
$feed->set_autodiscovery_level(\Simplepie\Simplepie::LOCATOR_NONE);
Copy link
Contributor

@qodo-free-for-open-source-projects qodo-free-for-open-source-projects bot Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

7. Bad simplepie namespace 🐞 Bug ✓ Correctness

Admin RSS now calls \Simplepie\Simplepie::LOCATOR_NONE (wrong casing/namespace), which will trigger
a class-not-found fatal when that page renders.
Agent Prompt 
### Issue description
`htdocs/admin.php` references `\Simplepie\Simplepie::LOCATOR_NONE` which does not match the actual Composer SimplePie class namespace. This will fail at runtime.

### Issue Context
SimplePie is now provided via Composer and used as `\SimplePie\SimplePie`.

### Fix Focus Areas
- htdocs/admin.php[90-90]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

$feed->init();
$feed->handle_content_type();

Expand Down
77 changes: 77 additions & 0 deletions htdocs/composer.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
{
"name": "impresscms/impresscms",
"description": "ImpressCMS - A dynamic and user-friendly Content Management System",
"type": "project",
"keywords": [
"cms",
"content-management",
"php",
"mysql",
"web"
],
"homepage": "https://www.impresscms.org/",
"authors": [
{
"name": "Marc-André Lanciault",
"homepage": "https://www.impresscms.org/userinfo.php?uid=168",
"role": "Developer"
},
{
"name": "Steve Kenow",
"homepage": "https://www.impresscms.org/userinfo.php?uid=54",
"role": "Developer"
},
{
"name": "David Janssens",
"homepage": "https://www.impresscms.org/userinfo.php?uid=1102",
"role": "Developer"
},
{
"name": "Raimondas Rimkevičius",
"homepage": "https://www.impresscms.org/userinfo.php?uid=489",
"role": "Developer"
}
],
"require": {
"php": ">=7.4.0",
"ext-gd": "*",
"ext-json": "*",
"ext-mbstring": "*",
"ext-mysqli": "*",
"ext-pcre": "*",
"ext-pdo": "*",
"ext-session": "*",
"ext-xml": "*",
"ext-zlib": "*",
"composer/composer": "^2.8",
"ezyang/htmlpurifier": "^4.19",
"simplepie/simplepie": "^1.9",
"smottt/wideimage": "^1.1"
},
"require-dev": {},
"autoload": {
"psr-4": {
"Icms\\": "libraries/icms/"
},
"psr-0": {
"icms_": "libraries/"
},
"classmap": [
"libraries/icms.php"
]
},
"config": {
"optimize-autoloader": true,
"classmap-authoritative": false,
"apcu-autoloader": true,
"sort-packages": true,
"allow-plugins": {
"*": false
},
"cache-dir": "var/cache/composer",
"vendor-dir": "vendor"
},
"scripts": {},
"minimum-stability": "stable",
"prefer-stable": true
}
166 changes: 134 additions & 32 deletions htdocs/include/common.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,14 +42,88 @@

// -- Include common functions and constants file
require_once ICMS_ROOT_PATH . "/include/constants.php";

// Load Composer autoloader - prefer trust path location for security.
// After installation, the vendor directory lives in ICMS_TRUST_PATH (outside
// the web root). Fall back to ICMS_ROOT_PATH for pre-install or legacy setups.
$_icms_autoload_from_trustpath = false;
if (file_exists(ICMS_TRUST_PATH . "/vendor/autoload.php")) {
$_icms_autoload = ICMS_TRUST_PATH . "/vendor/autoload.php";
$_icms_autoload_from_trustpath = true;
} else {
$_icms_autoload = ICMS_ROOT_PATH . "/vendor/autoload.php";
}
require_once $_icms_autoload;
Comment on lines +49 to +56
Copy link
Contributor

@qodo-free-for-open-source-projects qodo-free-for-open-source-projects bot Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. $_icms_autoload not verified 📘 Rule violation ⛯ Reliability

require_once $_icms_autoload is executed without verifying that the selected autoload path exists,
which can trigger a fatal error when neither trust-path nor web-root vendor/autoload.php is
present. This violates the requirement to handle dependency-loading failure points gracefully with
actionable context.
Agent Prompt 
## Issue description
`htdocs/include/common.php` loads Composer autoloading via `require_once $_icms_autoload` without verifying the resolved path exists, which can cause an unhandled fatal error when `vendor/autoload.php` is missing.

## Issue Context
This is core bootstrap code; failures here should be handled with clear, actionable context rather than an opaque fatal include error.

## Fix Focus Areas
- htdocs/include/common.php[49-56]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

unset($_icms_autoload);

// When vendor lives in the trust path the Composer-generated autoloader files
// compute $baseDir as dirname(dirname(__DIR__)) relative to trustpath/vendor/,
// which resolves to trustpath/ instead of the web root. Every icms_* class
// lookup therefore targets trustpath/libraries/ – a directory that does not
// exist because libraries/ always stays in ICMS_ROOT_PATH.
//
// Register a prepended SPL autoloader (runs before Composer's now-broken one)
// that maps all three categories of ImpressCMS-native classes to the correct
// ICMS_ROOT_PATH/libraries location:
//
// "icms" (classmap entry) → libraries/icms.php
// "icms_*" (PSR-0 style) → libraries/<underscore/separated/path>.php
// "Icms\*" (PSR-4 style) → libraries/icms/<Namespace/Path>.php
if ($_icms_autoload_from_trustpath) {
$_icms_root_lib = ICMS_ROOT_PATH . DIRECTORY_SEPARATOR . "libraries";
spl_autoload_register(
static function (string $class) use ($_icms_root_lib): void {
// Classmap: bare "icms" abstract base class → libraries/icms.php
if ($class === "icms") {
$file = $_icms_root_lib . DIRECTORY_SEPARATOR . "icms.php";
if (is_file($file)) {
require_once $file;
}
return;
}
// PSR-0: icms_core_DataFilter → libraries/icms/core/DataFilter.php
if (strncmp($class, "icms_", 5) === 0) {
$file =
$_icms_root_lib .
DIRECTORY_SEPARATOR .
str_replace("_", DIRECTORY_SEPARATOR, $class) .
".php";
if (is_file($file)) {
require_once $file;
}
return;
}
// PSR-4: Icms\Core\DataFilter → libraries/icms/Core/DataFilter.php
if (strncmp($class, "Icms\\", 5) === 0) {
$file =
$_icms_root_lib .
DIRECTORY_SEPARATOR .
"icms" .
DIRECTORY_SEPARATOR .
str_replace("\\", DIRECTORY_SEPARATOR, substr($class, 5)) .
".php";
if (is_file($file)) {
require_once $file;
}
}
},
true, // throw (required SPL signature argument)
true, // prepend – run BEFORE Composer's broken path resolution
);
unset($_icms_root_lib);
}
unset($_icms_autoload_from_trustpath);

include_once ICMS_INCLUDE_PATH . "/functions.php";
include_once ICMS_INCLUDE_PATH . "/debug_functions.php";
include_once ICMS_INCLUDE_PATH . "/version.php";

if (!isset($xoopsOption)) $xoopsOption = array();
if (!isset($xoopsOption)) {
$xoopsOption = [];
}

// load core language file before the initialization of the boot sequence
icms_loadLanguageFile('core', 'theme');
icms_loadLanguageFile("core", "theme");

// -- Initialize kernel and launch bootstrap
require_once ICMS_LIBRARIES_PATH . "/icms.php";
Expand All @@ -60,63 +134,91 @@

// Disable gzip compression if PHP is run under CLI mode or if multi-language is enabled
// To be refactored
if (empty($_SERVER['SERVER_NAME']) || substr(PHP_SAPI, 0, 3) == 'cli' || $GLOBALS['icmsConfigMultilang']) {
$icmsConfig['gzip_compression'] = 0;
if (
empty($_SERVER["SERVER_NAME"]) ||
substr(PHP_SAPI, 0, 3) == "cli" ||
$GLOBALS["icmsConfigMultilang"]
) {
$icmsConfig["gzip_compression"] = 0;
}

if ($icmsConfig['gzip_compression'] == 1 && extension_loaded('zlib') && !ini_get('zlib.output_compression')) {
ini_set('zlib.output_compression', TRUE);
if (ini_get('zlib.output_compression_level') < 0) {
ini_set('zlib.output_compression_level', 6);
if (
$icmsConfig["gzip_compression"] == 1 &&
extension_loaded("zlib") &&
!ini_get("zlib.output_compression")
) {
ini_set("zlib.output_compression", true);
if (ini_get("zlib.output_compression_level") < 0) {
ini_set("zlib.output_compression_level", 6);
}
if (!zlib_get_coding_type()) {
ini_set('zlib.output_compression', FALSE);
ob_start('ob_gzhandler');
ini_set("zlib.output_compression", false);
ob_start("ob_gzhandler");
}
}

/*
* This address the strict compliance for PHP 5.3/5.4, but the rest of our timezone handling
* can be improved beyond this. ~skenow
*/
date_default_timezone_set(timezone_name_from_abbr("", $icmsConfig['default_TZ'] * 3600, 0));
date_default_timezone_set(
timezone_name_from_abbr("", $icmsConfig["default_TZ"] * 3600, 0),
);

// -- Include site-wide lang file
icms_loadLanguageFile('core', 'global');
icms_loadLanguageFile('core', 'core');
icms_loadLanguageFile('system', 'common');
@define('_GLOBAL_LEFT', @_ADM_USE_RTL == 1 ? 'right' : 'left');
@define('_GLOBAL_RIGHT', @_ADM_USE_RTL == 1 ? 'left' : 'right');
icms_loadLanguageFile("core", "global");
icms_loadLanguageFile("core", "core");
icms_loadLanguageFile("system", "common");
@define("_GLOBAL_LEFT", @_ADM_USE_RTL == 1 ? "right" : "left");
@define("_GLOBAL_RIGHT", @_ADM_USE_RTL == 1 ? "left" : "right");

// -- Include page-specific lang file
if (isset($xoopsOption['pagetype']) && FALSE === strpos($xoopsOption['pagetype'], '.')) {
icms_loadLanguageFile('core', $xoopsOption['pagetype']);
if (
isset($xoopsOption["pagetype"]) &&
false === strpos($xoopsOption["pagetype"], ".")
) {
icms_loadLanguageFile("core", $xoopsOption["pagetype"]);
}

defined("XOOPS_USE_MULTIBYTES") or define("XOOPS_USE_MULTIBYTES", 0);

if (!empty($_POST['xoops_theme_select']) && in_array($_POST['xoops_theme_select'], $icmsConfig['theme_set_allowed'])) {
$icmsConfig['theme_set'] = $_POST['xoops_theme_select'];
$_SESSION['xoopsUserTheme'] = $_POST['xoops_theme_select'];
} elseif (!empty($_POST['theme_select']) && in_array($_POST['theme_select'], $icmsConfig['theme_set_allowed'])) {
$icmsConfig['theme_set'] = $_POST['theme_select'];
$_SESSION['xoopsUserTheme'] = $_POST['theme_select'];
} elseif (!empty($_SESSION['xoopsUserTheme']) && in_array($_SESSION['xoopsUserTheme'], $icmsConfig['theme_set_allowed'])) {
$icmsConfig['theme_set'] = $_SESSION['xoopsUserTheme'];
if (
!empty($_POST["xoops_theme_select"]) &&
in_array($_POST["xoops_theme_select"], $icmsConfig["theme_set_allowed"])
) {
$icmsConfig["theme_set"] = $_POST["xoops_theme_select"];
$_SESSION["xoopsUserTheme"] = $_POST["xoops_theme_select"];
} elseif (
!empty($_POST["theme_select"]) &&
in_array($_POST["theme_select"], $icmsConfig["theme_set_allowed"])
) {
$icmsConfig["theme_set"] = $_POST["theme_select"];
$_SESSION["xoopsUserTheme"] = $_POST["theme_select"];
} elseif (
!empty($_SESSION["xoopsUserTheme"]) &&
in_array($_SESSION["xoopsUserTheme"], $icmsConfig["theme_set_allowed"])
) {
$icmsConfig["theme_set"] = $_SESSION["xoopsUserTheme"];
}

if ($icmsConfig['closesite'] == 1) {
include ICMS_INCLUDE_PATH . '/site-closed.php';
if ($icmsConfig["closesite"] == 1) {
include ICMS_INCLUDE_PATH . "/site-closed.php";
Comment on lines +137 to +205
Copy link
Contributor

@qodo-free-for-open-source-projects qodo-free-for-open-source-projects bot Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

2. common.php uses == 📘 Rule violation ✓ Correctness

Several modified conditionals use loose comparisons (==) instead of strict comparisons (===),
which can cause unexpected behavior due to PHP type juggling. This violates the strict-comparison
requirement for condition checks.
Agent Prompt 
## Issue description
`htdocs/include/common.php` uses loose comparisons (`==`) in modified conditionals, which violates the strict-comparison requirement.

## Issue Context
These conditions affect core boot behavior (gzip, CLI detection, RTL constants, site-closed), so type juggling can cause hard-to-debug misbehavior.

## Fix Focus Areas
- htdocs/include/common.php[137-205]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

}

icms::launchModule();

if ($icmsConfigPersona['multi_login']) {
if ($icmsConfigPersona["multi_login"]) {
if (is_object(icms::$user)) {
$online_handler = icms::handler('icms_core_Online');
$online_handler->write(icms::$user->getVar('uid'), icms::$user->getVar('uname'), time(), 0, $_SERVER['REMOTE_ADDR']);
$online_handler = icms::handler("icms_core_Online");
$online_handler->write(
icms::$user->getVar("uid"),
icms::$user->getVar("uname"),
time(),
0,
$_SERVER["REMOTE_ADDR"],
);
Comment on lines +210 to +219
Copy link
Contributor

@qodo-free-for-open-source-projects qodo-free-for-open-source-projects bot Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

3. multi_login key unguarded 📘 Rule violation ⛯ Reliability

$icmsConfigPersona["multi_login"] and $_SERVER["REMOTE_ADDR"] are accessed without
isset()/fallbacks, which can trigger notices or errors in edge cases (e.g., missing config or
CLI/non-HTTP contexts). This violates the requirement to check array indices before access and
provide fallbacks.
Agent Prompt 
## Issue description
The code reads `$icmsConfigPersona["multi_login"]` and `$_SERVER["REMOTE_ADDR"]` without checking they exist, which can cause notices or failures.

## Issue Context
This runs during core bootstrap and should be resilient across environments (HTTP vs CLI) and configuration states.

## Fix Focus Areas
- htdocs/include/common.php[210-219]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

}
}

// -- finalize boot process
icms::$preload->triggerEvent('finishCoreBoot');
icms::$preload->triggerEvent("finishCoreBoot");
10 changes: 5 additions & 5 deletions htdocs/include/version.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,10 +8,10 @@
* @since Xoops
* @author phppp
*/
define('ICMS_VERSION_NAME', 'ImpressCMS 2.0.2');
define("ICMS_VERSION_NAME", "ImpressCMS 2.0.2");

// For backward compatibility with XOOPS
define('XOOPS_VERSION', ICMS_VERSION_NAME);
define("XOOPS_VERSION", ICMS_VERSION_NAME);

/**
* Version Status
Expand All @@ -21,7 +21,7 @@
* 10 = Final
*/

define('ICMS_VERSION_STATUS', 10);
define("ICMS_VERSION_STATUS", 10);

/**
* Build number
Expand All @@ -30,7 +30,7 @@
*/
// 1.5.0 RC = 107; new 2.0.0 Beta 3=110, new 2.0.0 RC = 111, new 2.0.1 final = 113, 2.0.2 beta=114, 2.0.2 RC = 115

define('ICMS_VERSION_BUILD', 116);
define("ICMS_VERSION_BUILD", 116);

/**
* Latest dbversion of the System Module
Expand All @@ -41,4 +41,4 @@
* So, developers, everytime you add an upgrade block in system/include/update.php to upgrade something in the DB,
* please also change this constant
*/
define('ICMS_SYSTEM_DBVERSION', 48);
define("ICMS_SYSTEM_DBVERSION", 49);
Loading