feat:2.0 composer integration

htdocs/admin.php

@@ -87,7 +87,7 @@ function showRSS() {
 	$feed = new icms_feeds_Simplerss();
 	$feed->set_feed_url($rssurl);
 	$feed->set_cache_duration(3600);
-	$feed->set_autodiscovery_level(SIMPLEPIE_LOCATOR_NONE);
+	$feed->set_autodiscovery_level(\Simplepie\Simplepie::LOCATOR_NONE);
 	$feed->init();
 	$feed->handle_content_type();
 

htdocs/composer.json

@@ -0,0 +1,77 @@
+{
+	"name": "impresscms/impresscms",
+	"description": "ImpressCMS - A dynamic and user-friendly Content Management System",
+	"type": "project",
+	"keywords": [
+		"cms",
+		"content-management",
+		"php",
+		"mysql",
+		"web"
+	],
+	"homepage": "https://www.impresscms.org/",
+	"authors": [
+		{
+			"name": "Marc-André Lanciault",
+			"homepage": "https://www.impresscms.org/userinfo.php?uid=168",
+			"role": "Developer"
+		},
+		{
+			"name": "Steve Kenow",
+			"homepage": "https://www.impresscms.org/userinfo.php?uid=54",
+			"role": "Developer"
+		},
+		{
+			"name": "David Janssens",
+			"homepage": "https://www.impresscms.org/userinfo.php?uid=1102",
+			"role": "Developer"
+		},
+		{
+			"name": "Raimondas Rimkevičius",
+			"homepage": "https://www.impresscms.org/userinfo.php?uid=489",
+			"role": "Developer"
+		}
+	],
+	"require": {
+		"php": ">=7.4.0",
+		"ext-gd": "*",
+		"ext-json": "*",
+		"ext-mbstring": "*",
+		"ext-mysqli": "*",
+		"ext-pcre": "*",
+		"ext-pdo": "*",
+		"ext-session": "*",
+		"ext-xml": "*",
+		"ext-zlib": "*",
+		"composer/composer": "^2.8",
+		"ezyang/htmlpurifier": "^4.19",
+		"simplepie/simplepie": "^1.9",
+		"smottt/wideimage": "^1.1"
+	},
+	"require-dev": {},
+	"autoload": {
+		"psr-4": {
+			"Icms\\": "libraries/icms/"
+		},
+		"psr-0": {
+			"icms_": "libraries/"
+		},
+		"classmap": [
+			"libraries/icms.php"
+		]
+	},
+	"config": {
+		"optimize-autoloader": true,
+		"classmap-authoritative": false,
+		"apcu-autoloader": true,
+		"sort-packages": true,
+		"allow-plugins": {
+			"*": false
+		},
+		"cache-dir": "var/cache/composer",
+		"vendor-dir": "vendor"
+	},
+	"scripts": {},
+	"minimum-stability": "stable",
+	"prefer-stable": true
+}

htdocs/include/common.php

@@ -42,14 +42,88 @@
 
 // -- Include common functions and constants file
 require_once ICMS_ROOT_PATH . "/include/constants.php";
+
+// Load Composer autoloader - prefer trust path location for security.
+// After installation, the vendor directory lives in ICMS_TRUST_PATH (outside
+// the web root).  Fall back to ICMS_ROOT_PATH for pre-install or legacy setups.
+$_icms_autoload_from_trustpath = false;
+if (file_exists(ICMS_TRUST_PATH . "/vendor/autoload.php")) {
+	$_icms_autoload = ICMS_TRUST_PATH . "/vendor/autoload.php";
+	$_icms_autoload_from_trustpath = true;
+} else {
+	$_icms_autoload = ICMS_ROOT_PATH . "/vendor/autoload.php";
+}
+require_once $_icms_autoload;
+unset($_icms_autoload);
+
+// When vendor lives in the trust path the Composer-generated autoloader files
+// compute $baseDir as dirname(dirname(__DIR__)) relative to trustpath/vendor/,
+// which resolves to trustpath/ instead of the web root.  Every icms_* class
+// lookup therefore targets trustpath/libraries/ – a directory that does not
+// exist because libraries/ always stays in ICMS_ROOT_PATH.
+//
+// Register a prepended SPL autoloader (runs before Composer's now-broken one)
+// that maps all three categories of ImpressCMS-native classes to the correct
+// ICMS_ROOT_PATH/libraries location:
+//
+//   "icms"     (classmap entry)  →  libraries/icms.php
+//   "icms_*"   (PSR-0 style)     →  libraries/<underscore/separated/path>.php
+//   "Icms\*"   (PSR-4 style)     →  libraries/icms/<Namespace/Path>.php
+if ($_icms_autoload_from_trustpath) {
+	$_icms_root_lib = ICMS_ROOT_PATH . DIRECTORY_SEPARATOR . "libraries";
+	spl_autoload_register(
+		static function (string $class) use ($_icms_root_lib): void {
+			// Classmap: bare "icms" abstract base class → libraries/icms.php
+			if ($class === "icms") {
+				$file = $_icms_root_lib . DIRECTORY_SEPARATOR . "icms.php";
+				if (is_file($file)) {
+					require_once $file;
+				}
+				return;
+			}
+			// PSR-0: icms_core_DataFilter → libraries/icms/core/DataFilter.php
+			if (strncmp($class, "icms_", 5) === 0) {
+				$file =
+					$_icms_root_lib .
+					DIRECTORY_SEPARATOR .
+					str_replace("_", DIRECTORY_SEPARATOR, $class) .
+					".php";
+				if (is_file($file)) {
+					require_once $file;
+				}
+				return;
+			}
+			// PSR-4: Icms\Core\DataFilter → libraries/icms/Core/DataFilter.php
+			if (strncmp($class, "Icms\\", 5) === 0) {
+				$file =
+					$_icms_root_lib .
+					DIRECTORY_SEPARATOR .
+					"icms" .
+					DIRECTORY_SEPARATOR .
+					str_replace("\\", DIRECTORY_SEPARATOR, substr($class, 5)) .
+					".php";
+				if (is_file($file)) {
+					require_once $file;
+				}
+			}
+		},
+		true, // throw  (required SPL signature argument)
+		true, // prepend – run BEFORE Composer's broken path resolution
+	);
+	unset($_icms_root_lib);
+}
+unset($_icms_autoload_from_trustpath);
+
 include_once ICMS_INCLUDE_PATH . "/functions.php";
 include_once ICMS_INCLUDE_PATH . "/debug_functions.php";
 include_once ICMS_INCLUDE_PATH . "/version.php";
 
-if (!isset($xoopsOption)) $xoopsOption = array();
+if (!isset($xoopsOption)) {
+	$xoopsOption = [];
+}
 
 // load core language file before the initialization of the boot sequence
-icms_loadLanguageFile('core', 'theme');
+icms_loadLanguageFile("core", "theme");
 
 // -- Initialize kernel and launch bootstrap
 require_once ICMS_LIBRARIES_PATH . "/icms.php";
@@ -60,63 +134,91 @@
 
 // Disable gzip compression if PHP is run under CLI mode or if multi-language is enabled
 // To be refactored
-if (empty($_SERVER['SERVER_NAME']) || substr(PHP_SAPI, 0, 3) == 'cli' || $GLOBALS['icmsConfigMultilang']) {
-	$icmsConfig['gzip_compression'] = 0;
+if (
+	empty($_SERVER["SERVER_NAME"]) ||
+	substr(PHP_SAPI, 0, 3) == "cli" ||
+	$GLOBALS["icmsConfigMultilang"]
+) {
+	$icmsConfig["gzip_compression"] = 0;
 }
 
-if ($icmsConfig['gzip_compression'] == 1 && extension_loaded('zlib') && !ini_get('zlib.output_compression')) {
-	ini_set('zlib.output_compression', TRUE);
-	if (ini_get('zlib.output_compression_level') < 0) {
-		ini_set('zlib.output_compression_level', 6);
+if (
+	$icmsConfig["gzip_compression"] == 1 &&
+	extension_loaded("zlib") &&
+	!ini_get("zlib.output_compression")
+) {
+	ini_set("zlib.output_compression", true);
+	if (ini_get("zlib.output_compression_level") < 0) {
+		ini_set("zlib.output_compression_level", 6);
 	}
 	if (!zlib_get_coding_type()) {
-		ini_set('zlib.output_compression', FALSE);
-		ob_start('ob_gzhandler');
+		ini_set("zlib.output_compression", false);
+		ob_start("ob_gzhandler");
 	}
 }
 
 /*
  * This address the strict compliance for PHP 5.3/5.4, but the rest of our timezone handling
  * can be improved beyond this. ~skenow
  */
-date_default_timezone_set(timezone_name_from_abbr("", $icmsConfig['default_TZ'] * 3600, 0));
+date_default_timezone_set(
+	timezone_name_from_abbr("", $icmsConfig["default_TZ"] * 3600, 0),
+);
 
 // -- Include site-wide lang file
-icms_loadLanguageFile('core', 'global');
-icms_loadLanguageFile('core', 'core');
-icms_loadLanguageFile('system', 'common');
-@define('_GLOBAL_LEFT', @_ADM_USE_RTL == 1 ? 'right' : 'left');
-@define('_GLOBAL_RIGHT', @_ADM_USE_RTL == 1 ? 'left' : 'right');
+icms_loadLanguageFile("core", "global");
+icms_loadLanguageFile("core", "core");
+icms_loadLanguageFile("system", "common");
+@define("_GLOBAL_LEFT", @_ADM_USE_RTL == 1 ? "right" : "left");
+@define("_GLOBAL_RIGHT", @_ADM_USE_RTL == 1 ? "left" : "right");
 
 // -- Include page-specific lang file
-if (isset($xoopsOption['pagetype']) && FALSE === strpos($xoopsOption['pagetype'], '.')) {
-	icms_loadLanguageFile('core', $xoopsOption['pagetype']);
+if (
+	isset($xoopsOption["pagetype"]) &&
+	false === strpos($xoopsOption["pagetype"], ".")
+) {
+	icms_loadLanguageFile("core", $xoopsOption["pagetype"]);
 }
 
 defined("XOOPS_USE_MULTIBYTES") or define("XOOPS_USE_MULTIBYTES", 0);
 
-if (!empty($_POST['xoops_theme_select']) && in_array($_POST['xoops_theme_select'], $icmsConfig['theme_set_allowed'])) {
-	$icmsConfig['theme_set'] = $_POST['xoops_theme_select'];
-	$_SESSION['xoopsUserTheme'] = $_POST['xoops_theme_select'];
-} elseif (!empty($_POST['theme_select']) && in_array($_POST['theme_select'], $icmsConfig['theme_set_allowed'])) {
-	$icmsConfig['theme_set'] = $_POST['theme_select'];
-	$_SESSION['xoopsUserTheme'] = $_POST['theme_select'];
-} elseif (!empty($_SESSION['xoopsUserTheme']) && in_array($_SESSION['xoopsUserTheme'], $icmsConfig['theme_set_allowed'])) {
-	$icmsConfig['theme_set'] = $_SESSION['xoopsUserTheme'];
+if (
+	!empty($_POST["xoops_theme_select"]) &&
+	in_array($_POST["xoops_theme_select"], $icmsConfig["theme_set_allowed"])
+) {
+	$icmsConfig["theme_set"] = $_POST["xoops_theme_select"];
+	$_SESSION["xoopsUserTheme"] = $_POST["xoops_theme_select"];
+} elseif (
+	!empty($_POST["theme_select"]) &&
+	in_array($_POST["theme_select"], $icmsConfig["theme_set_allowed"])
+) {
+	$icmsConfig["theme_set"] = $_POST["theme_select"];
+	$_SESSION["xoopsUserTheme"] = $_POST["theme_select"];
+} elseif (
+	!empty($_SESSION["xoopsUserTheme"]) &&
+	in_array($_SESSION["xoopsUserTheme"], $icmsConfig["theme_set_allowed"])
+) {
+	$icmsConfig["theme_set"] = $_SESSION["xoopsUserTheme"];
 }
 
-if ($icmsConfig['closesite'] == 1) {
-	include ICMS_INCLUDE_PATH . '/site-closed.php';
+if ($icmsConfig["closesite"] == 1) {
+	include ICMS_INCLUDE_PATH . "/site-closed.php";
 }
 
 icms::launchModule();
 
-if ($icmsConfigPersona['multi_login']) {
+if ($icmsConfigPersona["multi_login"]) {
 	if (is_object(icms::$user)) {
-		$online_handler = icms::handler('icms_core_Online');
-		$online_handler->write(icms::$user->getVar('uid'), icms::$user->getVar('uname'), time(), 0, $_SERVER['REMOTE_ADDR']);
+		$online_handler = icms::handler("icms_core_Online");
+		$online_handler->write(
+			icms::$user->getVar("uid"),
+			icms::$user->getVar("uname"),
+			time(),
+			0,
+			$_SERVER["REMOTE_ADDR"],
+		);
 	}
 }
 
 // -- finalize boot process
-icms::$preload->triggerEvent('finishCoreBoot');
+icms::$preload->triggerEvent("finishCoreBoot");

htdocs/include/version.php

@@ -8,10 +8,10 @@
  * @since Xoops
  * @author phppp
  */
-define('ICMS_VERSION_NAME', 'ImpressCMS 2.0.2');
+define("ICMS_VERSION_NAME", "ImpressCMS 2.0.2");
 
 // For backward compatibility with XOOPS
-define('XOOPS_VERSION', ICMS_VERSION_NAME);
+define("XOOPS_VERSION", ICMS_VERSION_NAME);
 
 /**
  * Version Status
@@ -21,7 +21,7 @@
  * 10 = Final
  */
 
-define('ICMS_VERSION_STATUS', 10);
+define("ICMS_VERSION_STATUS", 10);
 
 /**
  * Build number
@@ -30,7 +30,7 @@
  */
 // 1.5.0 RC = 107; new 2.0.0 Beta 3=110, new 2.0.0 RC = 111, new 2.0.1 final = 113, 2.0.2 beta=114, 2.0.2 RC = 115
 
-define('ICMS_VERSION_BUILD', 116);
+define("ICMS_VERSION_BUILD", 116);
 
 /**
  * Latest dbversion of the System Module
@@ -41,4 +41,4 @@
  * So, developers, everytime you add an upgrade block in system/include/update.php to upgrade something in the DB,
  * please also change this constant
  */
-define('ICMS_SYSTEM_DBVERSION', 48);
+define("ICMS_SYSTEM_DBVERSION", 49);