Core improvements
QR Code generation
Kirby's new Kirby\Image\QrCode
class, qr()
helper function and ->toQrCode()
field method allow you to create QR Codes right out of the box:
$qr = new Kirby\Image\QrCode('https://getkirby.com');
$qr->toSvg(color: '#ff00ff');
$qr->toDataUri(color: '#ff00ff');
qr('https://getkirby.com')->toSvg();
$page->myLinkField()->toQrCode()->toSvg();
Support for UUIDs and permalinks in URL helper
You can now pass a page UUID, a file UUID or a permalink to the url()
helper and it will be converted to the actual URL:
<?= url('page://abcd') ?>
<?= url('file://abcd') ?>
<?= url('/@/page/abcd') ?>
<?= url('/@/file/abcd') ?>
This will also work for other URL methods like $field->toUrl()
, Url:to()
, etc.
Support for UUIDs in API calls
You can now use UUIDs in API calls to request pages and files. #4769
/api/pages/@$pageUUID
The UUIDs must be passed without scheme, but a prefixed @
. I.e.:
// Nope
/api/pages/page://abcd
// Yes
/api/pages/@abcd
File routes can also handle file UUIDs for files and parents:
/api/pages/@$pageUUID/files/$filename
/api/pages/@$pageUUID/files/@$fileUUID
In addition to that there are new direct UUID file routes:
/api/files/@$fileUUID
Better plugin asset handling
- New
assets
plugin extension that allows plugins to specify assets from custom paths and with a wider range of extensions than previously supported - New
Kirby\Cms\Plugin::assets()
andKirby\Cms\Plugin::asset($assetName)
methods - New
Kirby\Cms\PluginAsset
object with many methods, e.g.$plugin->asset('styles.css')->url()
- Plugin asset media url contains a modification timestamp to easily cachebust (e.g.
/media/plugins/getkirby/test-plugin/2375797551-472389240/styles.css
) css()
andjs()
helpers support passing plugin and plugin assets objects to include all assets of the plugin:
css([
'assets/css/index.css',
$kirby->plugin('foo/bar')
]);
css([
'assets/css/index.css',
$kirby->plugin('foo/bar')->assets(),
]);
css([
'assets/css/index.css',
$kirby->plugin('foo/bar')->asset('styles.css'),
]);
New SymmetricCrypto
class
Kirby\Toolkit\SymmetricCrypto
is a user-friendly and safe abstraction for symmetrical authenticated encryption using the PHP sodium
extension:
use Kirby\Toolkit\SymmetricCrypto;
// encryption/decryption with a password
$crypto = new SymmetricCrypto(password: 'super secure');
$ciphertext = $crypto->encrypt('a very confidential string');
$plaintext = $crypto->decrypt($ciphertext);
// encryption with a random key
$crypto = new SymmetricCrypto();
$ciphertext = $crypto->encrypt('a very confidential string');
$secretKey = $crypto->secretKey();
// encryption/decryption with a previously generated key
$crypto = new SymmetricCrypto(secretKey: $secretKey);
$ciphertext = $crypto->encrypt('a very confidential string');
$plaintext = $crypto->decrypt($ciphertext);
New LazyValue
class
Kirby\Toolkit\LazyValue
allows to protect a closure function from being called by other code that is testing for instanceof Closure
:
$value = new LazyValue(fn ($a, $b, $c) => 'please protect me');
// ...
if ($value instanceof Closure) {
// we would hate if our value gets unwrapped here,
// that's why we cannot use a normal closure but LazyValue
$value = $value();
}
// ...
// finally we want to unwrap our protected closure
if ($value instanceof LazyValue) {
$value = $value->resolve($a, $b, $c);
}
More improvements
- New
$field->permalinksToUrls()
method for writer fields - Extensions to add custom methods for structures and structure objects
- New
Kirby\Toolkit\Str::camelToKebab()
method Str::template()
supports single and double curly braces as start/end delimiters by defaultXml::attr()
: Support passing an empty string as value to generate an attribute with an empty value- New
Kirby\Cms\App::models()
method that returns a generator for each model (site, files, pages and users) of the site - NewÂ
Kirby\Cms\File::blueprints()
 method that collects valid blueprints from the files sections and files fields of the parent model - Fields can now defineÂ
'hidden' => true
 (component notation) orÂ::isHidden(): bool
 (class-based) to make them non-rendering - New
languages.variables
config option to disable managing translations in the Panel - NewÂ
Kirby\Cms\File::changeTemplate()
 method - New file permissions forÂ
changeTemplate
,access
andlist
- NewÂ
file.changeTemplate
 hooks - New
Kirby\Filesystem\F::safeExtension()
method - New
Kirby\Filesystem\F::safeBasename()
method Kirby\Toolkit\Str::date()
and its dependents (e.g.Kirby\Filesystem\F::modified()
,Kirby\Filesystem\File::modified()
,Kirby\Filesystem\Dir::modified()
) now respect the globally configured date handler- New
$date->formatWithHandler()
method for Kirby date objects that allows to use different date handlers or even the globally configured one (default). - NewÂ
Kirby\Email\Email::toArray()
 andÂKirby\Email\Body::toArray()
 methods - New
Kirby\Exception\AuthException
class - Dom: New
allowHostRelativeUrls
sanitization option (true
by default) to perform less strict checks when the HTML<base>
element is used - Dom: Custom sanitization callbacks for attributes, elements and the doctype now also receive the
$options
array - Sane: New
$isExternal
mode specifically for external files that may be accessed directly - More detailed security policy for GitHub