What's new in version 2.4.0
January 1st, 2018 (Happy New Year!)

2 plugins need manual updating (copy/paste link)

1. Update link for Summernote editor plugin

Copy the link below and paste it in your Settings->Themes & plugins, select "Plugin" and click update.


2. Update for Additonal contents plugin

Copy the link below and paste it in your Settings->Themes & plugins, select "Plugin" and click update.



Note 1: Thanks to Vekien for the corrected code logic in the theme/plugin installer, helping implement hash_equals and restructuring the function for deleting files/themes/plugins.

Note 2: Thanks to ayeshrajans for spotting the hash_equals improvement.

See what's planned for future releases in the Roadmap.

Previous updates

2.3.2 - October 11th, 2017

  • two additional ISSET checks to prevent PHP notices
  • changed HTTP 1.0 headers to HTTP 1.1
  • updated links to themes and plugins in the Settings panel (new links are: https://wondercms.com/themes and https://wondercms.com/plugins)
  • removed converted case for page titles
  • core code in WonderCMS prettified - providing a better level of readability
  • minor text changes

No actions are required for this update


Note 1: Thanks to Samrat Das for sparking a debate about file type limits in the file uploader. Share your opinion on the file uploader file type limits.

Note 2: We are dropping old version support in January 2018.

2.3.0 + 2.3.1 patch - August 23rd, 2017

  • one click backup
  • re-designed settings panel
  • theme installer + updater + remover
  • plugin installer + updater + remover
  • file uploader + remover
  • tab/indentation support
  • additional security token checks
  • added "Visit page" link next to each page in menu
  • added success message when deleting a page
  • logout link moved to top right corner
  • fixed title case when creating new pages
  • files autosize.js, taboverride.min.js and taboverride.jquery.min.js are now loaded after the admin is logged in, resulting in faster website loading
  • minor code logic fixes
  • minor text fixes
  • added two additional checks if the request for token is set (2.3.1 patch)
  • double space removal / converted to tabs (2.3.1 patch)

Special thanks to Janez Čas (HttpMaster author), Davide Vago, Robbie Antenesse and Andreas Lenhardt.

1 plugin needs to be updated from your settings panel

  • Summernote WYSIWYG editor - Simply COPY/PASTE the below link into your Settings->Themes&plugins, select plugin and click update.

2 changes in theme.php // only for custom themes

  1. In theme.php: remove autosize.js (https://cdn.jsdelivr.net/jquery.autosize/3.0.17/autosize.min.js)
  2. In style.css: replace .navbar-right li a:hover, .navbar-right li.active a with ul.nav.navbar-nav.navbar-right li a:hover, ul.nav.navbar-nav.navbar-right li.active a

2.2.1 - June 23rd, 2017

  • Custom port support. WonderCMS now works on non-standard HTTP ports - thanks to Grzegorz Kowalski.
  • JavaScript hook fix - thanks to Grzegorz Kowalski.
  • Show admin CSS and JS only when logged. Great for even faster website load times.
  • Minor text and tab fixes.

1 plugin needs to be updated manually

  1. Additional contents plugin - DOWNLOAD the updated plugin, unzip it, and overwrite your existing addition_contents plugin folder with the new files.

2.2.0 - June 18th, 2017

  1. Added additional tokens to prevent/fix CSRF vulnerabilities thanks to Luka Mrovlje from Mobinia inter for the fix. Special thanks to Ehsan Hosseini from Zerox Security Lab (ZeroxSecLab Twitter) for reporting this and confirming the issue is resolved.
  2. Added CSS style (text align left) the settings panel. This is to prevent the admin settings panel text alignment from being overwritten by a custom theme.
  3. New created pages are now visible in the menu by default.
  4. Added extra help on the example page for new WonderCMS installations.

Plugins that need to be updated manually

  1. Summernote (WYSIWYG editor and file uploader). DOWNLOAD the new plugin, unzip it, and overwrite your existing summernote plugin folder with the new files.

2.1.0 - May 30th, 2017

  1. Easy page adding and hiding | thanks to Pascal Jordin.
  2. Easy page re-ordering | thanks to Pascal Jordin.
  3. Cleaner URLs | thanks to Pascal Jordin.
  4. Improved URL function | thanks to Luka Mrovlje.
  5. Minor code improvements.
  6. Additional thanks to turboblack (Dannis Danylenko) for all the testing.
  7. NOTE: All pages will be visible in your menu after updating. You can hide pages easily from your settings panel. This is necessary due to the new menu functionality.

2.0.6 - April 28th, 2017

  1. Fixed bug $_SERVER[REQUEST_URI] to $_SERVER['REQUEST_URI'] because of errors reported on some sites. Thanks to turboblack (Dannis Danylenko) for reporting this.

2.0.5 - April 28th, 2017

  1. Fixed display login URL in settings panel thanks to Robbie Antenesse.

2.0.4 - April 27th, 2017

  1. Update system changed from using file_get_contents to cURL - thanks to Robbie Antenesse for providing us with a more stable update system.
  2. Fixed absolute URLs to relative, this bug happened on some servers/environments and made WonderCMS URLs unusable - another thanks to Robbie Antenesse for this awesome fix.

2.0.3 - April 20th, 2017

  1. Fixed CSRF vulnerability with low severity - thanks to Ashutosh Singh for reporting this. Fixed in less than 24 hours from the time of the report.
  2. Changed/fixed span wrappers to div wrappers around editable areas - thanks to scsmash3r.
  3. Fixed bug which returned a 404 header to the logged in user.

New themes available, check them out in the WonderCMS demo.
They're all downloadable for free in the WonderCMS themes repository.

2.0.2 - March 31st, 2017

  1. Additional hook added: page - this makes plugin developers lives easier.

New plugin available - easily create new editable areas

- Test this plugin in our WonderCMS demo. The green pluses which enable you to create new editable areas are visible after you log in.

- Download additional contents plugin and upload it to your plugins folder to activate it.

2.0.1 - March 28th, 2017

  1. Fixed bug in function name that caused errors for some users.
  2. Added default font size for settings panel.
  3. Removed unnecessary spaces and semicolons in settings CSS.

2.0.0 - March 18th, 2017

  1. This is the first non-beta release in 9 years.
  2. Major code clean up.
  3. New default theme.
  4. Improved settings panel.
  5. We now update the default theme (default theme.php, style.css) and .htaccess, we used to update only index.php.
  6. database.js versioning, which makes it really easy to define what user gets what update.
  7. "Powered by WonderCMS" link removed from footer. Wohoo freedom.
  8. Developer friendlier.
  9. Plugins are easier to develop.

Important theme.php changes - 8 tags need changing for version 2.0.0

- Easy instructions for replacement can be found here.

Important plugin changes for version 2.0.0

- The following plugins need to be updated:

- The following plugins are unavailable until developers update their plugins: