Migrating from WoltLab Suite 5.5 - Templates#
WoltLab Suite featured a strict allow-list for template modifiers within the enterprise mode since 5.2. This allow-list has proved to be a reliable solution against malicious templates. To improve security and to reduce the number of differences between enterprise mode and non-enterprise mode the allow-list will always be enabled going forward.
It is strongly recommended to keep the template logic as simple as possible by moving the heavy lifting into regular PHP code, reducing the number of (specialized) modifiers that need to be applied.
See WoltLab/WCF#4788 for details.
|date modifiers have been deprecated and replaced by a unified
The main benefit is that it is no longer necessary to specify the
@ symbol when rendering the interactive time element, making it easier to perform a security review of templates by searching for the
See WoltLab/WCF#5459 for details.
In WoltLab Suite 6.0 the comment system has been overhauled. In the process, the integration of comments via templates has been significantly simplified:
An example for the migration of existing template integrations can be found here.
See WoltLab/WCF#5210 for more details.
The styling of the
<button> has been completely removed in WoltLab Suite 6.0 and the element has no longer any kind of styling.
This change allows the element to be used in a lot of places that previously had to use an
a[href="#"][role="button"] to replicate the same behavior.
If you have previously used the button element as an actual button, you should add the CSS class
.button to it.
It is recommended to identify an uses of the anchor element to replicate a native button and to use the proper
<button> element from now on.
Buttons will implicitly submit a form, therefore you should set the
type attribute to explicitly define its behavior.
1 2 3 4 5 6 7 8
See WoltLab/WCF#4834 for more details.