CVE-2021-42171

@@ -6,7 +6,7 @@ Options -Indexes
 
 <ifModule mod_headers.c>
 	Header setifempty Content-Security-Policy "default-src *; img-src * data:; script-src * 'unsafe-eval' 'unsafe-inline'; style-src * 'unsafe-inline'"
-	Header setifempty Feature-Policy "sync-xhr *; camera 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; speaker 'none';"
+	Header setifempty Feature-Policy "sync-xhr *; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; speaker 'none';"
 	Header setifempty Referrer-Policy strict-origin-when-cross-origin
 	Header setifempty X-Content-Type-Options nosniff
 	Header setifempty X-Frame-Options SAMEORIGIN

@@ -25,5 +25,5 @@
 		"vimeo-upload": "*",
 		"wowjs": "*"
 	},
-	"version": "9.0.54156"
+	"version": "9.0.55141"
 }
\ No newline at end of file

@@ -1,99 +1,5 @@
 Installing Zenario CMS

 ======================

 

-System Requirements

--------------------

+Please see [https://zenar.io/how-to-install-zenario](https://zenar.io/how-to-install-zenario).

 

-To run Zenario you will need a web server/hosted account with the following:

-

-*   Apache Server version 2.4.7 or later

-*   PHP version 7.2 or later (PHP 7.4 preferred)

-*   MySQL version 5.7 or later

-*   The GD, libCurl, libJPEG and libPNG libraries, and multibyte support in PHP

-*   Apache mod_rewrite support for .htaccess files (optional but highly recommended)

-*   Linux server (ideally, but may also work on Windows).

-

-Zenario sites will work with all modern, standards-compliant web browsers, however this is

-dependent on how a designer writes CSS and frameworks for the site. If compatibility with

-yet older browsers is required, this should be possible with careful design.

-

-

-In administration mode, Zenario will run on at least the following browsers:

-

-*   Windows with Chrome (stable channel) or equivalent

-*   Windows with Firefox (release channel)

-*   Windows with Microsoft Edge (latest version)

-*   Mac OSX with Chrome (stable channel) or equivalent

-*   Mac OSX with Firefox (release update channel)

-*   Mac OSX with Safari (latest version)

-

-We test on all of the above platforms. Administration mode may be usable on other

-operating systems and browsers, but this is not tested.

-

-

-Place the files on your server

-------------------------------

-

-You should download the `.zip` file, unzip it on your local machine, and then use a FTP

-program to upload the files to your server.

-

-Alternatively, if you have ssh access it's faster to download the `.tar.gz` file,

-upload it to your server and then unpack it by running:

-

-    tar xfz zenario-probusiness-9.0.54149.tar.gz

-

-   

-If you want to run Zenario in the root of a domain (e.g. http://example.com/), you

-should place the files into your server's web directory (sometimes called the public HTML

-directory or the document root) .

-

-If you want to run Zenario from a subdirectory (e.g. http://example.com/cms/), you should

-create a subdirectory with the correct name inside your server's web directory and place

-the files in there.

-

-

-Create directories and set permissions

---------------------------------------

-

-You will need to create two directories:

-

-*   A backup/ directory

-*   A docstore/ directory

-

-These should not be publicly accessible, so you should create them outside of your web

-directory. Zenario will need to write files and folders to these directories, so you need

-to make them writable, e.g. on a UNIX/Linux server:

-

-    chmod 777 backup/

-    chmod 777 docstore/

-    

-

-There are three directories in the CMS that you need to make writable:

-

-*   The cache/ directory

-*   The private/ directory

-*   The public/ directory

-

-E.g. on a UNIX/Linux server:

-

-    chmod 777 cache/

-    chmod 777 private/

-    chmod 777 public/

-    

-

-You can optionally make the `zenario_siteconfig.php` file writable for a smoother install

-process.

-

-

-Run the installer

------------------

-

-To run the installer you need to visit your site using a browser - e.g. by going to

-http://example.com, or http://example.com/cms/ if you are running from a subdirectory.

-

-The installer will then take you through the installation process, during which you will

-need to enter:

-

-*   A name, username and password to connect to a database

-*   A name and an email address to create your first administrator account.

-*   An initial language for your site (you can add more languages later).
\ No newline at end of file

@@ -6,63 +6,71 @@
 What is Zenario?

 -------------------

 

-Zenario is a web-based **content management system** or CMS. It can be used for simple

-sites, with many "wysiwyg" features, but is really designed to run **extranet** sites,

-such as customer portals. It also has **multilingual** features built in from the core.

+Zenario is a web-based **content management system** (CMS). It can be used for simple

+sites, with many "wysiwyg" features for making regular web pages, news items, blogs and

+so on.

+

+It has powerful features for running **extranet** sites, such as customer portals,

+and online databases (e.g. of products, documents or vidoes). 

+

+It also has **multilingual** features built in from the core, so that a site can easily

+be set up to deliver content in in multiple languages.

 

 * Zenario's [Official website](https://zenar.io)

 

 What are the main features?

 ------------------------------

 

-* Free and **completely open source** code written in PHP

+* **Free, open source** code (BSD license) written in PHP

 

-* WYSIWYG tools for arranging page layouts and editing content

+* **WYSIWYG** tools for arranging page layouts and editing content

  

-* Version-controlled content, allowing pages to be previewed and a history to be stored

+* **Permissions system** for managing what administrators can do

+

+* **Page versioning system** allows pages to be created, previewed, and published, and a history 

+  to be stored

  

-* Intuitive tools for managing site navigation

+* **Drag and drop** tools for setting up and modifying site menu navigation

  

-* Support for blogs, news items, events, and other content types **(developers can

+* Support for documents, blogs, news items, events, and other content types, **(developers can

   create their own content types)**

  

-* Ability to create micro-sites

- 

-* **Extranet** user and contact management; full set of user-side extranet features

-  (login, register etc.)

- 

-* Powerful **Forms** feature, with which data can be captured and then emailed or

-  merged with a user's data

- 

-* **Document management** through a familiar folder-like hierarchy, powerful tagging features

+* In-built **image optimisation** so that while full-size images are stored as JPG/PNG, client

+  is served with an optimised WebP image 

+

+* Includes the **Gridmaker** tool for creating responsive layout designs by drag and drop

  

-* Datasets, with which you can easily add fields to many types of data (Users/contacts,

-Documents, Countries etc.)

+* **Extranet** user and contact management; full set of extranet features (login, register etc.)

  

-* **Gridmaker** tool for creating responsive or fixed-width designs using a grid-based design

+* Powerful **Forms** feature, with which data can be captured and then emailed, merged with a 

+  contact's data, or sent to a CRM

  

-* Ability to re-brand administrator interface

+* Data schemas for Users/contacts, Locations, Documents can be modified (adding fields) using

+  Zenario's **Datasets** feature

  

-* Search-engine optimised URLs and other SEO assistance

-

+* Many in-built **search-engine optimisation** features, such as XML sitemap, friendly URLs and more

 

 

 Learn Zenario

 --------------------------------------

 

-* Read our [User Guides](https://zenar.io/user-guides) to learn the basic functions

-

-* Watch our [videos](https://www.youtube.com/channel/UCjzvrpRHM_sUBpZn08BiXmg/videos)

-  to see Zenario in action

+* Watch our [videos](https://zenar.io/video-tutorials) to learn how to use Zenario.

 

 * Access the [Zenario documentation area](https://zenar.io/documentation-area) to get

-  technical help on the workings of the CMS 

+  technical help if you are a designer, or want to write your own modules.

 

 * Can't find what you're looking for? Ask us in the [forum](https://zenar.io/forums).

 

+

+About this repository

+---------------------

+

+This repository contains the latest publicly available version of Zenario. It is a copy of our private repository, with the "bleeding edge" version removed. We're currently not able to accept Pull requests into this repository.

+

+

 Download Zenario

 ---------------------

-* You can download a packaged version of Zenario in either zip, gzip or 7zip format at

-  [zenar.io/download-zenario](https://zenar.io/download-zenario)

+You can download a packaged version of Zenario in zip, gzip or 7zip format at

+  [zenar.io/download-zenario](https://zenar.io/download-zenario).

 

 

@@ -157,12 +157,11 @@ INSERT INTO `[[DB_PREFIX]]plugin_settings` VALUES
  (5,'text',9,'Praesent nec lectus lorem. Nulla facilisi. Nam imperdiet sed dui in viverra.','synchronized_setting','text',NULL,0,'','remove',NULL),
  (6,'html',0,'<h2>Welcome to your new Zenario site!</h2>
 <p>Congratulations, you have just installed your new Zenario site.</p>
-<p>You may add another page by clicking "Menu" on the Admin Toolbar, then clicking a yellow icon with the "star" symbol. When you do this, you can create an HTML web page content item and a menu node linking to it.</p>
-<p>Content items will be visible to administrators only until published. Click on the "Publish" button to make them visible to regular site visitors.</p>
-<p>You will also need to make your site visible to visitors by enabling it in Organizer, in the <a href="zenario/admin/organizer.php#zenario__administration/panels/site_settings//site_disabled">Configuration -&gt; Site settings</a> section.</p>
+<p>You may add another page by clicking "New..." on the Admin Toolbar, then selecting what kind of content to create. Initially you may just see HTML pages but you can enable more Content Types by going into Organizer, <a href="organizer.php?#zenario__modules/panels/modules~-zenario_ctype">then Modules, and search for Content Type modules</a>.</p>
+<p>Pages (called "content items" in Zenario) will be created as drafts and visible to administrators only. Click on the "Publish" button to make them visible to regular site visitors.</p>
 <p>You can get support and downloads at <a href="https://zenar.io" target="_blank" rel="noopener">https://zenar.io</a>.</p>
 <p>We hope you enjoy using Zenario.</p>','version_controlled_content','translatable_html',NULL,0,'','remove',NULL),
- (7,'image',0,12,'synchronized_setting','text','file',12,'','remove',NULL),
+(7,'image',0,12,'synchronized_setting','text','file',12,'','remove',NULL),
  (7,'image_source',0,'_CUSTOM_IMAGE','synchronized_setting','text',NULL,0,'','remove',NULL),
  (7,'title',0,'Just a nice image','synchronized_setting','translatable_text',NULL,0,'','remove',NULL),
  (7,'text',0,'<p>This is another <em>Banner</em> plugin (we use them a lot for calls-to-action).</p>','synchronized_setting','translatable_html',NULL,0,'','remove',NULL),

@@ -27,7 +27,7 @@
  */
 if (!defined('NOT_ACCESSED_DIRECTLY')) exit('This file may not be directly accessed');
 
-define('LATEST_REVISION_NO', 53604);	//N.b. 9.1 starts at revision #53700
+define('LATEST_REVISION_NO', 53605);	//N.b. 9.1 starts at revision #53700
 define('LATEST_BIG_CHANGE_REVISION_NO', 53604);
 define('INSTALLER_REVISION_NO', 53100);
 define('INSTALLER_DEFAULT_THEME', 'blackdog');
@@ -38,6 +38,6 @@
 define('ZENARIO_MAJOR_VERSION', '9');
 define('ZENARIO_MINOR_VERSION', '0');
 define('ZENARIO_IS_BUILD', true);
-define('ZENARIO_REVISION', '54156');
+define('ZENARIO_REVISION', '55141');
 
 define('TINYMCE_DIR', 'zenario/libs/manually_maintained/lgpl/tinymce_4_7_3/');
\ No newline at end of file

@@ -1379,4 +1379,12 @@
 _sql
 
 
+//Remove any "HTML" files from the allowed file types table
+);	ze\dbAdm::revision( 53605
+, <<<_sql
+	DELETE FROM `[[DB_PREFIX]]document_types`
+	WHERE `type` IN ('htm', 'html', 'htt', 'mhtml', 'stm', 'xhtml')
+_sql
+
+
 );
\ No newline at end of file

@@ -97,9 +97,6 @@
 		('hqx', 'application/mac-binhex40', 0),
 		('hta', 'application/hta', 0),
 		('htc', 'text/x-component', 0),
-		('htm', 'text/html', 0),
-		('html', 'text/html', 0),
-		('htt', 'text/webviewhtml', 0),
 		('ico', 'image/x-icon', 0),
 		('ief', 'image/ief', 0),
 		('iii', 'application/x-iphone', 0),
@@ -124,7 +121,6 @@
 		('mdb', 'application/x-msaccess', 0),
 		('me', 'application/x-troff-me', 0),
 		('mht', 'message/rfc822', 0),
-		('mhtml', 'message/rfc822', 0),
 		('mid', 'audio/mid', 0),
 		('midi', 'audio/mid', 0),
 		('mny', 'application/x-msmoney', 0),
@@ -206,7 +202,6 @@
 		('src', 'application/x-wais-source', 0),
 		('sst', 'application/vnd.ms-pkicertstore', 0),
 		('stl', 'application/vnd.ms-pkistl', 0),
-		('stm', 'text/html', 0),
 		('sv4cpio', 'application/x-sv4cpio', 0),
 		('sv4crc', 'application/x-sv4crc', 0),
 		('svg', 'image/svg+xml', 0),
@@ -242,7 +237,6 @@
 		('wrz', 'x-world/x-vrml', 0),
 		('xaf', 'x-world/x-vrml', 0),
 		('xbm', 'image/x-xbitmap', 0),
-		('xhtml', 'application/xhtml+xml', 0),
 		('xla', 'application/vnd.ms-excel', 0),
 		('xlam', 'application/vnd.ms-excel.addin.macroEnabled.12', 0),
 		('xlc', 'application/vnd.ms-excel', 0),

@@ -761,31 +761,9 @@
 }
 //For Maximum Content File Size settings we need to update value from bytes to MB
 if (ze\dbAdm::needRevision(52220)) {
+	$filesizevalue = ze::setting('content_max_filesize', false);
+	$filesizeUnit = ze::setting('content_max_filesize_unit', false);
 	
-	$filesizevalueArr = ze\row::get('site_settings', ['value','default_value'], ['name' => "content_max_filesize"]);
-	$filesizeUnit = ze\row::get('site_settings', 'value', ['name' => "content_max_filesize_unit"]);
-	$unitInsert = false;
-	if(isset($filesizevalueArr['value']) && $filesizevalueArr['value']){
-		if(!$filesizeUnit){
-			if  (ze\row::exists('site_settings', ['name' => "content_max_filesize_unit"])) {
-				$unitInsert = false;
-			} else {
-				$unitInsert = true;
-			}
-		} else {
-			$unitInsert = false;
-		}
-		$filesizevalue = $filesizevalueArr['value'];
-	}
-	else{
-		if (isset($filesizevalueArr['default_value']) && $filesizevalueArr['default_value']) {
-			
-			$filesizevalue = $filesizevalueArr['default_value'];
-			$unitInsert = true;
-			
-		}
-		
-	}
 	if ($filesizevalue && !$filesizeUnit) {
 		
 		if ($filesizevalue < 1000000) {
@@ -797,21 +775,15 @@
 			$fileValue = $convertArray[0];
 			$fileUnit = $convertArray[1];
 		}
-		if ($fileValue) {
-			ze\row::update('site_settings', ['value' => round($fileValue)], ['name' => "content_max_filesize"]);
-		}
-		if ($fileUnit) {
-			if($unitInsert){
-				ze\row::insert(
-								'site_settings',
-								['name' => 'content_max_filesize_unit', 'default_value' => 'MB', 'encrypted' => 0, 'secret' => 0, 'protect_from_database_restore' => 0,'value' => $fileUnit]	
-								);
-			}
-			else{
-				ze\row::update('site_settings', ['value' => $fileUnit], ['name' => "content_max_filesize_unit"]);
-			}
-		}
+		
+		ze\site::setSetting('content_max_filesize', $filesizevalue);
+		ze\site::setSetting('content_max_filesize_unit', $filesizeUnit);
+	
+	} elseif (!$filesizevalue) {
+		ze\site::setSetting('content_max_filesize', 20);
+		ze\site::setSetting('content_max_filesize_unit', 'MB');
 	}
+	
 	ze\dbAdm::revision(52220);
 }
 

@@ -22,7 +22,7 @@
 
 	//If a checksum was given, we can cache this file
 	if (!empty($_GET['checksum'])) {
-		$ETag = 'zenario-layout_thumbnail-'. $_SERVER['HTTP_HOST']. '-'. http_build_query($_GET);
+		$ETag = 'zenario-layout_thumbnail-'. $_SERVER['HTTP_HOST']. '-'. preg_replace('@[^\w\.-]@', '', http_build_query($_GET));
 		ze\cache::useBrowserCache($ETag);
 	}
  	

@@ -390,26 +390,6 @@ diagnostics:
                         html: " "
                     visible_if: zenarioAW.togglePressed(field)
                 
-                dir_3:
-                    grouping: sub_table
-                    full_width: true
-                    row_class: sub_level
-                    hidden: true
-                    snippet:
-                        html: Templates Directory
-                    visible_if: zenarioAW.togglePressed(field, 2)
-                show_dir_3: *show_subsection
-                    hidden: true
-                dir_3_blurb:
-                    grouping: sub_table
-                    hidden: true
-                    full_width: true
-                    row_class: sub_field
-                    snippet:
-                        html: |
-                            Zenario uses template files to form the layout of web pages.
-                            These may be edited by an administrator.
-                    visible_if: zenarioAW.togglePressed(field)
                 template_dir: &readonly_dir
                     grouping: sub_table
                     hidden: true
@@ -436,7 +416,14 @@ diagnostics:
                     snippet:
                         html: ''
                     visible_if: zenarioAW.togglePressed(field)
-                skin_dir_1: *readonly_dir
+                skin_dir_1: &readonly_dir
+                    grouping: sub_table
+                    hidden: true
+                    full_width: true
+                    row_class: sub_field
+                    type: text
+                    readonly: readonly
+                    visible_if: zenarioAW.togglePressed(field)
                 skin_dir_status_1: *dir_status
                 skin_dir_2: *readonly_dir
                 skin_dir_status_2: *dir_status

@@ -1938,4 +1938,39 @@ public static function getContentItemsWithPluginsThatMustBeOnPublicOrPrivatePage
 			return false;
 		}
 	}
+	
+	
+	
+	public static function debugAndReportLayoutError($file = false) {
+		
+		if (!is_dir(CMS_ROOT. 'cache/')) {
+			\ze\contentAdm::reportLayoutError('The cache/ directory does not exist, please create it.');
+		
+		} elseif (!is_writable(CMS_ROOT. 'cache/')) {
+			\ze\contentAdm::reportLayoutError('The cache/ directory is not writable by the web server, please make it writable.');
+		
+		} elseif (!is_dir(CMS_ROOT. 'cache/layouts/')) {
+			\ze\contentAdm::reportLayoutError('The cache/layouts/ directory does not exist, please create it.');
+		
+		} elseif (!is_writable(CMS_ROOT. 'cache/layouts/')) {
+			\ze\contentAdm::reportLayoutError('The cache/layouts/ directory is not writable by the web server, please make it writable.');
+		
+		} elseif ($file && is_dir(dirname(CMS_ROOT. $file)) && !is_writable(dirname(CMS_ROOT. $file))) {
+			\ze\contentAdm::reportLayoutError('The sub-directories in the cache/layouts/ directory are not writable by the web server, please make them writable.');
+		
+		} elseif ($file && is_file(CMS_ROOT. $file) && !is_writable(CMS_ROOT. $file)) {
+			\ze\contentAdm::reportLayoutError('The files in the cache/layouts/ directory are not writable by the web server, please make them writable.');
+		}
+		
+		exit;
+	}
+	
+	public static function reportLayoutError($msg) {
+		echo 
+			'<div style="padding:auto; margin:auto; text-align: center; position: absolute; top: 35%; width: 100%;">',
+				htmlspecialchars($msg),
+			'</div>';
+		
+		\ze\db::reportError('Layouts not writable on ', $msg);
+	}
 }

@@ -1565,14 +1565,14 @@ public static function layoutDetails($layoutId, $showUsage = true, $checkIfDefau
 
 
 	
-	public static function layoutHtmlPath($layoutId) {
-		return self::generateLayoutFiles($layoutId, true, false);
+	public static function layoutHtmlPath($layoutId, $reportErrors = false) {
+		return self::generateLayoutFiles($layoutId, true, false, $reportErrors);
 	}
-	public static function layoutCssPath($layoutId) {
-		return self::generateLayoutFiles($layoutId, false, true);
+	public static function layoutCssPath($layoutId, $reportErrors = false) {
+		return self::generateLayoutFiles($layoutId, false, true, $reportErrors);
 	}
 	
-	private static function generateLayoutFiles($layoutId, $generateHTML, $generateCSS) {
+	private static function generateLayoutFiles($layoutId, $generateHTML, $generateCSS, $reportErrors = false) {
 		if ($layout = \ze\content::layoutDetails($layoutId, $showUsage = false, $checkIfDefault = false)) {
 			$codeName = $layout['code_name'];
 			if ($layoutDir = \ze\cache::createDir($codeName. '_'. $layout['json_data_hash'], 'cache/layouts')) {
@@ -1582,37 +1582,45 @@ private static function generateLayoutFiles($layoutId, $generateHTML, $generateC
 				$cssFile = $layoutDir. $codeName. '.css';
 				
 				if ($generateHTML && !file_exists(CMS_ROOT. $tplFile)) {
-					if (!is_writable(CMS_ROOT. $layoutDir)) {
-						return false;
-					}
-					
-					$html = '';
-					$slots = [];
-					$data = \ze\row::get('layouts', 'json_data', $layoutId);
+					if (is_writable(CMS_ROOT. $layoutDir)) {
+						$html = '';
+						$slots = [];
+						$data = \ze\row::get('layouts', 'json_data', $layoutId);
 					
-					\ze\gridAdm::generateHTML($html, $data, $slots);
+						\ze\gridAdm::generateHTML($html, $data, $slots);
 					
-					if (file_put_contents(CMS_ROOT. $tplFile, $html)) {
-						\ze\cache::chmod(CMS_ROOT. $tplFile);
+						if (file_put_contents(CMS_ROOT. $tplFile, $html)) {
+							\ze\cache::chmod(CMS_ROOT. $tplFile);
+						} elseif ($reportErrors) {
+							\ze\contentAdm::debugAndReportLayoutError($tplFile);
+						} else {
+							return false;
+						}
+					} elseif ($reportErrors) {
+						\ze\contentAdm::debugAndReportLayoutError($tplFile);
 					} else {
 						return false;
 					}
 				}
 				
 				if ($generateCSS && !file_exists(CMS_ROOT. $cssFile)) {
-					if (!is_writable(CMS_ROOT. $layoutDir)) {
-						return false;
-					}
-					
-					$html = '';
-					if ($data === null) {
-						$data = \ze\row::get('layouts', 'json_data', $layoutId);
-					}
+					if (is_writable(CMS_ROOT. $layoutDir)) {
+						$html = '';
+						if ($data === null) {
+							$data = \ze\row::get('layouts', 'json_data', $layoutId);
+						}
 					
-					\ze\gridAdm::generateCSS($css, $data);
+						\ze\gridAdm::generateCSS($css, $data);
 					
-					if (file_put_contents(CMS_ROOT. $cssFile, $css)) {
-						\ze\cache::chmod(CMS_ROOT. $cssFile);
+						if (file_put_contents(CMS_ROOT. $cssFile, $css)) {
+							\ze\cache::chmod(CMS_ROOT. $cssFile);
+						} elseif ($reportErrors) {
+							\ze\contentAdm::debugAndReportLayoutError($cssFile);
+						} else {
+							return false;
+						}
+					} elseif ($reportErrors) {
+						\ze\contentAdm::debugAndReportLayoutError($cssFile);
 					} else {
 						return false;
 					}
@@ -1629,6 +1637,9 @@ private static function generateLayoutFiles($layoutId, $generateHTML, $generateC
 						return $cssFile;
 					}
 				}
+			
+			} elseif ($reportErrors) {
+				\ze\contentAdm::debugAndReportLayoutError();
 			}
 		}
 		

@@ -953,9 +953,10 @@ public static function callMySQL($mysqldump, $args = '', $input = '') {
 	public static function testMySQL($mysqldump) {
 		$result = \ze\dbAdm::callMySQL($mysqldump, ' --version');
 	
-		return $result
-			&& strpos($result, ($mysqldump? 'mysqldump' : 'mysql'). '  Ver') !== false
-			&& strpos($result, 'Distrib ') !== false;
+		return $result && (
+			strpos($result, ($mysqldump? 'mysqldump' : 'mysql'). '  Ver') !== false
+		 || strpos($result, 'Distrib ') !== false
+		);
 	}
 
 

@@ -42,6 +42,10 @@ public static function utf8($text) {
 		return mb_convert_encoding($text, 'UTF-8', 'UTF-8');
 	}
 	
+	public static function asciiInSQL($text) {
+		return \ze::$dbL->con->escape_string(preg_replace('@[^(\x20-\x7E)]*@', '', $text));
+	}
+	
 	
 
 	//This function is used in AJAX requests to send additional metadata and flags to the JavaScript running on the client.
@@ -207,6 +211,9 @@ public static function in($csv, $escaping = -1, $prefix = false) {
 			} elseif ($escaping === 'sql') {
 				$sql .= "'". \ze\escape::sql($var). "'";
 		
+			} elseif ($escaping === 'asciiInSQL') {
+				$sql .= "'". \ze\escape::asciiInSQL($var). "'";
+		
 			} elseif ($escaping === 'identifier') {
 				if ($prefix) {
 					$sql .= $prefix. ".";

@@ -328,6 +328,17 @@ public static function exitIfUploadError($adminFacing, $checkIsAllowed = true, $
 		if ($doVirusScan) {
 			\ze\fileAdm::exitIfVirusInFile($adminFacing, $path, $name, true);
 		}
+		
+		//Any SVGs that are uploaded should be sanitsed as a precaution against XSS attacks.
+		if (\ze\file::mimeType($name) == 'image/svg+xml') {
+			if (is_writable($path)) {
+				require_once CMS_ROOT. 'zenario/libs/manually_maintained/mit/SVG-Sanitizer/SvgSanitizer.php';
+				$SvgSanitizer = new \SvgSanitizer();
+				$SvgSanitizer->load($path);
+				$SvgSanitizer->sanitize();
+				$SvgSanitizer->save($path);
+			}
+		}
 	}
 	
 	public static function exitIfVirusInFile($adminFacing, $path, $name, $autoDelete = false) {

@@ -612,6 +612,13 @@ public static function isExecutable($extension) {
 			case 'phtm':
 			case 'phtml':
 			case 'sh':
+			//As of 9.0, we now globally block users from uploading HTML files
+			case 'htm':
+			case 'html':
+			case 'htt':
+			case 'mhtml':
+			case 'stm':
+			case 'xhtml':
 				return true;
 			default:
 				return false;

@@ -74,7 +74,10 @@
 //In 9.0, we're experiementing with disabling the feature that remembers the page mode/admin toolbar mode.
 //However we wish to test it out first, so rather than going to all of the effort to rip it out straight
 //away, I've added this line to try and counteract it, just so we can try it out.
-$_SESSION['page_mode'] = $_SESSION['page_toolbar'] = 'preview';
+//$_SESSION['page_mode'] = $_SESSION['page_toolbar'] = 'preview';
+	//This caused a few things to break, e.g. when making a draft from a published page.
+	//It's been removed on HEAD by Marcin, 12 Jul 2021.
+	//This removal has also been patched back by Chris, 21 Jul 2021.
 
 
 

@@ -82,7 +82,7 @@ public static function setSetting($settingName, $value, $updateDB = true, $encry
 					secret = ". (int) $secret;
 			}
 			
-			\ze\sql::update($sql, false, $clearCache);
+			\ze\sql::update($sql, $clearCache);
 		}
 	}
 

@@ -877,8 +877,26 @@ public static function parse2(&$tags, &$removedColumns, $type, $requestedPath =
 			//Strip out any tags/sections that require a priv that the current admin does not have
 			foreach ($tags as $key => &$value) {
 				if ((string) $key == 'priv') {
-					if (!\ze\priv::check((string) $value)) {
-						return false;
+					
+					//Allow a list of permissions to be checked.
+					//The element should be shown if the current admin has rights on one of the checks given.
+					if (is_array($value)) {
+						$privCheckMet = false;
+						
+						foreach ($value as $privCheck) {
+							if (\ze\priv::check((string) $privCheck)) {
+								$privCheckMet = true;
+								break;
+							}
+						}
+						
+						if (!$privCheckMet) {
+							return false;
+						}
+					} else {
+						if (!\ze\priv::check((string) $value)) {
+							return false;
+						}
 					}
 			
 				} elseif ((string) $key == 'local_admins_only') {

@@ -503,7 +503,13 @@ public static function systemRequirementsAJAX(&$source, &$tags, &$fields, &$valu
 				if (\ze::setting('mysql_path') && ($mysqlServerVersion = \ze\dbAdm::callMySQL(false, ' --version'))) {
 					$mysqlServerVersion = \ze\ring::chopPrefix(\ze::setting('mysql_path'), $mysqlServerVersion, true);
 					$matches = [];
-					if ($matches = preg_split('@Distrib ([\d\.]+)@', $mysqlServerVersion, 2, PREG_SPLIT_DELIM_CAPTURE)) {
+					
+					if (
+						//Pre MySQL 8
+						($matches = preg_split('@Distrib ([\d\.]+)@', $mysqlServerVersion, 2, PREG_SPLIT_DELIM_CAPTURE))
+						//MySQL 8+
+					 || ($matches = preg_split('@Ver ([\d\.]+)@', $mysqlServerVersion, 2, PREG_SPLIT_DELIM_CAPTURE))
+					) {
 						if (!empty($matches[1])) {
 							if (!\ze\welcome::compareVersionNumber($mysqlVersion, $matches[1])) {
 								$mysqlVersion = $mysqlServerVersion;
@@ -1416,6 +1422,7 @@ public static function installerAJAX(&$source, &$tags, &$fields, &$values, $chan
 				//}
 			
 				if (empty($fields['4/theme']['values'])) {
+					$values['4/theme'] = INSTALLER_DEFAULT_THEME;
 					$fields['4/theme']['values'] = [];
 					foreach (\ze\welcome::listSampleThemes() as $dir => $imageSrc) {
 						$fields['4/theme']['values'][$dir] = [
@@ -2524,9 +2531,13 @@ public static function diagnosticsAJAX(&$source, &$tags, &$fields, &$values, $ch
 						}
 					}
 				}
+			}
+
+			if ($adminhtml) {
 				$adminhtml .= '</p>';
 			}
 		}
+
 		$fields['0/show_administrators_logins']['hidden'] = empty($adminhtml);
 		$fields['0/show_administrators_logins']['snippet']['html'] = $adminhtml;
 		$fields['0/show_administrators_logins']['row_class'] = 'section_valid';
@@ -2603,60 +2614,6 @@ public static function diagnosticsAJAX(&$source, &$tags, &$fields, &$values, $ch
 			$fields['0/backup_dir_status']['snippet']['html'] = \ze\admin::phrase('The directory <code>[[basename]]</code> exists and is writable.', $mrg);
 		}
 	
-	
-		//Check to see if the templates & grid templates directories exist,
-		//and that the grid templates directory and all of the files inside are writable.
-		//(A site setting can be set to stop this check.)
-		$mrg = [
-			'dir' => $dir = $tdir,
-			'basename' => $dir? htmlspecialchars(basename($dir)) : ''];
-	
-		if (!is_dir($tdir)) {
-			$fields['0/template_dir_status']['row_class'] = 'sub_invalid';
-			$fields['0/template_dir_status']['snippet']['html'] = \ze\admin::phrase('The directory <code>[[basename]]</code> does not exist.', $mrg);
-	
-		} elseif (!\ze\welcome::directoryIsWritable($tdir)) {
-			$fields['0/template_dir_status']['row_class'] = 'sub_invalid';
-			$fields['0/template_dir_status']['snippet']['html'] = \ze\admin::phrase('The directory <code>[[basename]]</code> is not writable.', $mrg);
-
-		} else {
-			$fileWritable = false;
-			$fileNotWritable = false;
-			foreach (scandir($tdir) as $sdir) {
-				if (is_file($tdir. '/'. $sdir)) {
-					if (is_writable($tdir. '/'. $sdir)) {
-						$fileWritable = true;
-					} else {
-						if ($fileNotWritable === false) {
-							$fileNotWritable = $sdir;
-						} else {
-							$fileNotWritable = true;
-						}
-					}
-				}
-			}
-		
-			if ($fileNotWritable === true) {
-				if ($fileWritable) {
-					$fields['0/template_dir_status']['row_class'] = 'sub_invalid';
-					$fields['0/template_dir_status']['snippet']['html'] = \ze\admin::phrase('Some of the files in the <code>[[basename]]</code> directory are not writable by the web server (e.g. use &quot;chmod 666 *.tpl.php *.css&quot;).', $mrg);
-				} else {
-					$fields['0/template_dir_status']['row_class'] = 'sub_invalid';
-					$fields['0/template_dir_status']['snippet']['html'] = \ze\admin::phrase('The files in the <code>[[basename]]</code> directory are not writable by the web server, please make them writable (e.g. use &quot;chmod 666 *.tpl.php *.css&quot;).', $mrg);
-				}
-		
-			} elseif ($fileNotWritable !== false) {
-				$fields['0/template_dir_status']['row_class'] = 'sub_invalid';
-				$fields['0/template_dir_status']['snippet']['html'] =
-					\ze\admin::phrase('<code>[[short_path]]</code> is not writable, please make it writable (e.g. use &quot;chmod 666 [[file]]&quot;).',
-						['short_path' => htmlspecialchars('grid_templates/'. $fileNotWritable), 'file' => htmlspecialchars($fileNotWritable)]);
-		
-			} else {
-				$fields['0/template_dir_status']['row_class'] = 'sub_valid';
-				$fields['0/template_dir_status']['snippet']['html'] = \ze\admin::phrase('The directory <code>[[basename]]</code> exists and is writable.', $mrg);
-			}
-		}
-	
 		//Loop through all of the skins in the system (max 9) and check their editable_css directories
 		$i = 0;
 		$maxI = 9;
@@ -2678,7 +2635,6 @@ public static function diagnosticsAJAX(&$source, &$tags, &$fields, &$values, $ch
 			$tags['tabs'][0]['fields']['skin_dir_'. $i]['current_value'] = $skinWritableDir;
 		
 			$mrg = [
-				'dir' => $dir = $tdir,
 				'basename' => $dir? htmlspecialchars(basename($skinWritableDir)) : '',
 				'2dir' => $dir? htmlspecialchars($skin['name']. '/editable_css') : ''
 			];
@@ -2841,16 +2797,6 @@ public static function diagnosticsAJAX(&$source, &$tags, &$fields, &$values, $ch
 			$fields['0/dir_2']['row_class'] = 'sub_section_invalid';
 		}
 	
-		if ($fields['0/template_dir_status']['row_class'] == 'sub_invalid') {
-			$showCheckAgainButton =
-			$fields['0/show_dirs']['pressed'] =
-			$fields['0/show_dir_3']['pressed'] = true;
-			$fields['0/dirs']['row_class'] = 'section_invalid';
-			$fields['0/dir_3']['row_class'] = 'sub_section_invalid';
-		} else {
-			$fields['0/dir_3']['row_class'] = 'sub_section_valid';
-		}
-	
 		if ($fields['0/cache_dir_status']['row_class'] == 'sub_invalid') {
 			$showCheckAgainButton =
 			$fields['0/show_dirs']['pressed'] =

@@ -35,7 +35,7 @@
 require 'basicheader.inc.php';
 
 //Ensure that the site name and subdirectory are part of the ETag, as modules can have different ids on different servers
-$ETag = 'zenario-cookie_message-'. LATEST_REVISION_NO. '--'. $_SERVER["HTTP_HOST"]. '-'. $_GET['type'];
+$ETag = 'zenario-cookie_message-'. LATEST_REVISION_NO. '--'. $_SERVER["HTTP_HOST"]. '-'. preg_replace('@[^\w\.-]@', '', $_GET['type']);
 
 //Cache this combination of running Plugin JavaScript
 ze\cache::useBrowserCache($ETag);

@@ -152,7 +152,7 @@
 			}
 			
 			
-			$html = str_replace('<body class="no_js '. ze\cache::browserBodyClass(), '<body class="no_js [[%browser%]] ', ob_get_contents());
+			$html = str_replace('<body class="desktop no_js '. ze\cache::browserBodyClass(), '<body class="desktop no_js [[%browser%]] ', ob_get_contents());
 			
 			
 			//Note down any images from the cache directory that are in the page

@@ -203,8 +203,8 @@ function zenarioPageCacheLogStats($stats) {
 												
 													ze\cache::start();
 													$page = file_get_contents($chPath. 'page.html');
-													if (false !== $pos = strpos($page, '<body class="no_js [[%browser%]]')) {
-														echo substr($page, 0, $pos), '<body class="no_js '. ze\cache::browserBodyClass(), substr($page, $pos + 32);
+													if (false !== $pos = strpos($page, '<body class="desktop no_js [[%browser%]]')) {
+														echo substr($page, 0, $pos), '<body class="desktop no_js '. ze\cache::browserBodyClass(), substr($page, $pos + 40);
 													} else {
 														echo $page;
 													}

@@ -101,12 +101,6 @@
 require CMS_ROOT. 'zenario/visitorheader.inc.php';
 
 
-//Backwards compatability for template files from version 7
-function slot($slotName, $mode = false) {
-	return ze\plugin::slot($slotName, $mode);
-}
-
-
 if ($isAdmin = ze::isAdmin()) {
 	require CMS_ROOT. 'zenario/adminheader.inc.php';
 	ze\skinAdm::checkForChangesInFiles();
@@ -156,14 +150,8 @@ function slot($slotName, $mode = false) {
 	//N.b. an empty string ('') is used for a private page, if a visitor is not logged in
 	//A 0 is used if a visitor is logged in and still can't see the page
 
-//If a page was requested but couldn't be shown...
-if ($status === ZENARIO_403_NO_PERMISSION) {
-	//Show the no-access if this page is not accessible
-	header('HTTP/1.0 403 Forbidden');
-	ze\content::langSpecialPage('zenario_no_access', $cID, $cType);
-	$status = ze\content::getShowableContent($content, $chain, $version, $cID, $cType);
-
-} elseif ($status === ZENARIO_401_NOT_LOGGED_IN) {
+//Catch the case where someone who is not logged in is requesting a private page
+if ($status === ZENARIO_401_NOT_LOGGED_IN) {
 	//Set the destination so the Visitor can come back here when logged in
 	if ($content) {
 		$_SESSION['destCID'] = $content['id'];
@@ -181,6 +169,19 @@ function slot($slotName, $mode = false) {
 	header('HTTP/1.0 401 Authentication Required');
 	ze\content::langSpecialPage('zenario_login', $cID, $cType);
 	$status = ze\content::getShowableContent($content, $chain, $version, $cID, $cType);
+	
+	//If there's something wrong with the login page, show the "Access Permission Denied (401)" page as a fallback
+	if (!$status) {
+		$status = ZENARIO_403_NO_PERMISSION;
+	}
+}
+
+//If a page was requested but couldn't be shown...
+if ($status === ZENARIO_403_NO_PERMISSION) {
+	//Show the no-access if this page is not accessible
+	header('HTTP/1.0 403 Forbidden');
+	ze\content::langSpecialPage('zenario_no_access', $cID, $cType);
+	$status = ze\content::getShowableContent($content, $chain, $version, $cID, $cType);
 
 } elseif (!$status) {
 	//Show the no-access if this page does not exist
@@ -566,7 +567,7 @@ class="
 	ze\content::pageBody('zenario_showing_preview', '', true);
 	echo $skinDiv, $templateDiv, $contentItemDiv;
 	
-	if ($tplFile = ze\content::layoutHtmlPath(ze::$layoutId)) {
+	if ($tplFile = ze\content::layoutHtmlPath(ze::$layoutId, true)) {
 		require CMS_ROOT. $tplFile;
 	}
 	
@@ -607,7 +608,7 @@ class="
 	echo $skinDiv, $templateDiv, $contentItemDiv;
 	
 
-	if ($tplFile = ze\content::layoutHtmlPath(ze::$layoutId)) {
+	if ($tplFile = ze\content::layoutHtmlPath(ze::$layoutId, true)) {
 		require CMS_ROOT. $tplFile;
 		ze\plugin::checkSlotsWereUsed();
 	}

@@ -561,7 +561,8 @@ zenarioAB.svgSelected = function(fieldName) {
 //Change a child-checkbox
 zenarioAB.adminPermChange = function(parentName, childrenName, toggleName, n, c) {
 	var parentChecked = true,
-		parentClass;
+		parentClass,
+		fields = zenarioAB.tuix.tabs[zenarioAB.tuix.tab].fields;
 	
 	//Count how many checkboxes are on the page, and how many of these are checked
 	if (!defined(n)) {
@@ -581,18 +582,25 @@ zenarioAB.adminPermChange = function(parentName, childrenName, toggleName, n, c)
 	}
 	
 	get(parentName).checked =
-	zenarioAB.tuix.tabs[zenarioAB.tuix.tab].fields[parentName].current_value = parentChecked;
+	fields[parentName].current_value = parentChecked;
 	
 	$(get('row__' + parentName))
 		.removeClass('zenario_permgroup_empty')
 		.removeClass('zenario_permgroup_half_full')
 		.removeClass('zenario_permgroup_full')
 		.addClass(parentClass);
 	
+	fields[parentName].row_class =
+		fields[parentName].row_class
+			.replace(' zenario_permgroup_empty', '')
+			.replace(' zenario_permgroup_half_full', '')
+			.replace(' zenario_permgroup_full', '')
+			+ ' ' + parentClass;
+	
 	//Set the "X / Y" display on the toggle
 	get(toggleName).value =
-	zenarioAB.tuix.tabs[zenarioAB.tuix.tab].fields[toggleName].value =
-	zenarioAB.tuix.tabs[zenarioAB.tuix.tab].fields[toggleName].current_value = c + '/' + n;
+	fields[toggleName].value =
+	fields[toggleName].current_value = c + '/' + n;
 };
 
 //Change the parent checkbox
@@ -618,7 +626,7 @@ zenarioAB.adminParentPermChange = function(parentName, childrenName, toggleName)
 	if (visibleChildren) {
 		$children.each(function(i, el) {
 			el.checked = checked;
-			//$children.attr('checked', checked? 'checked' : false);
+			//$children.prop('checked', checked? 'checked' : false);
 		});
 	}
 	

@@ -2,22 +2,22 @@
 $jscomp.defineProperty=$jscomp.ASSUME_ES5||"function"==typeof Object.defineProperties?Object.defineProperty:function(d,f,h){if(d==Array.prototype||d==Object.prototype)return d;d[f]=h.value;return d};$jscomp.getGlobal=function(d){d=["object"==typeof globalThis&&globalThis,d,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var f=0;f<d.length;++f){var h=d[f];if(h&&h.Math==Math)return h}throw Error("Cannot find global object");};$jscomp.global=$jscomp.getGlobal(this);
 $jscomp.IS_SYMBOL_NATIVE="function"===typeof Symbol&&"symbol"===typeof Symbol("x");$jscomp.TRUST_ES6_POLYFILLS=!$jscomp.ISOLATE_POLYFILLS||$jscomp.IS_SYMBOL_NATIVE;$jscomp.polyfills={};$jscomp.propertyToPolyfillSymbol={};$jscomp.POLYFILL_PREFIX="$jscp$";var $jscomp$lookupPolyfilledValue=function(d,f){var h=$jscomp.propertyToPolyfillSymbol[f];if(null==h)return d[f];h=d[h];return void 0!==h?h:d[f]};
 $jscomp.polyfill=function(d,f,h,k){f&&($jscomp.ISOLATE_POLYFILLS?$jscomp.polyfillIsolated(d,f,h,k):$jscomp.polyfillUnisolated(d,f,h,k))};$jscomp.polyfillUnisolated=function(d,f,h,k){h=$jscomp.global;d=d.split(".");for(k=0;k<d.length-1;k++){var m=d[k];if(!(m in h))return;h=h[m]}d=d[d.length-1];k=h[d];f=f(k);f!=k&&null!=f&&$jscomp.defineProperty(h,d,{configurable:!0,writable:!0,value:f})};
-$jscomp.polyfillIsolated=function(d,f,h,k){var m=d.split(".");d=1===m.length;k=m[0];k=!d&&k in $jscomp.polyfills?$jscomp.polyfills:$jscomp.global;for(var v=0;v<m.length-1;v++){var q=m[v];if(!(q in k))return;k=k[q]}m=m[m.length-1];h=$jscomp.IS_SYMBOL_NATIVE&&"es6"===h?k[m]:null;f=f(h);null!=f&&(d?$jscomp.defineProperty($jscomp.polyfills,m,{configurable:!0,writable:!0,value:f}):f!==h&&($jscomp.propertyToPolyfillSymbol[m]=$jscomp.IS_SYMBOL_NATIVE?$jscomp.global.Symbol(m):$jscomp.POLYFILL_PREFIX+m,m=
+$jscomp.polyfillIsolated=function(d,f,h,k){var m=d.split(".");d=1===m.length;k=m[0];k=!d&&k in $jscomp.polyfills?$jscomp.polyfills:$jscomp.global;for(var v=0;v<m.length-1;v++){var r=m[v];if(!(r in k))return;k=k[r]}m=m[m.length-1];h=$jscomp.IS_SYMBOL_NATIVE&&"es6"===h?k[m]:null;f=f(h);null!=f&&(d?$jscomp.defineProperty($jscomp.polyfills,m,{configurable:!0,writable:!0,value:f}):f!==h&&($jscomp.propertyToPolyfillSymbol[m]=$jscomp.IS_SYMBOL_NATIVE?$jscomp.global.Symbol(m):$jscomp.POLYFILL_PREFIX+m,m=
 $jscomp.propertyToPolyfillSymbol[m],$jscomp.defineProperty(k,m,{configurable:!0,writable:!0,value:f})))};$jscomp.initSymbol=function(){};$jscomp.initSymbolIterator=function(){};$jscomp.initSymbolAsyncIterator=function(){};$jscomp.iteratorPrototype=function(d){d={next:d};d[Symbol.iterator]=function(){return this};return d};
 $jscomp.iteratorFromArray=function(d,f){d instanceof String&&(d+="");var h=0,k={next:function(){if(h<d.length){var m=h++;return{value:f(m,d[m]),done:!1}}k.next=function(){return{done:!0,value:void 0}};return k.next()}};k[Symbol.iterator]=function(){return k};return k};$jscomp.polyfill("Array.prototype.values",function(d){return d?d:function(){return $jscomp.iteratorFromArray(this,function(f,h){return h})}},"es8","es3");
-zenario.lib(function(d,f,h,k,m,v,q,w,G,a,H,r,I,z,E,l,A,J,K,L,B,x,C){a.openingKey={};a.start=function(b,c,e,g){a.openingKey=c;r._lM(function(){B(C).start.call(a,b,c,e,g)})};a.openBox=function(b){w._oB(b,a.baseCSSClass,"AdminFloatingBox",!1,960,50,2,!0,!0,".zenario_fabHead",!1);l("zenario_fbAdminFloatingBox").style.display="none"};a.closeBox=function(){w._cB("AdminFloatingBox");a._uH()};a.updateHash=function(){r.path&&r.tuix&&r._sH()};a.setTitle=function(b){var c,e,g,n=$("#zenario_fabBox"),p=$("#zenario_fabId"),
-t=$("#zenario_fabTitleWrap"),u=$("#zenario_fabLastUpdated");(c=a.getTitle())?(t.css("display","block"),t.addClass(" zenario_no_drag"),l("zenario_fabTitle").innerHTML=A(c)):t.css("display","none");(e=a.tuix.last_updated)?u.show().html(A(e)):u.hide();b?$("#zenario_fabBox_readonlyMarker").css("display","block"):$("#zenario_fabBox_readonlyMarker").css("display","none");a.tuix.key&&(g=a.tuix.identifier)&&(g.value=g.value||a.tuix.key.id&&q._dIIFO(a.tuix.key.id))?(p.show().html(a.microTemplate(this.mtPrefix+
-"_identifier",g)),n.addClass("zfab_with_identifier")):(p.hide(),n.removeClass("zfab_with_identifier"));r.path&&r.tuix&&r._sH()};a.lastSize=!1;a.previewHidden=!0;a.size=function(b){a.sizing&&clearTimeout(a.sizing);var c=Math.floor($(k).width()),e=Math.floor($(k).height()),g,n;c&&e&&!a.isSlidUp&&((g=a.lastSize!=c+"x"+e)||b)&&(a.lastSize=c+"x"+e,g=a.tuix&&E(a.tuix.hide_tab_bar),l("zenario_fbMain")&&(g?(l("zenario_fbMain").style.top="0px",l("zenario_fabTabs").style.display="none"):(l("zenario_fbMain").style.top=
-"24px",l("zenario_fabTabs").style.display=q._bII()?"":"inherit")),b=193,g&&(b-=53),b+=$("#zenario_fabTitleWrap").height(),e=Math.floor(.96*e),c=Math.floor(.96*c),g=e-b,(n=1*(a.tuix&&a.tuix.max_height))&&g>n&&(g=n,e=n+b),g&&0<g&&$("#zenario_fbAdminInner").height(g),a.tabContainerHeight=g,e&&0<e&&($("#zenario_fabBox").height(e),$("#zenario_fabPreview").height(e)),a.tuix&&a.tuix.css_class&&a.tuix.css_class.m(/zenario_fab_plugin\b/)?($("#zenario_fabBox").width(800),(b=!a.hasPreviewWindow||1100>c)?(c=
+zenario.lib(function(d,f,h,k,m,v,r,x,G,a,H,t,I,A,E,l,B,J,K,L,C,y,D){a.openingKey={};a.start=function(b,c,e,g){a.openingKey=c;t._lM(function(){C(D).start.call(a,b,c,e,g)})};a.openBox=function(b){x._oB(b,a.baseCSSClass,"AdminFloatingBox",!1,960,50,2,!0,!0,".zenario_fabHead",!1);l("zenario_fbAdminFloatingBox").style.display="none"};a.closeBox=function(){x._cB("AdminFloatingBox");a._uH()};a.updateHash=function(){t.path&&t.tuix&&t._sH()};a.setTitle=function(b){var c,e,g,n=$("#zenario_fabBox"),p=$("#zenario_fabId"),
+q=$("#zenario_fabTitleWrap"),u=$("#zenario_fabLastUpdated");(c=a.getTitle())?(q.css("display","block"),q.addClass(" zenario_no_drag"),l("zenario_fabTitle").innerHTML=B(c)):q.css("display","none");(e=a.tuix.last_updated)?u.show().html(B(e)):u.hide();b?$("#zenario_fabBox_readonlyMarker").css("display","block"):$("#zenario_fabBox_readonlyMarker").css("display","none");a.tuix.key&&(g=a.tuix.identifier)&&(g.value=g.value||a.tuix.key.id&&r._dIIFO(a.tuix.key.id))?(p.show().html(a.microTemplate(this.mtPrefix+
+"_identifier",g)),n.addClass("zfab_with_identifier")):(p.hide(),n.removeClass("zfab_with_identifier"));t.path&&t.tuix&&t._sH()};a.lastSize=!1;a.previewHidden=!0;a.size=function(b){a.sizing&&clearTimeout(a.sizing);var c=Math.floor($(k).width()),e=Math.floor($(k).height()),g,n;c&&e&&!a.isSlidUp&&((g=a.lastSize!=c+"x"+e)||b)&&(a.lastSize=c+"x"+e,g=a.tuix&&E(a.tuix.hide_tab_bar),l("zenario_fbMain")&&(g?(l("zenario_fbMain").style.top="0px",l("zenario_fabTabs").style.display="none"):(l("zenario_fbMain").style.top=
+"24px",l("zenario_fabTabs").style.display=r._bII()?"":"inherit")),b=193,g&&(b-=53),b+=$("#zenario_fabTitleWrap").height(),e=Math.floor(.96*e),c=Math.floor(.96*c),g=e-b,(n=1*(a.tuix&&a.tuix.max_height))&&g>n&&(g=n,e=n+b),g&&0<g&&$("#zenario_fbAdminInner").height(g),a.tabContainerHeight=g,e&&0<e&&($("#zenario_fabBox").height(e),$("#zenario_fabPreview").height(e)),a.tuix&&a.tuix.css_class&&a.tuix.css_class.m(/zenario_fab_plugin\b/)?($("#zenario_fabBox").width(800),(b=!a.hasPreviewWindow||1100>c)?(c=
 800,a.previewMD5=a.previewWidth=a.previewPost=!1):(c=a.previewSlotWidth?Math.min(c,804+a.previewSlotWidth):c,a.previewWidth=c-800-4,$("#zenario_fabPreview").width(a.previewWidth),a.previewSlotWidthInfo?$("#zenario_fabPreviewInfo").show().text(a.previewSlotWidthInfo):$("#zenario_fabPreviewInfo").hide())):($("#zenario_fabBox").width(960),c=960,a.previewMD5=a.previewWidth=a.previewPost=!1,b=!0),a.hasPreviewWindow?b?$("#zenario_fbAdminFloatingBox").removeClass("zenario_fab_with_no_preview").addClass("zenario_fab_with_preview").addClass("zenario_fab_with_preview_hidden").removeClass("zenario_fab_with_preview_shown"):
-$("#zenario_fbAdminFloatingBox").removeClass("zenario_fab_with_no_preview").addClass("zenario_fab_with_preview").removeClass("zenario_fab_with_preview_hidden").addClass("zenario_fab_with_preview_shown"):$("#zenario_fbAdminFloatingBox").addClass("zenario_fab_with_no_preview").removeClass("zenario_fab_with_preview").removeClass("zenario_fab_with_preview_hidden").removeClass("zenario_fab_with_preview_shown"),a.previewHidden!=b&&((a.previewHidden=b)||a.updatePreview()),w._aB("AdminFloatingBox",!1,c,50,
-2),a._mFATAP());a.sizing=setTimeout(a.size,250)};a.makeFieldAsTallAsPossible=function(){var b=a.tallAsPossibleField,c=a.tallAsPossibleFieldType,e,g,n;if(z(b)&&"editor"!=c&&(e=a.tabContainerHeight)&&(e-=20,g=a.get(b))){var p=$(g);p.height("");g=$("#zenario_abtab").outerHeight();e>g&&(p.height(p.height()+e-g),"code_editor"==c&&(n=ace.edit(b))&&n.resize())}};a.clickTab=function(b){B(C).clickTab.call(a,b)};a.validateAlias=function(){q._aADINS("validateAlias",function(){a._vAG()})};a.validateAliasGo=function(){var b=
-l("alias");b&&(b={_validate_alias:1,alias:b.value},a.tuix.key.cID&&(b.cID=a.tuix.key.cID),a.tuix.key.cType&&(b.cType=a.tuix.key.cType),a.tuix.key.equivId&&(b.equivId=a.tuix.key.equivId),l("language_id")&&(b.langId=l("language_id").value),l("update_translations")&&(b.lang_code_in_url="show","update_this"==l("update_translations").value&&l("lang_code_in_url")&&(b.lang_code_in_url=l("lang_code_in_url").value)),q._a(f+"zenario/admin/quick_ajax.php",b,!0).after(function(c){var e="",g=l("alias_warning_display");
-if(c)for(var n in c)x(c,n)&&(e+=(e?"<br />":"")+c[n]);g&&(g.innerHTML=e)}))};a.generateAlias=function(b){b=b.toLowerCase().r(/[\u00e1\u00c1\u00e0\u00c0\u00e2\u00c2\u00e5\u00c5\u00e4\u00c4\u00e3\u00c3\u00c6\u00e6\u00e7\u00c7\u00f0\u00d0\u00e9\u00c9\u00e8\u00c8\u00ea\u00ca\u00eb\u00cb\u00ed\u00cd\u00ec\u00cc\u00ee\u00ce\u00ef\u00cf\u00f1\u00d1\u00f3\u00d3\u00f2\u00d2\u00f4\u00d4\u00f6\u00d6\u00f5\u00d5\u00f8\u00d8\u0161\u0160\u00fa\u00da\u00f9\u00d9\u00fb\u00db\u00fc\u00dc\u00fd\u00dd\u017e\u017d]/g,
+$("#zenario_fbAdminFloatingBox").removeClass("zenario_fab_with_no_preview").addClass("zenario_fab_with_preview").removeClass("zenario_fab_with_preview_hidden").addClass("zenario_fab_with_preview_shown"):$("#zenario_fbAdminFloatingBox").addClass("zenario_fab_with_no_preview").removeClass("zenario_fab_with_preview").removeClass("zenario_fab_with_preview_hidden").removeClass("zenario_fab_with_preview_shown"),a.previewHidden!=b&&((a.previewHidden=b)||a.updatePreview()),x._aB("AdminFloatingBox",!1,c,50,
+2),a._mFATAP());a.sizing=setTimeout(a.size,250)};a.makeFieldAsTallAsPossible=function(){var b=a.tallAsPossibleField,c=a.tallAsPossibleFieldType,e,g,n;if(A(b)&&"editor"!=c&&(e=a.tabContainerHeight)&&(e-=20,g=a.get(b))){var p=$(g);p.height("");g=$("#zenario_abtab").outerHeight();e>g&&(p.height(p.height()+e-g),"code_editor"==c&&(n=ace.edit(b))&&n.resize())}};a.clickTab=function(b){C(D).clickTab.call(a,b)};a.validateAlias=function(){r._aADINS("validateAlias",function(){a._vAG()})};a.validateAliasGo=function(){var b=
+l("alias");b&&(b={_validate_alias:1,alias:b.value},a.tuix.key.cID&&(b.cID=a.tuix.key.cID),a.tuix.key.cType&&(b.cType=a.tuix.key.cType),a.tuix.key.equivId&&(b.equivId=a.tuix.key.equivId),l("language_id")&&(b.langId=l("language_id").value),l("update_translations")&&(b.lang_code_in_url="show","update_this"==l("update_translations").value&&l("lang_code_in_url")&&(b.lang_code_in_url=l("lang_code_in_url").value)),r._a(f+"zenario/admin/quick_ajax.php",b,!0).after(function(c){var e="",g=l("alias_warning_display");
+if(c)for(var n in c)y(c,n)&&(e+=(e?"<br />":"")+c[n]);g&&(g.innerHTML=e)}))};a.generateAlias=function(b){b=b.toLowerCase().r(/[\u00e1\u00c1\u00e0\u00c0\u00e2\u00c2\u00e5\u00c5\u00e4\u00c4\u00e3\u00c3\u00c6\u00e6\u00e7\u00c7\u00f0\u00d0\u00e9\u00c9\u00e8\u00c8\u00ea\u00ca\u00eb\u00cb\u00ed\u00cd\u00ec\u00cc\u00ee\u00ce\u00ef\u00cf\u00f1\u00d1\u00f3\u00d3\u00f2\u00d2\u00f4\u00d4\u00f6\u00d6\u00f5\u00d5\u00f8\u00d8\u0161\u0160\u00fa\u00da\u00f9\u00d9\u00fb\u00db\u00fc\u00dc\u00fd\u00dd\u017e\u017d]/g,
 function(c){return{"\u00e1":"a","\u00c1":"A","\u00e0":"a","\u00c0":"A","\u00e2":"a","\u00c2":"A","\u00e5":"a","\u00c5":"A","\u00e4":"a","\u00c4":"A","\u00e3":"a","\u00c3":"A","\u00c6":"AE","\u00e6":"ae","\u00e7":"c","\u00c7":"C","\u00f0":"d","\u00d0":"F","\u00e9":"e","\u00c9":"E","\u00e8":"e","\u00c8":"E","\u00ea":"e","\u00ca":"E","\u00eb":"e","\u00cb":"E","\u00ed":"i","\u00cd":"I","\u00ec":"i","\u00cc":"I","\u00ee":"i","\u00ce":"I","\u00ef":"i","\u00cf":"I","\u00f1":"n","\u00d1":"N","\u00f3":"o",
 "\u00d3":"O","\u00f2":"o","\u00d2":"O","\u00f4":"o","\u00d4":"O","\u00f6":"o","\u00d6":"O","\u00f5":"o","\u00d5":"O","\u00f8":"o","\u00d8":"O","\u0161":"s","\u0160":"S","\u00fa":"u","\u00da":"U","\u00f9":"u","\u00d9":"U","\u00fb":"u","\u00db":"U","\u00fc":"u","\u00dc":"U","\u00fd":"y","\u00dd":"Y","\u017e":"z","\u017d":"Z"}[c]}).r(/&/g,"and").r(/[^a-zA-Z0-9\s_-]/g,"").r(/\s+/g,"-").r(/^-+/,"").r(/-+$/,"").r(/-+/g,"-");50<b.length&&-1<b.indexOf("-")&&(b=b.substr(0,b.lastIndexOf("-",50)));return b=
-b.substr(0,50)};a.contentTitleChange=function(){var b=l("menu_text"),c=l("alias");b&&!a.tuix.___menu_text_changed&&(b.value=l("title").value.r(/\s+/g," "));!c||c.disabled||c.readOnly||a.tuix.___alias_changed||(c.value=a._gA(l("title").value),a._vA())};a.viewFrameworkSource=function(){var b=f+"zenario/admin/organizer.php#zenario__modules/show_frameworks//"+a.tuix.key.moduleId+"//"+q._eIIFO(a.readField("framework"));k.open(b);return!1};a.svgSelected=function(b){var c=a.field(b);b=a.value(b);c=c&&b&&
-a.pickedItemsArray(c,b);var e;if(c)for(e in c)if(x(c,e)&&(b=c[e],_._iS(b)||(b=b.label),b&&b.m(/\.svg( \[.*?\]|)$/i)))return!0;return!1};a.adminPermChange=function(b,c,e,g,n){var p=!0;z(g)||(n=0,g=$("input[name="+c+"]").each(function(t,u){u.checked&&++n}).length);0==n?(p=!1,c="zenario_permgroup_empty"):c=n<g?"zenario_permgroup_half_full":"zenario_permgroup_full";l(b).checked=a.tuix.tabs[a.tuix.tab].fields[b].current_value=p;$(l("row__"+b)).removeClass("zenario_permgroup_empty").removeClass("zenario_permgroup_half_full").removeClass("zenario_permgroup_full").addClass(c);
-l(e).value=a.tuix.tabs[a.tuix.tab].fields[e].value=a.tuix.tabs[a.tuix.tab].fields[e].current_value=n+"/"+g};a.adminParentPermChange=function(b,c,e){var g=0,n=0,p="",t=l(b).checked,u=$("input[name="+c+"]"),D=!!u.length,y;for(y in a.tuix.tabs[a.tuix.tab].fields[c].values)x(a.tuix.tabs[a.tuix.tab].fields[c].values,y)&&(++g,t&&(p+=(p?",":"")+y,++n));D&&u.each(function(M,F){F.checked=t});a.tuix.tabs[a.tuix.tab].fields[c].current_value=p;a._aPC(b,c,e,g,n);t&&!D&&a.turnToggleOn(e)};a.previewDateFormat=function(b,
-c){q._aADINS(b,function(){a._pDFG(b,c)})};a.previewDateFormatGo=function(b,c){(b=l(b))&&(c=l(c))&&(c.value=q._mNAA("zenario_common_features",{previewDateFormat:b.value}))};a.openSiteSettings=function(b,c){a.open("site_settings",{id:b},c,d,function(){r._rePa()})};a.enableOrDisableSite=function(){a.open("zenario_enable_site",d,d,d,function(){r._rePa()})};a.updateSEP=function(){q._aADINS("updateSEP",function(){$("#microtemplate__search_engine_preview").html(a.microTemplate("zenario_admin_box_search_engine_preview",
-{}))},400)};a.cutText=function(b,c){b.length>c&&(b=b.substring(0,c).s(" ").slice(0,-1).join(" ")+" ...");return b};a.init("zenarioAB","zenario_admin_box","zenario_fbAdminFloatingBox");q._sN(a)},zenarioABToolkit);
+b.substr(0,50)};a.contentTitleChange=function(){var b=l("menu_text"),c=l("alias");b&&!a.tuix.___menu_text_changed&&(b.value=l("title").value.r(/\s+/g," "));!c||c.disabled||c.readOnly||a.tuix.___alias_changed||(c.value=a._gA(l("title").value),a._vA())};a.viewFrameworkSource=function(){var b=f+"zenario/admin/organizer.php#zenario__modules/show_frameworks//"+a.tuix.key.moduleId+"//"+r._eIIFO(a.readField("framework"));k.open(b);return!1};a.svgSelected=function(b){var c=a.field(b);b=a.value(b);c=c&&b&&
+a.pickedItemsArray(c,b);var e;if(c)for(e in c)if(y(c,e)&&(b=c[e],_._iS(b)||(b=b.label),b&&b.m(/\.svg( \[.*?\]|)$/i)))return!0;return!1};a.adminPermChange=function(b,c,e,g,n){var p=!0,q=a.tuix.tabs[a.tuix.tab].fields;A(g)||(n=0,g=$("input[name="+c+"]").each(function(u,w){w.checked&&++n}).length);0==n?(p=!1,c="zenario_permgroup_empty"):c=n<g?"zenario_permgroup_half_full":"zenario_permgroup_full";l(b).checked=q[b].current_value=p;$(l("row__"+b)).removeClass("zenario_permgroup_empty").removeClass("zenario_permgroup_half_full").removeClass("zenario_permgroup_full").addClass(c);
+q[b].row_class=q[b].row_class.r(" zenario_permgroup_empty","").r(" zenario_permgroup_half_full","").r(" zenario_permgroup_full","")+" "+c;l(e).value=q[e].value=q[e].current_value=n+"/"+g};a.adminParentPermChange=function(b,c,e){var g=0,n=0,p="",q=l(b).checked,u=$("input[name="+c+"]"),w=!!u.length,z;for(z in a.tuix.tabs[a.tuix.tab].fields[c].values)y(a.tuix.tabs[a.tuix.tab].fields[c].values,z)&&(++g,q&&(p+=(p?",":"")+z,++n));w&&u.each(function(M,F){F.checked=q});a.tuix.tabs[a.tuix.tab].fields[c].current_value=
+p;a._aPC(b,c,e,g,n);q&&!w&&a.turnToggleOn(e)};a.previewDateFormat=function(b,c){r._aADINS(b,function(){a._pDFG(b,c)})};a.previewDateFormatGo=function(b,c){(b=l(b))&&(c=l(c))&&(c.value=r._mNAA("zenario_common_features",{previewDateFormat:b.value}))};a.openSiteSettings=function(b,c){a.open("site_settings",{id:b},c,d,function(){t._rePa()})};a.enableOrDisableSite=function(){a.open("zenario_enable_site",d,d,d,function(){t._rePa()})};a.updateSEP=function(){r._aADINS("updateSEP",function(){$("#microtemplate__search_engine_preview").html(a.microTemplate("zenario_admin_box_search_engine_preview",
+{}))},400)};a.cutText=function(b,c){b.length>c&&(b=b.substring(0,c).s(" ").slice(0,-1).join(" ")+" ...");return b};a.init("zenarioAB","zenario_admin_box","zenario_fbAdminFloatingBox");r._sN(a)},zenarioABToolkit);

@@ -753,6 +753,13 @@ methods.pluginPreviewDetails = function(loadValues, fullPage, fullWidth, slotNam
 	switch (thus.path) {
 		case 'zenario_skin_editor':
 			includeSlotInfo = false;
+			
+			if (loadValues) {
+				details.md5 = hex_md5(
+					(details.post.overrideFrameworkAndCSS = JSON.stringify(thus.getValues1D(false, true, false, true, true)))
+				);
+			}
+			break;
 		
 		case 'plugin_settings':
 			if (loadValues) {

@@ -20,16 +20,16 @@ c=a.path&&w._cNPTTPAR(a.path);d=a.target_path&&w._cNPTTPAR(a.target_path);if(c=c
 css_class:d.css_class||g.item&&g.item.css_class,label:p};l.push({value:k,text:p,html:this.drawPickedItem(k,c,a,b,!0)})}return l};e.drawPickedItem=function(a,c,d,b,g){A(d)||(d=this.field(c));var k=d.values&&d.values[a],l=d.pick_items||{},p=a==1*a,q,E;b={id:c,item:a,label:k,readOnly:b};_._isOb(k)?(b.missing=k.missing,b.css_class=k.css_class,b.image=k.image,k=b.label=k.label,b.fileSize=d.values[a].size):k?b.label=k:(k=b.label=a,b.missing=!0);d.tag_colors&&(b.tag_color=d.tag_colors[a]||"blue");v(l.hide_info_button)||
 d.upload&&!p||!(q=l.info_button_path)&&(!(q=l.path)||q!=l.target_path&&l.min_path!=l.target_path)||(q="//"==h._rHSS(q,2)?q+a:"/"==h._rHSS(q,1)?q+("/"+a):q+("//"+a),b.organizerPath=q,b.organizerId=a);d.upload&&(b.isUpload=!0,q=(q=(""+k).m(/(.*?)\.(\w+)$/)||(""+k).m(/(.*?)\.(\w+) \[.*\]$/))&&q[2]?q[2].toLowerCase():"unknown",b.extension=q,p?(E=d.values&&d.values[a])&&E.checksum?(p=m+"zenario/file.php?c="+y(E.checksum),E.usage&&(p+="&usage="+y(E.usage))):p=m+"zenario/file.php?id="+a:p=m+"zenario/file.php?getUploadedFileInCacheDir="+
 y(a),q.m(/gif|jpg|jpeg|png|svg/)?(b.thumbnail={onclick:this.globalName+".showPickedItemInPopout('"+p+"&popout=1&dummy_filename="+y("image."+q)+"', '"+k+"');",src:p+"&og=1"},(a=(""+k).m(/.*\[\s*(\d+)p?x?\s*[\u00d7x]\s*(\d+)p?x?\s*\]$/))&&a[1]&&a[2]&&u._rI(a[1],a[2],180,120,b.thumbnail)):d.values[a].location&&"s3"==d.values[a].location?d.values[a].s3Link&&(b.adminDownload=d.values[a].s3Link):b.adminDownload=p+"&adminDownload=1");return this.drawPickedItem2(c,l,g,b)};e.pluginPreviewDetails=function(a,
-c,d,b,g){if(this.tuix&&this.tuix.key&&(this.tuix.key.nest||this.tuix.key.eggId))return!1;var k={post:{}},l=_._cl(t.importantGetRequests);c=!c;switch(this.path){case "zenario_skin_editor":c=!1;case "plugin_settings":a&&(k.md5=hex_md5((k.post.overrideSettings=JSON.stringify(this.getValues1D(!0,!1)))+(k.post.overrideFrameworkAndCSS=JSON.stringify(this.getValues1D(!1,!0,!1,!0,!0,["this_css_tab","all_css_tab","framework_tab"])))));break;default:return!1}b=b||this.tuix&&this.tuix.key&&this.tuix.key.slotName;
-g=g||this.tuix&&this.tuix.key&&this.tuix.key.instanceId||h.slots&&h.slots[b]&&h.slots[b].instanceId;b&&zenario_conductor._e(b)&&(l=zenario_conductor._re(b,"refresh",l));l.cVersion=h.cVersion;if(c){if(!b||!g)return!1;c=t._gGSD(b);var p;a=c&&c.cssClass&&c.cssClass.s(" ")||[];l.method_call="showSingleSlot";l.fakeLayout=1;l.grid_columns=c.columns;l.grid_container=c.container;this.previewSlotWidth=c.pxWidth;this.previewSlotWidthInfo=c.widthInfo;l.grid_pxWidth=this.previewWidth&&!d?this.previewWidth:this.previewSlotWidth;
-l.grid_cssClass="";for(p in a)z(a,p)&&(d=a[p],"alpha"==d||"omega"==d||d.m(/^span[\d_]*$/)||(l.grid_cssClass+=d+" "))}else l._show_page_preview=1;b&&(l.slotName=b);g&&(l.instanceId=g);k.url=h._lTI(h.cID,h.cType,l);return k};e.addExtraAttsForTextFields=function(a,c){this.hasPreviewWindow&&(c.onkeyup=(c.onkeyup||"")+" "+this.globalName+".updatePreview();")};e.fieldChange=function(a,c){this.updatePreview(750);B(C).fieldChange.call(this,a,c)};e.updatePreview=function(a){var c=this;c.hasPreviewWindow&&
-!c.previewHidden&&h._aADINS("fabUpdatePreview",function(){var d=c.pluginPreviewDetails(!0);d&&c.previewMD5!=d.md5&&(c.previewMD5=d.md5,c.previewPost=d.post,c.submitPreview(d))},a||1E3)};var K=0;e.submitPreview=function(a,c,d){c=c||$("#zenario_fabPreview");d=d||"zenario_fabPreviewFrame";var b="zenario_previewFrame"+ ++K,g=c.find("."+d).not(".beingRemoved");d=$(u._ht("iframe","id",b,"name",b,"class",d));var k=g[0]&&g[0].contentDocument;if(k=1*(k&&$(k).scrollTop()))a.url+="&_scroll_to="+k;g[0]&&(g.width(g.width()).height(g.height()).attr("id",
-"").attr("name","").addClass("beingRemoved"),setTimeout(function(){g.fadeOut(600,function(){g.remove()})},400));c.append(d);this.showPreviewViaPost(a,b)};e.showPreviewViaPost=function(a,c){$(u._fo("action",a.url,"method","post","target",c,u._i("name","overrideSettings","value",a.post.overrideSettings)+u._i("name","overrideFrameworkAndCSS","value",a.post.overrideFrameworkAndCSS))).appendTo("body").hide().submit().remove()};e.showPreviewInPopoutBox=function(a,c){var d=this,b=d.pluginPreviewDetails(!0,
-a,c);if(b){d.previewMD5=b.md5;d.previewPost=b.post;a=b.url+h._uR(b.post);if(a.length>=(h._bII()?2E3:4E3)){a="";var g=function(){d.showPreviewViaPost(b,$("#cboxLoadedContent iframe")[0].name)}}$.colorbox({width:"95%",height:"90%",iframe:!0,preloading:!1,open:!0,title:d.previewSlotWidthInfo||G.preview,className:"zenario_plugin_preview_popout_box",href:a,onComplete:g});$("#colorbox,#cboxOverlay,#cboxWrapper").css("z-index","333000")}};e.editModeAlwaysOn=function(a){return!A(this.tuix.tabs[a].edit_mode.always_on)||
-v(this.tuix.tabs[a].edit_mode.always_on)||this.savedAndContinued(a)};e.editCancelEnabled=function(a){return this.tuix.tabs[a].edit_mode&&v(this.tuix.tabs[a].edit_mode.enabled)&&!this.editModeAlwaysOn(a)};e.revertEnabled=function(a){return this.tuix.tabs[a].edit_mode&&v(this.tuix.tabs[a].edit_mode.enabled)&&this.editModeAlwaysOn(a)&&!this.savedAndContinued(a)&&(!A(this.tuix.tabs[a].edit_mode.enable_revert)&&this.tuix.key&&this.tuix.key.id||v(this.tuix.tabs[a].edit_mode.enable_revert))};e.savedAndContinued=
-function(a){return!1};e.editModeOnBox=function(){if(this.tuix&&this.tuix.tabs&&this.sortedTabs)for(var a in this.sortedTabs)if(z(this.sortedTabs,a)&&this.editModeOn(this.sortedTabs[a]))return!0;return!1};e.setData=function(a){this.setDataDiff(a)};e.sendStateToServer=function(){return this.sendStateToServerDiff()};e.save=function(a,c,d){var b=this,g;b.loaded&&(g=b.getURL("save"))&&(b.saving||setTimeout(function(){b.saving=!0;b.differentTab=!0;b.loaded=!1;b.hideTab(!0);b.checkValues();var k={_save:!0,
-_confirm:a?1:"",_save_and_continue:c,_box:b.sendStateToServer()};v(b.tuix.download)||b.tuix.confirm&&v(b.tuix.confirm.download)?b.save2(h._nAA(b.getURL("save"),h._uR(k),!0),c,d):b.retryAJAX(g,k,!0,function(l){b.save2(l,c,d)},"saving")},100))};e.save2=function(a,c,d){delete this.saving;var b=a&&a._sync&&a._sync.flags||{},g=w.init&&!n.zenarioOQuickMode&&!n.zenarioOSelectMode;b.close_with_message?(this.close(),g&&w._r(),t._sM(b.close_with_message)):b.reload_organizer&&g?(this.close(),t._tONT(b),u.uploading=
-!1,w._sWC("uploading",u.uploading),w._rePa(b.organizer_path)):b.open_admin_box&&H.init?(this.close(),H.open(b.open_admin_box)):b.go_to_url?(this.close(),t._tONT(b),h._gTU(h._aBP(b.go_to_url),!0)):b.valid?b.confirm?(this.load(a),this.sortTabs(),this.draw(),this.showConfirm(c,d)):b.download?(t._dD(this.getURL("download"),{_download:1,_box:this.sendStateToServer()}),c&&(a=a.substr(15),this.load(a)),this.refreshParentAndClose(!0,c,d)):b.saved?(this.load(a),this.refreshParentAndClose(!1,c,d)):(this.close(),
-t._sM(a,!0,"error")):(this.load(a),this.sortTabs(),this.switchToATabWithErrors(),this.draw())};e.showConfirm=function(a,c){if(this.tuix&&this.tuix.confirm&&v(this.tuix.confirm.show)){var d=this.tuix.confirm.message;v(this.tuix.confirm.html)||(d=I(d,!0));a='<input type="button" class="submit_selected" value="'+this.tuix.confirm.button_message+'" onclick="'+this.globalName+".save(true, "+v(a)+", "+v(c)+');"/><input type="button" class="submit" value="'+this.tuix.confirm.cancel_button_message+'"/>';
-t._flBo(d,a,this.tuix.confirm.message_type||"none")}};e.dragDropTarget=function(){return this.get("zenario_fbAdminInner")};e.enableDragDropUpload=function(){var a=this.dragDropTarget();u._sHTML5UFDD(this.ajaxURL(),{fileUpload:1},!1,this.uploadCallback,a);$(a).addClass("upload_enabled").removeClass("dragover")};e.disableDragDropUpload=function(){$(this.dragDropTarget()).removeClass("upload_enabled").removeClass("dragover").off("drop")};e.dragListeners=function(){return u._cDHTML5U()?"ondragover=\"$(this).addClass('dragover');\" ondragleave=\"$(this).removeClass('dragover');\"":
-""}},zenarioAF,zenarioABToolkit);
+c,d,b,g){if(this.tuix&&this.tuix.key&&(this.tuix.key.nest||this.tuix.key.eggId))return!1;var k={post:{}},l=_._cl(t.importantGetRequests);c=!c;switch(this.path){case "zenario_skin_editor":c=!1;a&&(k.md5=hex_md5(k.post.overrideFrameworkAndCSS=JSON.stringify(this.getValues1D(!1,!0,!1,!0,!0))));break;case "plugin_settings":a&&(k.md5=hex_md5((k.post.overrideSettings=JSON.stringify(this.getValues1D(!0,!1)))+(k.post.overrideFrameworkAndCSS=JSON.stringify(this.getValues1D(!1,!0,!1,!0,!0,["this_css_tab","all_css_tab",
+"framework_tab"])))));break;default:return!1}b=b||this.tuix&&this.tuix.key&&this.tuix.key.slotName;g=g||this.tuix&&this.tuix.key&&this.tuix.key.instanceId||h.slots&&h.slots[b]&&h.slots[b].instanceId;b&&zenario_conductor._e(b)&&(l=zenario_conductor._re(b,"refresh",l));l.cVersion=h.cVersion;if(c){if(!b||!g)return!1;c=t._gGSD(b);var p;a=c&&c.cssClass&&c.cssClass.s(" ")||[];l.method_call="showSingleSlot";l.fakeLayout=1;l.grid_columns=c.columns;l.grid_container=c.container;this.previewSlotWidth=c.pxWidth;
+this.previewSlotWidthInfo=c.widthInfo;l.grid_pxWidth=this.previewWidth&&!d?this.previewWidth:this.previewSlotWidth;l.grid_cssClass="";for(p in a)z(a,p)&&(d=a[p],"alpha"==d||"omega"==d||d.m(/^span[\d_]*$/)||(l.grid_cssClass+=d+" "))}else l._show_page_preview=1;b&&(l.slotName=b);g&&(l.instanceId=g);k.url=h._lTI(h.cID,h.cType,l);return k};e.addExtraAttsForTextFields=function(a,c){this.hasPreviewWindow&&(c.onkeyup=(c.onkeyup||"")+" "+this.globalName+".updatePreview();")};e.fieldChange=function(a,c){this.updatePreview(750);
+B(C).fieldChange.call(this,a,c)};e.updatePreview=function(a){var c=this;c.hasPreviewWindow&&!c.previewHidden&&h._aADINS("fabUpdatePreview",function(){var d=c.pluginPreviewDetails(!0);d&&c.previewMD5!=d.md5&&(c.previewMD5=d.md5,c.previewPost=d.post,c.submitPreview(d))},a||1E3)};var K=0;e.submitPreview=function(a,c,d){c=c||$("#zenario_fabPreview");d=d||"zenario_fabPreviewFrame";var b="zenario_previewFrame"+ ++K,g=c.find("."+d).not(".beingRemoved");d=$(u._ht("iframe","id",b,"name",b,"class",d));var k=
+g[0]&&g[0].contentDocument;if(k=1*(k&&$(k).scrollTop()))a.url+="&_scroll_to="+k;g[0]&&(g.width(g.width()).height(g.height()).attr("id","").attr("name","").addClass("beingRemoved"),setTimeout(function(){g.fadeOut(600,function(){g.remove()})},400));c.append(d);this.showPreviewViaPost(a,b)};e.showPreviewViaPost=function(a,c){$(u._fo("action",a.url,"method","post","target",c,u._i("name","overrideSettings","value",a.post.overrideSettings)+u._i("name","overrideFrameworkAndCSS","value",a.post.overrideFrameworkAndCSS))).appendTo("body").hide().submit().remove()};
+e.showPreviewInPopoutBox=function(a,c){var d=this,b=d.pluginPreviewDetails(!0,a,c);if(b){d.previewMD5=b.md5;d.previewPost=b.post;a=b.url+h._uR(b.post);if(a.length>=(h._bII()?2E3:4E3)){a="";var g=function(){d.showPreviewViaPost(b,$("#cboxLoadedContent iframe")[0].name)}}$.colorbox({width:"95%",height:"90%",iframe:!0,preloading:!1,open:!0,title:d.previewSlotWidthInfo||G.preview,className:"zenario_plugin_preview_popout_box",href:a,onComplete:g});$("#colorbox,#cboxOverlay,#cboxWrapper").css("z-index",
+"333000")}};e.editModeAlwaysOn=function(a){return!A(this.tuix.tabs[a].edit_mode.always_on)||v(this.tuix.tabs[a].edit_mode.always_on)||this.savedAndContinued(a)};e.editCancelEnabled=function(a){return this.tuix.tabs[a].edit_mode&&v(this.tuix.tabs[a].edit_mode.enabled)&&!this.editModeAlwaysOn(a)};e.revertEnabled=function(a){return this.tuix.tabs[a].edit_mode&&v(this.tuix.tabs[a].edit_mode.enabled)&&this.editModeAlwaysOn(a)&&!this.savedAndContinued(a)&&(!A(this.tuix.tabs[a].edit_mode.enable_revert)&&
+this.tuix.key&&this.tuix.key.id||v(this.tuix.tabs[a].edit_mode.enable_revert))};e.savedAndContinued=function(a){return!1};e.editModeOnBox=function(){if(this.tuix&&this.tuix.tabs&&this.sortedTabs)for(var a in this.sortedTabs)if(z(this.sortedTabs,a)&&this.editModeOn(this.sortedTabs[a]))return!0;return!1};e.setData=function(a){this.setDataDiff(a)};e.sendStateToServer=function(){return this.sendStateToServerDiff()};e.save=function(a,c,d){var b=this,g;b.loaded&&(g=b.getURL("save"))&&(b.saving||setTimeout(function(){b.saving=
+!0;b.differentTab=!0;b.loaded=!1;b.hideTab(!0);b.checkValues();var k={_save:!0,_confirm:a?1:"",_save_and_continue:c,_box:b.sendStateToServer()};v(b.tuix.download)||b.tuix.confirm&&v(b.tuix.confirm.download)?b.save2(h._nAA(b.getURL("save"),h._uR(k),!0),c,d):b.retryAJAX(g,k,!0,function(l){b.save2(l,c,d)},"saving")},100))};e.save2=function(a,c,d){delete this.saving;var b=a&&a._sync&&a._sync.flags||{},g=w.init&&!n.zenarioOQuickMode&&!n.zenarioOSelectMode;b.close_with_message?(this.close(),g&&w._r(),t._sM(b.close_with_message)):
+b.reload_organizer&&g?(this.close(),t._tONT(b),u.uploading=!1,w._sWC("uploading",u.uploading),w._rePa(b.organizer_path)):b.open_admin_box&&H.init?(this.close(),H.open(b.open_admin_box)):b.go_to_url?(this.close(),t._tONT(b),h._gTU(h._aBP(b.go_to_url),!0)):b.valid?b.confirm?(this.load(a),this.sortTabs(),this.draw(),this.showConfirm(c,d)):b.download?(t._dD(this.getURL("download"),{_download:1,_box:this.sendStateToServer()}),c&&(a=a.substr(15),this.load(a)),this.refreshParentAndClose(!0,c,d)):b.saved?
+(this.load(a),this.refreshParentAndClose(!1,c,d)):(this.close(),t._sM(a,!0,"error")):(this.load(a),this.sortTabs(),this.switchToATabWithErrors(),this.draw())};e.showConfirm=function(a,c){if(this.tuix&&this.tuix.confirm&&v(this.tuix.confirm.show)){var d=this.tuix.confirm.message;v(this.tuix.confirm.html)||(d=I(d,!0));a='<input type="button" class="submit_selected" value="'+this.tuix.confirm.button_message+'" onclick="'+this.globalName+".save(true, "+v(a)+", "+v(c)+');"/><input type="button" class="submit" value="'+
+this.tuix.confirm.cancel_button_message+'"/>';t._flBo(d,a,this.tuix.confirm.message_type||"none")}};e.dragDropTarget=function(){return this.get("zenario_fbAdminInner")};e.enableDragDropUpload=function(){var a=this.dragDropTarget();u._sHTML5UFDD(this.ajaxURL(),{fileUpload:1},!1,this.uploadCallback,a);$(a).addClass("upload_enabled").removeClass("dragover")};e.disableDragDropUpload=function(){$(this.dragDropTarget()).removeClass("upload_enabled").removeClass("dragover").off("drop")};e.dragListeners=
+function(){return u._cDHTML5U()?"ondragover=\"$(this).addClass('dragover');\" ondragleave=\"$(this).removeClass('dragover');\"":""}},zenarioAF,zenarioABToolkit);

@@ -3142,13 +3142,13 @@ zenarioA.scanHyperlinksAndDisplayStatus = function(containerId) {
                 
                 if (!requestURI.match(/\/(admin|public|private|zenario|zenario_custom|zenario_extra_modules|purchased_downloads)\//)
                  && !requestURI.match(/\/(admin|organizer)\.php/)) {
-                    if (match = requestURI.match(/^([\/,A-Za-z0-9~_-]+)(|\.htm|\.html)$/)) {
+                    if (match = requestURI.match(/^([\/,A-Za-z0-9~_-]+)(|\.htm|\.html|\.download|download=1)$/)) {
                         resolvedURL = '/?cID=' + match[1];
                     } else {
                         resolvedURL = relativePath;
                     }
                     
-                    //Store this link and a reference of it's jquery object
+                    //Store this link and a reference of its jquery object
                     if ((index = links.indexOf(resolvedURL)) === -1) {
                         links.push(resolvedURL);
                         $links.push([$el]);

@@ -70,6 +70,6 @@ b._cT():b._rT()};b.clearToast=function(){b.clearLastToast&&clearTimeout(b.clearL
 k?(k&&(p+=J("id","zenario_continueAnyway","class","submit_selected","type","button","value",u.continueAnyway)),h&&(p+=J("id","zenario_retry","class","submit_selected","type","button","value",u.retry)),b._nDS(),b._sM(a,p,"error",!0,m,!0,u.close),k&&$("#zenario_continueAnyway").click(function(){setTimeout(function(){a.zenario_continueAnyway(a.data)},1)}),h&&$("#zenario_retry").click(function(){setTimeout(a.zenario_retry,1)})):b._sM(a,"","error");l&&(b.onCancelFloatingBox=function(){setTimeout(a.zenario_onCancel,
 1)});b._hAL()};0==a.status||"timeout"==c?setTimeout(d,750):d()}};$.ajaxSetup({error:b.AJAXErrorHandler});b.onunload=function(a){v.onpagehide&&a.persisted||(b.unloaded=!0,b._cFB())};v.onpagehide?v.addEventListener("pagehide",b.onunload,!1):v.onunload=b.onunload;b.checkCookiesEnabled=function(){var a=B+"zenario/cookies.php?check_cookies_enabled=1&no_cache=1",c=new f.callback;f._a(a).after(function(d){d?c.done(d):f._a(a).after(function(e){c.done(e)})});return c};b.scanHyperlinksAndDisplayStatus=function(a){var c,
 d,e,g,h,k,l,p,q={},r=B+"zenario/admin/quick_ajax.php?_get_link_statuses=1",n=[],z=[],C=/^(?:[a-z]+:)?\/\//i;a="div"+(t(a)?"#"+a:"")+'.zenario_slot a[href][href!="#"]';$(a).each(function(y,F){y=$(F);if(c=y.prop("href")){d=!1;if(!C.test(c))d=c;else if(0===c.indexOf(B))d=c.substr(B.length-1);else if(b.spareDomains)for(e=0;e<b.spareDomains.length;++e)0===c.indexOf(b.spareDomains[e])&&b._aLS(y,"spare_domain");d&&(l=d.s("?")[0].s("#")[0],l.m(/\/(admin|public|private|zenario|zenario_custom|zenario_extra_modules|purchased_downloads)\//)||
-l.m(/\/(admin|organizer)\.php/)||(k=(h=l.m(/^([\/,A-Za-z0-9~_-]+)(|\.htm|\.html)$/))?"/?cID="+h[1]:d,-1===(p=n.indexOf(k))?(n.push(k),z.push([y])):z[p].push(y)))}});q.links=n;f._a(r,q,!0,!0).after(function(y){for(e=0;e<y.length;++e)for(g=0;g<z[e].length;++g)b._aLS(z[e][g],y[e]);v.tinyMCE&&tinyMCE.editors&&f._rLS($("div.mce-content-body"))})};b.addLinkStatus=function(a,c){c="link_status__"+c;var d=u[c];a.append(P("del","class","zenario_link_status zenario_"+c,P("del")));d&&a.find("del.zenario_link_status > del").jQueryTooltip({items:"*",
+l.m(/\/(admin|organizer)\.php/)||(k=(h=l.m(/^([\/,A-Za-z0-9~_-]+)(|\.htm|\.html|\.download|download=1)$/))?"/?cID="+h[1]:d,-1===(p=n.indexOf(k))?(n.push(k),z.push([y])):z[p].push(y)))}});q.links=n;f._a(r,q,!0,!0).after(function(y){for(e=0;e<y.length;++e)for(g=0;g<z[e].length;++g)b._aLS(z[e][g],y[e]);v.tinyMCE&&tinyMCE.editors&&f._rLS($("div.mce-content-body"))})};b.addLinkStatus=function(a,c){c="link_status__"+c;var d=u[c];a.append(P("del","class","zenario_link_status zenario_"+c,P("del")));d&&a.find("del.zenario_link_status > del").jQueryTooltip({items:"*",
 tooltipClass:"zenario_link_status_tooltip",content:d})};b.init=function(a,c,d,e,g,h,k,l,p,q,r,n,z,C){f.cVersion=a;f.adminId=c;b.toolbar=d;b.pageMode=e;b.showGridOn=g;b.siteSettings=h;b.adminSettings=k;b.adminPrivs=l;b.importantGetRequests=p;b.adminHasSpecificPerms=q;b.adminHasSpecificPermsOnThisPage=r;b.lang=n;b.spareDomains=z;b.draftMessage=C;for(var y in l)A(l,y)&&(a=l[y],zenarioL.set(a,y,"_NO"+y));if(f.adminId||!f.cID)f.inAdminMode=!0,$(M).ready(function(){D._dFDD(M.body);f.cID&&(b._sSP(),b._sHADS())}),
 $("body").append(D._mT("zenario_floating_boxes",{}))};f._sN(b);b.adminSlotWrapperClick=function(a,c){a=f.slots[a];if("preview"!=b.toolbar&&"create"!=b.toolbar){if(1==a.isVersionControlled)if("edit"!=b.toolbar)L._cT("edit");else{if("edit"==b.toolbar)return}else"menu1"==b.toolbar&&"menu1"!=b.toolbar||1!=a.isMenu?"layout"==b.toolbar&&"layout"!=b.toolbar||2!=a.level?L._cT("item"):L._cT("layout"):L._cT("menu1");return!0}}})});

@@ -50,8 +50,7 @@ zenario.lib(function(
 
 
 
-zenarioA.toolbar =
-zenarioA.toolbarTabGrouping = 'preview';
+zenarioA.toolbar = 'preview';
 
 
 zenarioAT.setURL = function() {
@@ -130,7 +129,6 @@ zenarioAT.clickTab = function(toolbar) {
 			
 			var oldPageMode = oldToolbar && oldToolbar.page_mode || zenarioA.toolbar,
 				newPageMode = newToolbar.page_mode || toolbar,
-				newToolbarTabGrouping = newToolbar.toolbar_tab_grouping || 'edit',
 				toolbarSubstr = toolbar.substr(0, 4),
 				sbcFun = zenarioL.set,
 				testPageMode,
@@ -170,7 +168,6 @@ zenarioAT.clickTab = function(toolbar) {
 			
 			zenarioA.toolbar = toolbar;
 			zenarioA.pageMode = newPageMode;
-			zenarioA.toolbarTabGrouping = newToolbarTabGrouping;
 			zenarioA.savePageMode(true);
 			
 			//zenarioAT.drawToolbarTabs();
@@ -419,7 +416,12 @@ zenarioAT.draw = function() {
 		ti = -1,
 		tuix = zenarioAT.tuix,
 		sectionId,
-		section;
+		section,
+		
+		//Work out what the current toolbar group is
+		currentTab = ((zenarioA.toolbar && tuix.toolbars[zenarioA.toolbar]) || {}),
+		currentToolbarTabGrouping = (currentTab.toolbar_tab_grouping || 'edit');
+	
 	
 	//Loop through the toolbars, adding a tab for each
 	foreach (zenarioAT.sortedToolbars as var i) {
@@ -438,7 +440,7 @@ zenarioAT.draw = function() {
 				tooltip: tab.tooltip,
 				toolbar_microtemplate: tab.toolbar_microtemplate,
 				selected: id == zenarioA.toolbar,
-				groupingActive: (tab.toolbar_tab_grouping || 'edit') == zenarioA.toolbarTabGrouping
+				groupingActive: (tab.toolbar_tab_grouping || 'edit') == currentToolbarTabGrouping
 			};
 			
 			if (id == zenarioA.toolbar) {

@@ -1,16 +1,16 @@
-'use strict';zenario.lib(function(l,x,v,y,C,D,g,h,p,E,a,F,z,A,r,B,G,w,H,I,J,q){h.toolbar=h.toolbarTabGrouping="preview";a.setURL=function(){return a.url=x+"zenario/admin/admin_toolbar.ajax.php?get="+z(JSON.stringify(h.importantGetRequests))+g._uR(a._gK())};a.runOnInit=[];a.init=function(b){b&&a.loadedBefore||(a.loaded=!1,a.loadedBefore=!0,g._a(a._sU(),!1,!0,!0,!0,!0,l,7500).after(a.init2))};a.init2=function(b){$(v).ready(function(){a._sU();a.tuix=b;a._s();a._d();a.loaded=!0;a.loadedBefore=!0;for(var c in a.runOnInit)if(q(a.runOnInit,
-c))a.runOnInit[c]();a.runOnInit=[];b.lock_warning&&h._lT(b.lock_warning,"zenario_lock_warning")})};a.clickTab=function(b){if(h._cFE()){var c;if(c=a.tuix&&a.tuix.toolbars&&a.tuix.toolbars[b]){h._cSC();h._cMP();a._a(c);var e=c.page_mode||b;c=c.toolbar_tab_grouping||"edit";b.substr(0,4);var f=zenarioL.set,d,k={preview:0,edit_disabled:0,edit:0,rollback:0,item:0,menu:0,layout:0};for(d in k)f(e==d,"zenario_pageMode_"+d,"zenario_pageModeIsnt_"+d);f("item"==e||"layout"==e,"zenario_slotWand_on","zenario_slotWand_off");
-f("layout"==e,"zenario_pageMode_template","zenario_pageModeIsnt_template");"item"==e||"layout"==e?$("body").addClass("zenario_slotWand_on").removeClass("zenario_slotWand_off"):$("body").addClass("zenario_slotWand_off").removeClass("zenario_slotWand_on");"item"!=e&&"layout"!=e||!h.showGridOn?a._sGOO(!1):a._sGOO(!0);h.toolbar=b;h.pageMode=e;h.toolbarTabGrouping=c;h._sPM(!0);a._d()}}};a.gridOverlayDiv=null;a.showGridOnOff=function(b){if(b){if(!a.gridOverlayDiv){var c=!1;$(".container").each(function(t,
-u){c=u});if(c){b=c.className;var e=b.m(/container_(\d+)/);e=e?e[1]:0;var f=v.getElementById("zenario_citem"),d=f.firstElementChild,k=(d=d?d.firstElementChild:!1)&&"row"==d.className?!0:!1;d=k?'<div class="row">':"";for(var n=1;n<=e;++n)d+='<div class="span span1 span1_'+e,1==n?d+=" alpha":n==e&&(d+=" omega"),d+=' slot"></div>';d+=k?"</div>":"";e=v.createElement("div");e.innerHTML=d;e.style.position="relative";e.className="zenario_grid_overlay_view "+b;e.style.top="-"+f.offsetHeight+"px";e.style.height=
-f.offsetHeight+"px";f.style.position="relative";f.appendChild(e);a.gridOverlayDiv=e}}}else a.gridOverlayDiv&&(a.gridOverlayDiv.remove(),delete a.gridOverlayDiv)};a.clickButton=function(b,c){h._cFE()&&a._a(a.tuix.sections[b].buttons[c])};a.organizerQuick=function(b,c,e,f,d,k,n){k&&!h._dr(n.id,!0)||a._a({organizer_quick:{path:b,target_path:c,min_path:c,max_path:e?c:!1,disallow_refiners_looping_on_min_path:!0,reload_slot:f,reload_menu_slots:d,reload_admin_toolbar:!0}});return!1};a.action=function(b){h._cSC();
-h._cMP();if(!p._cAU(b))return!1;if(b.organizer_quick){var c="",e={},f=!1;b.organizer_quick.reload_slot&&g.slots[b.organizer_quick.reload_slot]&&g.slots[b.organizer_quick.reload_slot].instanceId&&(f=b.organizer_quick.reload_slot,c+=g.slots[b.organizer_quick.reload_slot].instanceId,e[g.slots[b.organizer_quick.reload_slot].instanceId]=!0);r(b.organizer_quick.reload_menu_slots)&&$(".zenario_showSlotInMenuMode .zenario_slot").each(function(d,k){k.id&&"plgslt_"==k.id.substr(0,7)&&(d=k.id.substr(7),g.slots[d]&&
-g.slots[d].instanceId&&!e[g.slots[d].instanceId]&&(f?c+=",":f=d,c+=g.slots[d].instanceId,e[g.slots[d].instanceId]=!0))});h._oQ(b.organizer_quick.path,b.organizer_quick.target_path,b.organizer_quick.min_path,b.organizer_quick.max_path,r(b.organizer_quick.disallow_refiners_looping_on_min_path),f,c,r(b.organizer_quick.reload_admin_toolbar)?"zenarioAT":!1)}else p._a(a,b)};a.getKey=function(b){return{id:g.cType+"_"+g.cID,cID:g.cID,cType:g.cType,cVersion:g.cVersion}};a.getKeyId=function(b){return g.cType+
-"_"+g.cID};a.getLastKeyId=function(b){return a._gKI(b)};a.applyMergeFields=function(b,c,e,f){return b};a.applyMergeFieldsToLabel=function(b,c,e,f){return b};a.pickItems=function(b,c,e){b={};for(var f in c)q(c,f)&&("id"==f?b[f]=c[f]:"parent__"!=f.substr(0,8)&&(b["child__"+f]=c[f]));if(a.postPickItemsObject)p._a(a,a.postPickItemsObject,!0,l,l,b);else if(a.actionTarget){for(var d in b)q(b,d)&&(a.actionRequests[d]=b[d]);a._a2()}a.postPickItemsObject=!1};a.goNum=0;a.action2=function(){if(a.actionTarget){var b=
-++a.goNum;h._nDS("saving");g._a(a.actionTarget,a.actionRequests,!1,!1,!0).after(function(c){b==a.goNum&&(h._nDS(!1),c?h._sM(c):g._gTU(g._lTI(g.cID,g.cType,h.importantGetRequests)))})}a.actionTarget=!1;delete a.actionRequests};a.uploadComplete=function(){};a.slotDisabled=function(b){b=$("#plgslt_"+b+"-wrap");return"layout"==h.toolbar?b.hasClass("zenario_hideSlotInLayoutMode")||b.hasClass("zenario_level1"):b.hasClass("zenario_hideSlotInItemMode")||b.hasClass("zenario_level2")};a.draw=function(){var b=
-{tabs:[],sections:{}},c=-1,e=a.tuix,f;for(n in a.sortedToolbars)if(q(a.sortedToolbars,n)){var d=a.sortedToolbars[n],k=e.toolbars[d];p._h(l,a,l,d,l,l,l,l,k)||(b.tabs[++c]={id:d,parent:k.parent,css_class:k.css_class,label:k.label,warning_icon:k.warning_icon,tooltip:k.tooltip,toolbar_microtemplate:k.toolbar_microtemplate,selected:d==h.toolbar,groupingActive:(k.toolbar_tab_grouping||"edit")==h.toolbarTabGrouping},d==h.toolbar&&(b.toolbar_microtemplate=k.toolbar_microtemplate))}p._sK(b.tabs,"zenario_at_tab_with_children");
-for(f in e.sections)if(q(e.sections,f)&&(c=e.sections[f])){var n=-1;d=[];var t,u;if(a.sortedButtons[f]&&!p._h(l,a,l,f,l,l,l,c)){for(t in a.sortedButtons[f])if(q(a.sortedButtons[f],t)){k=a.sortedButtons[f][t];var m=c.buttons[k];p._h(l,a,l,k,m,l,l,c)||m.appears_in_toolbars&&!r(m.appears_in_toolbars[h.toolbar])||(d[++n]={id:k,css_class:m.css_class||"label_without_icon",label:m.label||m.name,parent:m.parent,tuix:m},(u=d[n].disabled=m.disabled||A(m.disabled_if)&&p._e(m.disabled_if,a,l,l,k,m,l,l,c))||(m.navigation_path?
-d[n].href=g._aBP(y.zenarioATLinks.organizer+"#"+m.navigation_path):m.frontend_link&&(d[n].href=g._aBP(m.frontend_link)),m.onclick?d[n].onclick=m.onclick:d[n].href||(d[n].onclick="zenarioAT._cB('"+w(f)+"', '"+w(k)+"'); return false;")),m.onmouseover&&(d[n].onmouseover=m.onmouseover),d[n].tooltip=u&&m.disabled_tooltip||m.tooltip)}p._sK(d,"zenario_at_button_with_children")}b.sections[f]=d}B("zenario_at_wrap").innerHTML=p._mT("zenario_toolbar",b);h._to("#zenario_at_wrap a[title]");h._to("#zenario_at_wrap div[title]");
-h._to("#zenario_at_wrap ul ul a[title]",{position:{my:"left+2 center",at:"right center",collision:"flipfit"}});h._sTITL("#zenario_at_lower_section .zenario_at_infobar",l,h.tooltipLengthThresholds.adminToolbarTitle)};a.sort=function(){a.sortedToolbars=[];if(a.tuix.toolbars)for(var b in a.tuix.toolbars)if(q(a.tuix.toolbars,b)){var c=a.tuix.toolbars[b];c&&a.sortedToolbars.push([b,c.ord])}a.sortedToolbars.sort(p.sortArray);for(b in a.sortedToolbars)q(a.sortedToolbars,b)&&(a.sortedToolbars[b]=a.sortedToolbars[b][0]);
-a.sortedButtons={};for(var e in a.tuix.sections)q(a.tuix.sections,e)&&a.tuix.sections[e]&&a._sB(e)};a.sortButtons=function(b){a.sortedButtons[b]=[];if(a.tuix.sections[b].buttons)for(var c in a.tuix.sections[b].buttons)if(q(a.tuix.sections[b].buttons,c)){var e=a.tuix.sections[b].buttons[c];e&&a.sortedButtons[b].push([c,e.ord])}a.sortedButtons[b].sort(p.sortArray);for(c in a.sortedButtons[b])q(a.sortedButtons[b],c)&&(a.sortedButtons[b][c]=a.sortedButtons[b][c][0])};a.customiseOrganizerLink=function(b,
-c){if(b)if("#"!=b.substr(0,1)&&(b="#"+b),c){if(b=="#zenario__content/panels/content/refiners/content_type//"+g.cType+"//")return"#zenario__content/panels/content/refiners/content_type//"+g.cType+"//"+g.cType+"_"+g.cID}else{if("#zenario__content/panels/content/refiners/content_type//html//"==b)return"#zenario__content/panels/content/refiners/content_type//"+g.cType+"//"+g.cType+"_"+g.cID;if(b=="#zenario__menu/panels/by_language/item//"+h.siteSettings.default_language+"//item//1//"&&a.tuix.meta_info.menu_organizer_path)return"#"+
-a.tuix.meta_info.menu_organizer_path}return b};g._sN(a)});
+'use strict';zenario.lib(function(l,x,u,y,C,D,h,k,p,E,a,F,z,A,t,B,G,v,H,I,J,q){k.toolbar="preview";a.setURL=function(){return a.url=x+"zenario/admin/admin_toolbar.ajax.php?get="+z(JSON.stringify(k.importantGetRequests))+h._uR(a._gK())};a.runOnInit=[];a.init=function(b){b&&a.loadedBefore||(a.loaded=!1,a.loadedBefore=!0,h._a(a._sU(),!1,!0,!0,!0,!0,l,7500).after(a.init2))};a.init2=function(b){$(u).ready(function(){a._sU();a.tuix=b;a._s();a._d();a.loaded=!0;a.loadedBefore=!0;for(var c in a.runOnInit)if(q(a.runOnInit,
+c))a.runOnInit[c]();a.runOnInit=[];b.lock_warning&&k._lT(b.lock_warning,"zenario_lock_warning")})};a.clickTab=function(b){if(k._cFE()){var c;if(c=a.tuix&&a.tuix.toolbars&&a.tuix.toolbars[b]){k._cSC();k._cMP();a._a(c);c=c.page_mode||b;b.substr(0,4);var d=zenarioL.set,g,e={preview:0,edit_disabled:0,edit:0,rollback:0,item:0,menu:0,layout:0};for(g in e)d(c==g,"zenario_pageMode_"+g,"zenario_pageModeIsnt_"+g);d("item"==c||"layout"==c,"zenario_slotWand_on","zenario_slotWand_off");d("layout"==c,"zenario_pageMode_template",
+"zenario_pageModeIsnt_template");"item"==c||"layout"==c?$("body").addClass("zenario_slotWand_on").removeClass("zenario_slotWand_off"):$("body").addClass("zenario_slotWand_off").removeClass("zenario_slotWand_on");"item"!=c&&"layout"!=c||!k.showGridOn?a._sGOO(!1):a._sGOO(!0);k.toolbar=b;k.pageMode=c;k._sPM(!0);a._d()}}};a.gridOverlayDiv=null;a.showGridOnOff=function(b){if(b){if(!a.gridOverlayDiv){var c=!1;$(".container").each(function(n,r){c=r});if(c){b=c.className;var d=b.m(/container_(\d+)/);d=d?
+d[1]:0;var g=u.getElementById("zenario_citem"),e=g.firstElementChild,m=(e=e?e.firstElementChild:!1)&&"row"==e.className?!0:!1;e=m?'<div class="row">':"";for(var f=1;f<=d;++f)e+='<div class="span span1 span1_'+d,1==f?e+=" alpha":f==d&&(e+=" omega"),e+=' slot"></div>';e+=m?"</div>":"";d=u.createElement("div");d.innerHTML=e;d.style.position="relative";d.className="zenario_grid_overlay_view "+b;d.style.top="-"+g.offsetHeight+"px";d.style.height=g.offsetHeight+"px";g.style.position="relative";g.appendChild(d);
+a.gridOverlayDiv=d}}}else a.gridOverlayDiv&&(a.gridOverlayDiv.remove(),delete a.gridOverlayDiv)};a.clickButton=function(b,c){k._cFE()&&a._a(a.tuix.sections[b].buttons[c])};a.organizerQuick=function(b,c,d,g,e,m,f){m&&!k._dr(f.id,!0)||a._a({organizer_quick:{path:b,target_path:c,min_path:c,max_path:d?c:!1,disallow_refiners_looping_on_min_path:!0,reload_slot:g,reload_menu_slots:e,reload_admin_toolbar:!0}});return!1};a.action=function(b){k._cSC();k._cMP();if(!p._cAU(b))return!1;if(b.organizer_quick){var c=
+"",d={},g=!1;b.organizer_quick.reload_slot&&h.slots[b.organizer_quick.reload_slot]&&h.slots[b.organizer_quick.reload_slot].instanceId&&(g=b.organizer_quick.reload_slot,c+=h.slots[b.organizer_quick.reload_slot].instanceId,d[h.slots[b.organizer_quick.reload_slot].instanceId]=!0);t(b.organizer_quick.reload_menu_slots)&&$(".zenario_showSlotInMenuMode .zenario_slot").each(function(e,m){m.id&&"plgslt_"==m.id.substr(0,7)&&(e=m.id.substr(7),h.slots[e]&&h.slots[e].instanceId&&!d[h.slots[e].instanceId]&&(g?
+c+=",":g=e,c+=h.slots[e].instanceId,d[h.slots[e].instanceId]=!0))});k._oQ(b.organizer_quick.path,b.organizer_quick.target_path,b.organizer_quick.min_path,b.organizer_quick.max_path,t(b.organizer_quick.disallow_refiners_looping_on_min_path),g,c,t(b.organizer_quick.reload_admin_toolbar)?"zenarioAT":!1)}else p._a(a,b)};a.getKey=function(b){return{id:h.cType+"_"+h.cID,cID:h.cID,cType:h.cType,cVersion:h.cVersion}};a.getKeyId=function(b){return h.cType+"_"+h.cID};a.getLastKeyId=function(b){return a._gKI(b)};
+a.applyMergeFields=function(b,c,d,g){return b};a.applyMergeFieldsToLabel=function(b,c,d,g){return b};a.pickItems=function(b,c,d){b={};for(var g in c)q(c,g)&&("id"==g?b[g]=c[g]:"parent__"!=g.substr(0,8)&&(b["child__"+g]=c[g]));if(a.postPickItemsObject)p._a(a,a.postPickItemsObject,!0,l,l,b);else if(a.actionTarget){for(var e in b)q(b,e)&&(a.actionRequests[e]=b[e]);a._a2()}a.postPickItemsObject=!1};a.goNum=0;a.action2=function(){if(a.actionTarget){var b=++a.goNum;k._nDS("saving");h._a(a.actionTarget,
+a.actionRequests,!1,!1,!0).after(function(c){b==a.goNum&&(k._nDS(!1),c?k._sM(c):h._gTU(h._lTI(h.cID,h.cType,k.importantGetRequests)))})}a.actionTarget=!1;delete a.actionRequests};a.uploadComplete=function(){};a.slotDisabled=function(b){b=$("#plgslt_"+b+"-wrap");return"layout"==k.toolbar?b.hasClass("zenario_hideSlotInLayoutMode")||b.hasClass("zenario_level1"):b.hasClass("zenario_hideSlotInItemMode")||b.hasClass("zenario_level2")};a.draw=function(){var b={tabs:[],sections:{}},c=-1,d=a.tuix,g,e=(k.toolbar&&
+d.toolbars[k.toolbar]||{}).toolbar_tab_grouping||"edit";for(n in a.sortedToolbars)if(q(a.sortedToolbars,n)){var m=a.sortedToolbars[n],f=d.toolbars[m];p._h(l,a,l,m,l,l,l,l,f)||(b.tabs[++c]={id:m,parent:f.parent,css_class:f.css_class,label:f.label,warning_icon:f.warning_icon,tooltip:f.tooltip,toolbar_microtemplate:f.toolbar_microtemplate,selected:m==k.toolbar,groupingActive:(f.toolbar_tab_grouping||"edit")==e},m==k.toolbar&&(b.toolbar_microtemplate=f.toolbar_microtemplate))}p._sK(b.tabs,"zenario_at_tab_with_children");
+for(g in d.sections)if(q(d.sections,g)&&(c=d.sections[g])){e=-1;var n=[];var r,w;if(a.sortedButtons[g]&&!p._h(l,a,l,g,l,l,l,c)){for(r in a.sortedButtons[g])q(a.sortedButtons[g],r)&&(m=a.sortedButtons[g][r],f=c.buttons[m],p._h(l,a,l,m,f,l,l,c)||f.appears_in_toolbars&&!t(f.appears_in_toolbars[k.toolbar])||(n[++e]={id:m,css_class:f.css_class||"label_without_icon",label:f.label||f.name,parent:f.parent,tuix:f},(w=n[e].disabled=f.disabled||A(f.disabled_if)&&p._e(f.disabled_if,a,l,l,m,f,l,l,c))||(f.navigation_path?
+n[e].href=h._aBP(y.zenarioATLinks.organizer+"#"+f.navigation_path):f.frontend_link&&(n[e].href=h._aBP(f.frontend_link)),f.onclick?n[e].onclick=f.onclick:n[e].href||(n[e].onclick="zenarioAT._cB('"+v(g)+"', '"+v(m)+"'); return false;")),f.onmouseover&&(n[e].onmouseover=f.onmouseover),n[e].tooltip=w&&f.disabled_tooltip||f.tooltip));p._sK(n,"zenario_at_button_with_children")}b.sections[g]=n}B("zenario_at_wrap").innerHTML=p._mT("zenario_toolbar",b);k._to("#zenario_at_wrap a[title]");k._to("#zenario_at_wrap div[title]");
+k._to("#zenario_at_wrap ul ul a[title]",{position:{my:"left+2 center",at:"right center",collision:"flipfit"}});k._sTITL("#zenario_at_lower_section .zenario_at_infobar",l,k.tooltipLengthThresholds.adminToolbarTitle)};a.sort=function(){a.sortedToolbars=[];if(a.tuix.toolbars)for(var b in a.tuix.toolbars)if(q(a.tuix.toolbars,b)){var c=a.tuix.toolbars[b];c&&a.sortedToolbars.push([b,c.ord])}a.sortedToolbars.sort(p.sortArray);for(b in a.sortedToolbars)q(a.sortedToolbars,b)&&(a.sortedToolbars[b]=a.sortedToolbars[b][0]);
+a.sortedButtons={};for(var d in a.tuix.sections)q(a.tuix.sections,d)&&a.tuix.sections[d]&&a._sB(d)};a.sortButtons=function(b){a.sortedButtons[b]=[];if(a.tuix.sections[b].buttons)for(var c in a.tuix.sections[b].buttons)if(q(a.tuix.sections[b].buttons,c)){var d=a.tuix.sections[b].buttons[c];d&&a.sortedButtons[b].push([c,d.ord])}a.sortedButtons[b].sort(p.sortArray);for(c in a.sortedButtons[b])q(a.sortedButtons[b],c)&&(a.sortedButtons[b][c]=a.sortedButtons[b][c][0])};a.customiseOrganizerLink=function(b,
+c){if(b)if("#"!=b.substr(0,1)&&(b="#"+b),c){if(b=="#zenario__content/panels/content/refiners/content_type//"+h.cType+"//")return"#zenario__content/panels/content/refiners/content_type//"+h.cType+"//"+h.cType+"_"+h.cID}else{if("#zenario__content/panels/content/refiners/content_type//html//"==b)return"#zenario__content/panels/content/refiners/content_type//"+h.cType+"//"+h.cType+"_"+h.cID;if(b=="#zenario__menu/panels/by_language/item//"+k.siteSettings.default_language+"//item//1//"&&a.tuix.meta_info.menu_organizer_path)return"#"+
+a.tuix.meta_info.menu_organizer_path}return b};h._sN(a)});

@@ -3661,7 +3661,7 @@ methods.hierarchicalBoxes = function(cb, tab, id, value, field, thisField, readO
 			
 					//Include logic for unchecking children on deselection
 					if (existingParents[v]) {
-						onchange += "if (!this.checked) { $('#children_for___' + this.id + ' input').attr('checked', false); } ";
+						onchange += "if (!this.checked) { $('#children_for___' + this.id + ' input').prop('checked', false); } ";
 					}
 			
 					if (onchange) {

@@ -86,7 +86,7 @@ for(k in c)if(B(c,k)&&(l=c[k])){if(a.upload&&(f=z._dIIFO(l))&&(f=f.s("/"))&&f[1]
 {});var q=O._fOIN(b,l);var t=b.items&&b.items[l]||{missing:!0};d[l]=q;a.values[l]={missing:t.missing,image:t.image,css_class:t.css_class||b.item&&b.item.css_class,label:q}}else a.upload&&l==1*l&&(f=this.lookupFileDetails(l))?(this.setFileDetails(a,f),d[l]=a.values[l]):d[l]=l;!1===a._display_value&&(a._display_value=d[l])}return d};g.pickedItemsValue=function(a){var c,d="";if(a)for(c in a)B(a,c)&&(d+=(""===d?"":",")+c);return d};g.displaySelectedItems=function(a,c,d,b){m(c)||(c=this.field(a,b));m(d)||
 (d=this.value(a,b));a=this.pickedItemsArray(c,d);return _._isEm(a)?w(d)?d:m(c.empty_value)?c.empty_value:"":_._tA(a).join(", ")};g.hierarchicalBoxes=function(a,c,d,b,e,f,k,l,q,t,p,r,A){var E=this,N=1*e.cols||1,n=0,u="",Q=!1;if(!A)A=0,N=1*e.cols_at_top_level||N;else if(10<A)return"";r||(r={});p&&(r[p]=!0);A&&(u+=ja("class","zenario_hierarchical_box_children","id","children_for___"+d+"___"+p,">"));for(var C in q)if(B(q,C)){var F={};var y=q[C];y==1*y&&(y*=1);var M=h;var da="object"==typeof e.values[y]?
 e.values[y]:{label:e.values[y]};e.tag_colors&&(F.tag_color=e.tag_colors[y]||"blue");M=da.parent;"0"===M&&(M=!1);if(!p&&!M||p==M){M=b?!0===b||1===b||"1"===b?!0===y||1===y||"1"===y:l?m(l[y])?!0:!1:y==b:!y;if(!k||M||!e.hide_unselected_values_when_readonly||t[y]){F.checked=M;if(F.newRow=++n>N)n=1;F.col=n;F.cols=N;if("checkboxes"==e.type&&w(e.checking_child_checks_parents)){var S="";p&&(S+="if (this.checked) { for (var cb in "+JSON.stringify(r)+") { "+E.globalName+".get('"+J(d)+"___' + cb).checked = true; } } ");
-t[y]&&(S+="if (!this.checked) { $('#children_for___' + this.id + ' input').attr('checked', false); } ");S?f.onchange=e.onchange?S+" "+e.onchange:S:e.onchange?f.onchange=e.onchange:delete f.onchange}else"checkboxes"==e.type&&w(e.checking_parent_checks_children)&&(S="",t[y]&&(S+="if (this.checked) { $('#children_for___' + this.id + ' input').each(function(i, el) {el.checked = true;}) }; "),S?f.onchange=e.onchange?S+" "+e.onchange:S:e.onchange?f.onchange=e.onchange:delete f.onchange);F.lovId=d+"___"+
+t[y]&&(S+="if (!this.checked) { $('#children_for___' + this.id + ' input').prop('checked', false); } ");S?f.onchange=e.onchange?S+" "+e.onchange:S:e.onchange?f.onchange=e.onchange:delete f.onchange}else"checkboxes"==e.type&&w(e.checking_parent_checks_children)&&(S="",t[y]&&(S+="if (this.checked) { $('#children_for___' + this.id + ' input').each(function(i, el) {el.checked = true;}) }; "),S?f.onchange=e.onchange?S+" "+e.onchange:S:e.onchange?f.onchange=e.onchange:delete f.onchange);F.lovId=d+"___"+
 y;F.lovField=da;e.indeterminates&&w(e.indeterminates[y])&&function(aa){a.after(function(){var ma;if(ma=E.get(aa))ma.indeterminate=!0})}(F.lovId);F.lovHTML=E.drawField(a,c,d,f,h,h,h,h,h,y,M,!1,q,t,da);F.childrenHTML="";t[y]&&(F.childrenHTML=E.hierarchicalBoxes(a,c,d,b,e,f,k,l,q,t,y,_._ex({},r),A+1),n=0);Q?(E.splitValues||(E.splitValues={}),E.splitValues[d]||(E.splitValues[d]=""),E.splitValues[d]+=E.microTemplate(E.mtPrefix+"_radio_or_checkbox",F)):u+=E.microTemplate(E.mtPrefix+"_radio_or_checkbox",
 F)}M&&da.split_values_if_selected&&!A&&"radios"===e.type&&(Q=!0)}}A&&(u+="</div>");return u};g.drawPickedItem=function(a,c,d,b,e){m(d)||(d=this.field(c));label=d.values&&d.values[a];pick_items=d.pick_items||{};thumbnail={};mi={};_._isOb(label)?_._ex(mi,label):label?mi.label=label:(mi.label=a,mi.missing=!0);mi.id=c;mi.item=a;mi.readOnly=b;mi.width&&mi.height&&((a=mi.checksum||mi.short_checksum)?(thumbnail.src=G+"zenario/file.php?c="+wa(a)+"&og=1",mi.usage&&(thumbnail.src+="&usage="+wa(mi.usage))):
 mi.link&&(thumbnail.src=z._aBP(mi.link)),thumbnail.src&&(L._rI(mi.width,mi.height,180,120,thumbnail),mi.thumbnail=thumbnail));return this.drawPickedItem2(c,pick_items,e,mi)};g.drawPickedItem2=function(a,c,d,b){var e=this;return d?(e.__addTT=!0,setTimeout(function(){e.__addTT&&e.tooltips("#name_for_"+a+" .Dropdown *[title]");delete e.__addTT},1),e.microTemplate(c.dropdown_item_microtemplate||e.mtPrefix+"_dropdown_item",b)):e.microTemplate(c.picked_item_microtemplate||e.mtPrefix+"_picked_item",b)};

@@ -32,7 +32,7 @@
 if (empty($_GET['langId'])) {
 	exit;
 }
-$langId = $_GET['langId'];
+$langId = preg_replace('@[^\w\.-]@', '', $_GET['langId']);
 
 $ETag = 'zenario-visitor-phrases-'. $langId. '-';
 ze\cache::useBrowserCache($ETag);

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2013 Alister Norris
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
\ No newline at end of file

@@ -0,0 +1,31 @@
+SVG Sanitizer

+======

+

+Whitelist-based PHP SVG sanitizer.

+

+Usage

+-----

+

+```php

+<?php

+

+// load

+require_once('SvgSanitizer.php');

+$svg = new SvgSanitizer();

+

+// load SVG

+$svg->load("evil.svg");

+

+// sanitize!

+$svg->sanitize();

+

+// Print out sanitized SVG

+echo $svg->saveSVG();

+

+?>

+```

+

+License

+-------

+

+[MIT](http://opensource.org/licenses/MIT)
\ No newline at end of file

@@ -0,0 +1,112 @@
+<?php
+/**
+ *  SVGSantiizer
+ * 
+ *  Whitelist-based PHP SVG sanitizer.
+ * 
+ *  @link https://github.com/alister-/SVG-Sanitizer}
+ *  @author Alister Norris
+ *  @copyright Copyright (c) 2013 Alister Norris
+ *  @license http://opensource.org/licenses/mit-license.php The MIT License
+ *  @package svgsanitizer
+ */
+
+class SvgSanitizer {
+	
+	private $xmlDoc;				// PHP XML DOMDocument
+
+	// defines the whitelist of elements and attributes allowed.
+	private static $whitelist = [
+		'a' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'id' => true, 'mask' => true, 'opacity' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true, 'href' => true, 'xlink:href' => true, 'xlink:title' => true],
+		'circle' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'cx' => true, 'cy' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'id' => true, 'mask' => true, 'opacity' => true, 'r' => true, 'requiredFeatures' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true],
+		'clipPath' => ['class' => true, 'clipPathUnits' => true, 'id' => true],
+		'defs' => [],
+	    'style' => ['type' => true],
+		'desc' => [],
+		'ellipse' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'cx' => true, 'cy' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'id' => true, 'mask' => true, 'opacity' => true, 'requiredFeatures' => true, 'rx' => true, 'ry' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true],
+		'feGaussianBlur' => ['class' => true, 'color-interpolation-filters' => true, 'id' => true, 'requiredFeatures' => true, 'stdDeviation' => true],
+		'filter' => ['class' => true, 'color-interpolation-filters' => true, 'filterRes' => true, 'filterUnits' => true, 'height' => true, 'id' => true, 'primitiveUnits' => true, 'requiredFeatures' => true, 'width' => true, 'x' => true, 'xlink:href' => true, 'y' => true],
+		'foreignObject' => ['class' => true, 'font-size' => true, 'height' => true, 'id' => true, 'opacity' => true, 'requiredFeatures' => true, 'style' => true, 'transform' => true, 'width' => true, 'x' => true, 'y' => true],
+		'g' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'id' => true, 'display' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'mask' => true, 'opacity' => true, 'requiredFeatures' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true, 'font-family' => true, 'font-size' => true, 'font-style' => true, 'font-weight' => true, 'text-anchor' => true],
+		'image' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'filter' => true, 'height' => true, 'id' => true, 'mask' => true, 'opacity' => true, 'requiredFeatures' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true, 'width' => true, 'x' => true, 'xlink:href' => true, 'xlink:title' => true, 'y' => true],
+		'line' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'id' => true, 'marker-end' => true, 'marker-mid' => true, 'marker-start' => true, 'mask' => true, 'opacity' => true, 'requiredFeatures' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true, 'x1' => true, 'x2' => true, 'y1' => true, 'y2' => true],
+		'linearGradient' => ['class' => true, 'id' => true, 'gradientTransform' => true, 'gradientUnits' => true, 'requiredFeatures' => true, 'spreadMethod' => true, 'systemLanguage' => true, 'x1' => true, 'x2' => true, 'xlink:href' => true, 'y1' => true, 'y2' => true],
+		'marker' => ['id' => true, 'class' => true, 'markerHeight' => true, 'markerUnits' => true, 'markerWidth' => true, 'orient' => true, 'preserveAspectRatio' => true, 'refX' => true, 'refY' => true, 'systemLanguage' => true, 'viewBox' => true],
+		'mask' => ['class' => true, 'height' => true, 'id' => true, 'maskContentUnits' => true, 'maskUnits' => true, 'width' => true, 'x' => true, 'y' => true],
+		'metadata' => ['class' => true, 'id' => true],
+		'path' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'd' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'id' => true, 'marker-end' => true, 'marker-mid' => true, 'marker-start' => true, 'mask' => true, 'opacity' => true, 'requiredFeatures' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true],
+		'pattern' => ['class' => true, 'height' => true, 'id' => true, 'patternContentUnits' => true, 'patternTransform' => true, 'patternUnits' => true, 'requiredFeatures' => true, 'style' => true, 'systemLanguage' => true, 'viewBox' => true, 'width' => true, 'x' => true, 'xlink:href' => true, 'y' => true],
+		'polygon' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'id' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'id' => true, 'class' => true, 'marker-end' => true, 'marker-mid' => true, 'marker-start' => true, 'mask' => true, 'opacity' => true, 'points' => true, 'requiredFeatures' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true],
+		'polyline' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'id' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'marker-end' => true, 'marker-mid' => true, 'marker-start' => true, 'mask' => true, 'opacity' => true, 'points' => true, 'requiredFeatures' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true],
+		'radialGradient' => ['class' => true, 'cx' => true, 'cy' => true, 'fx' => true, 'fy' => true, 'gradientTransform' => true, 'gradientUnits' => true, 'id' => true, 'r' => true, 'requiredFeatures' => true, 'spreadMethod' => true, 'systemLanguage' => true, 'xlink:href' => true],
+		'rect' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'height' => true, 'id' => true, 'mask' => true, 'opacity' => true, 'requiredFeatures' => true, 'rx' => true, 'ry' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true, 'width' => true, 'x' => true, 'y' => true],
+		'stop' => ['class' => true, 'id' => true, 'offset' => true, 'requiredFeatures' => true, 'stop-color' => true, 'stop-opacity' => true, 'style' => true, 'systemLanguage' => true],
+		'svg' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'filter' => true, 'id' => true, 'height' => true, 'mask' => true, 'preserveAspectRatio' => true, 'requiredFeatures' => true, 'style' => true, 'systemLanguage' => true, 'viewBox' => true, 'width' => true, 'x' => true, 'xmlns' => true, 'xmlns:se' => true, 'xmlns:xlink' => true, 'y' => true],
+		'switch' => ['class' => true, 'id' => true, 'requiredFeatures' => true, 'systemLanguage' => true],
+		'symbol' => ['class' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'font-family' => true, 'font-size' => true, 'font-style' => true, 'font-weight' => true, 'id' => true, 'opacity' => true, 'preserveAspectRatio' => true, 'requiredFeatures' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true, 'viewBox' => true],
+		'text' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'font-family' => true, 'font-size' => true, 'font-style' => true, 'font-weight' => true, 'id' => true, 'mask' => true, 'opacity' => true, 'requiredFeatures' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'text-anchor' => true, 'transform' => true, 'x' => true, 'xml:space' => true, 'y' => true],
+		'textPath' => ['class' => true, 'id' => true, 'method' => true, 'requiredFeatures' => true, 'spacing' => true, 'startOffset' => true, 'style' => true, 'systemLanguage' => true, 'transform' => true, 'xlink:href' => true],
+		'title' => [],
+		'tspan' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'dx' => true, 'dy' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'font-family' => true, 'font-size' => true, 'font-style' => true, 'font-weight' => true, 'id' => true, 'mask' => true, 'opacity' => true, 'requiredFeatures' => true, 'rotate' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'systemLanguage' => true, 'text-anchor' => true, 'textLength' => true, 'transform' => true, 'x' => true, 'xml:space' => true, 'y' => true],
+		'use' => ['class' => true, 'clip-path' => true, 'clip-rule' => true, 'fill' => true, 'fill-opacity' => true, 'fill-rule' => true, 'filter' => true, 'height' => true, 'id' => true, 'mask' => true, 'stroke' => true, 'stroke-dasharray' => true, 'stroke-dashoffset' => true, 'stroke-linecap' => true, 'stroke-linejoin' => true, 'stroke-miterlimit' => true, 'stroke-opacity' => true, 'stroke-width' => true, 'style' => true, 'transform' => true, 'width' => true, 'x' => true, 'xlink:href' => true, 'y' => true],
+	];
+
+	function __construct() {
+		$this->xmlDoc = new DOMDocument();
+		$this->xmlDoc->preserveWhiteSpace = false;
+	}
+
+	//Load the SVG data from a file
+	function load($file) {
+		$this->xmlDoc->load($file);
+	}
+	
+	//Remove any elements from the XML that are unrelated to SVGs
+	function sanitize() {
+		
+		//Get every element in the document, and loop through them all
+		$allElements = $this->xmlDoc->getElementsByTagName("*");
+
+		for ($i = 0; $i < $allElements->length; $i++) {
+			$currentNode = $allElements->item($i);
+			
+			//Remove any elements not on the whitelist
+			if (!isset(self::$whitelist[$currentNode->tagName])) {
+		        $currentNode->parentNode->removeChild($currentNode);
+		        $i--;
+		    
+		    } else {
+				$attributesWhitelist = self::$whitelist[$currentNode->tagName];
+				$attributesToRemove = [];
+				
+				//If the element is allowed, loop through checking its attributes v.s. the attributes allowed for that element
+				for ($j = 0; $j < $currentNode->attributes->length; $j++) {
+					$attrName = $currentNode->attributes->item($j)->name;
+					
+					if (!isset($attributesWhitelist[$attrName])) {
+						$attributesToRemove[] = $attrName;
+					}
+				}
+				
+				//Remove any blocked attributes
+				if (!empty($attributesToRemove)) {
+					foreach ($attributesToRemove as $attrName) {
+						$currentNode->removeAttribute($attrName);
+					}
+				}
+		    }	
+		}
+	}
+
+	function saveSVG() {
+		$this->xmlDoc->formatOutput = true;
+		return($this->xmlDoc->saveXML());
+	}
+
+	function save($file) {
+		$this->xmlDoc->formatOutput = true;
+		return($this->xmlDoc->save($file));
+	}
+}
+
+?>
\ No newline at end of file

@@ -0,0 +1,2 @@
+- When an illegal element is found, script deletes all child nodes as well, need this to stop
+- 
\ No newline at end of file

@@ -0,0 +1,6 @@
+Usually we use these "zenario_modifications.txt" files to list small changes we've made.

+But in this case, we've pretty much had to rewrite the entire module!

+

+Fixed several PHP errors in the code.

+Rewrote the sanitize() function to fix an infinite loop when scanning attributes.

+Added a wrapper for the xmlDoc->save() method.
\ No newline at end of file

@@ -1,45 +0,0 @@
-{
-  "systemParams": "darwin-x64-72",
-  "modulesFolders": [
-    "zenario/libs/yarn"
-  ],
-  "flags": [],
-  "linkedModules": [],
-  "topLevelPatterns": [
-    "bez@*",
-    "cytoscape@*",
-    "jquery-lazy@*",
-    "jquery-multiselect@*",
-    "jquery@*",
-    "mdn-polyfills@*",
-    "respond.js@*",
-    "spectrum-colorpicker@*",
-    "toastr@*",
-    "underscore.string@*",
-    "vimeo-upload@*",
-    "wowjs@*"
-  ],
-  "lockfileEntries": {
-    "animate.css@latest": "https://registry.yarnpkg.com/animate.css/-/animate.css-3.7.2.tgz#e73e0d50e92cb1cfef1597d9b38a9481020e08ea",
-    "bez@*": "https://registry.yarnpkg.com/bez/-/bez-0.1.0.tgz#e32bfdc817c8b75bfb67ffe58e96568e77562b19",
-    "cytoscape@*": "https://registry.yarnpkg.com/cytoscape/-/cytoscape-3.11.0.tgz#c5fca7c8b3a01ba24b4d7b8f3eddb1e99d395ed3",
-    "heap@^0.2.6": "https://registry.yarnpkg.com/heap/-/heap-0.2.6.tgz#087e1f10b046932fc8594dd9e6d378afc9d1e5ac",
-    "jquery-lazy@*": "https://registry.yarnpkg.com/jquery-lazy/-/jquery-lazy-1.7.10.tgz#aa3d43d058bf1ea89284214f4521f6d9a162d051",
-    "jquery-multiselect@*": "https://registry.yarnpkg.com/jquery-multiselect/-/jquery-multiselect-1.0.0.tgz#2b3125fd109bfbef1d4be54dc847143678c71b2c",
-    "jquery@*": "https://registry.yarnpkg.com/jquery/-/jquery-3.4.1.tgz#714f1f8d9dde4bdfa55764ba37ef214630d80ef2",
-    "jquery@>=1.12.0": "https://registry.yarnpkg.com/jquery/-/jquery-3.4.1.tgz#714f1f8d9dde4bdfa55764ba37ef214630d80ef2",
-    "jquery@>=1.7.2": "https://registry.yarnpkg.com/jquery/-/jquery-3.4.1.tgz#714f1f8d9dde4bdfa55764ba37ef214630d80ef2",
-    "lodash.debounce@^4.0.8": "https://registry.yarnpkg.com/lodash.debounce/-/lodash.debounce-4.0.8.tgz#82d79bff30a67c4005ffd5e2515300ad9ca4d7af",
-    "mdn-polyfills@*": "https://registry.yarnpkg.com/mdn-polyfills/-/mdn-polyfills-5.19.0.tgz#5c2bef9015f53ecab35ec6169d3662a2671d032b",
-    "respond.js@*": "https://registry.yarnpkg.com/respond.js/-/respond.js-1.4.2.tgz#fd5c07450acce6090916d8d090b86b672dd9748b",
-    "spectrum-colorpicker@*": "https://registry.yarnpkg.com/spectrum-colorpicker/-/spectrum-colorpicker-1.8.0.tgz#b926cf5002c0a77860b5f8351e1c093c65200107",
-    "sprintf-js@^1.0.3": "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.2.tgz#da1765262bf8c0f571749f2ad6c26300207ae673",
-    "toastr@*": "https://registry.yarnpkg.com/toastr/-/toastr-2.1.4.tgz#8b43be64fb9d0c414871446f2db8e8ca4e95f181",
-    "underscore.string@*": "https://registry.yarnpkg.com/underscore.string/-/underscore.string-3.3.5.tgz#fc2ad255b8bd309e239cbc5816fd23a9b7ea4023",
-    "util-deprecate@^1.0.2": "https://registry.yarnpkg.com/util-deprecate/-/util-deprecate-1.0.2.tgz#450d4dc9fa70de732762fbd2d4a28981419a0ccf",
-    "vimeo-upload@*": "https://registry.yarnpkg.com/vimeo-upload/-/vimeo-upload-0.1.6.tgz#ad9f80230575d94f6d2da479c665410d21b949c2",
-    "wowjs@*": "https://registry.yarnpkg.com/wowjs/-/wowjs-1.1.3.tgz#440fc1bb4c7e896840ee47972296a2b59075acbd"
-  },
-  "files": [],
-  "artifacts": {}
-}
\ No newline at end of file

@@ -8,22 +8,22 @@ license_info: 'Modified BSD License'
 display_name: Comments (without login)
 description: |
     <p>This Module allows visitors, without needing to log in as an extranet user,
-to write comments on content items, thereby adding a useful
-                feedback feature to blogs and other content items.<p>
-            <p>The editor is a rich text editor, the features of which can be enabled
-                or disabled in the plugin's settings.</p>
-            <p>When a comment is added, an email notification can be sent to a specified
-                email address (typically a site administrator).
-                Template and this will be used to send the report.</p>
-            <p>Use the following fields in emails:</p>
-            <ul>
-                <li>[[cms_url]] - The URL to the website.</li>
-                <li>[[link]] - A link to the page.</li>
-                <li>[[message]] - The message that was just created or edited.</li>
-                <li>[[page_title]] - The title of the page.</li>
-                <li>[[poster_screen_name]] or [[poster_username]] - The name and/or email
-                    (If the option to display either the name and/or the email was enabled in the plugin settings.)</li>
-            </ul>
+        to write comments on content items, thereby adding a useful
+        feedback feature to blogs and other content items.<p>
+    <p>The editor is a rich text editor, the features of which can be enabled
+        or disabled in the plugin's settings.</p>
+    <p>When a comment is added, an email notification can be sent to a specified
+        email address (typically a site administrator).
+        Template and this will be used to send the report.</p>
+    <p>Use the following fields in emails:</p>
+    <ul>
+        <li>[[cms_url]] - The URL to the website.</li>
+        <li>[[link]] - A link to the page.</li>
+        <li>[[message]] - The message that was just created or edited.</li>
+        <li>[[page_title]] - The title of the page.</li>
+        <li>[[poster_screen_name]] or [[poster_username]] - The name and/or email
+            (If the option to display either the name and/or the email was enabled in the plugin settings.)</li>
+    </ul>
 category: management
 keywords: anonymous, comment, forum, post, chat, blog, message
 

@@ -348,7 +348,7 @@ <h1>
 						</div>
 						
 						<div class="comments_files_upload_form">
-							<label>{{"_UPLOAD_NEW_IMAGE"|trans}}</label><input name="filesToUpload[]" type="file" multiple="multiple" />
+							<label>{{"_UPLOAD_NEW_IMAGE"|trans}}</label><input name="filesToUpload[]" type="file" multiple="multiple" accept="image/gif,image/jpeg,image/png" />
 						</div>
 					{% endif %}
 					

@@ -2,6 +2,6 @@
 	<input type="text" value="{{m.label}}" data-id="{{m.id}}" <% if (m.readonly) { %> disabled readonly<% } %>/>
 	<div class="form_field_value_inline_buttons">
 		<span class="delete_icon" data-id="{{m.id}}">Delete</span>
+		<span class="drag_icon"></span>
 	</div>
-	<span class="drag_icon"></span>
 </div>
\ No newline at end of file

@@ -210,7 +210,7 @@ public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 			$box['key']['from_cType'] = $box['key']['cType'];
 		}
 
-		$contentType = ze\row::get('content_types', true, $box['key']['cType']);
+		$contentType = ze\row::get('content_types', true, $box['key']['cType'] ?: $box['key']['target_cType']);
 
 		$content = $version = $status = $tag = false;
 	
@@ -229,6 +229,8 @@ public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 			}
 		}
 
+		$allowPinning = ze\row::get('content_types', 'allow_pinned_content', ['content_type_id' => $box['key']['cType']]);
+		$fields['meta_data/pinned']['hidden'] = !$allowPinning;
 
 		if ($content) {
 			//On the language selector, disable languages for which translations already exist,
@@ -414,7 +416,6 @@ public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 				$values['file/s3_file_id'] = $version['s3_file_id'];
 				$values['file/s3_file_name'] = $version['s3_filename'];
 
-				$fields['meta_data/pinned']['hidden'] = !ze\row::get('content_types', 'allow_pinned_content', ['content_type_id' => $box['key']['cType']]);
 				$values['meta_data/pinned'] = $version['pinned'];
 				
 				if ($box['key']['cID'] && $contentType['enable_summary_auto_update']) {

@@ -196,6 +196,10 @@ public function saveAdminBox($path, $settingGroup, &$box, &$fields, &$values, $c
 			$cols[$t['overwrite']] = $values['slot/overwrite'];
 		}
 		
-		ze\row::update($t['table'], $cols, $t['key']);
+		if ($box['key']['level'] == 'item') {
+			ze\contentAdm::updateVersion($box['key']['cID'], $box['key']['cType'], $box['key']['cVersion'], $cols);
+		} else {
+			ze\row::update($t['table'], $cols, $t['key']);
+		}
 	}
 }

@@ -194,6 +194,11 @@ public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 
 		if ($box['key']['isVersionControlled'] || !$box['key']['instanceId']) {
 			unset($box['identifier']);
+		
+		} elseif ($box['key']['eggId']) {
+			$box['identifier']['label'] = ze\admin::phrase('Nested plugin');
+			$box['identifier']['value'] = ' ';
+			
 		} else {
 			$box['identifier']['value'] = ze\plugin::codeName($box['key']['instanceId'], $box['key']['moduleClassName']);
 			$box['identifier']['label'] = $ucPluginAdminName;

@@ -73,7 +73,7 @@ public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 
 		$box['tabs']['confirm']['hidden'] = false;
 		$box['tabs']['confirm']['fields']['module_start_desc']['hidden'] = false;
-		$box['tabs']['confirm']['fields']['module_start_desc']['snippet']['html'] = ze\admin::phrase('Start the module "[[class_name]]" ([[display_name]])?', $module);
+		$box['tabs']['confirm']['fields']['module_start_desc']['snippet']['p'] = ze\admin::phrase('Start the module "[[class_name]]" ([[display_name]])?', $module);
 		
 		
 		$perms = $labels = [];

@@ -38,6 +38,7 @@ public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 			if (!$document['thumbnail_id']) {
 				$fields['file/keep_thumbnail_image']['hidden'] = true;
 			}
+
 			if (!$document['extract_wordcount']) {
 				$fields['file/keep_extract_text']['hidden'] = true;
 			}
@@ -130,7 +131,9 @@ public function saveAdminBox($path, $settingGroup, &$box, &$fields, &$values, $c
 				$documentProperties = [
 					'file_id' => $newFileId,
 					'filename' => $replacementDocumentName,
-					'file_datetime' => date("Y-m-d H:i:s")
+					'file_datetime' => date("Y-m-d H:i:s"),
+					'extract_wordcount' => 0,
+					'extract' => NULL
 				];
 			
 				//Copy privacy settings if a document with the same file already exists
@@ -149,11 +152,13 @@ public function saveAdminBox($path, $settingGroup, &$box, &$fields, &$values, $c
 					if (!$values['file/keep_thumbnail_image']) {
 						$documentProperties['thumbnail_id'] = $extraProperties['thumbnail_id'] ?? 0;
 					}
+
 					if (!$values['file/keep_extract_text']) {
-						$documentProperties['extract'] = $extraProperties['extract'];
-						$documentProperties['extract_wordcount'] = $extraProperties['extract_wordcount'];
+						$documentProperties['extract'] = $extraProperties['extract'] ?? NULL;
+						$documentProperties['extract_wordcount'] = $extraProperties['extract_wordcount'] ?? 0;
 					}
 				}
+
 				ze\row::set('documents', $documentProperties, $documentId);
 				//If the old file had a public link, create a new public link for the new file and remake all redirects to point to it including the old file.
 				if ($publicLink && ze\cache::cleanDirs()) {
@@ -202,4 +207,4 @@ public function saveAdminBox($path, $settingGroup, &$box, &$fields, &$values, $c
 			}
 		}
 	}
-}
+}
\ No newline at end of file

@@ -428,7 +428,7 @@ public function handleOrganizerPanelAJAX($path, $ids, $ids2, $refinerName, $refi
 				ze\row::set('inline_images', [], $key);
 				
 				if (!$i) {
-					if (!$refinerName == 'images_for_content_item') {
+					if ($refinerName == 'images_for_content_item') {
 						self::setFirstUploadedImageAsFeatureImage($content, $id);
 					}
 				}

@@ -18,8 +18,9 @@ zenario_document_properties:
                 document_extension:
                     label: 'Extension:'
                     type: text
-                    maxlength: "255"
+                    maxlength: 255
                     hidden: true
+                    readonly: true
                     hide_in_dataset_editor: true
                     
                 document_title:
@@ -35,6 +36,7 @@ zenario_document_properties:
                     type: text
                     maxlength: 5
                     hidden: true
+                    readonly: true
                 date_uploaded:
                     label: 'Date uploaded:'
                     type: datetime

@@ -30,7 +30,7 @@ zenario_setup_module:
                     hidden: true
                     type: hidden
                     snippet:
-                        html: 'Start the module'
+                        p: 'Start the module'
                 grant_perms_desc:
                     ord: 10000
                     hidden: true

@@ -113,6 +113,7 @@ sections:
                     initialWidth: 100%
                     initialHeight: 100%
                     iframe: true
+                    escKey: false
                     fixed: true
                     transition: none
                     css_class: zenario_grid_maker

@@ -3,6 +3,7 @@
 zenario__users:
     panels:
         administrators:
+            priv: _PRIV_VIEW_ADMIN
             panel_type: list_with_caching_disabled
             title: Administrators
             no_items_message: This site has no administrators. Click "Create" to create one.

@@ -306,7 +306,7 @@ zenario__content:
                     hidden: true
                 layout:
                     priv: _PRIV_EDIT_CONTENT_ITEM_TEMPLATE
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     parent: action_dropdown
                     label: Change layout
@@ -326,7 +326,7 @@ zenario__content:
                 create_translation:
                     parent: action_dropdown
                     priv: _PRIV_CREATE_TRANSLATION_FIRST_DRAFT
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     label: |
                         Create a translation in [[lang_name]]
@@ -340,7 +340,7 @@ zenario__content:
                 add_existing_translation_to_chain:
                     parent: action_dropdown
                     priv: _PRIV_CREATE_TRANSLATION_FIRST_DRAFT
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     with_columns_set:
                         zenario_trans__can_link: true
@@ -367,7 +367,7 @@ zenario__content:
                 remove_translation_from_chain__identical_alias:
                     parent: action_dropdown
                     priv: _PRIV_DELETE_DRAFT
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     with_columns_set:
                         has_identical_alias_to_other_items: true
@@ -390,7 +390,7 @@ zenario__content:
                 remove_translation_from_chain__non_identical_alias:
                     parent: action_dropdown
                     priv: _PRIV_DELETE_DRAFT
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     without_columns_set:
                         ghost: true
@@ -410,7 +410,7 @@ zenario__content:
                 hide:
                     parent: action_dropdown
                     priv: _PRIV_HIDE_CONTENT_ITEM
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     hide_in_select_mode: true
                     label: Hide
@@ -441,12 +441,11 @@ zenario__content:
                 publish:
                     parent: action_dropdown
                     priv: _PRIV_PUBLISH_CONTENT_ITEM
-                    visible_if: |
-                        zenarioA.checkSpecificPerms(id)
                     hide_in_select_mode: true
                     label: Publish
                     multiple_select: true
                     visible_if_for_all_selected_items: |
+                        zenarioA.checkSpecificPerms(id) &&
                         item.not_locked &&
                         (item.draft || item.status == 'hidden')
                     without_columns_set:
@@ -486,8 +485,11 @@ zenario__content:
                         path: zenario_trash
                 delete_archives:
                     priv: _PRIV_HIDE_CONTENT_ITEM
-                    visible_if: |
+                    visible_if_for_any_selected_items: |
                         zenarioA.checkSpecificPerms(id)
+                        && item.archives_exist
+                    without_columns_set:
+                        ghost: true
                     parent: action_dropdown
                     hide_in_select_mode: true
                     label: Delete archived versions
@@ -506,8 +508,4 @@ zenario__content:
                             cancel_button_message: Cancel
                             message_type: warning
                         request:
-                            delete_archives: 1
-                    visible_if_for_any_selected_items: |
-                        item.archives_exist
-                    without_columns_set:
-                        ghost: true
\ No newline at end of file
+                            delete_archives: 1
\ No newline at end of file

@@ -813,10 +813,10 @@ zenario__content:
                 layout:
                     priv: _PRIV_EDIT_CONTENT_ITEM_TEMPLATE
                     visible_if: |
-                        zenarioA.checkSpecificPerms(id)
-                        && ((window.__selectedType = undefined) || true)
+                        ((window.__selectedType = undefined) || true)
                     visible_if_for_all_selected_items: |
-                        (window.__selectedType === item.type || window.__selectedType === undefined)
+                        zenarioA.checkSpecificPerms(id)
+                        && (window.__selectedType === item.type || window.__selectedType === undefined)
                         && (window.__selectedType = item.type)
                     # Note - a little bit of hacky code here, as we don't have proper support for a feature.
                     # What I'm trying to do is make sure that the button is only shown when the content type
@@ -831,12 +831,11 @@ zenario__content:
                     
                 publish:
                     priv: _PRIV_PUBLISH_CONTENT_ITEM
-                    visible_if: |
-                        zenarioA.checkSpecificPerms(id)
                     hide_in_select_mode: true
                     label: Publish...
                     multiple_select: true
                     visible_if_for_all_selected_items: |
+                        zenarioA.checkSpecificPerms(id) &&
                         item.not_locked &&
                         (item.draft || item.status == 'hidden')
                     without_columns_set:
@@ -1024,12 +1023,12 @@ zenario__content:
                 
                 cancel_scheduled_publish:
                     priv: _PRIV_PUBLISH_CONTENT_ITEM
-                    visible_if: |
-                        zenarioA.checkSpecificPerms(id)
+                    visible_if_for_all_selected_items: |
+                        item.scheduled_publish_datetime
+                        && zenarioA.checkSpecificPerms(id)
                     hide_in_select_mode: true
                     label: Cancel scheduled publish
                     multiple_select: true
-                    visible_if_for_all_selected_items: "item.scheduled_publish_datetime"
                     ajax:
                         confirm:
                             message: |
@@ -1146,7 +1145,7 @@ zenario__content:
                 create_draft_by_copying:
                     parent: action_dropdown
                     priv: _PRIV_CREATE_REVISION_DRAFT
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     with_columns_set:
                         not_locked: true
@@ -1174,7 +1173,7 @@ zenario__content:
                 create_draft_by_overwriting:
                     parent: action_dropdown
                     priv: _PRIV_CREATE_REVISION_DRAFT
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     with_columns_set:
                         draft: true
@@ -1227,7 +1226,7 @@ zenario__content:
                 delete:
                     parent: action_dropdown
                     priv: _PRIV_DELETE_DRAFT
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     hide_in_select_mode: true
                     label: Delete draft
@@ -1262,7 +1261,7 @@ zenario__content:
                 hide:
                     parent: action_dropdown
                     priv: _PRIV_HIDE_CONTENT_ITEM
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     hide_in_select_mode: true
                     label: Hide
@@ -1293,7 +1292,7 @@ zenario__content:
                 trash:
                     parent: action_dropdown
                     priv: _PRIV_HIDE_CONTENT_ITEM
-                    visible_if: |
+                    visible_if_for_all_selected_items: |
                         zenarioA.checkSpecificPerms(id)
                     hide_in_select_mode: true
                     label: Trash this content item
@@ -1308,13 +1307,12 @@ zenario__content:
                 redraft:
                     parent: action_dropdown
                     priv: _PRIV_CREATE_REVISION_DRAFT
-                    visible_if: |
-                        zenarioA.checkSpecificPerms(id)
                     label: Re-draft
                     css_class: create label_to_the_left
                     multiple_select: true
                     visible_if_for_all_selected_items: |
-                        item.status == 'hidden' || item.status == 'trashed'
+                        zenarioA.checkSpecificPerms(id)
+                        && (item.status == 'hidden' || item.status == 'trashed')
                     tooltip: >
                         Re-draft this content item|This will create a new draft of
                         this content item, which will be available to visitors if

@@ -163,6 +163,7 @@ zenario__layouts:
                         initialWidth: 100%
                         initialHeight: 100%
                         iframe: true
+                        escKey: false
                         transition: none
                         css_class: zenario_grid_maker
                 help:
@@ -220,6 +221,7 @@ zenario__layouts:
                         initialWidth: 100%
                         initialHeight: 100%
                         iframe: true
+                        escKey: false
                         transition: none
                         css_class: zenario_grid_maker
                 view_dropdown:

@@ -131,12 +131,16 @@ zenario__documents:
 
 zenario__users:
     ord: -790
-    priv: _PRIV_VIEW_ADMIN
+    priv:
+        - _PRIV_VIEW_ADMIN
+        - _PRIV_VIEW_USER
     css_class: zenario_cms_core_users
     label: Users & contacts
+    tooltip: |
+        Manage users, contacts and administrators
     nav:
         administrators:
-            ord: "99"
+            ord: 99
             priv: _PRIV_VIEW_ADMIN
             label: Administrators
             tooltip: 'Manage Zenario administrators - people who can edit this site'

@@ -132,8 +132,20 @@ public function fillAdminBox($path, $settingGroup, &$box, &$fields, &$values) {
 				
 				$result = ze\row::query(ZENARIO_CRM_FORM_INTEGRATION_PREFIX . 'static_crm_values', ['name', 'value', 'ord'], ['link_id' => $crmLink['id']], 'ord');
 				while ($row = ze\sql::fetchAssoc($result)) {
-					$values['mailchimp_integration/name' . $row['ord']] = $row['name'];
-					$values['mailchimp_integration/value' . $row['ord']] = $row['value'];
+					//Ord 0 will be used for the "Send Tags" checkbox...
+					if ($row['ord'] == 0) {
+						$values['mailchimp_integration/send_tags'] = $row['value'];
+					} else {
+						//... ord 1-10 for the CRM values...
+						if ($row['ord'] >= 1 && $row['ord'] <= 10) {
+							$values['mailchimp_integration/name' . $row['ord']] = $row['name'];
+							$values['mailchimp_integration/value' . $row['ord']] = $row['value'];
+						//... and ord 11-20 for the tags.
+						} elseif ($row['ord'] >= 11 && $row['ord'] <= 20) {
+							$values['mailchimp_integration/tag_name' . $row['ord']] = $row['name'];
+							$values['mailchimp_integration/tag_value' . $row['ord']] = $row['value'];
+						}
+					}
 				}
 				//populate consent fields
 				$fields['mailchimp_integration/consent_field']['values'] = $consentFields;
@@ -302,7 +314,10 @@ public function adminBoxSaveCompleted($path, $settingGroup, &$box, &$fields, &$v
 					['form_id' => $formId]
 				);
 				
+				//Clear the CRM fields from the DB...
 				ze\row::delete(ZENARIO_CRM_FORM_INTEGRATION_PREFIX . 'static_crm_values', ['link_id' => $linkId]);
+				
+				//... then set the CRM values...
 				for ($i = 1; $i <= 10; $i++) {
 					if ($values['mailchimp_integration/name' . $i]) {
 						ze\row::insert(
@@ -316,6 +331,36 @@ public function adminBoxSaveCompleted($path, $settingGroup, &$box, &$fields, &$v
 						);
 					}
 				}
+
+				//... and then the tag data.
+
+				//Save the value of the "Send Tags" checkbox...
+				ze\row::insert(
+					ZENARIO_CRM_FORM_INTEGRATION_PREFIX . 'static_crm_values', 
+					[
+						'name' => 'send_tags', 
+						'value' => (int) $values['mailchimp_integration/send_tags'], 
+						'ord' => 0, 
+						'link_id' => $linkId
+					]
+				);
+
+				if ($values['mailchimp_integration/send_tags']) {
+					//... and then the tag fields if enabled.
+					for ($i = 11; $i <= 20; $i++) {
+						if ($values['mailchimp_integration/tag_name' . $i]) {
+							ze\row::insert(
+								ZENARIO_CRM_FORM_INTEGRATION_PREFIX . 'static_crm_values', 
+								[
+									'name' => trim($values['mailchimp_integration/tag_name' . $i]), 
+									'value' => trim($values['mailchimp_integration/tag_value' . $i]), 
+									'ord' => $i, 
+									'link_id' => $linkId
+								]
+							);
+						}
+					}
+				}
 			}
 			
 			//Save 360LifeCycle CRM details

@@ -76,13 +76,32 @@ protected static function formatCRMData($linkId, $data, $fieldIdValueLink, $resp
 		$data = [];
 		
 		//Add static values
-		$result = ze\row::query(ZENARIO_CRM_FORM_INTEGRATION_PREFIX . 'static_crm_values', ['name', 'value'], ['link_id' => $linkId], 'ord');
+		$result = ze\row::query(ZENARIO_CRM_FORM_INTEGRATION_PREFIX . 'static_crm_values', ['name', 'value', 'ord'], ['link_id' => $linkId], 'ord');
+		$sendTags = false;
+		$tagsToSend = [];
 		while ($row = ze\sql::fetchAssoc($result)) {
-			//Allow responseId to be sent to CRM via merge field
-			if ($responseId) {
-				ze\lang::applyMergeFields($row['value'], ['responseId' => $responseId]);
+			if ($row['ord'] == 0) {
+				if ($row['value'] == 1) {
+					$sendTags = true;
+				}
+			} else {
+				if ($row['ord'] >= 1 && $row['ord'] <= 10) {
+					//Allow responseId to be sent to CRM via merge field
+					if ($responseId) {
+						ze\lang::applyMergeFields($row['value'], ['responseId' => $responseId]);
+					}
+					$data[$row['name']] = $row['value'];
+				} elseif ($row['ord'] >= 11 && $row['ord'] <= 20 ) {
+					if ($responseId) {
+						ze\lang::applyMergeFields($row['value'], ['responseId' => $responseId]);
+					}
+					$tagsToSend[] = ['name' => $row['name'], 'status' => $row['value']];
+				}
 			}
-			$data[$row['name']] = $row['value'];
+		}
+
+		if ($sendTags && !empty($tagsToSend)) {
+			$data['tags'] = $tagsToSend;
 		}
 		
 		//Add form field values
@@ -456,7 +475,6 @@ public static function testSalesforceConnection($clientId, $clientSecretKey, $us
 	}
 	
 	
-	
 	protected static function sendDataToMailChimp($linkId, $data, $responseId) {
 		//Send even if there is no email address so we get an error back to record
 		if (!isset($data['EMAIL'])) {
@@ -473,6 +491,14 @@ protected static function sendDataToMailChimp($linkId, $data, $responseId) {
 
 		//Request - Subscribe an address (PUT - create or update)
 		$url = $urlBase . '/lists/' . urlencode($crmData['mailchimp_list_id']) . '/members/' . urlencode($hash);
+
+		//If tags are present, pull them out and make a separate request later.
+		$tagsToSend = [];
+		if (!empty($data['tags'])) {
+			$tagsToSend = $data['tags'];
+			unset($data['tags']);
+		}
+
 		$data = [
 			'email_address' => $data['EMAIL'],
 			'status' => 'subscribed', 
@@ -498,6 +524,29 @@ protected static function sendDataToMailChimp($linkId, $data, $responseId) {
 		if ($responseId) {
 			ze\row::update(ZENARIO_USER_FORMS_PREFIX . 'user_response', ['crm_response' => mb_substr($resultJSON, 0, 65535, 'UTF-8')], $responseId);
 		}
+
+		//If sending data to Mailchimp, and tags have been defined, send them now.
+		if (!empty($tagsToSend)) {
+			$url = $urlBase . '/lists/' . urlencode($crmData['mailchimp_list_id']) . '/members/' . urlencode($hash) . '/tags';
+			$data = [
+				'tags' => $tagsToSend
+			];
+			$dataJSON = json_encode($data);
+
+			static::recordLastFormCRMRequest($linkId, $url, $dataJSON);
+
+			$curl = curl_init($url);
+			curl_setopt($curl, CURLOPT_HEADER, false);
+			curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+			curl_setopt($curl, CURLOPT_USERPWD, $dc . ':' . $apiKey);
+
+			curl_setopt($curl, CURLOPT_HTTPHEADER, ['Content-type: application/json']);
+			curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'POST');
+			curl_setopt($curl, CURLOPT_POSTFIELDS, $dataJSON);
+
+			$resultJSON = curl_exec($curl);
+			curl_close($curl);
+		}
 	}
 	
 	protected static function sendDataTo360LifeCycle($linkId, $data, $responseId) {
@@ -643,6 +692,4 @@ public static function eventFormDeleted($formId) {
 	public static function eventFormFieldDeleted($fieldId) {
 		static::deleteFieldCRMData($fieldId);
 	}
-	
-	
 }
\ No newline at end of file

@@ -187,6 +187,59 @@ zenario_user_form:
                     
                 name10: *name
                 value10: *value
+
+                send_tags:
+                    indent: 1
+                    label: Send Tags
+                    type: checkbox
+                    visible_if: zenarioAB.value('enable')
+                    format_onchange: true
+                
+                #For simplicity, these fields will have ordinals 11-20.
+                tag_name11: &tag_name
+                    indent: 2
+                    label: "Tag name / Status:"
+                    type: text
+                    maxlength: "255"
+                    style: "width: 200px"
+                    hide_with_previous_field: true
+                    visible_if: "zenarioAB.value('enable') && zenarioAB.value('send_tags');"
+                tag_value11: &tag_value
+                    same_row: true
+                    label: "Status:"
+                    type: text
+                    maxlength: "255"
+                    style: "width: 200px"
+                    side_note: Additional field in the form.
+                    hide_with_previous_field: true
+                    visible_if: "zenarioAB.value('enable') && zenarioAB.value('send_tags');"
+                
+                tag_name12: *tag_name
+                tag_value12: *tag_value
+
+                tag_name13: *tag_name
+                tag_value13: *tag_value
+
+                tag_name14: *tag_name
+                tag_value14: *tag_value
+
+                tag_name15: *tag_name
+                tag_value15: *tag_value
+
+                tag_name16: *tag_name
+                tag_value16: *tag_value
+
+                tag_name17: *tag_name
+                tag_value17: *tag_value
+
+                tag_name18: *tag_name
+                tag_value18: *tag_value
+
+                tag_name19: *tag_name
+                tag_value19: *tag_value
+
+                tag_name20: *tag_name
+                tag_value20: *tag_value
         
         360lifecycle_integration:
             ord: 12

@@ -35,7 +35,7 @@ <h1>{{Image_Title}}</h1>
 				<div class="new_image_wrap">
 					{% if Allow_Upload %}
 					<div class="new_image">
-						<input class="upload_image" type="file" name="extranet_upload_image"/>
+						<input class="upload_image" type="file" name="extranet_upload_image" accept="image/gif,image/jpeg,image/png" />
 					</div>
 					<div class="extranet_btn"><div class="r">
 						<input class="add_image i" type="submit" name="extranet_add_image" value="{{Upload_Button_Phrase}}" />

@@ -39,7 +39,17 @@ public function init() {
 		
 		if ($_POST['extranet_add_image'] ?? false) {
 			
-			ze\fileAdm::exitIfUploadError(true, false, true, $fileVar = 'extranet_upload_image');
+		  
+		  if (empty($_FILES['extranet_upload_image']['name'])) {
+			$this->sections['Errors'] = true;
+			$this->sections['Error'] = ['Error' => $this->phrase('Please select an image.')]; 
+		  
+		  } elseif (!ze\file::isImage(ze\file::mimeType($_FILES['extranet_upload_image']['name']))) {
+			$this->sections['Errors'] = true;
+			$this->sections['Error'] = ['Error' => $this->phrase('The uploaded image is not in a supported format. Please upload an image in GIF, JPEG or PNG format. The file extension should be either .gif, .jpg, .jpeg or .png.')]; 
+		  
+		  } else {
+			ze\fileAdm::exitIfUploadError(false, false, true, $fileVar = 'extranet_upload_image');
 			
 			if (ze\file::fileSizeBasedOnUnit(ze::setting('max_content_image_filesize'),ze::setting('max_content_image_filesize_unit')) < $_FILES['extranet_upload_image']['size']) {
 				$this->sections['Errors'] = true;
@@ -74,6 +84,7 @@ public function init() {
 							
 
 			}
+		  }
 		
 		} elseif (($_POST['extranet_remove_image_confirm'] ?? false) && $this->setting('allow_remove')) {
 			$this->removeUserImage();

@@ -424,6 +424,11 @@ protected function manageOneUpload($postId, $location, $file_name){
 	
 		if($this->allow_uploads){
 			if(!$location || !strlen($location)) return;
+			
+			if (!ze\file::isImage(ze\file::mimeType($file_name))) {
+				return;
+			}
+			
 			if ($fileId = ze\file::addToDatabase(self::$forum_post_upload_dbkey, $location, $file_name, false, false, true)) {
 				$using_ids = ['file_id' => (int)$fileId, 'post_id' => (int)$postId];
 				$using_values = $using_ids;

@@ -6,7 +6,7 @@ zenario__locations:
                 title: Areas
                 view_mode: list
                 db_items:
-                    table: "[[DB_NAME_PREFIX]][[ZENARIO_LOCATION_MANAGER_PREFIX]]areas AS a"
+                    table: "[[DB_PREFIX]][[ZENARIO_LOCATION_MANAGER_PREFIX]]areas AS a"
                     id_column: a.id
                 columns:
                     id:

@@ -477,7 +477,7 @@ protected static function createTrackerHyperlinks($newsletter, $userId = false,
 					$isDeleteOrSubLink = false;
 					if ($i % 2) {
 						//Every odd element will be a href
-						$href = $str2;
+						$href = htmlspecialchars_decode($str2);
 						if($href == '#') {
 							$href = "not-found";
 						}

@@ -35,10 +35,11 @@
 }
 
 $urlT = $urlNLink = $hyperlinkDetails = null;
-$urlT = isset($_GET['t'])? $_GET['t'] : null;
-$urlNLink = isset($_GET['nlink'])? $_GET['nlink'] : null;
+$urlT = $_GET['t'] ?? null;
+$urlNLink = $_GET['nlink'] ?? null;
 
 if ($urlNLink
+ && $urlT
  && $urlT != 'XXXXXXXXXXXXXXX'
  && $urlT != 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
  && ze\module::inc('zenario_newsletter')) {
@@ -50,15 +51,15 @@
 		$sql = "
 			UPDATE ". DB_PREFIX. ZENARIO_NEWSLETTER_PREFIX. "newsletter_user_link SET
 				time_clicked_through = NOW(),
-				clicked_hyperlink_id = " . $hyperlinkDetails['id'] . "
+				clicked_hyperlink_id = ". (int) $hyperlinkDetails['id']. "
 			WHERE tracker_hash = '". ze\escape::sql($urlT). "'
 			  AND time_clicked_through IS NULL";
 		ze\sql::update($sql);
 		
 		$sql = "
 			UPDATE ". DB_PREFIX. ZENARIO_NEWSLETTER_PREFIX. "newsletter_user_link SET
 				time_received = NOW()
-			WHERE tracker_hash = '". ze\escape::sql($_GET['t']). "'";
+			WHERE tracker_hash = '". ze\escape::sql($urlT). "'";
 		ze\sql::update($sql);
 		
 	} else {

@@ -1,14 +1,6 @@
 # You must use a tab-size of 4 spaces to edit this file.
 ---
 zenario__users:
-    nav:
-        access_log:
-            ord: "98"
-            label: User access log
-            tooltip: Log of extranet users and the private content items they have accessed
-            link:
-                path: zenario__users/panels/access_log
-    
     panels:
         users:
             item_buttons:
@@ -22,6 +14,7 @@ zenario__users:
                         refiner: user
 
         access_log:
+            priv: _PRIV_VIEW_USER
             title: Extranet user content item access log
             
             notice:

@@ -1,18 +1,9 @@
 # You must use a tab-size of 4 spaces to edit this file.
 ---
 zenario__users:
-    nav:
-        consents:
-            priv: _PRIV_VIEW_USER
-            ord: "1.2"
-            label: Consent log
-            tooltip: >
-                When completing a form, a consent to store data may be required. View the log of consents.
-            link:
-                path: zenario__users/panels/consents
-    
     panels:
         consents:
+            priv: _PRIV_VIEW_USER
             title: Consent log
             db_items:
                 table: '[[DB_PREFIX]]consents c'

@@ -25,6 +25,7 @@ zenario__content:
                         traits.ghost: true
                 
                 user_access_log:
+                    priv: _PRIV_VIEW_USER
                     parent: view_dropdown
                     hide_in_select_mode: Yes
                     css_class: log access_log

@@ -1,18 +1,9 @@
 # You must use a tab-size of 4 spaces to edit this file.
 ---
 zenario__users:
-    nav:
-        groups:
-            priv: _PRIV_VIEW_USER
-            ord: "1.1"
-            label: Groups
-            tooltip: >
-                Users can be arranged into groups, and permissions to view content can be arranged on a by-group basis.
-            link:
-                path: zenario__users/panels/groups
-    
     panels:
         groups:
+            priv: _PRIV_VIEW_USER
             title: Groups
             db_items:
                 table: '[[DB_PREFIX]]custom_dataset_fields cdf'

@@ -1,20 +1,45 @@
 zenario__users:
-    label: Users & contacts
-    css_class: zenario_users__top_level
-    tooltip: |
-        Manage users, contacts and administrators
     nav:
         users:
-            ord: "1"
+            priv: _PRIV_VIEW_USER
             label: 'Users & contacts'
             tooltip: >
                 On a site with an extranet, "Users" can access private areas. "Contacts" are other people whose details are stored.
             link:
                 path: zenario__users/panels/users
         suspended_users:
+            priv: _PRIV_VIEW_USER
             css_class: zenario_suspended_users
             label: Suspended users
             tooltip: People who were extranet users but whose accounts are suspended to prevent them logging in
             link:
                 path: zenario__users/panels/users
                 refiner: suspended_users
+        groups:
+            priv: _PRIV_VIEW_USER
+            label: Groups
+            tooltip: >
+                Users can be arranged into groups, and permissions to view content can be arranged on a by-group basis.
+            link:
+                path: zenario__users/panels/groups
+        smart_groups:
+            priv: _PRIV_VIEW_USER
+            label: Smart groups
+            tooltip: >
+                Smart groups are views of user/contacts, based on
+                filters that you define. Use smart groups to define newsletter mailing lists.
+            link:
+                path: zenario__users/panels/smart_groups
+        consents:
+            priv: _PRIV_VIEW_USER
+            label: Consent log
+            tooltip: >
+                When completing a form, a consent to store data may be required. View the log of consents.
+            link:
+                path: zenario__users/panels/consents
+        access_log:
+            priv: _PRIV_VIEW_USER
+            label: User access log
+            tooltip: Log of extranet users and the private content items they have accessed
+            link:
+                path: zenario__users/panels/access_log

@@ -1,19 +1,9 @@
 # You must use a tab-size of 4 spaces to edit this file.
 ---
 zenario__users:
-    nav:
-        smart_groups:
-            priv: _PRIV_VIEW_USER
-            ord: groups.1
-            label: Smart groups
-            tooltip: >
-                Smart groups are views of user/contacts, based on
-                filters that you define. Use smart groups to define newsletter mailing lists.
-            link:
-                path: zenario__users/panels/smart_groups
-    
     panels:
         smart_groups:
+            priv: _PRIV_VIEW_USER
             view_mode: list
             disable_grid_view: true
             

@@ -1,12 +1,9 @@
 # You must use a tab-size of 4 spaces to edit this file.
 ---
 zenario__users:
-    priv: _PRIV_VIEW_USER
-    css_class: zenario_cms_core_users
-    tooltip: |
-        Manage users, contacts and administrators
     panels:
         users:
+            priv: _PRIV_VIEW_USER
             title: 'All users & contacts'
             panel_type: multi_line_list_or_grid
             css_class: three_line_list_panel

@@ -5260,11 +5260,13 @@ body.ff #zenario_fbAdminFloatingBox.zenario_fab_plugin .zenario_fabMain #zenario
 
 #zenario_fbAdminFloatingBox fieldset.zenario_grouping__left_column {
 	float: left;
+	clear:none;
 }
 
 #zenario_fbAdminFloatingBox fieldset.zenario_grouping__right_column {
 	float: right;
 	margin-right: 10px;
+	clear:none;
 }
 
 #zenario_fbAdminFloatingBox .zenario_grouping__left_column .input_textarea,

@@ -497,8 +497,8 @@ body.ff #zenario_fbAdminFloatingBox.zenario_fab_plugin .zenario_fabMain #zenario
 #zenario_fbAdminFloatingBox fieldset.zenario_grouping__zenario_siteconfig,#zenario_fbAdminFloatingBox fieldset.zenario_grouping__zenario_site_description{padding:8px;border:#e8c0c0 1px solid;background:#ffe8e8}
 #zenario_fbAdminFloatingBox fieldset.zenario_grouping__zenario_siteconfig legend.zenario_legend,#zenario_fbAdminFloatingBox fieldset.zenario_grouping__zenario_site_description legend.zenario_legend{padding:0;margin:0;position:relative;float:right;height:0;overflow:visible}
 #zenario_fbAdminFloatingBox fieldset.zenario_grouping__zenario_siteconfig legend.zenario_legend span,#zenario_fbAdminFloatingBox fieldset.zenario_grouping__zenario_site_description legend.zenario_legend span{height:auto;color:#900000;background:#ffe8e8;border:#e8c0c0 1px solid}
-#zenario_fbAdminFloatingBox fieldset.zenario_grouping__menu{clear:both}#zenario_fbAdminFloatingBox fieldset.zenario_grouping__left_column{float:left}#zenario_fbAdminFloatingBox fieldset.zenario_grouping__right_column{float:right;margin-right:10px}
-#zenario_fbAdminFloatingBox .zenario_grouping__left_column .input_textarea,#zenario_fbAdminFloatingBox .zenario_grouping__right_column .input_textarea,#zenario_fbAdminFloatingBox .zenario_ab__zenario_translate_phrase .input_textarea{width:422px}
+#zenario_fbAdminFloatingBox fieldset.zenario_grouping__menu{clear:both}#zenario_fbAdminFloatingBox fieldset.zenario_grouping__left_column{float:left;clear:none}
+#zenario_fbAdminFloatingBox fieldset.zenario_grouping__right_column{float:right;margin-right:10px;clear:none}#zenario_fbAdminFloatingBox .zenario_grouping__left_column .input_textarea,#zenario_fbAdminFloatingBox .zenario_grouping__right_column .input_textarea,#zenario_fbAdminFloatingBox .zenario_ab__zenario_translate_phrase .input_textarea{width:422px}
 .zenario_fab_admin_copy_perms .zenario_grouping__right_column #row__copy_to{min-width:440px}#zenario_fbAdminFloatingBox fieldset.zenario_grouping.zenario_grouping__plugin_name{margin-top:10px;padding:10px;background:#676767;-webkit-border-radius:6px;-moz-border-radius:6px;border-radius:6px}
 #zenario_fbAdminFloatingBox fieldset.zenario_grouping.zenario_grouping__plugin_name .zfab_row{padding-top:0}#zenario_fbAdminFloatingBox #zenario_fbAdminInner fieldset.zenario_grouping.zenario_grouping__plugin_name .zenario_indent_level_1{margin-left:0}
 #zenario_fabBox_readonlyMarker{pointer-events:none;position:absolute;overflow:hidden;width:200px;height:110px;z-index:1;display:none}#zenario_fabBox_readonlyMarker div{text-align:center;text-transform:uppercase;position:relative;top:35px;left:-55px;background:#a0a0a0;color:black;-webkit-transform:rotate(-45deg);transform:rotate(-45deg);box-shadow:0 1px 5px #202020}

@@ -4910,6 +4910,10 @@ body #colorbox.zenario_grid_maker #cboxLoadedContent {
 	overflow:hidden;
 }
 
+#organizer_rightColumn .organizer_hierarchy_view div.organizer_row.document div.organizer_cells_items.organizer_documents_items {
+	width:calc(100% - 120px - 50px);
+}
+
 #organizer_rightColumn .organizer_hierarchy_view div.organizer_row div.organizer_cells_items span.organizer_cell_items {
 	text-overflow: ellipsis;
 	max-width: 40%;

@@ -464,6 +464,7 @@ body #colorbox.zenario_grid_maker #cboxClose{position:absolute;top:0;width:0;hei
 #organizer_rightColumn .organizer_hierarchy_view .organizer_cell_items{float:none;padding:0 2px 0 0}.zenario__menu__panels__menu_position #organizer_rightColumn .organizer_hierarchy_view ol>li .organizer_cells_items>.organizer_cell_items.firstcell{position:relative;top:4px}
 .zenario__menu__panels__menu_position #organizer_rightColumn .organizer_hierarchy_view ol ol li .organizer_cells_items>.organizer_cell_items.firstcell{position:relative;top:3px;left:5px}
 #organizer_rightColumn .organizer_hierarchy_view div.organizer_row div.organizer_cells_items{width:94%;width:calc(100% - 120px);line-height:28px;overflow:hidden}
+#organizer_rightColumn .organizer_hierarchy_view div.organizer_row.document div.organizer_cells_items.organizer_documents_items{width:calc(100% - 120px - 50px)}
 #organizer_rightColumn .organizer_hierarchy_view div.organizer_row div.organizer_cells_items span.organizer_cell_items{text-overflow:ellipsis;max-width:40%;white-space:nowrap;overflow:hidden}
 #organizer_rightColumn .organizer_hierarchy_view div.organizer_row div.organizer_cells_items span.organizer_cell_items.organizer_cell_comma{max-width:2%;padding-right:0;margin-left:-5px}
 .organizer_panel__menu_nodes .organizer_cell_comma,.organizer_panel__menu_position .organizer_cell_comma{display:none}#organizer_rightColumn .organizer_hierarchy_view #organizer_items_wrapper ol li div.organizer_row div.organizer_cells_items .organizer_column__type__cell{font-style:italic}

@@ -901,20 +901,16 @@ table.table_list tr th.zfea_col_sorted {
 }
 
 .zfea_zenario_list_papers .papers_wrap .paper {
-	width:calc(100% - 50px);
-	padding-left:50px;
 	padding-bottom:20px;
 	position:relative;
 }
 
 .zfea_zenario_list_papers .papers_wrap .paper p.ordinal {
 	display:inline-block;
-	position:absolute;
-	top:0;
-	left:0;
-	
 	width: 30px;
 	height: 30px;
+	float:left;
+	margin-right:15px;
 	text-align: center;
 	border-radius: 50%;
 	line-height: 30px;
@@ -923,6 +919,10 @@ table.table_list tr th.zfea_col_sorted {
 	cursor:default;
 }
 
+.zfea_zenario_list_papers .papers_wrap .paper .paper_details {
+	overflow:hidden;
+}
+
 .zfea_zenario_list_papers .papers_wrap .paper p.ordinal span.tooltip {
 	display:inline-block;
 	font-size: 11px;