Merge pull request #1141 from ExpressionEngine/7.dev

TomJaeger · web-flow · commit f8ffe134b3e8 · 2026-04-21T16:59:07.000-04:00
7.5.22 change log
diff --git a/docs/add-ons/consent.md b/docs/add-ons/consent.md
@@ -72,6 +72,17 @@ Specify the HTML `id=` attribute.
 
 Specify a path to redirect the user to after submission. If not specified, they will be returned to the current page. Unused for Ajax-submitted forms.
 
+#### `submit_to=`
+
+    submit_to='site_index'
+
+Specify where the form should post. If not specified, the form posts to the current URL.
+
+| value       | result                                                                 |
+| ----------- | ---------------------------------------------------------------------- |
+| site_index  | Post to your site index URL (for example, `/index.php`)               |
+| action_id   | Post directly to the Consent action URL (for example, `/index.php?ACT=123`) |
+
 #### `user_created=`
 
     user_created='only'
@@ -228,6 +239,7 @@ If this tag would not output any consent requests due to your filters, the conte
         {exp:consent:form
           consent='ee:cookies_functionality|ee:cookies_performance|ee:cookies_targeting'
           form_id='cookieConsentForm'
+          submit_to='action_id'
         }
         <p>This website uses a variety of cookies, which you consent to if you continue to use this site. You can read our <a href="{path='privacy'}">Privacy Policy</a> for details about how these cookies are used, and to grant or withdraw your consent for certain types of cookies.</p>
 
@@ -500,4 +512,4 @@ Cookie provider (`ee` or add-on short name)
 
 #### `{cookie_lifetime}`
 
-Cookie lifetime in seconds. `0` represents session cookies (killed after browsing session ends).
+Cookie lifetime in seconds. `0` represents session cookies (killed after browsing session ends).
diff --git a/docs/control-panel/create.md b/docs/control-panel/create.md
@@ -192,10 +192,12 @@ Saves the entry and returns the [Entry Manager](control-panel/entry-manager.md)
 
 ### Preview
 
-A live preview of the entry is available if the `channel_prefs_preview_url` is set **or** the [Pages Module](add-ons/pages.md) is installed and a Page URI and template have been set.
+A live preview of the entry is available if the relevant channel's [Preview URL](control-panel/channels.md#settings-tab) is set **or** the [Pages Module](add-ons/pages.md) or [Structure](add-ons/structure/overview.md) is installed and configured with a URI and template.
 
 If neither is set, the preview button will have an exclamation mark (!) and will link to channel preferences page where Preview URL can be set.
 
-The preview will open a split screen that allows a live preview of edits. The template used to display the preview is based on the Page fields if set and the channel preview URL otherwise.
+The preview will open a split screen that allows a live preview of edits. The template used to display the preview is based on configured Pages/Structure fields if set and the channel preview URL otherwise.
 
 When the preview is triggered, it is being displayed side-by-side with edit screen. The size of preview container can be adjusted with mouse dragging its border. The preview is dynamically being updated as you change the fields.
+
+Live Preview does require the [HTTP Authorization Header be enabled](troubleshooting/error-messages.md#http-authorization-header-missing).
diff --git a/docs/installation/changelog.md b/docs/installation/changelog.md
@@ -8,6 +8,40 @@
 -->
 # ExpressionEngine v7 Change Log
 
+## Version 7.5.22
+(Release: April 21st, 2026)
+<div class="max-w-7xl mx-autotext-center">
+<div class="space-y-8 sm:space-y-12">
+    <ul role="list" class="mx-auto grid grid-cols-2 gap-x-4 gap-y-1 sm:grid-cols-4 md:gap-x-6 lg:max-w-5xl lg:gap-x-8 lg:gap-y-1 xl:grid-cols-5">
+    
+<li><div class="space-y-4 text-center"><img class="mx-auto h-20 w-20 rounded-full lg:w-24 lg:h-24" src="https://avatars.githubusercontent.com/u/17580512?v=4" /><div class="space-y-2"><div class="text-xs font-medium lg:text-sm"><p class="mb-1">Andrew s</p><p class="text-indigo-600"><a href="https://github.com/ExpressionEngine/ExpressionEngine/commits?author=blunket" target="_BLANK">@blunket</a></p></div></div></div></li>
+<li><div class="space-y-4 text-center"><img class="mx-auto h-20 w-20 rounded-full lg:w-24 lg:h-24" src="https://avatars.githubusercontent.com/u/563996?v=4" /><div class="space-y-2"><div class="text-xs font-medium lg:text-sm"><p class="mb-1">Bryan Nielsen</p><p class="text-indigo-600"><a href="https://github.com/ExpressionEngine/ExpressionEngine/commits?author=bryannielsen" target="_BLANK">@bryannielsen</a></p></div></div></div></li>
+<li><div class="space-y-4 text-center"><img class="mx-auto h-20 w-20 rounded-full lg:w-24 lg:h-24" src="https://avatars.githubusercontent.com/u/1008036?v=4" /><div class="space-y-2"><div class="text-xs font-medium lg:text-sm"><p class="mb-1">Eric Lamb</p><p class="text-indigo-600"><a href="https://github.com/ExpressionEngine/ExpressionEngine/commits?author=eric-lamb62" target="_BLANK">@eric-lamb62</a></p></div></div></div></li>
+<li><div class="space-y-4 text-center"><img class="mx-auto h-20 w-20 rounded-full lg:w-24 lg:h-24" src="https://avatars.githubusercontent.com/u/422821?v=4" /><div class="space-y-2"><div class="text-xs font-medium lg:text-sm"><p class="mb-1">Tom Jaeger</p><p class="text-indigo-600"><a href="https://github.com/ExpressionEngine/ExpressionEngine/commits?author=TomJaeger" target="_BLANK">@TomJaeger</a></p></div></div></div></li>
+<li><div class="space-y-4 text-center"><img class="mx-auto h-20 w-20 rounded-full lg:w-24 lg:h-24" src="https://avatars.githubusercontent.com/u/1181219?v=4" /><div class="space-y-2"><div class="text-xs font-medium lg:text-sm"><p class="mb-1">robinsowell</p><p class="text-indigo-600"><a href="https://github.com/ExpressionEngine/ExpressionEngine/commits?author=robinsowell" target="_BLANK">@robinsowell</a></p></div></div></div></li>
+    </ul>
+</div>
+</div>
+
+**Enhancements** 🚀
+
+- Added `submit_to` support in `exp:consent:form` for `site_index` and `action_id` targets, improving consent form posting flexibility [#5193](https://github.com/ExpressionEngine/ExpressionEngine/pull/5193)
+- Added `email_as_username` support to member registration forms so username can be derived from email when configured [#5133](https://github.com/ExpressionEngine/ExpressionEngine/pull/5133)
+- Added Live Preview compatibility token header (`EE-Live-Preview-Token`) for environments that strip Authorization headers [#5223](https://github.com/ExpressionEngine/ExpressionEngine/pull/5223)
+
+**Bug Fixes** 💃🐛
+
+- Resolved an issue where Live Preview could fail silently when the Authorization header was unavailable by improving token/header handling and error behavior [#5184](https://github.com/ExpressionEngine/ExpressionEngine/pull/5184) [#5223](https://github.com/ExpressionEngine/ExpressionEngine/pull/5223)
+- Resolved file picker drag-and-drop uploads returning incorrect CSRF/404-style failures for oversized requests; upload limit errors are now surfaced correctly [#5215](https://github.com/ExpressionEngine/ExpressionEngine/pull/5215)
+- Resolved Pro Search filtered result issues by disabling entry SQL caching during filter processing and restoring it afterward [#4985](https://github.com/ExpressionEngine/ExpressionEngine/pull/4985)
+- Resolved CKEditor/Pro Search word concatenation caused by HTML stripping in keyword parsing [#5200](https://github.com/ExpressionEngine/ExpressionEngine/pull/5200)
+- Added missing translation strings for two Debug jump menu items [#5212](https://github.com/ExpressionEngine/ExpressionEngine/pull/5212)
+
+**Developers** 💻
+
+- Fixed PHP deprecation warnings by declaring PDO `MYSQL_ATTR_*` database driver properties used by config-driven options [#5217](https://github.com/ExpressionEngine/ExpressionEngine/pull/5217)
+- Added/updated automated coverage around Live Preview token handling, member email-as-username fallback behavior, consent form submit targets, and Pro Search filtering behavior [#5223](https://github.com/ExpressionEngine/ExpressionEngine/pull/5223) [#5133](https://github.com/ExpressionEngine/ExpressionEngine/pull/5133) [#5193](https://github.com/ExpressionEngine/ExpressionEngine/pull/5193) [#4985](https://github.com/ExpressionEngine/ExpressionEngine/pull/4985)
+
 ## Version 7.5.21
 (Release: March 2nd, 2026)
 <div class="max-w-7xl mx-autotext-center">
diff --git a/docs/installation/requirements.md b/docs/installation/requirements.md
@@ -117,6 +117,12 @@ If you are hosted on an Apache server, the `AcceptPathInfo` option needs to be e
 - Ask your web host or server admin to enable the option
 - Set your site's URLs to use [query strings](general/url-structure.md#query-strings)
 
+If on an Apache server and [Live Preview](control-panel/create.md#preview) shows an error message 'HTTP Authorization Header Missing', you will need to add this line of code to your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file)
+
+```php
+SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+```
+
 ### URL Segment Support
 
 If the [Server Compatibility Wizard](#server-compatibility-wizard) lists URL Segment Support as _Unsupported_, you will need to set your site's URLs to use [query strings](general/url-structure.md#query-strings).
diff --git a/docs/member/registration.md b/docs/member/registration.md
@@ -31,6 +31,12 @@ Adds the datepicker to your date fields. Defaults to "yes".
 
 NOTE: **Note:** If you are manually constructing a date field, in order to apply the date picker you must include `rel="date-picker"`.
 
+
+### `email_as_username="yes"`
+    email_as_username="yes"
+
+When set to `yes`, if the username is not specified in the submitted form, the value of the submitted email will be automatically used as the username as well.  The username field is not required, but is optional, when this parameter is used.
+
 ### `error_handling="inline"`
     error_handling="inline"
 
diff --git a/docs/msm/overview.md b/docs/msm/overview.md
@@ -106,6 +106,10 @@ Open domain2's new index.php file and make the following changes:
        $assign_to_config['cp_url']    = 'https://domain2.com/admin.php';
        $assign_to_config['site_url']  = 'https://domain2.com';
 
+## Switching Sites in the Control Panel
+
+When switching between sites in the dropdown, whether or not you need to login between sites depends on several factors. The sites must be using the same control panel session type. If using cookies, the cookies need to have the same settings and the control panel url must have the same domain. The site URLs can have different domains, the `admin.php` files may have different domains for the control panel, but the control panel URL in the site settings must be on the same domain.  A site will only show in the dropdown if the user has permission to access the control panel for that site. 
+
 ## Multi Site Login
 
 If you have multiple sites, you may prefer that when a user logs into one site, they are logged into all sites.
diff --git a/docs/troubleshooting/error-messages.md b/docs/troubleshooting/error-messages.md
@@ -45,6 +45,17 @@ This error---and similar warnings such as **"Warning: imagettftext(): Could not
 
 If that is not an option, **Use TrueType Font for Captcha?** should be set to _No_ under `Settings --> CAPTCHA` or CAPTCHAs should be disabled altogether.
 
+## HTTP Authorization Header Missing
+
+ExpressionEngine returns the following error message when attempting to use [Live Preview](control-panel/create.md#preview): **"HTTP Authorization Header Missing"**
+
+### Troubleshooting
+
+The Authorization header is stripped by some Apache servers, causing an error rendering the Live Preview. This behavior may be overridden in your [.htaccess file](installation/best-practices.md#1-create-an-htaccess-file) by adding the following line:
+
+```php
+SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
+```
 ## Warning: Cannot modify header information
 
 ExpressionEngine returns the following warning: **"Cannot modify header information."**
diff --git a/scripts/export_core_contributors.sh b/scripts/export_core_contributors.sh
@@ -11,38 +11,96 @@
 ##
 ## This Script also is expecting the jq library to be installed. https://stedolan.github.io/jq/
 
-set -eu
+set -euo pipefail
+
+if [[ $# -ne 2 ]]; then
+    echo "Usage: $0 <base> <head>" >&2
+    exit 1
+fi
+
+for dependency in curl jq mktemp; do
+    if ! command -v "$dependency" >/dev/null 2>&1; then
+        echo "Error: Missing required dependency: $dependency" >&2
+        exit 1
+    fi
+done
+
 BASE=$1
 HEAD=$2
-here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-curl -s -u "$GHUSER:$GHTOKEN" https://api.github.com/repos/expressionengine/expressionengine/compare/$1...$2 | jq .commits > core_contributors.json
-length="$(cat core_contributors.json | jq '. | length')"
+URL="https://api.github.com/repos/expressionengine/expressionengine/compare/${BASE}...${HEAD}"
+
+RESPONSE_JSON="$(mktemp)"
+COMMITS_JSON="$(mktemp)"
+CORE_CONTRIBUTORS_HTML="$(mktemp)"
+cleanup() {
+    rm -f "$RESPONSE_JSON" "$COMMITS_JSON" "$CORE_CONTRIBUTORS_HTML"
+}
+trap cleanup EXIT
+
+USE_BASIC_AUTH=false
+USE_BEARER_AUTH=false
+if [[ -n "${GHUSER:-}" && -n "${GHTOKEN:-}" ]]; then
+    USE_BASIC_AUTH=true
+elif [[ -n "${GHTOKEN:-}" ]]; then
+    USE_BEARER_AUTH=true
+else
+    echo "Warning: GHUSER/GHTOKEN not set; using unauthenticated GitHub API requests (rate limited)." >&2
+fi
+
+if [[ "$USE_BASIC_AUTH" == true ]]; then
+    curl --fail --silent --show-error -u "${GHUSER}:${GHTOKEN}" "$URL" > "$RESPONSE_JSON"
+elif [[ "$USE_BEARER_AUTH" == true ]]; then
+    curl --fail --silent --show-error -H "Authorization: Bearer ${GHTOKEN}" "$URL" > "$RESPONSE_JSON"
+else
+    curl --fail --silent --show-error "$URL" > "$RESPONSE_JSON"
+fi
+
+if ! jq -e '.commits and (.commits | type == "array")' "$RESPONSE_JSON" >/dev/null; then
+    API_MESSAGE="$(jq -r '.message // "Unexpected API response: .commits not found"' "$RESPONSE_JSON")"
+    echo "Error: $API_MESSAGE" >&2
+    exit 1
+fi
+
+jq '.commits' "$RESPONSE_JSON" > "$COMMITS_JSON"
 
 #Now lets sort of JSON object alphabetically
-tmp=$(mktemp)
-jq ". |=sort_by(.commit | .author | .name)" core_contributors.json > "$tmp" && mv "$tmp" core_contributors.json
+tmp="$(mktemp)"
+jq ". |=sort_by(.commit | .author | .name // \"\")" "$COMMITS_JSON" > "$tmp" && mv "$tmp" "$COMMITS_JSON"
 
+length="$(jq -r 'length' "$COMMITS_JSON")"
+if ! [[ "$length" =~ ^[0-9]+$ ]]; then
+    echo "Error: Unable to determine commit length from GitHub response." >&2
+    exit 1
+fi
 
 x=0
 CONTRIBUTORS=""
 echo "Starting Loop"
 declare -a contributorList=()
-while [ $x -lt $length ]
-do
-    AUTHOR=$(cat core_contributors.json | jq ".[$x] | .author | .login" | tr -d '"')
+while (( x < length )); do
+    AUTHOR="$(jq -r ".[$x] | .author | .login // \"\"" "$COMMITS_JSON")"
+    if [[ -z "$AUTHOR" ]]; then
+        ((x=x+1))
+        continue
+    fi
+
     if [[ ! " ${contributorList[*]-} " =~ " ${AUTHOR} " ]]; then
-        contributorList[${#contributorList[@]}]=$AUTHOR
-        IMAGE=$(cat core_contributors.json | jq ".[$x] | .author | .avatar_url" | tr -d '"')
-        NAME=$(cat core_contributors.json | jq ".[$x] | .commit | .author | .name" | tr -d '"')
+        contributorList[${#contributorList[@]}]="$AUTHOR"
+        IMAGE="$(jq -r ".[$x] | .author | .avatar_url // \"\"" "$COMMITS_JSON")"
+        NAME="$(jq -r ".[$x] | .commit | .author | .name // \"\"" "$COMMITS_JSON")"
+        if [[ -z "$NAME" ]]; then
+            NAME="$AUTHOR"
+        fi
 
-        echo $NAME' - '$AUTHOR | tr -d '"'
-        CONTRIBUTORS+=$'\n<li><div class="space-y-4 text-center"><img class="mx-auto h-20 w-20 rounded-full lg:w-24 lg:h-24" src="'$IMAGE'" /><div class="space-y-2"><div class="text-xs font-medium lg:text-sm"><p class="mb-1">'$NAME'</p><p class="text-indigo-600"><a href="https://github.com/ExpressionEngine/ExpressionEngine/commits?author='$AUTHOR'" target="_BLANK">@'$AUTHOR'</a></p></div></div></div></li>'
+        echo "$NAME - $AUTHOR"
+        CONTRIBUTORS+=$'\n<li><div class="space-y-4 text-center"><img class="mx-auto h-20 w-20 rounded-full lg:w-24 lg:h-24" src="'"$IMAGE"'" /><div class="space-y-2"><div class="text-xs font-medium lg:text-sm"><p class="mb-1">'"$NAME"'</p><p class="text-indigo-600"><a href="https://github.com/ExpressionEngine/ExpressionEngine/commits?author='"$AUTHOR"'" target="_BLANK">@'"$AUTHOR"'</a></p></div></div></div></li>'
     fi
+
     ((x=x+1))
 done
 
 echo "=== Copy html below and insert into changelog ==="
-cat > "core_contributors.html" <<- EOF
+cat > "$CORE_CONTRIBUTORS_HTML" <<- EOF
 <div class="max-w-7xl mx-autotext-center">
 <div class="space-y-8 sm:space-y-12">
     <ul role="list" class="mx-auto grid grid-cols-2 gap-x-4 gap-y-1 sm:grid-cols-4 md:gap-x-6 lg:max-w-5xl lg:gap-x-8 lg:gap-y-1 xl:grid-cols-5">
@@ -52,6 +110,4 @@ cat > "core_contributors.html" <<- EOF
 </div>
 
 EOF
-cat core_contributors.html
-rm core_contributors.json
-rm core_contributors.html
+cat "$CORE_CONTRIBUTORS_HTML"
