"Fossies" - the Fresh Open Source Software Archive 
Member "serendipity/docs/NEWS" (20 Nov 2022, 63863 Bytes) of package /linux/www/serendipity-2.4.0.zip:
As a special service "Fossies" has tried to format the requested text file into HTML format (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
See also the latest
Fossies "Diffs" side-by-side code changes report for "NEWS":
2.3.5_vs_2.4.0.
1 Version 2.4.0 (November 20th, 2022)
2 ------------------------------------------------------------------------
3
4 * Fix: Avoid bad number of arguments to sprintf and fix logic error
5 in spamblock plugin.
6
7 * Improve w3c compatibility be encode square brackets of comment
8 mode links (thanks @hannob)
9
10 * Fix: Previewing comments warning threw a warning on PHP 8, when
11 debug mode on (thanks @hannob)
12
13 * Fix: Editor autosave cached was not deleted when saving entry
14
15 * Fix: Editor autosave was not on by default, despite the setting
16 being active by default
17
18 * Fix: admin/entries.tpl: fix undefined variable iso2br
19
20 * Fix: The calendar plugin threw a warning about $cond['join'] not
21 existing in some setups
22
23 * Fix: Avoid one more situation where responsive image upscaled
24 a small thumbnail
25
26 * Bugfix: Entryproperites plugin no longer insert empty records
27 for multiple authors (garvinhicking)
28
29 * Improve permalink generation performance and enable more unicode
30 replacements (thanks to mbirth!)
31
32 Version 2.4-beta1 (September 12th, 2021)
33 ------------------------------------------------------------------------
34 * Hide more PHP warnings in production mode, to ease the migration
35 to PHP 8
36 * Fix: Deleting a user was not possible
37 * New images added via the ML will set loading="lazy", improving
38 site performance for visitors (only if height and width known)
39 * Remove multitude of wysiwyg toolbars
40 * PHP 8 compatibility for serendipity core
41 * Fix: Using the ML filters in the selection popup after uploading
42 no longer removes option to insert image into article
43 * Drop never fully integrated laminas-db powered database backend
44 * Drop legacy mysql database backend (long ago replaced by mysqli)
45 * Update Cache/Lite to 1.8.3 for better PHP 7.4 compat
46 * Change backend_image_add hook to always contain same structure
47 * Split date and time input in editor into two input fields
48 * Improve performance of the media library by caching the file list
49
50 Version 2.4-alpha2 ()
51 ------------------------------------------------------------------------
52 * Adds 'image_id' to event 'backend_image_add' in addData array
53 * Move MySQL databases from MyIsam and UTF8 to InnoDB and utf8mb4,
54 enabling full unicode input.
55 * added type 'media' to configuration types,
56 this shows an input text with the button for the media library,
57 unified the CSS between this item and the plugin item,
58 hide the preview when no image is selected
59 * renamed 'multiDelete' in media selection to 'multicheck'
60 as suggested in the comments
61 * check for empty file input in media_upload
62 * stripped the multilingual tags from the preview iframe
63 * totally resorted the language files, added a new 'langsorter.php'
64 script which automatically sorts and completes the languages,
65 strings which doesn't seem in use are now in the 'orphaned' section
66 * Make it possible for plugins to let the core skip the check
67 whether trackbacks are already sent, with
68 $serendipity['skip_trackback_check']
69 * Add the original image to the response images srcset when
70 the original image is small, to avoid upscaling
71
72 Version 2.4-alpha1 ()
73 ------------------------------------------------------------------------
74
75 * template/bootstrap4/sidebar.tpl: fix usage of wrong template
76 variable which prevented the sidebar from being emitted.
77
78 * templates/2k11/admin/comments.tpl: Stay on the same page after
79 approving a comment; truncate comments to the same length (200)
80 as given by /include/admin/comments.php
81
82 * Merge s9y and plugin update notifications in dashboard.
83
84 * Fix: Simplify count_plugin_upgrades() in event_spartacus.
85
86 * Fix: Modified sql statement used for htaccess blocking to work in
87 MySQL 5.7.
88 Thanks to @fasterit!
89
90 * Switch new installations with MySQL >= 5.6.4 or MariaDB >= 10.0.5
91 to the InooDB stoprage engine and utf8mb4 charset. This enables
92 proper unicode support plus fulltext indexes, something older
93 mysql databases were not capable of
94
95 * Plugin nl2br: Include figure and figcaption tags (2.21.3)
96 Thanks to @stephanbrunker!
97
98 * Plugin spamblock: Add timeout protection against spambots (1.89).
99 Thanks to @stephanbrunker!
100
101 * #657: functions.config.inc.php:
102 eventhooks backend_login and backend_fail in function
103 serendipity_login and serendipity_authenticate_author
104 now only called with external=true (secondary login)
105
106 * Fix: added eventhook multilingual_strip_langs in
107 categories and permalinks for tagged translation
108 Thanks to @stephanbrunker!
109
110 * Change language names to native languages.
111 Thanks to @stephanbrunker!
112
113 * #650: Multiple fixes and enhancements, mainly to language settings.
114 Thanks to @stephanbrunker!
115
116 * admin/personal.inc.php: removed setting of $_SESSION:
117 serendipity_lang (already set in serendipity_config.inc.php
118 for all scenarios)
119 * admin/plugins.inc.php: fix some lookups from $_GET to
120 $serendipity['GET']
121 * compat.inc.php: function detectLanguage returns now NULL if
122 the detection failed, also doesn't change $serendipity['autolang']
123 anymore which remains 'en' as general fallback.
124 * functions.config.inc.php:
125 * major rework of the functions serendipity_getSessionLanguage
126 and serendipity_getPostAuthSessionLanguage. Those two functions
127 should now process the user input via GET and POST, store it
128 into SESSION and COOKIE, and if no such input is given,
129 fallback to browser language negotiation and default language.
130 More details in the comments to that functions.
131 $serendipity['detected_lang'] is the language found from user
132 input or browser negotiation.
133 * function serendipity_load_configuration sets the language
134 back to 'autolang' (which is 'en') if the language loaded does
135 not exist. Also sets the value $serendipity['default_lang']
136 to the default language of the blog.
137 * removed the Cookie 'userDefLang' which is no longer needed
138 * functions.entries.php:
139 * function serendipity_printArchives() hooks now
140 into hook_event::'frontend_fetchentries' to get multilingual
141 data, also doesn't show months and years with zero entries.
142 * function fetchEntryCategories, fetchEntryData and
143 fetchCategories strips now data of multilingual tags
144 * functions.routing.inc.php: fix some lookups from $_GET to
145 $serendipity['GET']
146 * plugin_api.inc.php: added function find_plugin_id which returns
147 an array of the ids of the installed instances of the given plugin
148 this is used for checking the configuration of that plugin in other
149 plugins
150 * created a new event hook 'multilingual_strip_langs' to strip
151 tagged translation of elements outside the sidebar (mostly
152 categories in entry display).
153
154 * Add plugin update notifications to the plugin update button and
155 to the dashboard.
156
157 Version 2.3.5 (April 25th, 2020)
158 ------------------------------------------------------------------------
159
160 * Fix: CSS: Restrict block display of summary to trackbacks. (#703)
161
162 * Fix: Don't strip HTML from comments body in serendipity_plugin_comments
163 before serendipity_event_unstrip_tags can convert the HTML tags
164 (being called via frontend_display hook). (#702)
165
166 * Fix: [CKE] Don't remove <details> and <summary> elements from
167 WYSIWYG editor.
168
169 * Fix: Don't delete extend properties from the entryproperties
170 plugin when publishing from dashboard (or sending
171 delayed trackbacks). (#695)
172
173 * Fix: SQL error in serendipity_plugin_history present since we
174 "don't allow requesting an archive page that doesn't exist"
175 (2.3.3). (#694)
176
177 * Fix: Entry title in backend list of entries was double escaped.
178
179 * Fix: Don't drop upgraded_version from local plugin cache.
180
181 * Fix: Regular expression in functions_routing.inc.php
182
183 * Fix: Truncate extension of media items to 5 chars (which ist the
184 max length of the corresponding database field). (#609)
185 Thanks to @mmitch!
186
187 Version 2.3.4 (March 25th, 2020)
188 ------------------------------------------------------------------------
189
190 * Security: Fix RCE on Windows.
191 Thanks to Junyu Zhang <rgdz.eye@gmail.com>!
192
193 * Fix: ML: Fixed filename generation when renaming and added
194 some error messages on rename failures.
195
196 * Display source of plugins (Spartacus, bundled or locally installed).
197
198 Version 2.3.3 (March 22nd, 2020)
199 ------------------------------------------------------------------------
200
201 * #651: When using checkboxes to insert multiple media files, if only
202 one asset has been selected, do not use the gallery mode,
203 but instead single-asset view. Also improves to click the title
204 of an asset to select its checkbox, and hides the 'Insert all'
205 button when no assets are selected. (garvinhicking)
206
207 * Use the video tag for videos in the Medialibrary, also when
208 inserting such a video into an entry
209
210 * media_choose.tpl: Fixes bad usage of
211 {serendipity_hookPlugin eventData=...} to {serendipity_hookPlugin eventData=}
212 and allow plugins to skip HTML block insertion to use their own
213 markup
214
215 * Updates mailer event plugin to support force sending mails on
216 published blog entries and ability to prepend a mail body.
217 Also fixes missing "keep strip tags" configuration option
218
219 * Fix serendipity_killPath().
220 Thanks to @surrim!
221
222 * Don't allow requesting an archive page that doesn't exist.
223 Thanks to @lotharsm!
224
225 * Fix: Set action to empty in functions_routing.php when serving JS;
226 otherwise the default page has been generated at every call.
227
228 * Fix: Add valid HTTP referrer when trying to delete a
229 trackback from the frontend.
230
231 * Fix: Wordwrap at word boundaries only in bundled plugin
232 serendipity_plugin_comments.
233
234 * Fix: Force empty limit to "" in serendipity_fetchEntries().
235
236 * Fix: Escape version string in update notifier to avoid XSS.
237
238 * Fix: Prevent renaming a ML object into an existing file,
239 resulting in deletion of both from disk and database.
240
241 * Fix: Items in Medialibrary that are not images now get
242 the correct link
243
244 * Fix: Remember where you stored images last (#652)
245
246 * Fix: [bbcode] Get roman numerals working in bbcode plugin.
247 Thanks to Fabien Chabreuil!
248
249 * Fix: Force positive limits for number of entries shown on
250 title page and in RSS feed. s9y doesn't work with 0 or
251 negative numbers, so force our default (15) in this case,
252 (#646)
253
254 Version 2.3.2 (October 16th, 2019)
255 ------------------------------------------------------------------------
256
257 * Fix: Auto-generated mails submitted to qmail as MTA will get
258 mangled if encoded to quoted-printable due to qmail
259 changing "\r\n" linebreaks to "\r\r\n". Submit just "\n"
260 as linebreaks; other MTAs should cope with that.
261
262 * fix: Rotating an image did not rotate all responsive thumbnails
263
264 * fix: The wysiwyg editor stripped the figcaption element used
265 for image captions
266
267 * Only populate $serendipity['GET'], $serendipity['POST'] and
268 $serendipity['COOKIE'] with references to $_GET['serendipity'],
269 $_POST['serendipity'], $_COOKIE['serendipity'] if they are
270 transmitted as an array. Else, an empty array is used.
271 Prevents PHP warnings (Issue 642) thanks to @hannob
272
273 * Escape category images to avoid backend XSS.
274 Thanks to @hannob!
275
276 * Only allows .txt and .log files for spamblock logging.
277 Thanks to Gary O'Leary-Steele (CVE TBD)
278
279 * Fixes not properly displaying plugin save errors (validation)
280
281 * Fix autologin when using MySQL (thanks @Eike Rathke,
282 https://github.com/s9y/Serendipity/pull/632)
283
284 Version 2.3.1 (August 21st, 2019)
285 ------------------------------------------------------------------------
286
287 * Enhance i18n of ML multimove.
288
289 * Fix ML multidelete.
290
291 * Change footer_info and prev/next links for archive pages for
292 "stable archives" sort order.
293
294 * Fix pagination in core for "stable archives" sort order and fix
295 prev/next links for pagination in timeline and bulletproof themes
296 when "stable archives" are active.
297
298 * Add Spartacus links ("more info") to plugin lists.
299
300 * Fix/Change: Wording of plugin display ("version") and PHP/smarty
301 variable names.
302
303 * Spartacus: Fix caching of plugin lists in getCachedPlugins().
304
305 Version 2.3.0 (August 10th, 2019)
306 ------------------------------------------------------------------------
307
308 * Fix: Don't show "Array" under Update notification if autoupdate
309 plugin is not installed
310
311 * Fix PHP 7.4 issue in PEAR HTTP_Request2
312
313 Version 2.3-rc1 (August 3rd, 2019)
314 ------------------------------------------------------------------------
315
316 * spamblock: Minor code change for PHP 7.4 compatibility (thanks
317 @hannob!)
318
319 * Fix: Make $entry available for templates.
320
321 * bulletproof theme: Fix preview iframe.
322
323 Version 2.3-beta1 (April 26th 2019)
324 ------------------------------------------------------------------------
325 * Activate stablearchive option by default for new blogs
326
327 * Fix: Smarty reference and PHP7.2 compatibility issue in timeline theme.
328
329 * Fix: PHP7.2 compatibility issue in clean-blog theme.
330
331 * Security: Fix XSS in Editor Preview by interpreted EXIF tags
332 (thanks @hannob!)
333
334 * Security: Fix XSS in Media Library by interpreted EXIF tags
335 (thanks @hannob!)
336
337 * Allow to receive multiple trackbacks and pingbacks
338 (thanks @mitch!)
339
340 * Fallback for $lang variable when configuration failed to load,
341 which evades some unuseful error messages (thanks @HQJaTu!)
342
343 * Improve nl2br p mode to works with tags like <strike>
344 (thanks @stephanbrunker)
345
346 * Minimal PHP version is now PHP 7.0
347
348 * Update voku/simple-cache to 4.0.1, fixes opcache warning on
349 hosted environments (thanks @voku and @hannob)
350
351 * Fix bug in nl2br's p mode that ate pre elements (thanks
352 @stephanbrunker!)
353
354 * Add internal cache invalidation when comment is added
355
356 * Move cache into functions.inc.php, resulting in this API:
357 * serendipity_setupCache() (used internally)
358 * serendipity_cleanCache()
359 * serendipity_cacheItem($key, $item, $ttl = 3600)
360 * serendipity_getCacheItem($key)
361
362 * Drop deprecated serendipity_purgeEntry function
363
364 * Default settings: Disable entryproperties cache, enable internal
365 cache
366
367 * Update Smarty to 3.1.33
368
369 * Use voku/simple-cache for internal cache as bundled lib, which
370 will allow to cache with memcached and redis instead of just
371 on the filesystem
372
373 * Set responsiveimages as default plugin
374
375 * Add rewrite to absolute url for srcsets to the feed
376 generation
377
378 * Fix bug with not properly adding trailing "/" when managing
379 directories, so that saving different permissions would not
380 be properly applied
381
382 * Re-add missing plugin API event hook backend_media_rename
383 from prior pmigration in Serendipity 2.2 (#509)
384
385 * Re-add missing ACL adjustments after renaming a directory
386 (#509)
387
388 * Fix typo that switched read permissions with write permissions
389 when editing a category ACL
390
391 * Fix mispositioned button in media db directory list.
392
393 * Use figure/figcaption markup for media db images w/ captions.
394
395 * Add localization to maintenance mode, add German translation.
396
397 Version 2.2.1-alpha1 (September 20th, 2018)
398 ------------------------------------------------------------------------
399
400 * PHP 7.2 support: New autologin token approach, various code
401 changes
402
403 * Add function to add multiple images to an enty at once,
404 creating a gallery
405
406 * Add maintenance mode, allowing access to the blog only for
407 currently logged in user. This is meant to be activated when
408 upgrading the blog.
409
410 * [Security] Improved password hashing by moving to bcrypt
411
412 * Fix bug that could lead to noindex being activated by accident
413
414 * Update Smarty to 3.1.32
415
416 * Update bootstrap 4 design to new bootstrap version
417
418 * Add option to disable google fonts in several designs
419
420 * Make it easier to drag plugins to other columns
421
422 * Improve and fix the p-mode of the nl2br plugin (Stephan Brunker)
423
424 * Support SVGs in Media Library
425
426 * Support automatic generation of responsive image thumbnails, and
427 using them when inserting images to entries
428
429 * Rework messy code updating the database and entries when
430 renaming or moving items in the media library
431
432 * Improve internal cache to work with more plugins, by reacting
433 to more variables changing the output
434
435 * Add backend_view_entry hook, that is executed for every entry
436 in the backend entry list
437
438 * Updated entryproperties plugin to support a custom property for
439 multiple ownership of an article
440
441 * Emit and detect rel=trackback element to find trackback
442 url, to have a reliable alternative to RDF used so far
443
444 * Merge and rename the two configuration variables to limit
445 displayed entries in the dashboard (#493):
446
447 $serendipity['dashboardLimit'] and
448 $serendipity['dashboardDraftLimit'] are now merged into
449 $serendipity['dashboardEntriesLimit'] - please change your
450 serendipity_config_local.inc.php accordingly if you used
451 the former variables.
452
453 The dashboard will now show as many future entries as
454 configured in "dashboardEntriesLimit"; if there are less
455 future entries, it will display drafts until
456 "dashboardEntriesLimit" is reached.
457
458 * Add a "delete" button to the backend entry form (#491, #494)
459
460 * Change Spartacus default mirror to github (#489)
461
462 Version 2.1.6 (August 9th, 2019)
463 ------------------------------------------------------------------------
464 * Prevent error in upgrader when $sqlfiles is NULL.
465
466 * Fix preview iframe in bulletproof, thx pixel32
467
468 Version 2.1.5 (May 1st, 2019)
469 ------------------------------------------------------------------------
470 * Security: Fix XSS in Editor Preview by interpreted EXIF tags
471 (thanks to @hannob!)
472
473 * Security: Fix XSS in Media Library by interpreted EXIF tags
474 (thanks to @hannob!)
475
476 * Fix mispositioned button in media db directory list.
477
478 * Change default for comment subscription to full text.
479
480 * Display errors if comment coulnd't be deleted.
481
482 * Make it easier to drag plugins to other column.
483
484 * Add fallback for broken JS in configuration screens.
485
486 Version 2.1.4 (September 20th, 2018)
487 ------------------------------------------------------------------------
488
489 * Security: Fix XSS for pagination, when multi-category selection
490 is used. Thanks to Brian Carpenter (geeknik) and Hanno Boeck!
491
492 * Minor code fixes (proper PHP escaping for 'orderkey' SQL statement
493
494 * Skeleton, Timeline and Clean Blog templates: Add theme option to
495 disable google webfonts
496
497 * Link to https s9y.org pages
498
499 Version 2.1.3 (August 16th, 2018)
500 ------------------------------------------------------------------------
501
502 * Security: Make sure that the admins configuration for RSS
503 and blog entry limit is parsed as integer for SQL queries.
504 Thanks to @oreamnos and Hanno Boeck for reporting!
505
506 * Security: Prevent XSS possibility in "edit entries" panel.
507 Thanks to @oreamnos and Hanno Boeck for reporting!
508
509 * Security: Disallow sending comment notifications and mails to more than one
510 mail address. This could be used to approving opt-ins of requests
511 that did not belong to the same email that was approved.
512 Thanks to Hanno Boeck for reporting!
513
514 * Security: Remove exit.php open redirect, when not using the trackexits-
515 plugin configured with Serendipity exit tracking.
516 Thanks to Julio Cesar (from infosec.com.br) and Hanno Boeck for reporting!
517
518 * Fix SQL compatibility for creating of table "serendipity_groupconfig"
519
520 * Added new "legal" plugin property bag attribute to indicate
521 impact for the GDPR / DSGVO, used in conjunction with the
522 serendipity_event_gdpr_dsgvo plugin
523
524 * Disabled subToMe service by default to prevent issues with GDPR
525
526 Version 2.1.2 (March 25, 2018)
527 ------------------------------------------------------------------------
528
529 * Exclude defunct netmirror spartacus repository
530
531 * Adapt .htacess default rules to exclude rewriting documentation
532 (Issue #521)
533
534 * Fix a regression in Net/DNSBL regarding
535 serendipity_event_spamblock_rbl and
536 serendipity_event_spamblock_surbl by adding Net/DNS2 1.4.3 as a
537 bundled library to core and patching Net/DNSBL (#497)
538
539 * Fixed broken Akismet API calls (#507)
540
541 * Fixed comment preview for logged-in users (#503)
542
543 * Fixed message display after comment editing/deleting (#526)
544
545 * Don't show empty plugin groups in list (#496) and fix broken
546 plugin display in Firefox.
547
548 * Add template path as first entry to template_dirs (#524)
549
550 Version 2.1.1 (April 9th, 2017)
551 ------------------------------------------------------------------------
552
553 * Fixed a regression issue where configuration variables could not
554 properly be stored when they were set to false.
555
556 Version 2.1.0 (April 8th, 2017)
557 ------------------------------------------------------------------------
558
559 * Some more PHP7 error catching
560
561 * Fix missing token when updating plugin
562
563 * Fix missing variable name in regular expression match, Issue #442
564
565 Version 2.1-rc1 (January 26th, 2017)
566 ------------------------------------------------------------------------
567
568 * Fix issue #437 - Remove the hardcoded media filter only_filename
569 input field and re-allow the $order_fields['i.name'].
570
571 * Issue #430, fix proper name of new feedShowMail configuration var
572 in rss.php for showing mail addresses
573
574 * [Security] Enhance CSRF-Tokens for toggling/moderating comments
575
576 * Allow to set a default category for authors (personal preferences)
577
578 * Changed how the hidden password element is displayed to prevent
579 browsers from autofilling it into the entryproperties plugin
580
581 * [Security] Enhanced media upload check to also check redirects
582 for local files, thanks to Xu Yue (again!)
583
584 * [Security] Prevent XSS in adding category and directory names,
585 thanks to Edric Teo @smarterbitbybit.
586
587 * [Security] For multi-deletion of entries, secure the HTTP referrer
588 output to prevent XSS (Issue #435)
589
590 * [Security] Reject %0D/%0A in exit tracking and other places
591 (Issue #434)
592
593 * [Security] Redirection of comment.php now checks the referrer
594 and only allows the blog's host (thanks to Lee Sheldon Victor)
595
596 * [Security] Fix missing integer casting for inserting new categories
597 (thanks to cdxy)
598
599 * Disabled Selenium test files unless enabled
600
601 Version 2.1-beta2 (September 26th, 2016)
602 ------------------------------------------------------------------------
603 * Improved backend accessibility by hiding iconfont icons for
604 screenreaders (using aria-hidden).
605
606 * Replaced the JS-based equal height solution in the backend with
607 a modern CSS-only solution based on Flexbox for browsers that
608 support it. (Browsers that do not support Flexbox or that only
609 support outdated versions of Flexbox get the old JS solution as
610 a fallback.)
611
612 * [Security] Prevent moving files by using their directory name.
613 [Security] Possible SQL injection for entry category assignment
614 [Security] Possible SQL injection for removing&adding a plugin
615
616 All issues require a valid backend login.
617 Thanks to Hendrik Buchwald for finding this via their
618 RIPS source code analyzer (www.ripstech.com)
619
620 * [Security] Add new configuration option to enable fetching
621 local files for the media uploader. By default this is now
622 disabled to prevent Server Side Request Forgery (SSRF).
623 Thanks to Xu Yue for pointing this out!
624
625 * Added new API wrapper serendipity_request_url() to request URLs.
626 Currently uses HTTP_Request2, might change to curl or others in
627 the future, but irrelevant to plugins using this function.
628
629 * Removed outdated themes blue, carl_contest, kubrick and wp. They
630 live on Spartacus now.
631
632 * Added new theme "Skeleton". Skeleton is a responsive, mobile first
633 HTML5/CSS3 theme built on the Skeleton framework.
634
635 * Fix comaptibility bug preventing Internet Explorer (+Edge) to
636 clear the entry editor cache when saving an entry
637
638 * Remove backend js from preview_iframe.tpls, makeing entry previews
639 faster, more accurate and more reliable
640
641 * Introduce new plugin api function
642 $plugin->getFile($filename, $key = 'serendipityPath'). Other
643 than parseTemplate($filename) it will not parse the found file
644 via smarty, and it allows directories inside $filename. Intended
645 use is finding files like images via the fallback chain, giving
646 themes the chance to serve custom versions instead.
647
648 * Give theme authors the option to force using a template file from
649 the frontend, {getFile file=... frontend=true}
650
651 * Fix entry preview by making sure it always uses the correct
652 template files to generate preview, replacing internal magic
653 with direct parameters
654
655 * Rewrite and simplification of the file fallback chain in
656 serendipity_getTemplateFile. Removes templates/default/ from
657 from the chain, as it was replaced by templates/2k11/
658
659 Version 2.1-beta1 (June 8th, 2016)
660 ------------------------------------------------------------------------
661
662 * Added new theme "Timeline". Timeline is a fully responsive,
663 mobile first HTML5/CSS3 theme built on the Bootstrap
664 framework.
665
666 * Add new config variable $serendipity['cors'] to allow to set
667 Access-Control-Allow-Origin: * headers for sensible places
668 (RSS feeds), to i.e. allow JavaScript's XMLHTTPRequest to read
669 those feeds.
670
671 * Introduce a section with modern recommended themes in the
672 themes backend menu. Themes can be included there by setting
673 Recommended: Yes in their info.txt
674
675 * Merge sidebar and event upgrade pages in one single page
676 button
677
678 * Add colorpicker as possible plugin option item type, set
679 type to 'color' to use it
680
681 * Comments made via the backend on own articles don't trigger
682 the comment notification (thanks to xoxys)
683
684 * Fix missing perm checks for "standard user" in MediaLibrary
685
686 * Fix show Dashboard entries by authors entries
687
688 * Fix show Dashboard comments by authors entries (#385)
689
690 * Use CDATA encoded body for ATOM feed
691
692 * Fix: Ajax upload to ML now also works for non-images
693
694 * Added new theme "Clean-Blog". Clean Blog is a fully responsive,
695 mobile first HTML5/CSS3 theme built on the Bootstrap
696 framework.
697
698 * Fixed checkbox entryproperties re-sets (#376)
699
700 * Fixed media item delete handler (#371)
701
702 * Rewrote Routing code for index.php to be outsourced into
703 include/functions_routing
704
705 * Removed broken feature for viewing blog entries by multiple
706 authors, dropped code from core and plugin_authors.
707
708 * Optimize scaleImage returns
709
710 * Fixed media item rename handler (#370)
711
712 * Fixed and enhanced multiple media redirects and path / name
713 related issues, as well as some better umlaut conversions
714
715 * Allow strict media directory selection by toggle filter
716
717 * Allow a better auto char conversion to media upload item names
718
719 * Added Start / End pagination to MediaLibrary and entries list
720
721 * Added new bulk image move ability to MediaLibrary. This fixes
722 several issues with rename AND remove and allows to automatically
723 check and set MediaLibrary item entry paths on MOVE.
724 Staticpages from v.4.52 are modified to support this too.
725 Now supports Quickblog (imageselectorplus) entry path repairs.
726
727 * Fix MediaLibrary objects not pass through into entryproperties
728 CustomFields
729
730 * Fix fatal error atom 1.0 issue; References #362
731
732 * Fix eraseEntryEditorCache script in preview_iframe updertHooks
733 IFRAME
734
735 * Fix the Serendipity template and file fallback chaining to work
736 more precise
737
738 * Disable CKEDITOR Source protection for Smarty and WP-Smarty like
739 markup, since now being usable w/o setting ACF OFF
740
741 * Set Serendipity var use_autosave in backend only
742
743 * Fix entries.inc fetching iframe event returning 1, when true and
744 added a new language constant change message for multilanguage
745 entry changes, instead of the wrongly used save message
746
747 * Fix importers to use the new mysqli API extension with PHP 5+
748
749 * WIP: Added an internal cache to speedup s9y's site generation. Can
750 be activated by setting use_internal_cache to true in
751 serendipity_config.inc.php. Test feedback needed.
752
753 * Added <IfModule mod_rewrite.c> checks to .htaccess for URL
754 rewriting
755
756 * Add support for cronjob plugin to spartacus, to notify blog owner
757 about possible updates (via e-mail)
758
759 * Added link to preview spartacus themes on blog.s9y.org
760
761 * Added two configuration variables that can be set in
762 serendipity_config_local.inc.php to influence the dashboard entry
763 limit:
764
765 - $serendipity['dashboardLimit']: How many future entries to fetch
766 (default: 5)
767 - $serendipity['dashboardDraftLimit']: How many entries in total
768 shall be displayed in the dashboard section (default: 5)
769 - $serendipity['dashboardCommentsLimit']: How many comments
770 (default: 5)
771
772 (Draft entries will only be fetched if there are less future
773 entries than the total entry limit)
774
775 * Fix: the syndication plugin links subtome correctly to the atom
776 feed when he is activated with the rss feed
777
778 * Issue #238: When creating/renaming media directories, replace
779 special characters with the same i18n rules like Permalinks are
780 created, renaming umlauts etc.
781
782 * Add "update all"-button to plugin update page
783
784 * Issue #234: Granular options to force backend popups for certain
785 areas
786
787 * Introduce serendipity['ajax'] to detect incoming ajax requests
788 and react accordingly in core and plugins
789
790 * Issue #248: Add $serendipity['forceBase64']=true option (can be
791 set in serendipity_config_local.inc.php) to make Serendipity
792 *not* use 8bit Imap functions for sending mail, for MTAs that
793 behave erradically otherwise.
794
795 * Issue #257: Make sure to check entered admin-user password
796
797 * Issue #264: Drop $authorid for permissions based on images
798 instead of directories, it was not used anymore
799
800 * Some small enhancements to the error reporting
801
802
803 Version 2.0.3 (January 4th, 2016)
804 ------------------------------------------------------------------------
805
806 * Fix XSS in backend comment editing form for logged-in authors,
807 thanks to Onur Yilmaz and Robert Abela from Netsparker.com
808
809 * Fix some backend entry form related event messages
810
811
812 Version 2.0.2 (July 24th, 2015)
813 ------------------------------------------------------------------------
814
815 * Fix security issues reported by Tim Coen of Curesec.com:
816
817 - Forbid uploading files with PHP contents and possible
818 PHP execution by authenticated users (critical if
819 you have possible untrustworthy authors)
820 - Add proper escaping for comment approval tokens to prevent
821 SQL injection (authenticated authors only)
822 - Add proper escaping of comment's author names in the
823 comment reply form to prevent XSS (2k11 template, javascript
824 based)
825
826 * Minor layout fixes for media DB media filters
827
828 * Backported some Importer db bugfixes
829
830 * CKEDITOR bugfix releases to 4.4.8 - please read the changelog.
831 Includes widget, lineutils, fakeobjects Plugins and S9y added
832 cheatsheet and procurator Plugins.
833 Changed config.autoParagraph set to false, to prevent wrapping
834 p tags around extraAllowedContent tags.
835
836 * Smarty bugfix upgrades to 3.1.27 - please read the changelog.
837 Compilation time was vastly improved.
838 New Features in NEW_FEATURES.txt.
839
840 * It is now possible to switch to a theme's admin theme if it has
841 been selected as a frontend theme first
842
843 * Syndication Plugin Issue #285:
844 - Add "none" as possible value for the xml-icon in the
845 syndication plugin, to enable plain links
846 - Reset subtome full icon path to support
847 serendipity_getTemplateFile()
848 - Link creation fixes for Bulletproof coloured style (eg blue)
849
850 * Fix auto include of a User theme /admin/user.css backend file.
851
852 PLEASE NOTE:
853
854 2.0.1 brought in an automated include of a themes "user.css"
855 file. If you don't want to use such file any more (and you have
856 one), you will have to delete or rename it by hand!
857
858 Also please note, that user stylesheet selectors like
859
860 .selector {
861 background-image: url(img/example.jpg);
862 }
863
864 now need to use the {TEMPLATE_PATH} like
865
866 .selector {
867 background-image: url({TEMPLATE_PATH}img/example.jpg);
868 }
869
870 Content of a user.css will always be put LAST into the combined
871 CSS, this means it will override any possible plugin output.
872 If a user.css file does not exist in your own template directory,
873 but inside the default 2k11 template directory, this will always
874 be used (this behaviour is called "default fallback chain").
875
876 * Use https URLs for Atom feed, if called through HTTPS (hboeck)
877
878 * Restore the "Show toolbar within media selector popup?" option,
879 it was ignored before.
880
881 * Fix Issue #321, negative offset for LIMIT SQL statements when
882 using stable archive sorting and plugins like history.
883
884 * Templatechooser will not apply theme in backend admin.
885
886 * Use "secure" flag for (session) cookies sent over SSL, thanks to
887 dayton967
888
889 * Make preview_iframe.tpl template files load the proper frontend
890 CSS file, including cache-busting version string when changing
891 themes
892
893 * Implement patch to properly initiate templates_c on installation
894 for shared installs (thanks to fugue88)
895
896 * Allow templatechooser plugin to read a custom "blacklist.txt"
897 within its directory, that can blacklist certain themes from
898 being selected.
899
900 * Allow serendipity_setCookie() function to set custom expiry.
901
902 * Adapt .htaccess profile of "mod_rewrite for 1&1 and problematic
903 servers" to not include the "Options -MultiViews" option, since
904 this is often blocked
905
906 * Fix initializing smarty framework in the preview/saving iframe,
907 so that a template's config.inc.php is always loaded.
908
909 * Show debugging .tpl file information with relative directory only
910
911 * fix wrong upgrade removal of dead files with 2.0.1 update
912
913
914 Version 2.0.1 (March 12th, 2015)
915 ------------------------------------------------------------------------
916
917 * Fix missing escaping (possible XSS) of category names in the
918 Backend Entry Admin, which would allow editors that create a
919 forged category name to attack other editors in the backend
920 (privileged access to the backend required). Thanks a lot to Edric
921 Teo for reporting this issue.
922
923 * Improved detection for possible upgrade/plugin/PHP errors. A
924 warning will be emitted on the dashboard, when the Serendipity
925 JavaScript library could not be loaded.
926
927 * syndication fix: use absolute urls for subtome
928
929 * Issue 306: localStorage may be deactivated by setting a config
930 option or using security-related extensions at least in some
931 browsers, which might (at least in FF) break backend JS
932 functionality. Added extra tests to 2k11 backend JS.
933
934 If you use localStorage, please test if it is actually available
935 by testing if localStorage !== null in JS.
936
937 * Issue 280: Allow every theme to utilize a "user.css" file that
938 gets loaded on top of the frontend (or backend, if in admin/
939 subdirectory) theme. This file can be used for customized CSS of
940 a blog-admin which carries over to future Serendipity updates
941
942 * Issue 299: Do not display dashboard for users with no permission
943 to perform actions in the backend (frontend-users)
944
945 * Make "rewriteURL" smarty modifier available to do a
946 {$CONST.PATH_ARCHIVE|rewriteURL} within a smarty template file.
947
948 * Add a generic odd/even for backend dashboard widgets to align
949 properly. Future dashboard widgets need to get the new extra
950 class dashboard widget on the section element they create.
951
952 * Fix event emoticate plugin to reflect proper call usage of
953 serendipity_getTemplateFile(), if a theme uses custom emoticons.
954 UPDATE your themes emoticons.inc.php file, if have. See example
955 file in plugin dir.
956
957 * Change 2k11 config.inc.php to reflect proper
958 serendipity_getTemplateFile() when frontend files shall be
959 referenced within the backend.
960
961 * Fixed missing file message for deleted media items
962
963 * Fixed entry editor JS not emitting a 'No tags' msg in taxonomy
964 quick view. Improved serendipity.tagsList exit if freetag plugin
965 is not installed.
966
967 * Minor backend UI fixes (taxonomy quick view in entry editor,
968 'Done' msg emitted by Bayes plugin)
969
970 * Clearer language constants for entries in dashboard, labelled
971 "In progress"
972
973
974 Version 2.0 (January 23rd, 2015)
975 ------------------------------------------------------------------------
976
977 * Smarty fix for purging compiled files
978
979 * Fix wrong search page ordering when stable archive was active
980
981 * Prevent entryproperties from saving/displaying a browser-side
982 stored password that was actually not set.
983
984 * Stronger check for existing logger interface to prevent errors
985 when it is not actively used.
986
987 * Fix entryproperties being removed when publishing an article
988 from the dashboard and by specific plugins (freetag, trackback)
989 that modify entry data.
990
991 * Fix deleting comments when user is not an admin, but the entry
992 belongs to him. Thanks to berberic.
993
994 * Patch PEAR.php to use "static" isError declaration to prevent
995 PHP error messages
996
997 * Change order of IF-statements in entries.tpl to check for
998 comment_moderate/comment_added, to properly emit the message
999 whether a comment is being moderated.
1000
1001 * Fix searching for entries in the admin panel with database
1002 types other than "mysql"
1003
1004 * Change entry editor's category assignment to toggle between
1005 a hierarchical and a plain list (good for many categories)
1006
1007 * Fix date formatting in entry editor to not use ISO year
1008 but the calendar year
1009
1010 * Fix autoupdate version read and transmit
1011
1012
1013 Version 2.0-rc2 (December 23rd, 2014)
1014 ------------------------------------------------------------------------
1015
1016 * Fixes escaping of comments in the new backend pane to prevent
1017 XSS. Thanks to Steffen R�emann for reporting!
1018
1019 * Fix wrong parameter count in serendipity_entity_decode
1020
1021
1022 Version 2.0-rc1 (includes beta4/5/6) (December 19th, 2014)
1023 ------------------------------------------------------------------------
1024
1025 * entryproperties plugin will now automatically disable nl2br
1026 markup, when the WYSIWYG editor is used to create en entry
1027
1028 * PHP Requirement now is at: PHP 5.3+
1029
1030 * Fix for syndication subtome onclick handler
1031
1032 * Fix problematic preview stylesheet reference
1033
1034 * Optimized clearing smarty template files on upgrading
1035
1036 * Properly reset the "disable markup" feature of entryproperties
1037 plugin when none selected
1038
1039 * PHP 5.4+ fix to properly call htmlspecialchars() / htmlentities() /
1040 html_entity_decode() with a charset option, that has been
1041 set to to default to UTF-8 and will yield empty strings when
1042 being used in NON-UTF-8 environments. Now we utilize a
1043 serendipity_specialchars() wrapper call.
1044
1045 * Added SQLite3 OO database layer for PHP 5.4+
1046
1047 * New personal preference to choose CKEditor toolbar presets.
1048 Presets can be overwritte through a
1049 templates/xxx/admin/ckeditor_custom_config.js if needed.
1050 See htmlarea/ckeditor_s9y_config.js for details.
1051
1052 * Proof of concept templates "default-php" and "default-xml" have
1053 been moved to Siber...Spartacus. They would need adapting to
1054 Serendipity 2.0 (simple methods like getConfigDir() et al),
1055 but since those Template APIs have virtually zero usage scenario,
1056 they remain experimental.
1057
1058 * Added new PAT_JS mod_rewrite rule to .htaccess files
1059
1060 * Removed experimental support for PHP/SMARTY IN-MEMORY caching
1061 added in 2.0-beta3, since this could not work.
1062
1063 * Smarty 3.1.21 upgrade (see changelog)
1064
1065 * Fix ImageMagick new sizing issues while forcing image geometry
1066 exactly to given sizes with imageselectorplus
1067
1068 * Fix issue #220 with pdf directory moving rename() error
1069
1070 * Fix bug in entry listing, which showed wrong categories for
1071 entries (Issue #201)
1072
1073 * Improve RegExp for Feed-URL matching, thanks to fugue88
1074
1075 * Proper SQLite PDO filenames in shared installations (Issue #214)
1076
1077 * ImageMagick now can get parameters to generate thumbnails,
1078 see serendipity_config.inc.php for example values
1079
1080 * Allow to enable/disable the new autosave feature in personal
1081 preferences (Issue #213)
1082
1083 * Re-added installer test for writable serendipity base directory
1084
1085
1086 Version 2.0-beta3 (July 25th, 2014)
1087 ------------------------------------------------------------------------
1088
1089 * Move admin/media_showitem.tpl to theme's directory in 2k11. With
1090 an adaptation in serendipity_admin_image_selector.php, this now is
1091 a "true" frontend template which uses the styles of the frontend
1092 theme. Theme authors might want to adapt it to their themes.
1093
1094 * Moved general syndication plugin option into the core
1095
1096 * Smarty 3.1.19 upgrade (see changelog)
1097
1098 * Fixed thumbnail recreation, Issue #134
1099
1100 * Merged external JS libraries into a central "plugins.js" of the 2k11
1101 backend template, can be updated through
1102 templates/2k11/admin/js/gruntipity.php helper script.
1103
1104 * Adapted database table structure change for statistics, shoutbox,
1105 karma and spamblock plugin (for new field definition of "ip" field)
1106 Thanks to rohdef!
1107
1108 * Added new option "enabledBackendPopups" that allow to specify
1109 if inline modal dialogs or popups are used in the backend for
1110 e.g. the category selectory and media library
1111
1112 * added experimental support for PHP/SMARTY IN MEMORY caching
1113 Enabled by default, if classes found loaded.
1114 Disable with
1115 $serendipity['disable_apc'] = true;
1116 and
1117 $serendipity['disable_memcache'] = true;
1118
1119 * Support added in serendipity_db_schema_import for sqlite
1120 autoincrement
1121
1122 * Remove Google Reader button from syndication plugin options
1123
1124 * Add subToMe-button to syndication plugin and change its defaults
1125
1126 * Use Browsercache to save cache and restore entries
1127
1128 * Improved installer to forbid using database table prefixes with
1129 special characters
1130
1131 * Themes using Engines are now able to use the parent's
1132 configuration
1133
1134 * Prevent "new" plugin api to install double instances of plugins
1135 that are not stackable (issue #45)
1136
1137 * Back button in plugin-config
1138
1139 * Adapted serendipity_editor.js to provide more global (though
1140 deprecated) API access methods for plugins like amazonchooser
1141 and linktrimmer, to perform insertion. Also fixed the
1142 insertion of text when the ID of the element is not prefixed
1143
1144 * Move sort by name to simple filter in ML, replace file extension
1145
1146 * Remember selected media library folder
1147
1148 * Show upload-success or error with the ajax image uploader
1149
1150 * Fix preview entry exception (issue #119)
1151
1152 * Add serendipity.toggle_collapsible as a reusable JS function
1153 for the core backend and backend sections emitted by plugins as
1154 an easy way to provide show/hide functionality. (yellowled)
1155
1156 * Fixed media insert target bug (issued by #143, #145, #121)
1157
1158 * Fixed publish drafted-entries via dashboard (issue #160)
1159
1160 * All frontend themes that rely on the bundled Core jQuery library
1161 are currently using the jquery.noConflict-mode for compatibility
1162 to older plugins.
1163 This mode is now considered deprecated and will be removed in
1164 future releases. A new variable:
1165 $serendipity['capabilities']['jquery-noconflict'] = false;
1166 in your theme's config.inc.php file can now turn of that
1167 noConflict-mode.
1168
1169 * Due to distinction of backend and frontend themes, each theme
1170 that provides a custom jquery.js now only does so for the
1171 frontend. The backend now listens to a:
1172
1173 $serendipity['capabilities']['jquery_backend'] = false;
1174
1175 variable, and the file needs to be jquery_backend.js that
1176 a backend theme would reference to.
1177
1178 * Changed 2k11's config.inc.php file to provide a more stable
1179 call of event hooks so that other themes can also hook
1180 their own events.
1181
1182 * Changed JS for category filtering and its reset button to be a
1183 reusable function, which is now also used in the list of
1184 installable plugins.
1185
1186 * Fixed wrong local documentation URL in plugin configuration
1187
1188 * Added new "backend_dashboard" event-hook for plugins to use
1189 within dashboard.
1190
1191 * Backend and Frontend themes can now be set independently from
1192 each other. New backend themes now need to set:
1193
1194 Backend: Yes
1195
1196 in their info.txt file. If you adapt a custom admin theme,
1197 ensure that it is compatible to the new "2k11" backend to
1198 ensure proper future usage within Serendipity. The bulletproof
1199 backend will now no longer be recognized as a backend theme
1200 option, but can be selected as a new frontend theme, while
1201 using 2k11 (=default) in the backend.
1202
1203 * Include klogger, call it as $serendipity['logger']->debug/error.
1204 The log-level can be set in the general configuration and is
1205 disabled by default.
1206
1207 * Fixed missing s9ymdb ID
1208
1209 * Add HTTP_Request2 and dependencies as bundled libraries and
1210 update PEAR library to version 1.9.4
1211
1212 * Implemented AJAX uploadResize option to allow resizing an image
1213 before upload (onli)
1214
1215 * Improved file/directory removal code to (hopefully) fail more
1216 gracefully
1217
1218 * Change "default" admin backend template fallback chain so that
1219 old admin themes can theoretically be shown with the "old"
1220 admin interface. This however in many themes breaks the
1221 Serendipity workflow. In other words, currently old custom backend
1222 themes are deprecated. We are still working on how to deal
1223 with this and if we can add some sort of compatibility or port.
1224
1225 * Fix bundled jquery's source mapping, upgraded to 1.11.1
1226
1227 * Fixed missing media name in resize GET URL
1228
1229 * Fix MediaDB overlay display
1230
1231 * Re-Added possibility to change filename/target directory for
1232 media uploads
1233
1234 * Update CKEditor to 4.4
1235
1236 * Fixed some missing internationalization instances
1237
1238 * Minor CSS improvements for upgrader, plugin sequencing widget
1239
1240 * RSS importer accepts pubDate in addition to pubdate element.
1241
1242 * Upgrader in Dashboard can be disabled, returns error message when
1243 URL not accessible
1244
1245 * Added a category filtering ability for the entry editor
1246
1247 * Better check when removing old/dead files to prevent error
1248 messages
1249
1250 * WYSIWYG editor respects image floats
1251
1252 * Support html5 multiple file upload
1253
1254 * Modernizr, magnificPopup updates
1255
1256 * Improvements to equal heights js, button labels
1257
1258 * No longer truncate long entry titles
1259
1260 * Improve non-WYSIWYG editor tag insertion, url insertion
1261
1262 * Improve less DOM firing on certain javascript tasks
1263
1264 * Introduce js_backend event hook
1265
1266
1267 Version 2.0-beta1 and followup -beta2 (April 14th, 2014)
1268 ------------------------------------------------------------------------
1269
1270 * Upgrade Smarty libs to 3.1.18
1271
1272 * Automatic upgrade removal of old Smarty2 files (2.0-alpha2)
1273 function uses SPL
1274
1275 * Implemented patch https://github.com/s9y/Serendipity/pull/15
1276
1277 * When switching Themes, both the backend and the frontend
1278 will remember the timestamp of the last theme change,
1279 to make sure that the browser will not cache a mismatching CSS.
1280
1281 * Fix theme change issues with global template vars in core
1282 (1559472ca3) see 'temporary added empty $template_config_groups'
1283 in 1.7-rc2 (eb77dc369a)
1284
1285 * Use Smarty for backend display output
1286
1287 * "Themes" are now what has previously been mixed as "Design",
1288 "Theme", "Template" or "Layouts".
1289
1290 * WYSIWYG-Spawn-API reworked (2k11/admin/wysiwyg_init.tpl)
1291
1292 * All Javascript-functions like SetCookie now reside in a
1293 serendipity-object, simulating a namespace.
1294 SetCookie(...)
1295 became
1296 serendipity.SetCookie(...)
1297
1298 * Renamed JS-Function:
1299 toggleCategorySelector became toggle_category_selector
1300
1301 * The advanced js option (eyecandy) got removed, as such a thing
1302 like advanced js doesn't exist anymore
1303
1304 * dashboard_plugin has an equivalent in the core, replacing the
1305 frontpage
1306
1307 * Constants like S9Y_FRAMEWORK_COMPAT are no longer set
1308 (include_once is used instead)
1309
1310 * New additional option to render smarty-functions:
1311 serendipity_smarty_show($template, $data)
1312
1313 * A number of functions now returns their result instead of echoing
1314 them (TODO: a bunch of image- and
1315 trackback-functions still use echo for messages"):
1316 serendipity_plugin_config
1317 serendipity_printEntryForm
1318 serendipity_printEntries
1319 function serendipity_showMedia
1320 serendipity_showPropertyForm
1321 showMediaLibrary
1322 serendipity_guessInput
1323 memSnap
1324 serendipity_displayTopUrlList
1325 serendipity_displayTopExits
1326 serendipity_displayTopReferrers
1327 serendipity_printConfigTemplate
1328 show_plugins
1329
1330 * Functions removed from the core:
1331 serendipity_printConfigJS
1332
1333 * Functions added to the core:
1334 serendipity_generateImageSelectorParams
1335
1336 * All internal plugins got extracted from plugin_internal.inc.php
1337 and moved to plugins/.
1338 They are renamed to work there (upgrader task provides migration):
1339 serendipity_calendar_plugin became serendipity_plugin_calendar
1340 serendipity_quicksearch_plugin became serendipity_plugin_quicksearch
1341 serendipity_archives_plugin became serendipity_plugin_archives
1342 serendipity_categories_plugin became serendipity_plugin_categories
1343 serendipity_syndication_plugin became serendipity_plugin_syndication
1344 serendipity_superuser_plugin became serendipity_plugin_superuser
1345 serendipity_plug_plugin became serendipity_plugin_plug
1346
1347 * Add plugin hook "js", generating a virtual serendipity.js
1348
1349 * Admin JS is now bundled in serendipity_editor.js.tpl and
1350 rendered using smarty in the theme config
1351
1352 * Admin JS got rewritten using jQuery where applicable
1353
1354 * serendipity_define.js.php removed
1355
1356 * Removed support for layout.php
1357
1358 * The whole PHP-Code now almost never echoes integrated HTML, but
1359 uses smarty template (TODO: Remove the almost)
1360 The necessary smarty-templates reside in 2k11/admin/
1361 Every theme can generate its own backend if it integrates those
1362 templates under admin/ itself
1363
1364 * 2k11 is set as the new default backend, replacing bulletproof.
1365 default remains the fallback so far.
1366
1367 * A number of functions had some arguments removed:
1368 * function serendipity_displayImageList:
1369 From
1370 function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = false, $url = NULL, $show_upload = false, $limit_path = NULL, $smarty_display = true)
1371 to
1372 function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = false, $url = NULL, $show_upload = false, $limit_path = NULL)
1373 * function serendipity_showMedia
1374 From
1375 function serendipity_showMedia(&$file, &$paths, $url = '', $manage = false, $lineBreak = 3, $enclose = true, $smarty_vars = array(), $smarty_display = true)
1376 to
1377 function serendipity_showMedia(&$file, &$paths, $url = '', $manage = false, $lineBreak = 3, $enclose = true, $smarty_vars = array())
1378 * generate_plugins
1379 From
1380 static function generate_plugins($side, $tag = '', $negate = false, $class = null, $id = null, $tpl = 'sidebar.tpl')
1381 to
1382 static function generate_plugins($side, $negate = false, $class = null, $id = null, $tpl = 'sidebar.tpl')
1383
1384 * serendipity_showMedia now no longer returns the used template and
1385 echoes the generated HTML, but only returns the generated HTML
1386
1387 * Themes now have their own configuration page,
1388 ?serendipity[adminModule]=templates&serendipity[adminAction]=editConfiguration
1389
1390 * jQuery in the backend no longer runs in noConflict-mode. Use
1391 $(...) instead of jQuery(...)
1392
1393 * The entryproperty-plugin will now always delete its cache on
1394 uninstall, not only if the cache is activated then
1395
1396 * serendipity_is_iframe now really only checks for iframe and
1397 doesn't also echo it
1398
1399 * Added option simpleFilters (meant to indicate to show less
1400 filters and poweruser-options)
1401
1402 * serendipity_admin_image_selector.php no longer used by 2k11,
1403 instead the media library (with admin/media_choose.tpl,
1404 admin/media_upload.tpl, media_pane.tpl, media_items.tpl)
1405 can generat the imageselector on its own. The editor calls
1406 serendipity_admin.php?serendipity[adminModule]=media instead,
1407 with serendipity[textarea] indicating the target, and
1408 serendipity[showMediaToolbar] activating the imageSelector modus
1409
1410 * New required PHP-Version: 5.3 or higher (checked in the installer)
1411
1412
1413 Version 1.7.8 (February 9th, 2014)
1414 ------------------------------------------------------------------------
1415
1416 * Fixed POST for db entry insert, caused by 1.7.6 security feature
1417
1418
1419 Version 1.7.7 (February 6th, 2014)
1420 ------------------------------------------------------------------------
1421
1422 * Fixed PHP parse error in templatechooser plugin. Blame garvin. :(
1423
1424
1425 Version 1.7.6 (February 6th, 2014)
1426 ------------------------------------------------------------------------
1427
1428 * Fixed backend security issues, thanks to Stefan Schurtz:
1429
1430 - XSS of users realname in "Manage users" section
1431 (Backend, requires login)
1432 - XSS when creating an entry with bad id/timestamp values
1433 (Backend, requires login)
1434 - SQL-Injection for plugin installation parameter
1435 (Backend, requires admin login)
1436
1437 * Templatechooser plugin uses "default" template as fallback,
1438 not "bulletproof".
1439
1440
1441 Version 1.7.5 (January 18th, 2014)
1442 ------------------------------------------------------------------------
1443
1444 * Fixed textile PHP 5.2 (namespace) compat issue
1445
1446 * Added default value to spamblocks required_fields option [name,
1447 comment]
1448
1449
1450 Version 1.7.4 (January 11th, 2014)
1451 ------------------------------------------------------------------------
1452
1453 * Fixed emoticate plugin icon link to check for textile class
1454
1455 * Upgrade textile plugin libs - lib3 extends to PHP >= 5.3.
1456 Please check for new options!
1457
1458 * Fixed spamblocks Captcha imagecreate() with PHP > 5.3 versions
1459
1460 * Smarty 3.1.16 bugfix release - please read bundled-libs/Smarty/change_log.txt
1461 about changes to versions 3.1.16 and 3.1.15.
1462 Please also see special bundled-libs/Smarty/3.1.16_RELEASE_NOTES.txt
1463
1464 * Removed blogg.de filter from spamblock plugin, adapted htaccess
1465 IP block algorithm for race conditions. .htaccess can now contain
1466 multiple Deny From ranges to prevent parsing problems (DLange)
1467
1468 * Fixed IP columns in spamblocklog, spamblock_htaccess, karmalog, visitors
1469 and shoutbox to varchar(45) for IPv6 - including tunneled IPv4 (39+6)
1470
1471 * Fixed possible double includement of plugin_internal.inc.php
1472
1473 * Fix possible temporary caching errors failing $eventData[0]['properties']
1474
1475 * Basic support for static blocks (includeentry plugin) in 2k11.
1476
1477 * Added "backend_footer" event hook
1478
1479 * Exclude "frontpage extensions" directories "_vti_cnf" on windows servers
1480 in Media Library
1481
1482 * Fixed pagination when searching terms with fetchlimit < 4
1483
1484 * Fixed deprecated /e modifier with PHP >= 5.5 in nl2br plugin restore method
1485
1486
1487 Version 1.7.3 (August 28th, 2013)
1488 ------------------------------------------------------------------------
1489
1490 * Trackback to https:// style URLs will use proper port 443 instead
1491 of 80.
1492
1493 * Disabled htmlarea spellchecker module, http://osvdb.org/87395
1494 Thanks for Henri Salo for pointing this out. CVE-2013-5670
1495
1496
1497 Version 1.7.2 (July 26th, 2013)
1498 ------------------------------------------------------------------------
1499
1500 * Fix a syntax error in the "mysql" deprecation code, thanks
1501 to Ian
1502
1503
1504 Version 1.7.1 (July 26th, 2013)
1505 ------------------------------------------------------------------------
1506
1507 * Added new event hooks "backend_plugins_install", "backend_plugins_update"
1508 and "backend_templates_install".
1509
1510 * Serendipity will switch to mysqli if PHP >= 5.5 is used (mysql
1511 is deprecated)
1512
1513 * Smarty upgrade to 3.1.14 (read changeLog and the README for API changes since Smarty 2)
1514
1515 * Upgrader will now remove/delete the browsercompatibility plugin
1516
1517 * Fixed Media Library exclude path to not show/proceed ckeditor/kcfinders .thumbs dir
1518
1519 * Fixed bulletproof->colorset GET mismatch with categorytemplates plugin
1520 config.inc.php [Line 29]
1521
1522 * German translation for stable archives added (YL)
1523
1524 * Fixed curl result bug in spartacus plugin
1525
1526 * Create new migration task for propagate defaultBaseURL when
1527 currently empty (onli)
1528
1529 * Fixed statistics sidebar querys ( & for PostgreSQL ) [242520b]
1530 and added some missing html end tags
1531
1532 * Added missing current group name when editing usergroups
1533
1534
1535 Version 1.7 (May 11th, 2013)
1536 ------------------------------------------------------------------------
1537
1538 * rc4: Get ready for CKEDITOR-wysiwyg Plugin mode
1539
1540 * rc4: Fixed fetching javascript object (for nugget textareas) in non-wysiwyg-mode
1541
1542 * rc4: Change .htaccess blocking mechanism by spamblock plugin to not fetch
1543 too many datarows, thanks to DLange from the forums. (The .htaccess
1544 feature is still considered experimental, use at your own risk ;))
1545
1546 * rc4: Fixed entryproperties backend 'cache now' link
1547
1548 * rc3 + rc4: Media database: Escape more Cookie values to prevent storing
1549 possible XSS (http://board.s9y.org/viewtopic.php?f=3&t=19142).
1550 Escape hotlinked media filename. Escape importer host name error
1551 Thanks to GreenSun from the forums for bringing this to attention,
1552 originally reported by Dshellnoi Unix
1553
1554 * rc2: Alter entries.tpl to add the line:
1555 {assign var="entry" value=$entry scope="parent"}
1556 for proper propagation of $entry to sub-templates.
1557
1558 * rc2: Alter error reporting to only fail when 'debug' mode is enabled,
1559 so that "normal" blog installations will not fail on specific
1560 E_STRICT warnings that are not important.
1561
1562 * rc2: temporary added empty $template_config_groups into templates with config,
1563 to avoid display troubles for template changes, if previous template had these set.
1564 Please check your template.
1565
1566 * rc2: reflect POST submitted changes in Bulletproof template configs re-set situations
1567
1568 * various PHP 5 compatibility fixes in core and plugins
1569
1570 * Allow entryproperties plugin to define defaults for custom fields
1571
1572 * Onyx, Net_URL classes: Remove PHP4 style constructor due to
1573 PHP5 error "Constructor already defined"
1574
1575 * Improved RSS sidebarplugin to support Atom
1576
1577 * Bundled simplepie
1578
1579 * For Blogs running on a non-UTF-8 language, set a Smarty constant
1580 to indicate the actually used charset.
1581
1582 * Added to use MyISAM handler for s9y tables (we do not use InnoDB
1583 features, but rely on MyISAM fulltext)
1584
1585 * fixed defaultBaseURL did not show up installer. Thanks to onli.
1586 Follow up from c292bad
1587
1588 * fixed draft & future entries preview link in backend
1589
1590 * Improved karmarating plugin to be able to use AJAX calls
1591 (gregman)
1592
1593 * Allow Smarty to fetch .tpl files from all directories so that
1594 s9y plugin can use the fetch() call for their .tpl files no
1595 matter which (symlinked) directory the plugin resides in.
1596 The Smarty security policy to us only serves as a restriction
1597 within .tpl files to not allow arbitrary PHP modifier/function calls.
1598 If in the future Smarty supports enforcing trustedDir checks on
1599 {include} calls separately to smarty->fetch() calls, we'll also
1600 add that to .tpl files.
1601 (garvinhicking)
1602
1603 * Patch by Markus Br�kner: Properly handle files that have no
1604 extension in media database
1605
1606 * Made Spartacus recognize github.com mirror (garvinhicking)
1607
1608 * Add "Summary" output to title of summary archive pages, patch by
1609 hboeck
1610
1611 * Set the smarty object by instance (ophian)
1612 It is often needed to access the Smarty object from anywhere in your code, e.g. in plugins
1613 We now ensure that there is only one instance of the object available.
1614 To obtain an instance of this class: $serendipity['smarty'] = Serendipity_Smarty::getInstance();
1615 The first time this is called a new instance will be created. Thereafter, the same instance is handed back.
1616 To overwrite use $serendipity['smarty'] = new Serendipity_Smarty; to create a new instance.
1617
1618 * Set a global Serendipity errorToExceptionHandler (ophian)
1619 changed some old smarty trigger_errors to PHPs native function
1620
1621 * Updated spamblock plugin (ophian)
1622 changed wordfilter to function and Commenters moderation check verify_once
1623 to get checked via wordfilter to reject known spam comments before
1624
1625 * Changed backend comment (error) messages (ophian)
1626 as now captured and styleable messages
1627 (newly added .serendipity_backend_msg_notice css class)
1628
1629 * Updated nl2br plugin (ophian)
1630 added isolation tag using nl to br
1631 this also adds some NoBR buttons to backend entry forms
1632
1633 * Smarty3 support (ophian)
1634 with this upgrade Serendipity / Smarty will at least need a webserver running the PHP 5.2 series.
1635 As of August 2011, all PHP users should note, that the PHP 5.2 series is NOT supported anymore by the PHP developers.
1636 All users are strongly encouraged to upgrade to PHP 5.3.8 and up. Please refer to your ISP about this.
1637
1638 * Added new serendipity['defaultBaseURL'] variable that makes sure
1639 that the baseURL is not overriden when configuring serendipity
1640 with a possibly autodetected currentl URL. Patch by Manko10.
1641
1642
1643 (Older NEWS see file NEWS_OLD)