Version 2.1 () ------------------------------------------------------------------------ * Fixed checkbox entryproperties re-sets (#376) * Fixed media item delete handler (#371) * Rewrote Routing code for index.php to be outsourced into include/functions_routing * Removed broken feature for viewing blog entries by multiple authors, dropped code from core and plugin_authors. * Optimize scaleImage returns * Fixed media item rename handler (#370) * Fixed and enhanced multiple media redirects and path / name related issues, as well as some better umlaut conversions * Allow strict media directory selection by toggle filter * Allow a better auto char conversion to media upload item names * Added Start / End pagination to MediaLibrary and entries list * Added new bulk image move ability to MediaLibrary. This fixes several issues with rename AND remove and allows to automatically check and set MediaLibrary item entry paths on MOVE. Staticpages from v.4.52 are modified to support this too. Now supports Quickblog (imageselectorplus) entry path repairs. * Fix MediaLibrary objects not pass through into entryproperties CustomFields * Fix fatal error atom 1.0 issue; References #362 * Fix eraseEntryEditorCache script in preview_iframe updertHooks IFRAME * Fix the Serendipity template and file fallback chaining to work more precise * Disable CKEDITOR Source protection for Smarty and WP-Smarty like markup, since now being usable w/o setting ACF OFF * Set Serendipity var use_autosave in backend only * Fix entries.inc fetching iframe event returning 1, when true and added a new language constant change message for multilanguage entry changes, instead of the wrongly used save message * Fix importers to use the new mysqli API extension with PHP 5+ * WIP: Added an internal cache to speedup s9y's site generation. Can be activated by setting use_internal_cache to true in serendipity_config.inc.php. Test feedback needed. * Added checks to .htaccess for URL rewriting * Add support for cronjob plugin to spartacus, to notify blog owner about possible updates (via e-mail) * Added link to preview spartacus themes on blog.s9y.org * Added two configuration variables that can be set in serendipity_config_local.inc.php to influence the dashboard entry limit: - $serendipity['dashboardLimit']: How many future entries to fetch (default: 5) - $serendipity['dashboardDraftLimit']: How many entries in total shall be displayed in the dashboard section (default: 5) - $serendipity['dashboardCommentsLimit']: How many comments (default: 5) (Draft entries will only be fetched if there are less future entries than the total entry limit) * Fix: the syndication plugin links subtome correctly to the atom feed when he is activated with the rss feed * Issue #238: When creating/renaming media directories, replace special characters with the same i18n rules like Permalinks are created, renaming umlauts etc. * Add "update all"-button to plugin update page * Issue #234: Granular options to force backend popups for certain areas * Introduce serendipity['ajax'] to detect incoming ajax requests and react accordingly in core and plugins * Issue #248: Add $serendipity['forceBase64']=true option (can be set in serendipity_config_local.inc.php) to make Serendipity *not* use 8bit Imap functions for sending mail, for MTAs that behave erradically otherwise. * Issue #257: Make sure to check entered admin-user password * Issue #264: Drop $authorid for permissions based on images instead of directories, it was not used anymore * Some small enhancements to the error reporting Version 2.0.3 (December 17th, 2015) ------------------------------------------------------------------------ * Fix XSS in backend comment editing form for logged-in authors, thanks to Onur Yilmaz and Robert Abela from Netsparker.com * Fix some backend entry form related event messages Version 2.0.2 (July 24th, 2015) ------------------------------------------------------------------------ * Fix security issues reported by Tim Coen of Curesec.com: - Forbid uploading files with PHP contents and possible PHP execution by authenticated users (critical if you have possible untrustworthy authors) - Add proper escaping for comment approval tokens to prevent SQL injection (authenticated authors only) - Add proper escaping of comment's author names in the comment reply form to prevent XSS (2k11 template, javascript based) * Minor layout fixes for media DB media filters * Backported some Importer db bugfixes * CKEDITOR bugfix releases to 4.4.8 - please read the changelog. Includes widget, lineutils, fakeobjects Plugins and S9y added cheatsheet and procurator Plugins. Changed config.autoParagraph set to false, to prevent wrapping p tags around extraAllowedContent tags. * Smarty bugfix upgrades to 3.1.27 - please read the changelog. Compilation time was vastly improved. New Features in NEW_FEATURES.txt. * It is now possible to switch to a theme's admin theme if it has been selected as a frontend theme first * Syndication Plugin Issue #285: - Add "none" as possible value for the xml-icon in the syndication plugin, to enable plain links - Reset subtome full icon path to support serendipity_getTemplateFile() - Link creation fixes for Bulletproof coloured style (eg blue) * Fix auto include of a User theme /admin/user.css backend file. PLEASE NOTE: 2.0.1 brought in an automatted include of a themes "user.css" file. If you don't want to use such file any more (and you have one), you will have to delete or rename it by hand! Also please note, that user stylesheet selectors like .selector { background-image: url(img/example.jpg); } now need to use the {TEMPLATE_PATH} like .selector { background-image: url({TEMPLATE_PATH}img/example.jpg); } Content of a user.css will always be put LAST into the combined CSS, this means it will override any possible plugin output. If a user.css file does not exist in your own template directory, but inside the default 2k11 template directory, this will always be used (this behaviour is called "default fallback chain"). * Use https URLs for Atom feed, if called through HTTPS (hboeck) * Restore the "Show toolbar within media selector popup?" option, it was ignored before. * Fix Issue #321, negative offset for LIMIT SQL statements when using stable archive sorting and plugins like history. * Templatechooser will not apply theme in backend admin. * Use "secure" flag for (session) cookies sent over SSL, thanks to dayton967 * Make preview_iframe.tpl template files load the proper frontend CSS file, including cache-busting version string when changing themes * Implement patch to properly initiate templates_c on installation for shared installs (thanks to fugue88) * Allow templatechooser plugin to read a custom "blacklist.txt" within its directory, that can blacklist certain themes from being selected. * Allow serendipity_setCookie() function to set custom expiry. * Adapt .htaccess profile of "mod_rewrite for 1&1 and problematic servers" to not include the "Options -MultiViews" option, since this is often blocked * Fix initializing smarty framework in the preview/saving iframe, so that a template's config.inc.php is always loaded. * Show debugging .tpl file information with relative directory only * fix wrong upgrade removal of dead files with 2.0.1 update Version 2.0.1 (March 12th, 2015) ------------------------------------------------------------------------ * Fix missing escaping (possible XSS) of category names in the Backend Entry Admin, which would allow editors that create a forged category name to attack other editors in the backend (privileged access to the backend required). Thanks a lot to Edric Teo for reporting this issue. * Improved detection for possible upgrade/plugin/PHP errors. A warning will be emitted on the dashboard, when the Serendipity JavaScript library could not be loaded. * syndication fix: use absolute urls for subtome * Issue 306: localStorage may be deactivated by setting a config option or using security-related extensions at least in some browsers, which might (at least in FF) break backend JS functionality. Added extra tests to 2k11 backend JS. If you use localStorage, please test if it is actually available by testing if localStorage !== null in JS. * Issue 280: Allow every theme to utilize a "user.css" file that gets loaded on top of the frontend (or backend, if in admin/ subdirectory) theme. This file can be used for customized CSS of a blog-admin which carries over to future Serendipity updates * Issue 299: Do not display dashboard for users with no permission to perform actions in the backend (frontend-users) * Make "rewriteURL" smarty modifier available to do a {$CONST.PATH_ARCHIVE|rewriteURL} within a smarty template file. * Add a generic odd/even for backend dashboard widgets to align properly. Future dashboard widgets need to get the new extra class dashboard widget on the section element they create. * Fix event emoticate plugin to reflect proper call usage of serendipity_getTemplateFile(), if a theme uses custom emoticons. UPDATE your themes emoticons.inc.php file, if have. See example file in plugin dir. * Change 2k11 config.inc.php to reflect proper serendipity_getTemplateFile() when frontend files shall be referenced within the backend. * Fixed missing file message for deleted media items * Fixed entry editor JS not emitting a 'No tags' msg in taxonomy quick view. Improved serendipity.tagsList exit if freetag plugin is not installed. * Minor backend UI fixes (taxonomy quick view in entry editor, 'Done' msg emitted by Bayes plugin) * Clearer language constants for entries in dashboard, labelled "In progress" Version 2.0 (January 23rd, 2015) ------------------------------------------------------------------------ * Smarty fix for purging compiled files * Fix wrong search page ordering when stable archive was active * Prevent entryproperties from saving/displaying a browser-side stored password that was actually not set. * Stronger check for existing logger interface to prevent errors when it is not actively used. * Fix entryproperties being removed when publishing an article from the dashboard and by specific plugins (freetag, trackback) that modify entry data. * Fix deleting comments when user is not an admin, but the entry belongs to him. Thanks to berberic. * Patch PEAR.php to use "static" isError declaration to prevent PHP error messages * Change order of IF-statements in entries.tpl to check for comment_moderate/comment_added, to properly emit the message whether a comment is being moderated. * Fix searching for entries in the admin panel with database types other than "mysql" * Change entry editor's category assignment to toggle between a hierarchical and a plain list (good for many categories) * Fix date formatting in entry editor to not use ISO year but the calendar year * Fix autoupdate version read and transmit Version 2.0-rc2 (December 23rd, 2014) ------------------------------------------------------------------------ * Fixes escaping of comments in the new backend pane to prevent XSS. Thanks to Steffen Röemann for reporting! * Fix wrong parameter count in serendipity_entity_decode Version 2.0-rc1 (includes beta4/5/6) (December 19th, 2014) ------------------------------------------------------------------------ * entryproperties plugin will now automatically disable nl2br markup, when the WYSIWYG editor is used to create en entry * PHP Requirement now is at: PHP 5.3+ * Fix for syndication subtome onclick handler * Fix problematic preview stylesheet reference * Optimized clearing smarty template files on upgrading * Properly reset the "disable markup" feature of entryproperties plugin when none selected * PHP 5.4+ fix to properly call htmlspecialchars() / htmlentities() / html_entity_decode() with a charset option, that has been set to to default to UTF-8 and will yield empty strings when being used in NON-UTF-8 environments. Now we utilize a serendipity_specialchars() wrapper call. * Added SQLite3 OO database layer for PHP 5.4+ * New personal preference to choose CKEditor toolbar presets. Presets can be overwritte through a templates/xxx/admin/ckeditor_custom_config.js if needed. See htmlarea/ckeditor_s9y_config.js for details. * Proof of concept templates "default-php" and "default-xml" have been moved to Siber...Spartacus. They would need adapting to Serendipity 2.0 (simple methods like getConfigDir() et al), but since those Template APIs have virtually zero usage scenario, they remain experimental. * Added new PAT_JS mod_rewrite rule to .htaccess files * Removed experimental support for PHP/SMARTY IN-MEMORY caching added in 2.0-beta3, since this could not work. * Smarty 3.1.21 upgrade (see changelog) * Fix ImageMagick new sizing issues while forcing image geometry exactly to given sizes with imageselectorplus * Fix issue #220 with pdf directory moving rename() error * Fix bug in entry listing, which showed wrong categories for entries (Issue #201) * Improve RegExp for Feed-URL matching, thanks to fugue88 * Proper SQLite PDO filenames in shared installations (Issue #214) * ImageMagick now can get parameters to generate thumbnails, see serendipity_config.inc.php for example values * Allow to enable/disable the new autosave feature in personal preferences (Issue #213) * Re-added installer test for writable serendipity base directory Version 2.0-beta3 (July 25th, 2014) ------------------------------------------------------------------------ * Move admin/media_showitem.tpl to theme's directory in 2k11. With an adaptation in serendipity_admin_image_selector.php, this now is a "true" frontend template which uses the styles of the frontend theme. Theme authors might want to adapt it to their themes. * Moved general syndication plugin option into the core * Smarty 3.1.19 upgrade (see changelog) * Fixed thumbnail recreation, Issue #134 * Merged external JS libraries into a central "plugins.js" of the 2k11 backend template, can be updated through templates/2k11/admin/js/gruntipity.php helper script. * Adapted database table structure change for statistics, shoutbox, karma and spamblock plugin (for new field definition of "ip" field) Thanks to rohdef! * Added new option "enabledBackendPopups" that allow to specify if inline modal dialogs or popups are used in the backend for e.g. the category selectory and media library * added experimental support for PHP/SMARTY IN MEMORY caching Enabled by default, if classes found loaded. Disable with $serendipity['disable_apc'] = true; and $serendipity['disable_memcache'] = true; * Support added in serendipity_db_schema_import for sqlite autoincrement * Remove Google Reader button from syndication plugin options * Add subToMe-button to syndication plugin and change its defaults * Use Browsercache to save cache and restore entries * Improved installer to forbid using database table prefixes with special characters * Themes using Engines are now able to use the parent's configuration * Prevent "new" plugin api to install double instances of plugins that are not stackable (issue #45) * Back button in plugin-config * Adapted serendipity_editor.js to provide more global (though deprecated) API access methods for plugins like amazonchooser and linktrimmer, to perform insertion. Also fixed the insertion of text when the ID of the element is not prefixed * Move sort by name to simple filter in ML, replace file extension * Remember selected media library folder * Show upload-success or error with the ajax image uploader * Fix preview entry exception (issue #119) * Add serendipity.toggle_collapsible as a reusable JS function for the core backend and backend sections emitted by plugins as an easy way to provide show/hide functionality. (yellowled) * Fixed media insert target bug (issued by #143, #145, #121) * Fixed publish drafted-entries via dashboard (issue #160) * All frontend themes that rely on the bundled Core jQuery library are currently using the jquery.noConflict-mode for compatibility to older plugins. This mode is now considered deprecated and will be removed in future releases. A new variable: $serendipity['capabilities']['jquery-noconflict'] = false; in your theme's config.inc.php file can now turn of that noConflict-mode. * Due to distinction of backend and frontend themes, each theme that provides a custom jquery.js now only does so for the frontend. The backend now listens to a: $serendipity['capabilities']['jquery_backend'] = false; variable, and the file needs to be jquery_backend.js that a backend theme would reference to. * Changed 2k11's config.inc.php file to provide a more stable call of event hooks so that other themes can also hook their own events. * Changed JS for category filtering and its reset button to be a reusable function, which is now also used in the list of installable plugins. * Fixed wrong local documentation URL in plugin configuration * Added new "backend_dashboard" event-hook for plugins to use within dashboard. * Backend and Frontend themes can now be set independently from each other. New backend themes now need to set: Backend: Yes in their info.txt file. If you adapt a custom admin theme, ensure that it is compatible to the new "2k11" backend to ensure proper future usage within Serendipity. The bulletproof backend will now no longer be recognized as a backend theme option, but can be selected as a new frontend theme, while using 2k11 (=default) in the backend. * Include klogger, call it as $serendipity['logger']->debug/error. The log-level can be set in the general configuration and is disabled by default. * Fixed missing s9ymdb ID * Add HTTP_Request2 and dependencies as bundled libraries and update PEAR library to version 1.9.4 * Implemented AJAX uploadResize option to allow resizing an image before upload (onli) * Improved file/directory removal code to (hopefully) fail more gracefully * Change "default" admin backend template fallback chain so that old admin themes can theoretically be shown with the "old" admin interface. This however in many themes breaks the Serendipity workflow. In other words, currently old custom backend themes are deprecated. We are still working on how to deal with this and if we can add some sort of compatibility or port. * Fix bundled jquery's source mapping, upgraded to 1.11.1 * Fixed missing media name in resize GET URL * Fix MediaDB overlay display * Re-Added possibility to change filename/target directory for media uploads * Update CKEditor to 4.4 * Fixed some missing internationalization instances * Minor CSS improvements for upgrader, plugin sequencing widget * RSS importer accepts pubDate in addition to pubdate element. * Upgrader in Dashboard can be disabled, returns error message when URL not accessible * Added a category filtering ability for the entry editor * Better check when removing old/dead files to prevent error messages * WYSIWYG editor respects image floats * Support html5 multiple file upload * Modernizr, magnificPopup updates * Improvements to equal heights js, button labels * No longer truncate long entry titles * Improve non-WYSIWYG editor tag insertion, url insertion * Improve less DOM firing on certain javascript tasks * Introduce js_backend event hook Version 2.0-beta1 and followup -beta2 (April 14th, 2014) ------------------------------------------------------------------------ * Upgrade Smarty libs to 3.1.18 * Automatic upgrade removal of old Smarty2 files (2.0-alpha2) function uses SPL * Implemented patch https://github.com/s9y/Serendipity/pull/15 * When switching Themes, both the backend and the frontend will remember the timestamp of the last theme change, to make sure that the browser will not cache a mismatching CSS. * Fix theme change issues with global template vars in core (1559472ca3) see 'temporary added empty $template_config_groups' in 1.7-rc2 (eb77dc369a) * Use Smarty for backend display output * "Themes" are now what has previously been mixed as "Design", "Theme", "Template" or "Layouts". * WYSIWYG-Spawn-API reworked (2k11/admin/wysiwyg_init.tpl) * All Javascript-functions like SetCookie now reside in a serendipity-object, simulating a namespace. SetCookie(...) became serendipity.SetCookie(...) * Renamed JS-Function: toggleCategorySelector became toggle_category_selector * The advanced js option (eyecandy) got removed, as such a thing like advanced js doesn't exist anymore * dashboard_plugin has an equivalent in the core, replacing the frontpage * Constants like S9Y_FRAMEWORK_COMPAT are no longer set (include_once is used instead) * New additional option to render smarty-functions: serendipity_smarty_show($template, $data) * A number of functions now returns their result instead of echoing them (TODO: a bunch of image- and trackback-functions still use echo for messages"): serendipity_plugin_config serendipity_printEntryForm serendipity_printEntries function serendipity_showMedia serendipity_showPropertyForm showMediaLibrary serendipity_guessInput memSnap serendipity_displayTopUrlList serendipity_displayTopExits serendipity_displayTopReferrers serendipity_printConfigTemplate show_plugins * Functions removed from the core: serendipity_printConfigJS * Functions added to the core: serendipity_generateImageSelectorParams * All internal plugins got extracted from plugin_internal.inc.php and moved to plugins/. They are renamed to work there (upgrader task provides migration): serendipity_calendar_plugin became serendipity_plugin_calendar serendipity_quicksearch_plugin became serendipity_plugin_quicksearch serendipity_archives_plugin became serendipity_plugin_archives serendipity_categories_plugin became serendipity_plugin_categories serendipity_syndication_plugin became serendipity_plugin_syndication serendipity_superuser_plugin became serendipity_plugin_superuser serendipity_plug_plugin became serendipity_plugin_plug * Add plugin hook "js", generating a virtual serendipity.js * Admin JS is now bundled in serendipity_editor.js.tpl and rendered using smarty in the theme config * Admin JS got rewritten using jQuery where applicable * serendipity_define.js.php removed * Removed support for layout.php * The whole PHP-Code now almost never echoes integrated HTML, but uses smarty template (TODO: Remove the almost) The necessary smarty-templates reside in 2k11/admin/ Every theme can generate its own backend if it integrates those templates under admin/ itself * 2k11 is set as the new default backend, replacing bulletproof. default remains the fallback so far. * A number of functions had some arguments removed: * function serendipity_displayImageList: From function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = false, $url = NULL, $show_upload = false, $limit_path = NULL, $smarty_display = true) to function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = false, $url = NULL, $show_upload = false, $limit_path = NULL) * function serendipity_showMedia From function serendipity_showMedia(&$file, &$paths, $url = '', $manage = false, $lineBreak = 3, $enclose = true, $smarty_vars = array(), $smarty_display = true) to function serendipity_showMedia(&$file, &$paths, $url = '', $manage = false, $lineBreak = 3, $enclose = true, $smarty_vars = array()) * generate_plugins From static function generate_plugins($side, $tag = '', $negate = false, $class = null, $id = null, $tpl = 'sidebar.tpl') to static function generate_plugins($side, $negate = false, $class = null, $id = null, $tpl = 'sidebar.tpl') * serendipity_showMedia now no longer returns the used template and echoes the generated HTML, but only returns the generated HTML * Themes now have their own configuration page, ?serendipity[adminModule]=templates&serendipity[adminAction]=editConfiguration * jQuery in the backend no longer runs in noConflict-mode. Use $(...) instead of jQuery(...) * The entryproperty-plugin will now always delete its cache on uninstall, not only if the cache is activated then * serendipity_is_iframe now really only checks for iframe and doesn't also echo it * Added option simpleFilters (meant to indicate to show less filters and poweruser-options) * serendipity_admin_image_selector.php no longer used by 2k11, instead the media library (with admin/media_choose.tpl, admin/media_upload.tpl, media_pane.tpl, media_items.tpl) can generat the imageselector on its own. The editor calls serendipity_admin.php?serendipity[adminModule]=media instead, with serendipity[textarea] indicating the target, and serendipity[showMediaToolbar] activating the imageSelector modus * New required PHP-Version: 5.3 or higher (checked in the installer) Version 1.7.8 (February 9th, 2014) ------------------------------------------------------------------------ * Fixed POST for db entry insert, caused by 1.7.6 security feature Version 1.7.7 (February 6th, 2014) ------------------------------------------------------------------------ * Fixed PHP parse error in templatechooser plugin. Blame garvin. :( Version 1.7.6 (February 6th, 2014) ------------------------------------------------------------------------ * Fixed backend security issues, thanks to Stefan Schurtz: - XSS of users realname in "Manage users" section (Backend, requires login) - XSS when creating an entry with bad id/timestamp values (Backend, requires login) - SQL-Injection for plugin installation parameter (Backend, requires admin login) * Templatechooser plugin uses "default" template as fallback, not "bulletproof". Version 1.7.5 (January 18th, 2014) ------------------------------------------------------------------------ * Fixed textile PHP 5.2 (namespace) compat issue * Added default value to spamblocks required_fields option [name, comment] Version 1.7.4 (January 11th, 2014) ------------------------------------------------------------------------ * Fixed emoticate plugin icon link to check for textile class * Upgrade textile plugin libs - lib3 extends to PHP >= 5.3. Please check for new options! * Fixed spamblocks Captcha imagecreate() with PHP > 5.3 versions * Smarty 3.1.16 bugfix release - please read bundled-libs/Smarty/change_log.txt about changes to versions 3.1.16 and 3.1.15. Please also see special bundled-libs/Smarty/3.1.16_RELEASE_NOTES.txt * Removed blogg.de filter from spamblock plugin, adapted htaccess IP block algorithm for race conditions. .htaccess can now contain multiple Deny From ranges to prevent parsing problems (DLange) * Fixed IP columns in spamblocklog, spamblock_htaccess, karmalog, visitors and shoutbox to varchar(45) for IPv6 - including tunneled IPv4 (39+6) * Fixed possible double includement of plugin_internal.inc.php * Fix possible temporary caching errors failing $eventData[0]['properties'] * Basic support for static blocks (includeentry plugin) in 2k11. * Added "backend_footer" event hook * Exclude "frontpage extensions" directories "_vti_cnf" on windows servers in Media Library * Fixed pagination when searching terms with fetchlimit < 4 * Fixed deprecated /e modifier with PHP >= 5.5 in nl2br plugin restore method Version 1.7.3 (August 28th, 2013) ------------------------------------------------------------------------ * Trackback to https:// style URLs will use proper port 443 instead of 80. * Disabled htmlarea spellchecker module, http://osvdb.org/87395 Thanks for Henri Salo for pointing this out. CVE-2013-5670 Version 1.7.2 (July 26th, 2013) ------------------------------------------------------------------------ * Fix a syntax error in the "mysql" deprecation code, thanks to Ian Version 1.7.1 (July 26th, 2013) ------------------------------------------------------------------------ * Added new event hooks "backend_plugins_install", "backend_plugins_update" and "backend_templates_install". * Serendipity will switch to mysqli if PHP >= 5.5 is used (mysql is deprecated) * Smarty upgrade to 3.1.14 (read changeLog and the README for API changes since Smarty 2) * Upgrader will now remove/delete the browsercompatibility plugin * Fixed Media Library exclude path to not show/proceed ckeditor/kcfinders .thumbs dir * Fixed bulletproof->colorset GET mismatch with categorytemplates plugin config.inc.php [Line 29] * German translation for stable archives added (YL) * Fixed curl result bug in spartacus plugin * Create new migration task for propagate defaultBaseURL when currently empty (onli) * Fixed statistics sidebar querys ( & for PostgreSQL ) [242520b] and added some missing html end tags * Added missing current group name when editing usergroups Version 1.7 (May 11th, 2013) ------------------------------------------------------------------------ * rc4: Get ready for CKEDITOR-wysiwyg Plugin mode * rc4: Fixed fetching javascript object (for nugget textareas) in non-wysiwyg-mode * rc4: Change .htaccess blocking mechanism by spamblock plugin to not fetch too many datarows, thanks to DLange from the forums. (The .htaccess feature is still considered experimental, use at your own risk ;)) * rc4: Fixed entryproperties backend 'cache now' link * rc3 + rc4: Media database: Escape more Cookie values to prevent storing possible XSS (http://board.s9y.org/viewtopic.php?f=3&t=19142). Escape hotlinked media filename. Escape importer host name error Thanks to GreenSun from the forums for bringing this to attention, originally reported by Dshellnoi Unix * rc2: Alter entries.tpl to add the line: {assign var="entry" value=$entry scope="parent"} for proper propagation of $entry to sub-templates. * rc2: Alter error reporting to only fail when 'debug' mode is enabled, so that "normal" blog installations will not fail on specific E_STRICT warnings that are not important. * rc2: temporary added empty $template_config_groups into templates with config, to avoid display troubles for template changes, if previous template had these set. Please check your template. * rc2: reflect POST submitted changes in Bulletproof template configs re-set situations * various PHP 5 compatibility fixes in core and plugins * Allow entryproperties plugin to define defaults for custom fields * Onyx, Net_URL classes: Remove PHP4 style constructor due to PHP5 error "Constructor already defined" * Improved RSS sidebarplugin to support Atom * Bundled simplepie * For Blogs running on a non-UTF-8 language, set a Smarty constant to indicate the actually used charset. * Added to use MyISAM handler for s9y tables (we do not use InnoDB features, but rely on MyISAM fulltext) * fixed defaultBaseURL did not show up installer. Thanks to onli. Follow up from c292bad * fixed draft & future entries preview link in backend * Improved karmarating plugin to be able to use AJAX calls (gregman) * Allow Smarty to fetch .tpl files from all directories so that s9y plugin can use the fetch() call for their .tpl files no matter which (symlinked) directory the plugin resides in. The Smarty security policy to us only serves as a restriction within .tpl files to not allow arbitrary PHP modifier/function calls. If in the future Smarty supports enforcing trustedDir checks on {include} calls separately to smarty->fetch() calls, we'll also add that to .tpl files. (garvinhicking) * Patch by Markus Brükner: Properly handle files that have no extension in media database * Made Spartacus recognize github.com mirror (garvinhicking) * Add "Summary" output to title of summary archive pages, patch by hboeck * Set the smarty object by instance (ophian) It is often needed to access the Smarty object from anywhere in your code, e.g. in plugins We now ensure that there is only one instance of the object available. To obtain an instance of this class: $serendipity['smarty'] = Serendipity_Smarty::getInstance(); The first time this is called a new instance will be created. Thereafter, the same instance is handed back. To overwrite use $serendipity['smarty'] = new Serendipity_Smarty; to create a new instance. * Set a global Serendipity errorToExceptionHandler (ophian) changed some old smarty trigger_errors to PHPs native function * Updated spamblock plugin (ophian) changed wordfilter to function and Commenters moderation check verify_once to get checked via wordfilter to reject known spam comments before * Changed backend comment (error) messages (ophian) as now captured and styleable messages (newly added .serendipity_backend_msg_notice css class) * Updated nl2br plugin (ophian) added isolation tag using nl to br this also adds some NoBR buttons to backend entry forms * Smarty3 support (ophian) with this upgrade Serendipity / Smarty will at least need a webserver running the PHP 5.2 series. As of August 2011, all PHP users should note, that the PHP 5.2 series is NOT supported anymore by the PHP developers. All users are strongly encouraged to upgrade to PHP 5.3.8 and up. Please refer to your ISP about this. * Added new serendipity['defaultBaseURL'] variable that makes sure that the baseURL is not overriden when configuring serendipity with a possibly autodetected currentl URL. Patch by Manko10. (Older NEWS see file NEWS_OLD)