mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity
LuckyCoinkydink/docs/NEWS
Garvin Hicking 12ddca1070 Upport. 
Improved detection for possible javascript errors (i.e. PHP errors, plugins that use invalid PHP 5.4+ syntax, other causes - that people seem to hit a lot)
If the serendipity.spawn function could not be found, we emit a warning (through javascript...)

See thread on forums: http://board.s9y.org/viewtopic.php?f=11&t=20286

Conflicts:
	docs/NEWS
	lang/UTF-8/plugin_lang.php
	lang/UTF-8/serendipity_lang_bg.inc.php
	lang/UTF-8/serendipity_lang_cn.inc.php
	lang/UTF-8/serendipity_lang_cs.inc.php
	lang/UTF-8/serendipity_lang_cz.inc.php
	lang/UTF-8/serendipity_lang_da.inc.php
	lang/UTF-8/serendipity_lang_de.inc.php
	lang/UTF-8/serendipity_lang_en.inc.php
	lang/UTF-8/serendipity_lang_es.inc.php
	lang/UTF-8/serendipity_lang_fa.inc.php
	lang/UTF-8/serendipity_lang_fi.inc.php
	lang/UTF-8/serendipity_lang_fr.inc.php
	lang/UTF-8/serendipity_lang_hu.inc.php
	lang/UTF-8/serendipity_lang_is.inc.php
	lang/UTF-8/serendipity_lang_it.inc.php
	lang/UTF-8/serendipity_lang_ja.inc.php
	lang/UTF-8/serendipity_lang_ko.inc.php
	lang/UTF-8/serendipity_lang_nl.inc.php
	lang/UTF-8/serendipity_lang_no.inc.php
	lang/UTF-8/serendipity_lang_pl.inc.php
	lang/UTF-8/serendipity_lang_pt.inc.php
	lang/UTF-8/serendipity_lang_pt_PT.inc.php
	lang/UTF-8/serendipity_lang_ro.inc.php
	lang/UTF-8/serendipity_lang_ru.inc.php
	lang/UTF-8/serendipity_lang_sa.inc.php
	lang/UTF-8/serendipity_lang_se.inc.php
	lang/UTF-8/serendipity_lang_sk.inc.php
	lang/UTF-8/serendipity_lang_ta.inc.php
	lang/UTF-8/serendipity_lang_tn.inc.php
	lang/UTF-8/serendipity_lang_tr.inc.php
	lang/UTF-8/serendipity_lang_tw.inc.php
	lang/UTF-8/serendipity_lang_zh.inc.php
	lang/addlang.txt
	lang/plugin_lang.php
	lang/serendipity_lang_bg.inc.php
	lang/serendipity_lang_cn.inc.php
	lang/serendipity_lang_cs.inc.php
	lang/serendipity_lang_cz.inc.php
	lang/serendipity_lang_da.inc.php
	lang/serendipity_lang_de.inc.php
	lang/serendipity_lang_en.inc.php
	lang/serendipity_lang_es.inc.php
	lang/serendipity_lang_fa.inc.php
	lang/serendipity_lang_fi.inc.php
	lang/serendipity_lang_fr.inc.php
	lang/serendipity_lang_hu.inc.php
	lang/serendipity_lang_is.inc.php
	lang/serendipity_lang_it.inc.php
	lang/serendipity_lang_ja.inc.php
	lang/serendipity_lang_ko.inc.php
	lang/serendipity_lang_nl.inc.php
	lang/serendipity_lang_no.inc.php
	lang/serendipity_lang_pl.inc.php
	lang/serendipity_lang_pt.inc.php
	lang/serendipity_lang_pt_PT.inc.php
	lang/serendipity_lang_ro.inc.php
	lang/serendipity_lang_ru.inc.php
	lang/serendipity_lang_sa.inc.php
	lang/serendipity_lang_se.inc.php
	lang/serendipity_lang_sk.inc.php
	lang/serendipity_lang_ta.inc.php
	lang/serendipity_lang_tn.inc.php
	lang/serendipity_lang_tr.inc.php
	lang/serendipity_lang_tw.inc.php
	lang/serendipity_lang_zh.inc.php
2015-03-02 11:16:55 +01:00

1169 lines
45 KiB
Plaintext
Raw Blame History

#
Version 2.1 ()
------------------------------------------------------------------------
* Fix: the syndication plugin now always uses absolute links for
the subtome-button
* Fix: the syndication plugin links subtome correctly to the atom
feed when he is activated with the rss feed
* Issue #285: Add "none" as possible value for the xml-icon in
the syndication plugin, to enable plain links
* Issue #238: When creating/renaming media directories, replace
special characters with the same i18n rules like Permalinks are
created, renaming umlauts etc.
* Add "update all"-button to plugin update page
* Issue #234: Granular options to force backend popups for certain
areas
* Introduce serendipity['ajax'] to detect incoming ajax requests
and react accordingly in core and plugins
* Issue #248: Add $serendipity['forceBase64']=true option (can be set
in serendipity_config_local.inc.php) to make Serendipity *not*
use 8bit Imap functions for sending mail, for MTAs that behave
erradically otherwise.
* Issue #257: Make sure to check entered admin-user password
* Issue #264: Drop $authorid for permissions based on images
instead of directories, it was not used anymore
* Some small enhancements to the error reporting
Version 2.0.1 ()
------------------------------------------------------------------------
* Improved detection for possible upgrade/plugin/PHP errors. A
warning will be emitted on the dashboard, when the Serendipity
JavaScript-library could not be loaded.
* syndication fix: use absolute urls for subtome
* Issue 306: localStorage may be deactivated by setting a config
option or using security-related extensions at least in some
browsers, which might (at least in FF) break backend JS
functionality. Added extra tests to 2k11 backend JS.
If you use localStorage, please test if it is actually available
by testing if localStorage !== null in JS.
* Issue 280: Allow every theme to utilize a "user.css" file
that gets loaded on top of the frontend (or backend, if in admin/
subdirectory) theme. This file can be used for customized CSS
of a blog-admin which carries over to future Serendipity updates
* Issue 299: Do not display dashboard for users with no permission
to perform actions in the backend (frontend-users)
* Make "rewriteURL" smarty modifier available to do a
{$CONST.PATH_ARCHIVE|rewriteURL} within a smarty template file.
* Add a generic odd/even for backend dashboard widgets to align
properly. Future dashboard widgets need to get the new extra
class dashboard widget on the section element they create.
* Fix event emoticate plugin to reflect proper call usage of
serendipity_getTemplateFile(), if a theme uses custom emoticons.
UPDATE your themes emoticons.inc.php file, if have.
See example file in plugin dir.
* Change 2k11 config.inc.php to reflect proper
serendipity_getTemplateFile() when frontend files shall be
referenced within the backend.
* Fixed missing file message for deleted media items
* Fixed entry editor JS not emitting a 'No tags' msg in taxonomy
quick view. Improved serendipity.tagsList exit if freetag
plugin is not installed.
* Minor backend UI fixes (taxonomy quick view in entry editor,
'Done' msg emitted by Bayes plugin)
* Clearer language constants for entries in dashboard, labelled
"In progress"
Version 2.0 (January 23rd, 2015)
------------------------------------------------------------------------
* Smarty fix for purging compiled files
* Fix wrong search page ordering when stable archive was active
* Prevent entryproperties from saving/displaying a browser-side
stored password that was actually not set.
* Stronger check for existing logger interface to prevent errors
when it is not actively used.
* Fix entryproperties being removed when publishing an article
from the dashboard and by specific plugins (freetag, trackback)
that modify entry data.
* Fix deleting comments when user is not an admin, but the entry
belongs to him. Thanks to berberic.
* Patch PEAR.php to use "static" isError declaration to prevent
PHP error messages
* Change order of IF-statements in entries.tpl to check for
comment_moderate/comment_added, to properly emit the message
whether a comment is being moderated.
* Fix searching for entries in the admin panel with database
types other than "mysql"
* Change entry editor's category assignment to toggle between
a hierarchical and a plain list (good for many categories)
* Fix date formatting in entry editor to not use ISO year
but the calendar year
* Fix autoupdate version read and transmit
Version 2.0-rc2 (December 23rd, 2014)
------------------------------------------------------------------------
* Fixes escaping of comments in the new backend pane to prevent
XSS. Thanks to Steffen R<>emann for reporting!
* Fix wrong parameter count in serendipity_entity_decode
Version 2.0-rc1 (includes beta4/5/6) (December 19th, 2014)
------------------------------------------------------------------------
* entryproperties plugin will now automatically disable nl2br
markup, when the WYSIWYG editor is used to create en entry
* PHP Requirement now is at: PHP 5.3+
* Fix for syndication subtome onclick handler
* Fix problematic preview stylesheet reference
* Optimized clearing smarty template files on upgrading
* Properly reset the "disable markup" feature of entryproperties
plugin when none selected
* PHP 5.4+ fix to properly call htmlspecialchars() / htmlentities() /
html_entity_decode() with a charset option, that has been
set to to default to UTF-8 and will yield empty strings when
being used in NON-UTF-8 environments. Now we utilize a
serendipity_specialchars() wrapper call.
* Added SQLite3 OO database layer for PHP 5.4+
* New personal preference to choose CKEditor toolbar presets.
Presets can be overwritte through a
templates/xxx/admin/ckeditor_custom_config.js if needed.
See htmlarea/ckeditor_s9y_config.js for details.
* Proof of concept templates "default-php" and "default-xml" have
been moved to Siber...Spartacus. They would need adapting to
Serendipity 2.0 (simple methods like getConfigDir() et al),
but since those Template APIs have virtually zero usage scenario,
they remain experimental.
* Added new PAT_JS mod_rewrite rule to .htaccess files
* Removed experimental support for PHP/SMARTY IN-MEMORY caching
added in 2.0-beta3, since this could not work.
* Smarty 3.1.21 upgrade (see changelog)
* Fix ImageMagick new sizing issues while forcing image geometry
exactly to given sizes with imageselectorplus
* Fix issue #220 with pdf directory moving rename() error
* Fix bug in entry listing, which showed wrong categories for
entries (Issue #201)
* Improve RegExp for Feed-URL matching, thanks to fugue88
* Proper SQLite PDO filenames in shared installations (Issue #214)
* ImageMagick now can get parameters to generate thumbnails,
see serendipity_config.inc.php for example values
* Allow to enable/disable the new autosave feature in personal
preferences (Issue #213)
* Re-added installer test for writable serendipity base directory
Version 2.0-beta3 (July 25th, 2014)
------------------------------------------------------------------------
* Move admin/media_showitem.tpl to theme's directory in 2k11. With
an adaptation in serendipity_admin_image_selector.php, this now is
a "true" frontend template which uses the styles of the frontend
theme. Theme authors might want to adapt it to their themes.
* Moved general syndication plugin option into the core
* Smarty 3.1.19 upgrade (see changelog)
* Fixed thumbnail recreation, Issue #134
* Merged external JS libraries into a central "plugins.js" of the 2k11
backend template, can be updated through
templates/2k11/admin/js/gruntipity.php helper script.
* Adapted database table structure change for statistics, shoutbox,
karma and spamblock plugin (for new field definition of "ip" field)
Thanks to rohdef!
* Added new option "enabledBackendPopups" that allow to specify
if inline modal dialogs or popups are used in the backend for
e.g. the category selectory and media library
* added experimental support for PHP/SMARTY IN MEMORY caching
Enabled by default, if classes found loaded.
Disable with
$serendipity['disable_apc'] = true;
and
$serendipity['disable_memcache'] = true;
* Support added in serendipity_db_schema_import for sqlite
autoincrement
* Remove Google Reader button from syndication plugin options
* Add subToMe-button to syndication plugin and change its defaults
* Use Browsercache to save cache and restore entries
* Improved installer to forbid using database table prefixes with
special characters
* Themes using Engines are now able to use the parent's
configuration
* Prevent "new" plugin api to install double instances of plugins
that are not stackable (issue #45)
* Back button in plugin-config
* Adapted serendipity_editor.js to provide more global (though
deprecated) API access methods for plugins like amazonchooser
and linktrimmer, to perform insertion. Also fixed the
insertion of text when the ID of the element is not prefixed
* Move sort by name to simple filter in ML, replace file extension
* Remember selected media library folder
* Show upload-success or error with the ajax image uploader
* Fix preview entry exception (issue #119)
* Add serendipity.toggle_collapsible as a reusable JS function
for the core backend and backend sections emitted by plugins as
an easy way to provide show/hide functionality. (yellowled)
* Fixed media insert target bug (issued by #143, #145, #121)
* Fixed publish drafted-entries via dashboard (issue #160)
* All frontend themes that rely on the bundled Core jQuery library
are currently using the jquery.noConflict-mode for compatibility
to older plugins.
This mode is now considered deprecated and will be removed in
future releases. A new variable:
$serendipity['capabilities']['jquery-noconflict'] = false;
in your theme's config.inc.php file can now turn of that
noConflict-mode.
* Due to distinction of backend and frontend themes, each theme
that provides a custom jquery.js now only does so for the
frontend. The backend now listens to a:
$serendipity['capabilities']['jquery_backend'] = false;
variable, and the file needs to be jquery_backend.js that
a backend theme would reference to.
* Changed 2k11's config.inc.php file to provide a more stable
call of event hooks so that other themes can also hook
their own events.
* Changed JS for category filtering and its reset button to be a
reusable function, which is now also used in the list of
installable plugins.
* Fixed wrong local documentation URL in plugin configuration
* Added new "backend_dashboard" event-hook for plugins to use
within dashboard.
* Backend and Frontend themes can now be set independently from
each other. New backend themes now need to set:
Backend: Yes
in their info.txt file. If you adapt a custom admin theme,
ensure that it is compatible to the new "2k11" backend to
ensure proper future usage within Serendipity. The bulletproof
backend will now no longer be recognized as a backend theme
option, but can be selected as a new frontend theme, while
using 2k11 (=default) in the backend.
* Include klogger, call it as $serendipity['logger']->debug/error.
The log-level can be set in the general configuration and is
disabled by default.
* Fixed missing s9ymdb ID
* Add HTTP_Request2 and dependencies as bundled libraries and
update PEAR library to version 1.9.4
* Implemented AJAX uploadResize option to allow resizing an image
before upload (onli)
* Improved file/directory removal code to (hopefully) fail more
gracefully
* Change "default" admin backend template fallback chain so that
old admin themes can theoretically be shown with the "old"
admin interface. This however in many themes breaks the
Serendipity workflow. In other words, currently old custom backend
themes are deprecated. We are still working on how to deal
with this and if we can add some sort of compatibility or port.
* Fix bundled jquery's source mapping, upgraded to 1.11.1
* Fixed missing media name in resize GET URL
* Fix MediaDB overlay display
* Re-Added possibility to change filename/target directory for
media uploads
* Update CKEditor to 4.4
* Fixed some missing internationalization instances
* Minor CSS improvements for upgrader, plugin sequencing widget
* RSS importer accepts pubDate in addition to pubdate element.
* Upgrader in Dashboard can be disabled, returns error message when
URL not accessible
* Added a category filtering ability for the entry editor
* Better check when removing old/dead files to prevent error
messages
* WYSIWYG editor respects image floats
* Support html5 multiple file upload
* Modernizr, magnificPopup updates
* Improvements to equal heights js, button labels
* No longer truncate long entry titles
* Improve non-WYSIWYG editor tag insertion, url insertion
* Improve less DOM firing on certain javascript tasks
* Introduce js_backend event hook
Version 2.0-beta1 and followup -beta2 (April 14th, 2014)
------------------------------------------------------------------------
* Upgrade Smarty libs to 3.1.18
* Automatic upgrade removal of old Smarty2 files (2.0-alpha2)
function uses SPL
* Implemented patch https://github.com/s9y/Serendipity/pull/15
* When switching Themes, both the backend and the frontend
will remember the timestamp of the last theme change,
to make sure that the browser will not cache a mismatching CSS.
* Fix theme change issues with global template vars in core
(1559472ca3) see 'temporary added empty $template_config_groups'
in 1.7-rc2 (eb77dc369a)
* Use Smarty for backend display output
* "Themes" are now what has previously been mixed as "Design",
"Theme", "Template" or "Layouts".
* WYSIWYG-Spawn-API reworked (2k11/admin/wysiwyg_init.tpl)
* All Javascript-functions like SetCookie now reside in a
serendipity-object, simulating a namespace.
SetCookie(...)
became
serendipity.SetCookie(...)
* Renamed JS-Function:
toggleCategorySelector became toggle_category_selector
* The advanced js option (eyecandy) got removed, as such a thing
like advanced js doesn't exist anymore
* dashboard_plugin has an equivalent in the core, replacing the
frontpage
* Constants like S9Y_FRAMEWORK_COMPAT are no longer set
(include_once is used instead)
* New additional option to render smarty-functions:
serendipity_smarty_show($template, $data)
* A number of functions now returns their result instead of echoing
them (TODO: a bunch of image- and
trackback-functions still use echo for messages"):
serendipity_plugin_config
serendipity_printEntryForm
serendipity_printEntries
function serendipity_showMedia
serendipity_showPropertyForm
showMediaLibrary
serendipity_guessInput
memSnap
serendipity_displayTopUrlList
serendipity_displayTopExits
serendipity_displayTopReferrers
serendipity_printConfigTemplate
show_plugins
* Functions removed from the core:
serendipity_printConfigJS
* Functions added to the core:
serendipity_generateImageSelectorParams
* All internal plugins got extracted from plugin_internal.inc.php
and moved to plugins/.
They are renamed to work there (upgrader task provides migration):
serendipity_calendar_plugin became serendipity_plugin_calendar
serendipity_quicksearch_plugin became serendipity_plugin_quicksearch
serendipity_archives_plugin became serendipity_plugin_archives
serendipity_categories_plugin became serendipity_plugin_categories
serendipity_syndication_plugin became serendipity_plugin_syndication
serendipity_superuser_plugin became serendipity_plugin_superuser
serendipity_plug_plugin became serendipity_plugin_plug
* Add plugin hook "js", generating a virtual serendipity.js
* Admin JS is now bundled in serendipity_editor.js.tpl and
rendered using smarty in the theme config
* Admin JS got rewritten using jQuery where applicable
* serendipity_define.js.php removed
* Removed support for layout.php
* The whole PHP-Code now almost never echoes integrated HTML, but
uses smarty template (TODO: Remove the almost)
The necessary smarty-templates reside in 2k11/admin/
Every theme can generate its own backend if it integrates those
templates under admin/ itself
* 2k11 is set as the new default backend, replacing bulletproof.
default remains the fallback so far.
* A number of functions had some arguments removed:
* function serendipity_displayImageList:
From
function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = false, $url = NULL, $show_upload = false, $limit_path = NULL, $smarty_display = true)
to
function serendipity_displayImageList($page = 0, $lineBreak = NULL, $manage = false, $url = NULL, $show_upload = false, $limit_path = NULL)
* function serendipity_showMedia
From
function serendipity_showMedia(&$file, &$paths, $url = '', $manage = false, $lineBreak = 3, $enclose = true, $smarty_vars = array(), $smarty_display = true)
to
function serendipity_showMedia(&$file, &$paths, $url = '', $manage = false, $lineBreak = 3, $enclose = true, $smarty_vars = array())
* generate_plugins
From
static function generate_plugins($side, $tag = '', $negate = false, $class = null, $id = null, $tpl = 'sidebar.tpl')
to
static function generate_plugins($side, $negate = false, $class = null, $id = null, $tpl = 'sidebar.tpl')
* serendipity_showMedia now no longer returns the used template and
echoes the generated HTML, but only returns the generated HTML
* Themes now have their own configuration page,
?serendipity[adminModule]=templates&serendipity[adminAction]=editConfiguration
* jQuery in the backend no longer runs in noConflict-mode. Use
$(...) instead of jQuery(...)
* The entryproperty-plugin will now always delete its cache on
uninstall, not only if the cache is activated then
* serendipity_is_iframe now really only checks for iframe and
doesn't also echo it
* Added option simpleFilters (meant to indicate to show less
filters and poweruser-options)
* serendipity_admin_image_selector.php no longer used by 2k11,
instead the media library (with admin/media_choose.tpl,
admin/media_upload.tpl, media_pane.tpl, media_items.tpl)
can generat the imageselector on its own. The editor calls
serendipity_admin.php?serendipity[adminModule]=media instead,
with serendipity[textarea] indicating the target, and
serendipity[showMediaToolbar] activating the imageSelector modus
* New required PHP-Version: 5.3 or higher (checked in the installer)
Version 1.7.8 (February 9th, 2014)
------------------------------------------------------------------------
* Fixed POST for db entry insert, caused by 1.7.6 security feature
Version 1.7.7 (February 6th, 2014)
------------------------------------------------------------------------
* Fixed PHP parse error in templatechooser plugin. Blame garvin. :(
Version 1.7.6 (February 6th, 2014)
------------------------------------------------------------------------
* Fixed backend security issues, thanks to Stefan Schurtz:
- XSS of users realname in "Manage users" section
(Backend, requires login)
- XSS when creating an entry with bad id/timestamp values
(Backend, requires login)
- SQL-Injection for plugin installation parameter
(Backend, requires admin login)
* Templatechooser plugin uses "default" template as fallback,
not "bulletproof".
Version 1.7.5 (January 18th, 2014)
------------------------------------------------------------------------
* Fixed textile PHP 5.2 (namespace) compat issue
* Added default value to spamblocks required_fields option [name,
comment]
Version 1.7.4 (January 11th, 2014)
------------------------------------------------------------------------
* Fixed emoticate plugin icon link to check for textile class
* Upgrade textile plugin libs - lib3 extends to PHP >= 5.3.
Please check for new options!
* Fixed spamblocks Captcha imagecreate() with PHP > 5.3 versions
* Smarty 3.1.16 bugfix release - please read bundled-libs/Smarty/change_log.txt
about changes to versions 3.1.16 and 3.1.15.
Please also see special bundled-libs/Smarty/3.1.16_RELEASE_NOTES.txt
* Removed blogg.de filter from spamblock plugin, adapted htaccess
IP block algorithm for race conditions. .htaccess can now contain
multiple Deny From ranges to prevent parsing problems (DLange)
* Fixed IP columns in spamblocklog, spamblock_htaccess, karmalog, visitors
and shoutbox to varchar(45) for IPv6 - including tunneled IPv4 (39+6)
* Fixed possible double includement of plugin_internal.inc.php
* Fix possible temporary caching errors failing $eventData[0]['properties']
* Basic support for static blocks (includeentry plugin) in 2k11.
* Added "backend_footer" event hook
* Exclude "frontpage extensions" directories "_vti_cnf" on windows servers
in Media Library
* Fixed pagination when searching terms with fetchlimit < 4
* Fixed deprecated /e modifier with PHP >= 5.5 in nl2br plugin restore method
Version 1.7.3 (August 28th, 2013)
------------------------------------------------------------------------
* Trackback to https:// style URLs will use proper port 443 instead
of 80.
* Disabled htmlarea spellchecker module, http://osvdb.org/87395
Thanks for Henri Salo for pointing this out. CVE-2013-5670
Version 1.7.2 (July 26th 2013)
------------------------------------------------------------------------
* Fix a syntax error in the "mysql" deprecation code, thanks
to Ian
Version 1.7.1 (July 26th 2013)
------------------------------------------------------------------------
* Added new event hooks "backend_plugins_install", "backend_plugins_update"
and "backend_templates_install".
* Serendipity will switch to mysqli if PHP >= 5.5 is used (mysql
is deprecated)
* Smarty upgrade to 3.1.14 (read changeLog and the README for API changes since Smarty 2)
* Upgrader will now remove/delete the browsercompatibility plugin
* Fixed Media Library exclude path to not show/proceed ckeditor/kcfinders .thumbs dir
* Fixed bulletproof->colorset GET mismatch with categorytemplates plugin
config.inc.php [Line 29]
* German translation for stable archives added (YL)
* Fixed curl result bug in spartacus plugin
* Create new migration task for propagate defaultBaseURL when
currently empty (onli)
* Fixed statistics sidebar querys ( & for PostgreSQL ) [242520b]
and added some missing html end tags
* Added missing current group name when editing usergroups
Version 1.7 ()
------------------------------------------------------------------------
* rc4: Get ready for CKEDITOR-wysiwyg Plugin mode
* rc4: Fixed fetching javascript object (for nugget textareas) in non-wysiwyg-mode
* rc4: Change .htaccess blocking mechanism by spamblock plugin to not fetch
too many datarows, thanks to DLange from the forums. (The .htaccess
feature is still considered experimental, use at your own risk ;))
* rc4: Fixed entryproperties backend 'cache now' link
* rc3 + rc4: Media database: Escape more Cookie values to prevent storing
possible XSS (http://board.s9y.org/viewtopic.php?f=3&t=19142).
Escape hotlinked media filename. Escape importer host name error
Thanks to GreenSun from the forums for bringing this to attention,
originally reported by Dshellnoi Unix
* rc2: Alter entries.tpl to add the line:
{assign var="entry" value=$entry scope="parent"}
for proper propagation of $entry to sub-templates.
* rc2: Alter error reporting to only fail when 'debug' mode is enabled,
so that "normal" blog installations will not fail on specific
E_STRICT warnings that are not important.
* rc2: temporary added empty $template_config_groups into templates with config,
to avoid display troubles for template changes, if previous template had these set.
Please check your template.
* rc2: reflect POST submitted changes in Bulletproof template configs re-set situations
* various PHP 5 compatibility fixes in core and plugins
* Allow entryproperties plugin to define defaults for custom fields
* Onyx, Net_URL classes: Remove PHP4 style constructor due to
PHP5 error "Constructor already defined"
* Improved RSS sidebarplugin to support Atom
* Bundled simplepie
* For Blogs running on a non-UTF-8 language, set a Smarty constant
to indicate the actually used charset.
* Added to use MyISAM handler for s9y tables (we do not use InnoDB
features, but rely on MyISAM fulltext)
* fixed defaultBaseURL did not show up installer. Thanks to onli.
Follow up from c292bad
* fixed draft & future entries preview link in backend
* Improved karmarating plugin to be able to use AJAX calls
(gregman)
* Allow Smarty to fetch .tpl files from all directories so that
s9y plugin can use the fetch() call for their .tpl files no
matter which (symlinked) directory the plugin resides in.
The Smarty security policy to us only serves as a restriction
within .tpl files to not allow arbitrary PHP modifier/function calls.
If in the future Smarty supports enforcing trustedDir checks on
{include} calls seperately to smarty->fetch() calls, we'll also
add that to .tpl files.
(garvinhicking)
* Patch by Markus Br<42>kner: Properly handle files that have no
extension in media database
* Made Spartacus recognize github.com mirror (garvinhicking)
* Add "Summary" output to title of summary archive pages, patch by
hboeck
* Set the smarty object by instance (ophian)
It is often needed to access the Smarty object from anywhere in your code, e.g. in plugins
We now ensure that there is only one instance of the object available.
To obtain an instance of this class: $serendipity['smarty'] = Serendipity_Smarty::getInstance();
The first time this is called a new instance will be created. Thereafter, the same instance is handed back.
To overwrite use $serendipity['smarty'] = new Serendipity_Smarty; to create a new instance.
* Set a global Serendipity errorToExceptionHandler (ophian)
changed some old smarty trigger_errors to PHPs native function
* Updated spamblock plugin (ophian)
changed wordfilter to function and Commenters moderation check verify_once
to get checked via wordfilter to reject known spam comments before
* Changed backend comment (error) messages (ophian)
as now captured and styleable messages
(newly added .serendipity_backend_msg_notice css class)
* Updated nl2br plugin (ophian)
added isolation tag using nl to br
this also adds some NoBR buttons to backend entry forms
* Smarty3 support (ophian)
with this upgrade Serendipity / Smarty will at least need a webserver running the PHP 5.2 series.
As of August 2011, all PHP users should note, that the PHP 5.2 series is NOT supported anymore by the PHP developers.
All users are strongly encouraged to upgrade to PHP 5.3.8 and up. Please refer to your ISP about this.
* Added new serendipity['defaultBaseURL'] variable that makes sure
that the baseURL is not overriden when configuring serendipity
with a possibly autodetected currentl URL. Patch by Manko10.
Version 1.6.2 (May 16th, 2012)
------------------------------------------------------------------------
* Fix SQL injection for comment.php used in read-context.
(Thanks to High-Tech Bridge SA Security Release Lab, Advisory HTB23092)
Version 1.6.1 (May 8th, 2012)
------------------------------------------------------------------------
* Improved escaping of backend plugin management for DB query
and media selector output (Stefan Schurtz)
* Updated spamblock plugin to 1.78 & 1.79 (backport)
changed wordfilter to function to check with 'verify_once'
to reject wordfilter signed spam comments before -
added in 1.79 killswitch check and serendipity_db_bool()
* fixed draft & future entries preview link in backend (backport)
* Fixed some possible errors with pdo db_begin/end_transaction()
* Fixed unneccessary preg_match notices in the statistics backend
* Fixed a possible problem where template-specific variables would
not be cleared in favor of the new global ones.
* Fixed serendipity_fetchComments producing wrong SQL code. Please
check your code if you did workarounds already and remove them.
Version 1.6 (October 27th 2011)
------------------------------------------------------------------------
* Fix XSS issue in mediadatabase and karma
filtering, thanks to Stefan Schurtz
* Fix problem with autosave plugin used in conjunction with
entryproperties (chrisbra)
* Removed browsercompatibilitty plugin because it's outdated and
IE6 shall be dead.
* Fixed Spartauc SF.Net download location (Thanks to christian_boltz)
* Added new event hook 'backend_loginfail' to track failed logins
(serendipity_event_externalauth can make use of it for fail2ban)
* Fixed a bug in synchronizing new files with the same basename
but different extensions, where files with the same mimetype
would not get added (garvinhicking)
* Show subscription status of comments in frontend and backend
* Added ability to report spam/ham to akismet (Black Warthog)
* Added localization for {$WEBLOG} in trackbacks.tpl (LazyBadger)
* Added "Options -MultiViews" to .htaccess to prevent IE9 trouble
* Karma plugin: Added option to only track votings when users are
logged in.
* Bugfix: Adjust /admin permalink detection so that it does not listen
on /adminbook for example. Thanks to Lux!
* serendipity_event_mailer now also allows to use commas instead of
spaces to seperate multiple mails. Use distinct email adresses
(Thanks to evanslee)
* Added new rewrite option for 1&1 specific servers, because a
combined htaccess for both variants could not be find. The reason
is the MultiViews option in certain apache configs.
* Fix PDO::SQLite to properly fetch the requested row type
(assoc/both/num), important for staticpage plugin
* TPL fixes for upcoming Smarty3, thanks to timbalu
* Experimental: Config-Groups for template and plugin options,
currently mimics fold in/out of global configuration.
Usage through "config_groups", examples are in config.inc.php of
bulletproof and spamblock plugin. Needs documentation.
(garvinhicking)
* Added new parameter "empty" to {serendipity_showPlugin}. When
no callable plugins were found, the string in the "empty" parameter
will be shown instead, allowing users to get notified of a missing
plugin:
{serendipity_showPlugin
class="serendipity_plugin_twitter"
empty="Twitter plugin not found!"}
* Bundle jquery by default and enable it in frontend and backend
templates; overrides serendipity_event_jquery. If your template
contains its own "jquery.js" file, the core will NOT use it.
(garvinhicking)
* Include API logic to allow the core to utilize event hooks with
internal function calls (used for jquery output, for example)
(garvinhicking)
* Allow to moderate multiple selected comments (garvinhicking)
* Allow to pass 'template' variable to serendipity_showPlugin
* Make CSS permalink pattern compatible to 1&1 servers,
thanks to lfrantzen
* PDO-SQLite patches by nth
* Fix newline before <?xml tag, thanks to deedw
* Only do '*' parameter expansion on the first page of search
results: http://board.s9y.org/viewtopic.php?f=10&t=14810
(onli, Timbalu)
* RSS feed timestamp properly calculates offset (abdussamad)
* (experimental) global theme options (garvinhicking)
Inside template's config.inc.php you can enable a global
navigation configuration feature:
$template_global_config = array('navigation' => true);
serendipity_loadGlobalThemeOptions($template_config, $template_loaded_config, $template_global_config);
More keys apart from "navigation" might get supported in the future.
* Implemented suggestion of removing boilerplate code in plugin API:
Change hack protection, introduce unified language loading, see
http://board.s9y.org/viewtopic.php?f=11&t=16921
Thanks to mt2!
* Fix karma rating plugin missing the text translation for a
specific point area
* Recent entry properties now recognizes multilingual titles
* Include referrer in comment notification email (konus)
* Added new 'fulltext' search option to sidebar plugin
http://board.s9y.org/viewtopic.php?f=4&t=16051
* Truncate suppressed referrer's query string to 255 characters
(ads)
* Fix "viewAuthor" URL detection routine if the path name of a
domain begins with a number. (garvinhicking)
* Fix SQLite substring search to use % instead of * for secondary
matches (SvOlli)
* Recent entries plugin can now fetch the associated categoryid,
when a single entry is displayed. (Garvinhicking)
* Stricter check for sqlite3 extension, only functional interface
instead of OOP currently supported (garvinhicking)
* Experimental: When sending quoted-printable notification mails,
auto-split after 75 characters.
(Ref: http://board.s9y.org/viewtopic.php?f=3&t=16314)
* To support custom PHP sessions, s9y will only issue session_start,
if no session exists yet (garvinhicking)
* Use "Longtext" instead of "text" for new installations on blog entry
body and extended body inside database tables. (garvinhicking)
* Added ability to mark authorgroups as "hidden", so that members
of such groups are excluded from common author listings.
(Ref http://board.s9y.org/viewtopic.php?f=11&t=16237)
(garvinhicking)
* Added option for SMF importer to also import tags
* Added experimental global variable $i18n_filename_utf8 that can
be set in a serendipity_config_local.inc.php or language include
file, which will return Unicode-Permalinks.
(http://board.s9y.org/viewtopic.php?f=11&t=15896)
* Added event hook backend_sendcomment for sending comments and
being able to chang via plugin API (onli)
Version 1.5.5 (December 21st, 2010)
------------------------------------------------------------------------
* Due to security issues in the bundled Xinha WYSIWYG,
disabled the PHP-based plugins (which are not utilized by
serendipity unless manually enabled), until a proper security
fix is available
Version 1.5.4 (August 26th, 2010)
------------------------------------------------------------------------
* Fix XSS in backend, thanks to High-Tech Bridge SA #HTB22595
* Fix PHP 5.3.2 parse error in a file, thanks to fyremoon
* Fix SQL query statement for deleting a category, which on some
DB types (SQlite) might not return "true" and thus not really
delete the category. (garvinhicking)
* Include license output in plugin listing (onli)
* Fix escaping when using ImageMagick to create PDF-thumbnail images
(stm9x9)
* Add new template variable to feed*.tpl files to support new
plugins like pubsubhubbub, so that plugins can embed data to the
main XML element (onli)
Version 1.5.3 (May 10th, 2010)
------------------------------------------------------------------------
* Added workaround for dynamic configuration of Xinha plugins
ExtendedFilemanager, ImageManager,
InsertSnippet and Linker plugins to avoid remote code inclusion.
(Stefan Esser)
Version 1.5.2 (January 25th, 2010)
------------------------------------------------------------------------
* Fixed SQL upgrade path for SQLite.
Version 1.5.1 (December 21st, 2009)
------------------------------------------------------------------------
* Fix bug with not showing "html" type configuration items.
Version 1.5 (December 21st, 2009)
------------------------------------------------------------------------
* Show backend comment pagination in footer and header
* Don't toggle the border of marked comments in the admin section
to 2px, to avoid padding. Thanks to hboeck!
* Added expermiantel PDO::SQLite transport, by nth
* Disallow uploading any files with ".php." in the filename
(garvinhicking)
* Prevent password autocompletion for user passwords to prevent
possible mismatch. In media manager popup, fix bug that did
not properly forward to image selection after upload (onli)
* Fix a bug in statistics output, when statistics for single-number
months is created. (Andreas Bilke)
* Always increase last_modified when an entry is saved to prevent
stale entries in RSS feeds. Thanks to Cenic
* Allow comment sidebar plugin to only show coments for entries
that are allowed to be viewed by the current visitor.
* Also use htmlspecialchars() for the Recent Entries sidebar plugin
(Anson)
* Do not send mails, if the "To:" address is empty, might happen
if authors do not have a mail account entered in their profile.
(nealk)
* Fixed Spartacus download URLs for SF.Net mirror (christian_boltz)
* Allow redirects when fetching remote images (garvinhicking)
* Allow to define sort order for search-results (garvinhicking)
* More PHP 5.3.0 compat (split(), ereg(), ereg_replace()).
* PostgreSQL compatibility for the printArchives() function to
gather only unique timestamps (cite)
-- beta1 release
* PHP 5.3.0 compatibility without E_WARNING triggers (garvinhicking)
* Added 'orderby' parameter to plugin API hooks for the serendipity
fulltext search function (garvinhicking)
* Added new event hook frontend_sidebar_plugins to iterate through
sidebar plugins and modify their output. $eventData is the array
of their data. (garvinhicking)
* Added ability to specify a custom Xinha config. Either supply
a 'my_custom.js' file inside the template directory, or if
omitted, the default htmlarea/my_custom.js is used. With this
you can overwrite the plugins and buttons of all Xinha instances.
See the mentioned default file for usage. (garvinhicking)
* Removed "static" db layer typelist to prevent accidental over-
writes of referenced return values (garvinhicking)
* Upgrade to Smarty 2.6.26
* Removed inline styles of the s9y media insertion, they will now
properly utilize CSS classes (defined in the new file
style_fallback.css). Also added support for entering "ALT/TITLE"
attributes to an <img> tag, can be used as a media property if
you add "ALT" and "TITLE" to the list of "Media properties" in the
main configuration. (garvinhicking)
* Filter entries only by authors that have written at least
one article (garvinhicking)
* Fix PDF imagemagick thumbnail generation to be properly displayed
(http://board.s9y.org/viewtopic.php?f=3&t=15446)
* Warn about non-writable "plugins" directory in installation
* Added new optional parameter for plugin config type "text": rows.
Added new optional parameter "input_type"="password" for plugin
string type configuration (brockhaus)
* pingbacks were not counted as entry trackbacks although added to
entries. (brockhaus)
* Added "exclude urls" to ip validation functionality in spam block
plugin. identi.ca is sending pingbacks but fails the ip validation!
(brockhaus)
* no longer use htmlspecialchars() on the blog's title and sub-
title, to allow for custom HTML code to appear and unify
only letting Smarty do the escaping (garvinhicking,falk)
* Plugin drag/drop now can scroll up/down/left/right when touching
the borders. Thanks to onli!
* Changed shoutbox plugin. Shoutbox input size is configurable now.
Wrong description for dateformat fixed.
(brockhaus)
* Change mail entry plugin to be able to send mails without
hyperlinks and images. (garvinhicking)
* Change uriArgument parsing routine to allow "!" in URLs.
Now we can have absolute serocracy.
* Changed image upload workflow so that the upload results/errors
are shown on top of the media library, allowing to go on
immediately (onli)
* Added new smarty variable $admin_vars.title to the admin/index.tpl
template file to customize the title (onli)
* Add new config option to base server time on UTC
(http://board.s9y.org/viewtopic.php?f=2&t=15123) (Abdussamad)
* Use a unique session name for each blog instance, so that multiple
s9y installations can live on the same domain and having their
own sessions (kleinerChemiker, DrNI)
* Livejournal importer update by Anson now supports importing
comments, see http://board.s9y.org/viewtopic.php?f=11&t=15141
* Enhance xhtml cleanup plugin to also work on <param value="..." />
tags and fix youtube html. (garvinhicking)
* Changed bookmarklet to work with Chrome, thanks to Oliver
Gassner & TextPattern :-) (garvinhicking)
* Enhanced serendipity_printEntries() logic to bypass smarty
parsing ($smarty_fetch) (garvinhicking)
* Changed karma plugin to only track GET requests as visits, not
POSTs. Thanks to Marcus Friedman
* Enhanced nl2br plugin to also use <p> tags, by onli
* Added possibility for templates to register a central function
serendipity_plugin_api_event_hook() and
serendipity_plugin_api_pre_event_hook() that can be used to
use plugin API interaction WITHOUT actual plugins. So special
plugins can be bundled within a template, without the need to
seperately install them. The "pre" function is called BEFORE
all normal plugins are executed, the normal function is called
AFTER plugin execution. (garvinhicking)
* Change javascript non-wysiwyg insertion methods to propery
return to scrollposition, patch by onli
* Enhance TrackExits plugin to also support link redirection for
future german law/access blocking :) (garvinhicking)
* Enhance quicksearch by performing a wildcard-search for the
searchterms, when less than 4 matches are found. (onli)
* Updated czech translation, by Vlada Ajgl
* Use a space instead of comma to seperate DENY rules in spamblock
plugin, patch by brielle
* Added ability to use strftime variables in the spamblock.log
filename. (kleinerchemiker)
* Added improved Blogger.com importer using the API, thanks to jaa
* Change password hashing from plain md5 to salted SHA1. Logins
should continue to work and are migrated to SHA1 keys upon
first login. MD5-logins will only work successfully once. This
mechanism will expire 6 months after the upgrade has been executed.
EXPERIMENTAL! (http://blog.s9y.org/archives/205-hash.html)
(garvinhicking)
* Allow admins to also approve comments awaiting user-confirmation
(garvinhicking)
* Fix statistics sidebar plugin to properly count weekly visitors
(garvinhicking)
* Allow javascript inside Xinha WYSIWYG textarea (garvinhicking)
* Allow anonymized submission to Typepad/Akismet to attribute
possible federal laws for data protection (garvinhicking)
(RFE #2517320)
* Change antispam plugin to also support Typepad as an alternative
to Akismet. (judebert)
(Older NEWS see file NEWS_OLD)
Reference in New Issue View Git Blame Copy Permalink