Serendipity PHP Weblog System

# $Id$ Version 1.7 (May 11th 2013) ------------------------------------------------------------------------ * rc4: Get ready for CKEDITOR-wysiwyg Plugin mode * rc4: Fixed fetching javascript object (for nugget textareas) in non-wysiwyg-mode * Change .htaccess blocking mechanism by spamblock plugin to not fetch too many datarows, thanks to DLange from the forums. (The .htaccess feature is still considered experimental, use at your own risk ;)) * rc4: Fixed entryproperties backend 'cache now' link * Media database: Escape more Cookie values to prevent storing possible XSS (http://board.s9y.org/viewtopic.php?f=3&t=19142). Escape hotlinked media filename. Escape importer host name error Thanks to GreenSun from the forums for bringing this to attention, originally reported by Dshellnoi Unix * rc2: Alter entries.tpl to add the line: {assign var="entry" value=$entry scope="parent"} for proper propagation of $entry to sub-templates. * rc2: Alter error reporting to only fail when 'debug' mode is enabled, so that "normal" blog installations will not fail on specific E_STRICT warnings that are not important. * rc2: temporary added empty $template_config_groups into templates with config, to avoid display troubles for template changes, if previous template had these set. Please check your template. * rc2: reflect POST submitted changes in Bulletproof template configs re-set situations * various PHP 5 compatibility fixes in core and plugins * Allow entryproperties plugin to define defaults for custom fields * Onyx, Net_URL classes: Remove PHP4 style constructor due to PHP5 error "Constructor already defined" * Improved RSS sidebarplugin to support Atom * Bundled simplepie * For Blogs running on a non-UTF-8 language, set a Smarty constant to indicate the actually used charset. * Added to use MyISAM handler for s9y tables (we do not use InnoDB features, but rely on MyISAM fulltext) * fixed defaultBaseURL did not show up installer. Thanks to onli. Follow up from c292bad * fixed draft & future entries preview link in backend * Improved karmarating plugin to be able to use AJAX calls (gregman) * Allow Smarty to fetch .tpl files from all directories so that s9y plugin can use the fetch() call for their .tpl files no matter which (symlinked) directory the plugin resides in. The Smarty security policy to us only serves as a restriction within .tpl files to not allow arbitrary PHP modifier/function calls. If in the future Smarty supports enforcing trustedDir checks on {include} calls seperately to smarty->fetch() calls, we'll also add that to .tpl files. (garvinhicking) * Patch by Markus Brükner: Properly handle files that have no extension in media database * Made Spartacus recognize github.com mirror (garvinhicking) * Add "Summary" output to title of summary archive pages, patch by hboeck * Set the smarty object by instance (ophian) It is often needed to access the Smarty object from anywhere in your code, e.g. in plugins We now ensure that there is only one instance of the object available. To obtain an instance of this class: $serendipity['smarty'] = Serendipity_Smarty::getInstance(); The first time this is called a new instance will be created. Thereafter, the same instance is handed back. To overwrite use $serendipity['smarty'] = new Serendipity_Smarty; to create a new instance. * Set a global Serendipity errorToExceptionHandler (ophian) changed some old smarty trigger_errors to PHPs native function * Updated spamblock plugin (ophian) changed wordfilter to function and Commenters moderation check verify_once to get checked via wordfilter to reject known spam comments before * Changed backend comment (error) messages (ophian) as now captured and styleable messages (newly added .serendipity_backend_msg_notice css class) * Updated nl2br plugin (ophian) added isolation tag using nl to br this also adds some NoBR buttons to backend entry forms * Smarty3 support (ophian) with this upgrade Serendipity / Smarty will at least need a webserver running the PHP 5.2 series. As of August 2011, all PHP users should note, that the PHP 5.2 series is NOT supported anymore by the PHP developers. All users are strongly encouraged to upgrade to PHP 5.3.8 and up. Please refer to your ISP about this. * Added new serendipity['defaultBaseURL'] variable that makes sure that the baseURL is not overriden when configuring serendipity with a possibly autodetected currentl URL. Patch by Manko10. Version 1.6.2 (May 16th, 2012) ------------------------------------------------------------------------ * Fix SQL injection for comment.php used in read-context. (Thanks to High-Tech Bridge SA Security Release Lab, Advisory HTB23092) Version 1.6.1 (May 8th, 2012) ------------------------------------------------------------------------ * Improved escaping of backend plugin management for DB query and media selector output (Stefan Schurtz) * Updated spamblock plugin to 1.78 & 1.79 (backport) changed wordfilter to function to check with 'verify_once' to reject wordfilter signed spam comments before - added in 1.79 killswitch check and serendipity_db_bool() * fixed draft & future entries preview link in backend (backport) * Fixed some possible errors with pdo db_begin/end_transaction() * Fixed unneccessary preg_match notices in the statistics backend * Fixed a possible problem where template-specific variables would not be cleared in favor of the new global ones. * Fixed serendipity_fetchComments producing wrong SQL code. Please check your code if you did workarounds already and remove them. Version 1.6 (October 27th 2011) ------------------------------------------------------------------------ * Fix XSS issue in mediadatabase and karma filtering, thanks to Stefan Schurtz * Fix problem with autosave plugin used in conjunction with entryproperties (chrisbra) * Removed browsercompatibilitty plugin because it's outdated and IE6 shall be dead. * Fixed Spartauc SF.Net download location (Thanks to christian_boltz) * Added new event hook 'backend_loginfail' to track failed logins (serendipity_event_externalauth can make use of it for fail2ban) * Fixed a bug in synchronizing new files with the same basename but different extensions, where files with the same mimetype would not get added (garvinhicking) * Show subscription status of comments in frontend and backend * Added ability to report spam/ham to akismet (Black Warthog) * Added localization for {$WEBLOG} in trackbacks.tpl (LazyBadger) * Added "Options -MultiViews" to .htaccess to prevent IE9 trouble * Karma plugin: Added option to only track votings when users are logged in. * Bugfix: Adjust /admin permalink detection so that it does not listen on /adminbook for example. Thanks to Lux! * serendipity_event_mailer now also allows to use commas instead of spaces to seperate multiple mails. Use distinct email adresses (Thanks to evanslee) * Added new rewrite option for 1&1 specific servers, because a combined htaccess for both variants could not be find. The reason is the MultiViews option in certain apache configs. * Fix PDO::SQLite to properly fetch the requested row type (assoc/both/num), important for staticpage plugin * TPL fixes for upcoming Smarty3, thanks to timbalu * Experimental: Config-Groups for template and plugin options, currently mimics fold in/out of global configuration. Usage through "config_groups", examples are in config.inc.php of bulletproof and spamblock plugin. Needs documentation. (garvinhicking) * Added new parameter "empty" to {serendipity_showPlugin}. When no callable plugins were found, the string in the "empty" parameter will be shown instead, allowing users to get notified of a missing plugin: {serendipity_showPlugin class="serendipity_plugin_twitter" empty="Twitter plugin not found!"} * Bundle jquery by default and enable it in frontend and backend templates; overrides serendipity_event_jquery. If your template contains its own "jquery.js" file, the core will NOT use it. (garvinhicking) * Include API logic to allow the core to utilize event hooks with internal function calls (used for jquery output, for example) (garvinhicking) * Allow to moderate multiple selected comments (garvinhicking) * Allow to pass 'template' variable to serendipity_showPlugin * Make CSS permalink pattern compatible to 1&1 servers, thanks to lfrantzen * PDO-SQLite patches by nth * Fix newline before <?xml tag, thanks to deedw * Only do '*' parameter expansion on the first page of search results: http://board.s9y.org/viewtopic.php?f=10&t=14810 (onli, Timbalu) * RSS feed timestamp properly calculates offset (abdussamad) * (experimental) global theme options (garvinhicking) Inside template's config.inc.php you can enable a global navigation configuration feature: $template_global_config = array('navigation' => true); serendipity_loadGlobalThemeOptions($template_config, $template_loaded_config, $template_global_config); More keys apart from "navigation" might get supported in the future. * Implemented suggestion of removing boilerplate code in plugin API: Change hack protection, introduce unified language loading, see http://board.s9y.org/viewtopic.php?f=11&t=16921 Thanks to mt2! * Fix karma rating plugin missing the text translation for a specific point area * Recent entry properties now recognizes multilingual titles * Include referrer in comment notification email (konus) * Added new 'fulltext' search option to sidebar plugin http://board.s9y.org/viewtopic.php?f=4&t=16051 * Truncate suppressed referrer's query string to 255 characters (ads) * Fix "viewAuthor" URL detection routine if the path name of a domain begins with a number. (garvinhicking) * Fix SQLite substring search to use % instead of * for secondary matches (SvOlli) * Recent entries plugin can now fetch the associated categoryid, when a single entry is displayed. (Garvinhicking) * Stricter check for sqlite3 extension, only functional interface instead of OOP currently supported (garvinhicking) * Experimental: When sending quoted-printable notification mails, auto-split after 75 characters. (Ref: http://board.s9y.org/viewtopic.php?f=3&t=16314) * To support custom PHP sessions, s9y will only issue session_start, if no session exists yet (garvinhicking) * Use "Longtext" instead of "text" for new installations on blog entry body and extended body inside database tables. (garvinhicking) * Added ability to mark authorgroups as "hidden", so that members of such groups are excluded from common author listings. (Ref http://board.s9y.org/viewtopic.php?f=11&t=16237) (garvinhicking) * Added option for SMF importer to also import tags * Added experimental global variable $i18n_filename_utf8 that can be set in a serendipity_config_local.inc.php or language include file, which will return Unicode-Permalinks. (http://board.s9y.org/viewtopic.php?f=11&t=15896) * Added event hook backend_sendcomment for sending comments and being able to chang via plugin API (onli) Version 1.5.5 (December 21st, 2010) ------------------------------------------------------------------------ * Due to security issues in the bundled Xinha WYSIWYG, disabled the PHP-based plugins (which are not utilized by serendipity unless manually enabled), until a proper security fix is available Version 1.5.4 (August 26th, 2010) ------------------------------------------------------------------------ * Fix XSS in backend, thanks to High-Tech Bridge SA #HTB22595 * Fix PHP 5.3.2 parse error in a file, thanks to fyremoon * Fix SQL query statement for deleting a category, which on some DB types (SQlite) might not return "true" and thus not really delete the category. (garvinhicking) * Include license output in plugin listing (onli) * Fix escaping when using ImageMagick to create PDF-thumbnail images (stm9x9) * Add new template variable to feed*.tpl files to support new plugins like pubsubhubbub, so that plugins can embed data to the main XML element (onli) Version 1.5.3 (May 10th, 2010) ------------------------------------------------------------------------ * Added workaround for dynamic configuration of Xinha plugins ExtendedFilemanager, ImageManager, InsertSnippet and Linker plugins to avoid remote code inclusion. (Stefan Esser) Version 1.5.2 (January 25th, 2010) ------------------------------------------------------------------------ * Fixed SQL upgrade path for SQLite. Version 1.5.1 (December 21st, 2009) ------------------------------------------------------------------------ * Fix bug with not showing "html" type configuration items. Version 1.5 (December 21st, 2009) ------------------------------------------------------------------------ * Show backend comment pagination in footer and header * Don't toggle the border of marked comments in the admin section to 2px, to avoid padding. Thanks to hboeck! * Added expermiantel PDO::SQLite transport, by nth * Disallow uploading any files with ".php." in the filename (garvinhicking) * Prevent password autocompletion for user passwords to prevent possible mismatch. In media manager popup, fix bug that did not properly forward to image selection after upload (onli) * Fix a bug in statistics output, when statistics for single-number months is created. (Andreas Bilke) * Always increase last_modified when an entry is saved to prevent stale entries in RSS feeds. Thanks to Cenic * Allow comment sidebar plugin to only show coments for entries that are allowed to be viewed by the current visitor. * Also use htmlspecialchars() for the Recent Entries sidebar plugin (Anson) * Do not send mails, if the "To:" address is empty, might happen if authors do not have a mail account entered in their profile. (nealk) * Fixed Spartacus download URLs for SF.Net mirror (christian_boltz) * Allow redirects when fetching remote images (garvinhicking) * Allow to define sort order for search-results (garvinhicking) * More PHP 5.3.0 compat (split(), ereg(), ereg_replace()). * PostgreSQL compatibility for the printArchives() function to gather only unique timestamps (cite) -- beta1 release * PHP 5.3.0 compatibility without E_WARNING triggers (garvinhicking) * Added 'orderby' parameter to plugin API hooks for the serendipity fulltext search function (garvinhicking) * Added new event hook frontend_sidebar_plugins to iterate through sidebar plugins and modify their output. $eventData is the array of their data. (garvinhicking) * Added ability to specify a custom Xinha config. Either supply a 'my_custom.js' file inside the template directory, or if omitted, the default htmlarea/my_custom.js is used. With this you can overwrite the plugins and buttons of all Xinha instances. See the mentioned default file for usage. (garvinhicking) * Removed "static" db layer typelist to prevent accidental over- writes of referenced return values (garvinhicking) * Upgrade to Smarty 2.6.26 * Removed inline styles of the s9y media insertion, they will now properly utilize CSS classes (defined in the new file style_fallback.css). Also added support for entering "ALT/TITLE" attributes to an <img> tag, can be used as a media property if you add "ALT" and "TITLE" to the list of "Media properties" in the main configuration. (garvinhicking) * Filter entries only by authors that have written at least one article (garvinhicking) * Fix PDF imagemagick thumbnail generation to be properly displayed (http://board.s9y.org/viewtopic.php?f=3&t=15446) * Warn about non-writable "plugins" directory in installation * Added new optional parameter for plugin config type "text": rows. Added new optional parameter "input_type"="password" for plugin string type configuration (brockhaus) * pingbacks were not counted as entry trackbacks although added to entries. (brockhaus) * Added "exclude urls" to ip validation functionality in spam block plugin. identi.ca is sending pingbacks but fails the ip validation! (brockhaus) * no longer use htmlspecialchars() on the blog's title and sub- title, to allow for custom HTML code to appear and unify only letting Smarty do the escaping (garvinhicking,falk) * Plugin drag/drop now can scroll up/down/left/right when touching the borders. Thanks to onli! * Changed shoutbox plugin. Shoutbox input size is configurable now. Wrong description for dateformat fixed. (brockhaus) * Change mail entry plugin to be able to send mails without hyperlinks and images. (garvinhicking) * Change uriArgument parsing routine to allow "!" in URLs. Now we can have absolute serocracy. * Changed image upload workflow so that the upload results/errors are shown on top of the media library, allowing to go on immediately (onli) * Added new smarty variable $admin_vars.title to the admin/index.tpl template file to customize the title (onli) * Add new config option to base server time on UTC (http://board.s9y.org/viewtopic.php?f=2&t=15123) (Abdussamad) * Use a unique session name for each blog instance, so that multiple s9y installations can live on the same domain and having their own sessions (kleinerChemiker, DrNI) * Livejournal importer update by Anson now supports importing comments, see http://board.s9y.org/viewtopic.php?f=11&t=15141 * Enhance xhtml cleanup plugin to also work on <param value="..." /> tags and fix youtube html. (garvinhicking) * Changed bookmarklet to work with Chrome, thanks to Oliver Gassner & TextPattern :-) (garvinhicking) * Enhanced serendipity_printEntries() logic to bypass smarty parsing ($smarty_fetch) (garvinhicking) * Changed karma plugin to only track GET requests as visits, not POSTs. Thanks to Marcus Friedman * Enhanced nl2br plugin to also use <p> tags, by onli * Added possibility for templates to register a central function serendipity_plugin_api_event_hook() and serendipity_plugin_api_pre_event_hook() that can be used to use plugin API interaction WITHOUT actual plugins. So special plugins can be bundled within a template, without the need to seperately install them. The "pre" function is called BEFORE all normal plugins are executed, the normal function is called AFTER plugin execution. (garvinhicking) * Change javascript non-wysiwyg insertion methods to propery return to scrollposition, patch by onli * Enhance TrackExits plugin to also support link redirection for future german law/access blocking :) (garvinhicking) * Enhance quicksearch by performing a wildcard-search for the searchterms, when less than 4 matches are found. (onli) * Updated czech translation, by Vlada Ajgl * Use a space instead of comma to seperate DENY rules in spamblock plugin, patch by brielle * Added ability to use strftime variables in the spamblock.log filename. (kleinerchemiker) * Added improved Blogger.com importer using the API, thanks to jaa * Change password hashing from plain md5 to salted SHA1. Logins should continue to work and are migrated to SHA1 keys upon first login. MD5-logins will only work successfully once. This mechanism will expire 6 months after the upgrade has been executed. EXPERIMENTAL! (http://blog.s9y.org/archives/205-hash.html) (garvinhicking) * Allow admins to also approve comments awaiting user-confirmation (garvinhicking) * Fix statistics sidebar plugin to properly count weekly visitors (garvinhicking) * Allow javascript inside Xinha WYSIWYG textarea (garvinhicking) * Allow anonymized submission to Typepad/Akismet to attribute possible federal laws for data protection (garvinhicking) (RFE #2517320) * Change antispam plugin to also support Typepad as an alternative to Akismet. (judebert) Version 1.4.2 () ------------------------------------------------------------------------ * Changed spamblock plugin for text filtering to ignore trailing or prepending spaces in blacklists (garvinhicking) * Change syndication plugin to also support new feeds2.feedburner.com style URLs (garvinhicking) * Fix bad link in Remote RSS sidebar plugin (#2521122) (garvinhicking) Version 1.4.1 (January 16th, 2009) ------------------------------------------------------------------------ * Fix missing index key creation for statistics tables in the statistics plugin (isotopp) * Change "Allow duplicate content" in spamblock plugin to not operate on (empty) pingbacks (garvinhicking) * Upgrade to Smarty 2.6.22 to fix a PCRE bug * Remove warning message when checking for plugin documentation files on open_basedir servers (garvinhicking) Version 1.4 (December 29th 2008) ------------------------------------------------------------------------ * Added new event hooks for future support of WYSIWYG button modifications (judebert) [1.4-beta2] * Added ability to rename "feeds" in the syndication plugin and add a big image on top (onli) [1.4-beta2] * Added more parameters to {serendipity_printComments} function: "block" (smarty block variable name), "template" (smarty template file to render) [1.4-beta2] * Fixed not remembering entryproperties when re-editing an entry, introduced with 1.4-beta1 [1.4-beta2] * Added SMF importer [1.4-beta2] * Fix setting cookies for 30 Days, not only ~43 Minutes. Thanks to konus! [1.4-beta2] * Adjust getting the right URL for karmavoting and shoutbox plugins [1.4-beta2] * Added %parentname% permalink property to category structure, so that a full category name path can be used instead of only %name%. (garvinhicking) [1.4-beta2] * Made entrypropertie's password plugin form use "autocomplete=off" to prevent inserting badly stored passwords. Thanks to sbauer! [1.4-beta2] * Added full plugin name and links to documentation/changelog for plugins on installation and configuration [1.4-beta2]: You can provide Documentation for your plugins by supplying a local file called documentation_XX.html inside the plugin directory, which Serendipity will automatically detect. You can also (additionally) add a property bag attribute "website" inside your plugin's introspect() method: $propbag->add('website', 'http://anypage.com/'); To provide a version history, you can add a file "ChangeLog" (mind the exact spelling) to your plugin directory. All three possible links are shown on the Serendipity interface when configuring or installing a plugin. (garvinhicking) * Fix not properly counting trackbacks or resetting comment/tb counter when editing an entry [1.4-beta2] (garvinhicking) * Added experimental Serendipity importer (for merging installations, fore example). (Garvinhicking) * Use "autocomplete=off" for the default database password in the installer, to workaround stupid Firefox password autocompletion inserting the author password at this place. * Also recreate custom permalinks without using URL rewriting (garvinhicking) * Fix WYSIWYG media insertion when being called on pages with multiple HTML portions/nuggets, and also the staticpage plugin (garvinhicking) * Prefix possibly missing http:// of commenting authors URLs in recent comments sidebar plugin and admin interface. (garvinhicking) * Recount trackbacks/comments when a new comment is made, instead of carrying over an incrementing/decreminting counter for entries, that might get off. (garvinhicking) * Add new global config option to support OptIn confirmation for comment subscriptions (garvinhicking) * Allow spamblock plugin to use approval mechanism for comments, so that commenting users first need to approve their comment via email ("once" or "always" as options). * Replace htmlarea with XINHA. Thanks to abdussamad! (Experimental! Needs testing on shared installations. Might need browser cache refresh!) * Add link to preview entries by an author into the usermanagement (garvinhicking) * Add memory_limit output to s9y installation, 8MB for 32bit and 16MB for 64bit OSes * Add support for postgreSQL ts_vector fulltext search, thanks to genesis. * Bulletproof: Added support for custom, randomized header image. If you enter a path (relative to the domain root, like '/blog/uploads/'), any of the contained images will be rotated. (garvinhicking) * Added header('Status:...') calls so that some CGI installations of apache emit proper headers (garvinhicking) * Add a "Configure this plugin" link to the frontend output for every sidebar plugin, not only HTML nuggets. (garvinhicking) * Enhance entryproperties plugin to use sequencing widget: Allows you to configure which fields you want to see in the 'Edit Entry' panel for "Advanced Options". (garvinhicking) * Propagate a 'article_count' smarty variable for each category in the category sidebar plugin, when article counting is enabled. (garvinhicking) * Trackbacks are no longer sent when an entry shall be published in the future. You can force them by editing and re-saving an entry, once it is published. TODO: A plugin/cronjob to automatically execute those trackbacks? (garvinhicking) * Allow 'sequence' widget to enable/disable each config item, if the property "checkable" is added to the introspect method. (garvinhicking) * Do not show title of entries marked as public/private when viewed without permissions. Patch thanks to Anthem * Make cookie deletion routine use the same host like cookie insertion, thanks to JPhilip * Added optional token insertion for comment notification (moderation) e-mails, which you can click without the need for authentication. This is a convenience feature, note that if someone can access your mails, he does not need to authenticate for deleting/approving a comment with the contained link. (Rob A) * Fix showing wrong metadata (00:00:00" for uploaded metadata. (garvinhicking) * RFE #2006182: Make search highlight plugin also honour serendipity's search terms. (garvinhicking) * Improved "Remote RSS" plugin's templating output to select custom template files. Add demo "Nasa Image of the Day" plugin by Grigory F. (garvinhicking) * Fix Generic RSS import to not always assume WPXRSS feed. (garvinhicking) * Fix bug in category sidebar plugin, which showed categories that should have been hidden when the option "Hide parents of selected sub-tree" was selected and Smarty templating was enabled. (garvinhicking) * Change option to allow subscriptions to comments so that fulltext comments can be mailed to subscribers. (garvinhicking) * Default .htaccess now contains a conditional rewrite pattern for fallback *.html generation. Thanks to absynth. (TODO: Regenerate .htaccess on update, maybe make this condition optional) * Update to Spartacus to support custom mirrors (garvinhicking) * Added possibility to access more SQL query parts of fetchEntries through plugin API. New indexes of $eventData: - 'single_group', 'single_having', 'single_orderby' for serendipity_fetchEntry (through hook 'frontend_fetchentry') - 'group', 'having' for serendipity_fetchEntries (through hook 'frontend_fetchentries') (judebert&garvinhicking) * Added RewriteRule to ensure that admin panel can be called, thanks to rich4647 from the forums. * Added file checksums to be able to verify integral structure of a s9y release (judebert) * Use semantically better HTML output by sidebar plugins (ordererd lists, less <br>s, ...) (YellowLED) * Add new configuration option to allow rescaling thumbnails with height/width/maximum size constraints. (judebert) * Allow to override $serendipity['languages'] array, do not issue s9y version number in RSS feed if 'expose_s9y' is disabled. * Add new config option to entryproperties plugin to not use extensive joins to save performance in cases where no ACLs need to be evaluated. (garvinhicking) Version 1.3.1 () ------------------------------------------------------------------------ * Add XSS security checks for installer, even though very hypothetical application :) (Hanno B�ck) * Add {serendipity_getImageSize} smarty function (judebert) * Add escaping to "Top Referrers" plugin and honor local configuration of "Show links" option, thanks to Hanno B�ck * Fix some PostgreSQL implicit casts for SQL queries (changed LIKE to =). (Devrim G�nd�z) Version 1.3 (March 18th, 2008) ------------------------------------------------------------------------ * Fix possible XSS injection for published trackbacks, thanks to Peter H�we! * Added "Google Reader" option to syndication plugin, by Adam Charnock * Updated recent_entries plugin to show/hide on overview, detailed entry, or all pages (don chambers). * Updated statistics plugin to contain per week/day visitors. (roti) * Updated hungarian language * Allow to submit comments to future entries, when showing future entries is enabled (garvinhicking) Version 1.3-beta1 (February 25th, 2008) ------------------------------------------------------------------------ * Fix sidebar plugin for the author's list to not include counting drafted articles (garvinhicking) * Add option "template" to smarty function call {serendipity_ printSidebar} (garvinhicking) * Upgrade to Smarty 2.6.19 (garvinhicking) * Fixed bug #1893108: Missing 'xmlns' attribute in templates for <html> tag. (garvinhicking) * Updated karma ranking plugin to use nice graphics (judebert,gregman) * Added phpNuke importer (garvinhicking) * Add ability to plugins to check uploaded media files for invalid file extensions. Added more escaping to user- and groupnames for untrusted author environments, thanks to Hanno Boeck. (garvinhicking) * Added czech translation to bulletproof templates and bundled plugins, by Vlada Ajgl * Sidebar plugin comments: URLs of writers now are shown for all entries not only for trackbacks. You may configure if they should be shown for all, none, normal writers or trackback/pingbacks. (brockhaus) * Pingback/Trackback textfetching: HTML Entities are now converted to characters. (brockhaus) * For Pingback it is now possible to define the maximum amount of characters while fetching text of the remote site. Add $serendipity['pingbackFetchPageMaxLength'] = 200 to your serendipity_config_local.php. (brockhaus) * Add ability to set comments as "pending" again, even when already approved in the comment-moderation backend panel. (garvinhicking) * Insert "serendipity_image_center", "serendipity_image_left" and "serendipity_image_right" CSS classes to the image tag, when inserting an image from the mediadatabase (garvinhicking) * Fix displaying entry title in the backend section exactly like in the frontend, thanks to Alex (garvinhicking) * Added hooks to trackback listing in order to let plugins change it (the avatar plugin in example) (brockhaus) * Add more verbose CSS classes to remote RSS sidebar plugin, also only encapsulate the first XML-Item as link. All following items are only encapsulated in <span>s. Also add possible plugin_remoterss.tpl smarty output template to this plugin. (garvinhicking) * Make browser compatibility plugin bail out for IE7. Thanks to Freudi from the forums. * Add possibility to spartacus to upload files via FTP. This can bypass Safe_mode restrictions on your server to make Spartacus work for you. (VladaAjgl) * Add spartacus remote management versioning information subpage. (garvinhicking) * Allow the "send mail" plugin to send mails to all registered authors (garvinhicking) * New spam blocking method for trackbacks: ip validation. The senders ip is compared with the ip of the host, the trackback is set to. If they don't match, the trackback is rejected/moderated. This should reject most of the trackback spam bots. (brockhaus) * Updated karma plugin to not track clicks of registered users (brockhaus) * Made short-urls index.php?serendipity[id]=X or index.php?p=X properly show a single entry view (garvinhicking) * Added new parameter "joinown" and "entryprops" to {serendipity_ fetchPrintEntries} smarty function, to be able to fetch entries according to their entryprops or other custom SQL. (garvinhicking) * New plugin API method "parseTemplate($filename)" to allow a sidebar- or event-plugin to fetch+display a smarty template. (garvinhicking) * The archive sidebar plugin shiped with s9y now displays numbers of articles correctly for month, catergories and so on, even if multicategory articles are used. (brockhaus) * Added LifeType importer (garvinhicking) * The recent entries sidebar plugin shiped with s9y listed entries not accessable by the current user because of right restrictions. (brockhaus) * Patch popup-HTML-code insertion javascript to better inter- operate with tinymce, xinha or fckeditor. Thanks to Assen Tchorbadjiev. * Add experimental DB layer for "SQLRelay" database proxy extension, by Dante Mason * On the fly update of the media database: Not only images are added but video and audio, too. (brockhaus) * Trackbacks to links without a RDF-description now get properly evaluated. Mostly WordPress-specific. (brockhaus) * Pingback receiving is working now with internal functionality in comment.php Smarty trackback loader now loads trackbacks and pingbacks (brockhaus) * Extended spam blocking plugin to handle pingbacks like trackbacks. (brockhaus) * Full pingback support, fallback trackback method for WordPress blogs. (brockhaus) Version 1.2.1 (December 8th, 2007) ------------------------------------------------------------------------ * Updated Textile library to 2.0, by Lars Strojny * Fix wrong entry timestamp used in comment feeds (garvinhicking) * Highlighting searched words in entries now uses str_replace instead of slower and possibly insecure preg_replace(). Thanks to Dietrich Raisin! * Updated WordPress imported to be able to import from a 2.3 structure (experimental). Also added WPXRSS import to the generic RSS importer. (garvinhicking) * Fix proper encoding of '%' sign when used in post titles (garvinhicking) * Encode RSS feed links, Patch by Hanno Boeck * Fix spartacus filter listing showing event plugin groups in the sidebar listing. * Patch PEAR.php for better detection, if already included. Thanks to Assen Tchorbadjiev. * Fix admin entry list when no entries exist or meet filter criteria. (Don Chambers) * Fix PHP notice about session_start() * Bulletproof template can now include custom user stylesheets (*_style.css) in the dropdown of a colorset. (garvinhicking) Version 1.2 (August 26th, 2007) ------------------------------------------------------------------------ * Added bulletproof template by http://s9y-bulletproof.com * (beta4) Fix comment-RSS feeds * (beta4) serendipity_plugin_comments now also supports Favatars and Pavatars in combination with serendipity_event_gravatar instead of Gravatars only. (brockhaus) * (beta4) Fix wrong event hook for entry manager to display toolbar for the main body area. * (beta4) Stronger autologin cookie encryption, prevent mixup with template options (which could make foreign users delete your configured template option keys). Also use new serendpity_db_implode() function for a safer API on image handling. All hail Stefan Esser. :) * (beta4) Backend templating changes to insert more classes to input fields etc (Don Chambers) * (beta4) Fix invalid pingback XML code, by Slim * (beta2) Fix when saving personal configuration the userlevel and "no_create" flags where not properly saved, thanks to PHPaws! (garvinhicking) * When a category or entry does not exist, emit HTTP 404 message template instead of "No entries to print" and HTTP 200 status. (garvinhicking) * Fix URL permalink lookup in some cases (garvinhicking, beta2) * Add admin backend templates for main area and the entry editor. Falls back to default PHP output if Smarty cannot be utilized. (garvinhicking) * Fix properly reinstantiating sessions and properly deleting cookies when requested (garvinhicking) * Add support for sqlite3 (http://php-sqlite3.sourceforge.net/), by geekmug * Change database types for IP addresses to varchar(64) to support IPv6 (garvinhicking) * Make statistics, karma and spamblock plugin only log 255 characters of HTTP User-Agent and Referrer strings to the database, as the fields are only varchar(255). Thanks to jemm4jemm! * Fix bug in conjunction with PHP 5.2.1 changed variable-by-reference handling that could result in no groups being listed for author accounts (garvinhicking) * Fix redundant space when inserting links through the non-WYSIWYG editor panel. Fix "null" insertion. Thanks to Alp Uckan. * Fix RSS fullfeed "let client decide" option typo. Previously this always enforced a fullfeed to show, regardless of what the client indicated. Thanks to stm9x9 (garvinhicking) * Add proper charset to CSS stylesheet. Thanks to SADtg (garvinhicking) * Strip tags from comments also in RSS-Feeds for comments, thanks to tmix from the forums (garvinhicking) * Patch #1697590: Proper directory name of SQLite DB-error messages, thanks to Thijs Kinkhorst * Enabled setting cache-control headers by default. * Fix wrong next/previous page links when using wrapper.php indexFile option. (garvinhicking) * Prevent cookie-based session fixation by regenerationg server-side session ID. Major thanks to David Vieira-Kurz. * Display theme's preview_fullsize.jpg image when existing. Added screenshots by williamts99. * Upgrade bundled Smarty to 2.6.18 (garvinhicking) * Make plugins be able to emit their own RSS-Feeds using $eventData['template_file'] on the 'frontend_rss' event hook (garvinhicking) * Fix missing %username% permalink pattern in single entry view. Patch by cress_cc * Allow to specify non-default port when using MySQLi (garvinhicking) * Show current captcha look in the plugin configuration menu (garvinhicking) * Add new category property to hide blog postings made into sub- categories from the frontend view, per category. Thanks to netmorix from the forums! (garvinhicking) * Move possible hazardous personal configuration options ("Rights: Publishing entries", "Forbid creating entries", "Access level"; "Group memberships") to the user management section. (garvinhicking) * Fix track exit url ids off by one when being used in conjunction with caching plugin (garvinhicking) * Fix permalink patterns for some cases to properly detect pagination variables instead of interpreting search words as those. (garvinhicking) * Improve performance of displaying the complete archive. Instead of year*months SQL queries, only one query is now used. (garvinhicking) * Improve installation on hosts where fsockopen() is disabled (garvinhicking) * Improve memory usage of WordPress importer, add debug output (garvinhicking) * EXPERIMENTAL: Modify session language fetch function to allow earlier plugin API calls (Rob Richards) * No longer accept trackbacks to draft entries.Thanks to j_b_poquelin (garvinhicking) * Do not store an unnecessary config value for check_password and password user properties. Thanks to jenzo from the forums! (garvinhicking) * Update spamblock plugin to update a .htaccess file with DENY rules based on recent spammer IPs. EXPERIMENTAL. * Support shared http/https sessions. Performing admin actions will only be allowed (through tokens) on the protocol that was used for login. Patch by Rob Richards (http://board.s9y.org/viewtopic.php?p=49276) * Added PDO:PostgreSQL support (Theo Schlossnagle) * Dutch translation update with many fixes by Sam Geeraerts * Improve Livesearch-Plugin to abort search on outside-of-box click, fetch proper "not found" message on zero results (Lars Strojny) * Change bbCode plugin to use "white-space: pre". Thanks to jtb! * Moved drag+drop and YahooUI library into templates/default/ to be used in shared installation environments (garvinhicking) * Improve WP importer by only fetching real posts (attachments/static only optional) and splitting a post into extended/normal entry. Thanks to jtb! * Update Spartacus plugin to allow configuring whether to fetch Themes or Plugins, or only one/none of them (garvinhicking) * Remove "View" option for drafted entries in the "Edit entries" section and replace with a "Preview" option. (garvinhicking) * Make spamblock plugin be more verbose in moderation-queue emails. RFE #1626712 (garvinhicking) * BBCode plugin improvement: Proper DIV-tag nesting, modify CSS code to use scrollbars (Jez Hancock) * Stricter mbstring-extension check for special charsets like czech, thanks to mila * Upgraded DB-scheme to allow longer author usernames * Improved Spamblock plugin to allow filtering email addresses (Boris) * Improved Spartacus' detection of firewalling/network connection issues (judebert) * Introduce '%lowertitle%' permalink attribute to use lowercase permalinks. (garvinhicking) * Allow to call permalinks that end with a "/" the same as if not ending with a "/" (garvinhicking) Version 1.1.4 (August 8th, 2007) ------------------------------------------------------------------------ * Fix being able to set entryproperties values via POST-Request (and being able to bypass password-protection of an entry, when the Entryproperties plugin is installed). Thanks to Erich Schubert Version 1.1.3 (June 17th, 2007) ------------------------------------------------------------------------ * Fix SQL injection through 'commentMode' variable. Thanks to Dr. Neal Krawetz * Fix missing %username% permalink pattern in single entry view. Patch by cress_cc Version 1.1.2 (March 1st, 2007) ----------------------------------------------------------------------- * Fix showing SQL error message when an empty category is selected for viewing. Fixes an issue reported by Samenspender that was falsely declard as SQL injection. In fact, no invalid SQL code can be injected. (garvinhicking) * Better checks to see if the local PEAR inclusion is required (garvinhicking) Version 1.1.1 (February 22nd, 2007) ------------------------------------------------------------------------ * Patch plugin permissionship management to properly indicate forbidden plugins/hooks, even if the admin user is not contained within the configured group. Thanks to ICE! (http://board.s9y.org/viewtopic.php?t=8773) (garvinhicking) * Patch pingback receiving function to use proper Regexp, thanks to dhaun from the forums * Make categories sidebar plugin properly return evaluated categories list to plugin_categories.tpl template. Currently, a hidden structure would only be displayed when not using custom template. (garvinhicking) * Change order of trackback execution flow (again) to preserve references for plugins like Track Exits, when used in conjunction with the entryproperties cache (garvinhicking) * Fixed a bug that prevented some entryproperty-plugins to execute on the entry detail pane. (garvinhicking, Dragonblast) * Fix a bug in sending the right login session cookies on Windows IIS servers. Major thanks to Shadowin from the forums! Version 1.1 (December 28th, 2006) ------------------------------------------------------------------------ * Fix better installer warning messages when directories have no write privileges and already exist. Thanks to wagwag! * Small bugfixes: Allow to use different login credentials than the current HTTP Basic-Auth, if used. Order categories by name in single entry view (garvinhicking) * Added bookmarklet to Serendipity core, added to the "Further links" welcome screen. Thanks to stm999999999! (garvinhicking) * Fixed a bug in lowercased DB key names in the plugin API table, which prevented postgresql for properly printing a plugin list in some setups (garvinhicking) * Huge SQL improvement by "caching" the current timestamp for 5 minutes, so that an SQL string for the central logic will stay the same for a 5 minute window, thus relying on the DB-Server to cache query results more efficiently. Major thanks to Matthew Groeninger. * Enhanced nl2br plugin so that it will NOT put breaks into pre- defined tags like <pre>, <code> etc. Not enabled by default. Thanks to Brendon K from the forums! * Portuguese translation update by Angel * Added functionality to reply to comments in the admin interface (garvinhicking) * Enhance spamblock plugin with session hash check, to prevent automatted comment posting. Also prevents possible CSRF for tricking you into submitting comments to your own blog. Thanks to Stefan Esser! (garvinhicking) * Support to delete multiple entries at once via checkboxes in the entry admin panel, fix admin entry pagination to not show next pages, if that next page were empty. (garvinhicking) Version 1.1-beta5 (October 18th, 2006) ------------------------------------------------------------------------ * Added new plugin hooks: backend_templates_configuration_top backend_templates_configuration_bottom backend_templates_configuration_none for the theme configuration (garvinhicking) * Allow to set $serendipity['CacheControl'] to make serendipity emit Cache-Control: HTTP headers. Thanks to annonymous from the forums! * Use seperate PHP session ID when using HTTPS login. Set 'secure' cookie parameters when using HTTPS. Thanks to lynoure! * Added possibility for templates to define the sidebars they use. The template specifies this via the $template_config array in the config.inc.php file of a template. It looks like this: $template_config = array( array( 'var' => 'sidebars', 'title' => 'Sidebars', 'type' => 'string', 'default' => 'left,hide,right' ) ); Note some things: Seperate the sidebar keys with a "," only - do not use spaces. Also never use more than 6 characters for the descriptors. If you do not want to make it configurable, you can also use the $serendipity['sidebars'] array to define the sidebars that are available. * Made category-recursion show orphaned categories because of permission restrictions (garvinhicking) * Fix some markup functions in textile plugin (Matthias Leisi) * Add Smarty function to show commentform (garvinhicking) * Group management now allows to disallow certain plugins or even specific plugin hooks per usergroup (garvinhicking) Version 1.1-beta3 () ------------------------------------------------------------------------ * Change permalinks to allow "%" in URLS. Fix templatedropdown plugin to remove double "//". Fix bad htmlspecialchars of the RDF ident link. (garvinhicking) * Allow to apply current permissions of a directory to all sub- directories (Matthew Groeninger) * Fix a bug in the HTTP 304 Conditional GET RSS-Feed caching when the server timezone offset was not set to zero. Thanks to dand! * Added ability to use HTTP Authentication to the blog. Can be triggered by submitting HTTP Auth credentials [only supported when the server runs with mod_php, not as CGI]. Authentication can be forced URLs with the "?http_auth=true" parameter, which will then send a "401 Unauthorized" header. If your server does not support mod_php, you can submit REQUEST variables: ?http_auth_user=XXX&http_auth_pw=YYY. Note that specifying username and password in the URI will lead to password disclosure in HTTP logfiles. This feature is most importantly meant for RSS-feeds, to make RSS readers able to submit login credentials. (garvinhicking) Version 1.1-beta1 (August 14th, 2006) ------------------------------------------------------------------------ * Fix multiple loading of $serendipity['smarty'] theme options when calling serendipity_smarty_init() more than once. Many thanks to Sven Ediger for reporting this. (garvinhicking) * Properly sort media directories (garvinhicking) * Better use of "return by references" in some vital areas. Improves performance. Might introduce glitches. Keep an eye on this! (garvinhicking) * Add new template 'comments_by_author' which show comments made by authors. New permalink structure: "/comments/[AUTHORNAME]/comments|trackbacks|comments_and_trackbacks/P[PAGENUMBER]/FROM [YYYY-MM-DD]/TO [YYYY-MM-DD]" Instead of /FROM and /TO you can also use /F and /T. Instead of /FROM and /TO you can also specify /last_X, where X is the amount of past days to show comments for. (garvinhicking) * Add "Comments and Trackbacks" feed feature (stm99..) * Add LiveJournal XML importer (garvinhicking) * Fix not fetching allow_comments/moderate_comments value when inside search function. Thanks to stm! (garvinhicking) * Add new links to check for upgradable SPARTACUS plugins (garvinhicking) * Add new frontend view "Archive by Authors": /archive/Axx.html to view the archive listing for specific authors only (like viewing archive by specific categories only via /archive/Cxx.html etc.) (garvinhicking) * Templating: Add new {$entry.html_title} variable that holds unescaped HTML code of the Entry's title (garvinhicking) * BC-Break / Plugin API change: The serendipity_getTemplate() file now no longer returns FALSE when a file is not found, but instead the filename without a path. This is required so that the smarty- created error message contains the missing filename instead of an empty '' string. Plugins based on this function need to make sure that they will now properly use a file_exists() check on the returned function, if they want to probe different locations of a file. All template files containing the string "plugin" will still return FALSE for the function call, to circumvent problems with spartacus plugins. Bottom line: Plugins that use "*plugin*.tpl" filenames or check via file_exists() on the returned variable are safe. (garvinhicking) * Added arabic (sa) language by Way * Add patch to allow entryproperties plugin to define passwords for specific entries (Falk D�ring) * Made smarty function "serendipity_printComments" accept to new parameters: "order" (ASC/DESC) and "limit" (garvinhicking) * Comment moderation panel, usability improvement: Blocking authors/ URLs will lead to the originating page. Thanks to Tanel Raja! (garvinhicking) * Patch mb-functions to better work on foreign/japanese charsets (thanks to deminy!) * Replaced core smarty assign() calls to assign_by_ref() where appropriate. (Falk D�ring, garvinhicking) TODO: This might introduce oddities! Check thoroughly. * Fixed not showing entries in the quicksearch that have the "no frontpage" entryproperty set (garvinhicking) * Fixed sidebar category plugin to show proper category listing for permission-based restrictions, when "current autho" mode is selected (garvinhicking) * Added experimental XML-engine, for XSLT templating support (garvinhicking) * Added experimental PHP-engine templating support, bypassing Smarty. Work in progress, mostly proof-of-concept. Might be changed completely. Read instructions in the include/template_api.inc.php file. Dedicated to Davey. ;) (garvinhicking) * Support to crop images from within the media database. Pick a picture in the MDB, go to the property section of that image and click on the "EDIT" link. (garvinhicking) TODO: - Operate also on PNG, TIFF etc. (currently only JPEG!) - Support image magick (currently ony gdlib!) - Currently backup files are scattered around, fix this. - Interface cleanup - Add options to only affect the images thumbnail instead of always saving the whole picture. - Internationalization! * Move the DB charset option to serendipity_config_local.inc.php to issue propper DB connections instantly. (garvinhicking) Version 1.1-alpha6() ------------------------------------------------------------------------ * Use possibly existing local PEAR by default. Patch by Davey (garvinhicking) * Add missing indices for the statistics visitor DB tables (garvinhicking) * Add new "custom" property bag type, which can emit any kind of custom HTML/JS values. Current property bag value can be referenced by DOM GetElementById('config_plugin_XXX') if you want to emit specific JavaScript. Can also be used by template configurator for heavily customized output. (garvinhicking) * Fix bug #1494653: Non-Unique index constraint for 'exits' table. Thanks to Markus Brueckner! (garvinhicking) Version 1.1-alpha5() ------------------------------------------------------------------------ * Implemented Drag and Drop based plugin configuration panel for re-ordering plugin layout. Uses JavaScript - works like old manager when having JS disabled! (garvinhicking) * Changed "Auto-Login" via Cookie behaviour to only issue single- time valid cookies to users and no longer put username/pw into serialized cookie data. Many thanks to Yasuo Ohgaki for giving a helping hand! (garvinhicking) * Added possibility to hide/temporarily disable Event plugins (garvinhicking) * Added "plugin_api_extension" class, which contains some helper methods for future use, like re-ordering DB items or checking valid emails. (Falk D�ring) * Fix multiple occurences of the string "--" in the entry title to not mess up HTML display because of weird Firefox interpretation (Bug #1474290) (garvinhicking) * Made "fullfeed" syndication option also support "let the client decide", via $_GET['fullFeed'] = true/false. (garvinhicking) * Added new configuration option to that lets you toggle whether to comply with RFC2616 on Conditional GET. (Garvinhicking) * Support template/theme/style-specific options via "config.inc.php" file in template directory. Allows values like "background-color", "header" etc. to be made configurable in the admin screen. (garvinhicking) * Make media manager able to store media properties and many other enhancements: DETAILS: - Smarty templates for all media-related output - New DHTML widget for tree navigation - Store+Retrieve EXIF/XMP/ITPC/ID3 metadata for uploaded files [new database table] - Manage custom keywords for media items - Option for enabling the toolbar in the popup media window - Plugin API hooks for fetching media metadata (like via getID3() plugin) - Make media chooser also return the media ID - Detect if a file is video, audio, image, document, archive, binary. Unify image fetching functionality. - Allow to create directories from the popup media window - Optionally increase filename (1, 2, 4, 5, ...) when file already exists - Restrict file upload by size/dimensions via configuration options - Sort media files by all custom property fields - Search/Filter for specific properties/keywords. - Enhanced media filter for keywords - Use entered comments in the "You choose..." picking page - Integrate new page for viewing images with media properties through serendipity_admin_image_selector.php?serendipity[image]=X - Integrate imageselectorplus plugin options for giving a target to links - New option for image_Selector to save a specific sized version (?serendipity[image]=X&serendipity[step]=showItem &serendipity[resizeWidth]=X&serendipity[resizeHeight]=Y - Track referrers by image selector and show them on detail page - Allow to move directories with files and updating all links in your entries to those moved items. (MySQL only!) - Allow to move single images. (garvinhicking) * Create a new index on the plugin DB table, optimize fetching config values for plugins. Load language file when permissions could not allow reading the config file. (garvinhicking) * Fix blocking site during file requests by writing session data to disk. Thanks to jgoerzen! (garvinhicking) * Make categories sidebar plugin able to only show categories readable for logged in user (garvinhicking) * Fix getting multiple images for directories that were put into the Acccess List (garvinhicking) * Allow to create new groups from existing ones, by editing them and clicking on "Create new group". (garvinhicking) * Statistic plugin update by Shrikee: Graphically display visitors, bot banning. * Deleting a comment that has replies will replace that comment with a "Comment deleted" reference. Deleting such a comment again will completely remove it. (garvinhicking, Jabrwock) * Added "further links" infobox to Admin interface (garvinhicking) * Media manager gallery will use (user-specified) "admin/img/mime_XXX-YYY.png" images of a template for non-image mimetypes. (garvinhicking) * Allow entryproperties plugin to define which markup plugins are applied per-entry (garvinhicking) * Added links to view an entry in reasonable places (comments / entry overview) (garvinhicking) * Added on-the-fly synchronizing of the Serendipity media database with the file system (Marty, garvinhicking) * Introduce permission setup for media directories (garvinhicking) * Added config option for specifying number of entries in the RSS feed (garvinhicking) * Added option whether to issue the "SET NAMES" mysql command (garvinhicking) * Removed config option "XHTML11 compliance" and enabled by default now (garvinhicking) Version 1.0.4 (December 1st, 2006) ------------------------------------------------------------------------ * Fix local file inclusion bug on systems with two conditions: register_globals=on AND missing .htaccess for restricting access to .inc.php files. (garvinhicking) * Fixed problem in trackbacks using a formatted link (like through trackexits plugin) to trackback to instead of the real one Version 1.0.3 (November 7th, 2006) ------------------------------------------------------------------------ * Fix PHP 5.2.0 compatibility issue. (garvinhicking) * Add testsuite (nohn) * Some minor 1.1 bug backports: - Fix a problem where spartacus did not properly assign configured permissions to downloaded directories, thanks to danilo from the forums! (garvinhicking) - "View Article" in "Save Entry" dialog (nohn) - Fix possible integer wraparound in comment count leading to a gazillion counter state. Also now show links to the entries within the administration comment panel. Thanks to Julian Finn! - Fix bug with using %username% in author permalinks, thanks to oeli from the forums! (garvinhicking) - Fix a problem where spartacus did not properly assign configured permissions to downloaded directories, thanks to danilo from the forums! - Move trackback sending logic to the end when saving an entry. Should get rid of event plugins not operating when trackbacks painfully fail. Thanks to isotopp (garvinhicking) - Fixed bug that prevented native imports from other blog system to recode ISO-charsets into UTF-8. Major thanks to Jan of blog.salid.de. (garvinhicking) - Added $serendipity['expose_s9y'] variable to optionall prevent s9y from emitting any s9y-specific HTTP headers (garvinhicking) Version 1.0.2 (October 18th, 2006) ------------------------------------------------------------------------ * Fix a security issue with XSS on the admin backend for registered authors. Many thanks to Stefan Esser! (garvinhicking) Version 1.0.1 (August 14th, 2006) ------------------------------------------------------------------------ * Fix problem on newer Firefox versions, where insertion of images in the WYSIWYG editor did not work. It might be necessary to purge your browsers cache for this to properly work. (Jay Bertrandt) * Fix utf8 iconv conversion failing on some older PHP setups. Thanks to Matthias Leisi! * Fix multi-authors view only showing first author (garvinhicking) * Fix bug sending comment-notification mails to subscribed users without an email address (garvinhicking) * Fixed icelandic language bug preventing upgrade (garvinhicking) Version 1.0 (June 15th, 2006) ------------------------------------------------------------------------ * Insert logic for saving an entry that prevents the iframe for trackbacks/xml-rpc pings to save an entry multiple times upon failure. Many thanks to tharos from the Forums! (garvinhicking) * Add smarty parameter $view which can be used to detect what kind of page is being displayed. One of: archives