Zenphoto

Sadly 1.5.2 includes a serious bug preventing fresh installs. We try to fix this as soon as possible

This is a bugfix and security release.

Security

• Fixes XSS issue in the dynamic locale plugin [acrylian - Thanks to bic and special thanks to Andre Krooss for the report]

General

• Fixes SERVER_PROTOCOL constant and related option not reflecting the protocol setting within the config file [acrylian – Thanks to MarkRH]
• lib-imagick: zp_imageDims() and zp_imageIPTC() now use the same standard PHP function getimagesize() as the lib-gd instead of the Imagick class method pingImage(). Tests showed this to have better performance especially when processing hundreds of images via the cacheManager [acrylian]
• (...)

Read more

A plugin to redirect internal URLs. Primarily intended for URL's that otherwise would cause 404 not found errors.
URL's are redirected before before any theme page setup occurs. External URL's are not supported.

The plugin supports a JSON object file or a CSV file with outdate URL/new URL pairs.

Antonio Ranesi has just released version 2.0 of his thumbsZoom plugin. More info and download on his site: https://www.antonioranesi.it/pages/thumbszoom-v2.0-zenphoto-plugin/ 

Local virtual server packages like MAMP*, WAMP or XAMPP are very useful to test your ZenphotoCMS website while developing themes, plugins or before applying a ZenphotoCMS update to your site.

ZenphotoCMS generally works out of the box with these tools. But it is important that you configure them to use the standard web ports instead of other default ports they may have set. Here is an example from MAMP (it may be similar with the other tools):

*Since we work on Mac we use MAMP ourselves for years

This is a bugfix and rather minor security release. We apologize that it took so long again.

Security

• Open URL redirection issue on logging in fixed [acrylian, Thanks to security-provensec for the report]
• Too less strict permissions on clearing log files fixed [acrylian|
• XSS issues with search values [acrylian - Thanks to www.netsparker.com for the report]
• Plugin PHPmailer library updated to 6.0.6. More info: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6 

General

• Fixes issues with undefined path constants preventing setup to run correctly on primarily fresh installs [acrylian]
• Setup now recommends PHP cURL and tidy support for some functionality [acrylian, (...)

Read more

Before we lost contact with our former team member gjr he had sent a theme named zenji for review. For some reason it was forgotten in the depths of our hard drives but we recently re-discovereed it.

It is a clean and responsive theme and since he never got around to release it himself, we do it now in line with the GPL license. Not in our usual unsupported third party theme archive but in it's own repository. You can also review some screenshots on our site's theme section entry for it.

We have done some cleanup so it should be compatible with current releases. Please understand though that we may have no resources to further develop this theme but we can help fixing bugs with newer releases. Contributions via pull requests of course are also welcome if you use this theme.

Some may have noticed that gjr’s themes/repositories libratus and zpBase did not show any activity for quite some time. Sadly we lost contact with him some time ago, too. From what we know, it is probably just his full time day job – which is not web development related at all.

But before that he helped with some significant changes on the planned new major release he will get credit for.

Anway, we know that his themes are favorites so we have now forked his themes to the Zenphoto GitHub organization now:

• https://github.com/zenphoto/libratus
• https://github.com/zenphoto/zpbase

We have changed the entries on the extensions section already and suggest you file bug reports on those repos.

Please understand though that we have no resources to further develop these themes but we can help fixing bugs with newer releases that (...)

Read more

For quite some time now there is mention of a "next major release" and the recent release version 1.5 of course was not it yet. We feel that we owe an update on this and are sorry you have to wait this long but rest assured that we are working on it and that it is coming.

Since Zenphoto is primarily a non profit, more or less spare time project and "real life" often gets in the way, things take longer than we want.

Why not public?

You cannot preview this next version anywhere as it is not ready for testing yet and we also choose to develop in private to experiment a bit.

Open source by definition does not mean everything needs to happen in public, just that the code of the product is made publicly available. We figure this may be not optimal for everyone but that is how we choose to do it for now. Once we are finished it will be all public again as before.

A quick glimpse of what will happen

• New responsive backend: This (...)

Read more

Sorry that it took a bit longer (or as some may say too long) for this bugfix and minor security update. But some personal family related cirumstances ate a lot time the last months. And this is not the next major release we talked about every now and then. Look out for a separate info update on that soon.

Since on May 25th the new European General Data Privacy Rule (GDPR) took effect, we added some features to help and also prepared an article about Zenphoto and privacy considerations.

Raised requirments

By now we actually develop and test on PHP 7.2 so we raised requirements. Although the code will probably will still work on older PHP versions we neither test it nor make any effort to make things work below PHP 5.6. Although we simply can't and won't rewrite all code into "pure" PHP 7+ only unless really needed.

We also recommend to use MySQL 5.5.3 or later. You will still be able to install on as low (...)

Read more

Now that the GDPR has taken effect we like to tell you about data usage on our site. Our site does not collect much data. Our site actually consists of four sub sites:

zenphoto.org

The main site which uses Zenphoto itself. You cannot register on our main site and we don’t use comments. We don’t require cookies – except if you allow Matomo to track for statisics (see below) – on the main site except for our own login on the main site and keeping the search context if you searched on our site. The latter does not store personal data.

We do collect some data manually for the extension or theme entries regarding third party contributions. We create entries for any separately available 3rd party extension and theme. Either because you informed us about them or we find them ourselves in public. We may also create a so called contributor page to showcase your contributions in one place. But it is always what you see is what we have. There is no secret data (...)

Read more