Zenphoto

This is a Vagrant project to quickly setup a virtual machine with a ready-to-install Zenohoto instance.

This project uses Vagrant multi machine feature, therefore two different providers are available:

• VirtualBox: Default with an Ubuntu (14.04) Trusty 64bit virtual machine.
• DigitalOcean: Default with an Ubuntu (14.04) Trusty 64bit virtual machine.

This is a bugfix and security release.

The security issue affects specifially the third party phpmailer library used by the PHPMailer plugin. More info on that on https://github.com/PHPMailer/PHPMailer/releases. You basically could only be affected if you use this plugin as the mailing facility via the contact_form plugin for example.

General

• Zenphoto now exposes only the general Zenphoto version and the script generation time within the html comment at the bottom of  front end theme files. Formerly it also exposes some server related data like the graphic lib and which plugins are being used.
  This was of course to help us supporting on the forum as we would get an some base information about the install even if those haven't been provided. But of course it might give more information than necessary to some people who have non helpful ideas in mind… (...)

Read more

This is a minor bugfix release. 

General

• Follow-up fixes regarding the new dirty form check on the backend [fretzl]
• Some fixes regarding PHP 7 compatibility [fretzl]
• New parameter $printHomeURL added to printGalleryIndexURL() function to hide the home-link if desired [fretzl - thanks to vincent3569]
  
• Fix getParentBreadcrumb() where toplevel parent returned wrong page number[acrylian, fretzl]

Themes

• Fix issue with gallery page number in Garland theme [fretzl]
• Fix issue with Custom Homepage option in Garland theme [fretzl]

Plugins

• Fix themeSwitcher plugin to work with new admintoolbox layout [acrylian]
• Better layout of the site_upgrade plugin placeholder page and finaly got rid of the ugly placeholder image whose usage wasn't clear as (...)

Read more

In case you haven't heard about there were some serious vulnerabilites in ImageMagick discovered:

There are multiple vulnerabilities in ImageMagick, a package commonly used by web services to process images. One of the vulnerabilities can lead to remote code execution (RCE) if you process user submitted images. The exploit for this vulnerability is being used in the wild.

A number of image processing plugins depend on the ImageMagick library, including, but not limited to, PHP’s imagick, Ruby’s rmagick and paperclip, and nodejs’s imagemagick.
Source: https://imagetragick.com

Since Zenphoto may use PHP Imagick for image processing you might be affected as well especially if you let third parties upload images to your site.

Since this a server side extension there is nothing we can do. If you have (...)

Read more

This is a bugfix and minor security release.

General

• Fixes a RFI and – on older PHP versions – possible LFI security issues on log downloads on the backend [acrylian - Thanks to Tim Coen/Curesec]
• Zenphoto now consequently generates urls with a trailing slash. That is basically any url except for the single image page which normally uses a suffix. The .htaccess file includes new lines to always direct to the trailing slash url to avoid duplicated content because url's without it will still work. If you are not on an Apache server (like Nginx) that does not support htaccess your might need to setup something on your server yourself [acrylian - Thanks to Simounet for the htaccess addition]
• The admin toolbox you get on your site frontend in the top right corner if loggedin has been modified to a fullwidth toolbar now. The reason is that especially on mobile themes/ (...)

Read more

Olivier Ffrench has released an update of his responsive theme and also modified the look a bit. Take a look at the screenshots below or see the theme in action on his website.

Genesis Farm And Gardens

 

Lorien Beijaert

 

The (...)

Read more

The plugin has been updated and moved to https://www.zenphoto.org/news/zenphoto-json-rest-api/ 

Confluent

 

Florida Public Archaeology Network – Destination: Civil War

 

(...)

Read more