News

Zenphoto 1.5.1 December 23, 2018

Categories:

    Contributors:

    This is a bugfix and rather minor security release. We apologize that it took so long again.

    Security

    • Open URL redirection issue on logging in fixed [acrylian, Thanks to security-provensec for the report]
    • Too less strict permissions on clearing log files fixed [acrylian|
    • XSS issues with search values [acrylian - Thanks to www.invicti.com/ for the report]
    • Plugin PHPmailer library updated to 6.0.6. More info: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6 

    General

    • Fixes issues with undefined path constants preventing setup to run correctly on primarily fresh installs [acrylian]
    • Setup now recommends PHP cURL and tidy support for some functionality [acrylian, fretzl]
    • Setup uses cURL if available to more reliable setup plugin and theme default options [acrylian, fretzl]
    • Fixes undefinded default core rewrite constants if the rewrite token defines in the config file are missing completly or partially. As long as using the defaults, they are not required to be set in the config file anymore [acrylian] 
    • Fixes various issues with (default image size) image cache file names unnecessarily introduced in 1.5. This resulted in non properly generated images and due wrong filename invalidated actually proper cache files. We apologize that this caused some troube for some users with large galleries. [acrylian, fretzl]
    • Fixes accidentally included reference in package to already removed Efferscence+ theme due to a forgotten hardcoded reference in the package generator [acrylian]
    • Fixes issue that https could not be set via options correctly [acrylian, fretzl]
    • Hotfix for 35mm Equivalent Focal Length in exifer library [kochs-online]
    • Data privacy policy page option: Shows all unprotected pages now no matter if published or unpublished and also notes nesting level in selector [acrylian]
    • Add missing shortenindicator on pagebreak truncated strings [acrylian]
    • Image metadata fields now use general db column sizes since some classic EXIF 32 char limits make no real sense anymore: Numbers/time type use varchar(255), string type use mediumtext. The old actual size definition of the definition in $_zp_exifvars is ignored. [acrylian]
    • Introduces replaceOption() and replaceThemeOption() functions in case options are renamed and need to be migrated [acrylian]
    • Fixes bug with wrong sizes thumbs for multimedia items [acrylian]
    • All menu entry (tabs) and utility button URLs defines must be absolute instead of relative now. On certain sublevels or on plugin based ones they could/would/do break otherwise. Any third party plugin defining menu entries or utility buttons should be updated to follow this [acryian, vincent3569, bic-ed, fretzl]

    Plugins

    • bxslider_thumb_nav: Scripts update to 4.2.1d - themes using it may require CSS adjustments [acrylian]
    • cachemanager: 
      • Fixes issue with default thumb and sized image sizes not being registered correctly and introduces new option to enable these default sizes. [acrylian]
      • Also partly rework of pre-caching backend functionality to work more reliable (requires PHP cURL extension) [acrylian]
      • Some functions have been moved to the cacheManager class or have been deprecated. Some naming changed as the cacheManger often referred to "theme cache sizes" although it covered plugins as well [acrylian]
    • comment_form: Fixes data privacy note disabling admin e-mail notifications on new comments [acrylian]
    • contact_form:
      • Proper linebreaks for privacy agreement sentence in mails sent [acrylian]
      • Fix small issue on saving if Zenpage is enabeld but pages are not [acrylian]
      • Fix issue with form being cleard if data privacy statement agreement required and not given [acrylian]
    • cookieconsent: Removes several options that were not yet used and restore some accidentally unused [vincent3569, fretzl]
    • html_metatags: Fixes Facebook ID [acrylian, Thanks to undagiga]
    • jPlayer: Update player scripts to 2.9.2 [acrylian|
    • mobileTheme: mobile_detect library updated to 2.8.33 [acrylian]
    • openstreetmap:
      • Various script updates to leafletjs and the plugins control MiniMap, leaflet-providers, leaflet markerclusters [vincent3569]
      • New tile layer selector option to allow visitors to switch between different map tile styles [vincent3569]
    • phpMailer: phpMailer updated to 6.0.6 - See security section above[fretzl, acrylian]
    • rewriteTokens: Works now with missing rewrite token defines in the config file and will re-add defines on saving options [acrylian]
    • rss:
      • Prevent invalid rss feeds if there are no item results by providing a placeholder <item> entry [acrylian]
      • Album title is now correctly added to the channel title for album feeds [acrylian]
    • seo_zenphoto: Fix duplicated hyphens and some wrong special char (German umlauts specifially) conversion [acrylian, thanks to kochs-online|
    • sitemap: Fixes usages for outdated method [Simounet]
    • slideshow2: cycle2 scripts updated [acrylian]

    Themes

    • basic: Some CSS cleanup [fretzl|
    • Zenpage: Defines the default thumb size for cachemanager plugin correctly [acrylian]

    Translations

    • Danish [jesdnissen]
    • Dutch [fretzl]
    • French [vincent3569]
    • Italian [bic-ed]
    • German [acrylian]
    • Slovak [tangorn]

    For questions and comments please use the forum or discuss on the social networks.

    Related items