Zenphoto 1.5.2 May 27, 2019

Sadly 1.5.2 includes a serious bug preventing fresh installs. We try to fix this as soon as possible

This is a bugfix and security release.

Security

• Fixes XSS issue in the dynamic locale plugin [acrylian - Thanks to bic and special thanks to Andre Krooss for the report]

General

• Fixes SERVER_PROTOCOL constant and related option not reflecting the protocol setting within the config file [acrylian – Thanks to MarkRH]
• lib-imagick: zp_imageDims() and zp_imageIPTC() now use the same standard PHP function getimagesize() as the lib-gd instead of the Imagick class method pingImage(). Tests showed this to have better performance especially when processing hundreds of images via the cacheManager [acrylian]
• New album class methods getNumAllAlbums() and getNumAllImages() added (the older template function getTotalImagesIn() is now deprecated). Other than the existing getNumAlbums() and getNumImages() these now get these numbers for the album itself and all sub albums on all levels [acrylian]
• User data export utiltiy allows results by setting the user name, user email address or both. [acrylian – Thanks to vincent3569]
• New general template functions introduced for search URL's to the current item's owner (Gallery albums and images) or author (Zenpage news articles and pages). Currently they use a search engine URL but this may eventually link to an actual front end owner/author profile page in the future. Official themes have not been setup to use these. You find their documentation within zp-core/template-functions.php file:
  • getOwnerAuthor()
  • printOwnerAuthor()
  • getOwnerAuthorURL()
  • printOwnerAuthorURL()
  • getUserURL()
  • printUserURL()
• Fixes PNG24 alpha transparency and GIF transparency with GD library. Note: Alpha transparant watermarks on alpha transparent PNG's do not work properly with GD (yet). [acrylian]
• Changes to the online functions documentation:
  • In 1.5.1 we had just fixed the links to the plugin function documentation from the backend and our site's extension entries. Since a lot of ZP's code consists of procedural functions which are not really organized by code structure like classes or namespaces, we had grouped several files together using the @package/@subpackage tag within docblocks. Sadly newer PHP version of our (local) servers required an update to the doc generator. Now none of these do output documentation grouped by those anymore (although their docs say they can…) so we have no URL for plugins to link to anymore. Therefore we had to completely remove the plugin doc links from the backend for now again.
  • We suggest to look into the plugin's files itself as that contains the same documentation. Development IDE's like Netbeans, Eclipse or the like also help a lot in this regard.
  • The functions documenation is now organized in subfolders. We generally do keep the last three versions of the documentation online. The current is found at https://docs.zenphoto.org/1.5.x/.
• Calculating 35mmEquivFocalLength more accurately, especially for smaller focal lengths (like mobile phones or action cams) [kochs-online]
• Fixes an issue with paginiation within search mode [wongm|
• lastchanged dates saved for all item types:
  • Add lastchange and lastchangeuser columns to all item database tables (images, albums, administrators, comments, Zenpage categories - articles and pages already had it. lastchange is set with a date Y-m-d H:m:s whever an item is saved/updated. Either by code on core level or via an admin request which then also sets the lastchangeuser to the current admin. [acrylian]
  • Saving of items on the backend is now only triggered if there are actually changes to save. Formerly we did just re-save regardless [acrylian
  • New core class methods get/setLastChange() and get/setLastchangeUser() are available for all item types [acrylian]
• Native support for WebP image format added to GD and Imagick. To work properly it requires PHP and the PHP libaries on the server to be compiled with support. You also need a capable browser to display these images. [acrylian]
• New template helper function getFullimageFilesize() plus image class method getFilesize() [acrylian]
• There is now a confirmation dialogue if you try to delete a 3rd party theme on the backend [acrylian - Thanks to vincent3569]
• Fixed that the admintoolbox allowed the creation of new albums on the index/gallery index even if the current user had only rights limited to one or more certain albums [acrylian]
• Fix setup cURL request not properly checking modrewrite [acrylian]
• Fix text truncation via pagebreak and revert some code [bic-ed, acrylian]
• Fix accidentally cleared plugin options after running setup. Cause was a wrong creator set if the option has no default value set via setOptionDefault() and is saved manually on the backend. If you encountered this in the past just manually save the plugin options in question on the backend again [acrylian - Thanks to bic-ed, Vincent3569, kochs-online]
• Languages on the options are marked with icon if there is not matching locale installed on the server. Requires the nativ ResourceBundle PHP class [acrylian]
• HTTP URL requests are now internally redirected to https (and vice versa) if you have the server protocol option set to it and your server does not do it already [acrylian]
• The admintoolbox again allows image editing if in dynamic album context [bic-ed]
• The sorting dropdown selector on the images admin tab within albums has been divided into a sortorder selector and a status selector [acrylian]
  • Note while you can sort by owner and last change user, results may be a bit confusing if not all images have those values already set. Last change user is only set if there is a last change. The owner may be inherited from the parent album or even parent levels so is not noted in the database itself as well.

New plugins

• redirector: A plugin to redirect internal URL's. Primarily intended for URL's that otherwise would cause 404 not found errors. Configuration via CSV or JSON file [acrylian]

Plugins

• bxslider_thumb_nav, colorbox, slideshow2: Abandon concept of manually enabling scripts on specific theme pages for plugins which often caused confusion among users if things were not working somewhere. Browsers will have to load it anyway at some point and also cache it. [acrlyian]
• cacheManager: 
  • Performance improvements for processing really lots of images and albums. Also an option has been introduced to switch between the class image output way (again default) or the newly introduced and actually better cURL way of precaching images. Sadly the cURL way seems not to work properly on all hosts and we couldn't figure out why [acrylian, fretzl - Thanks to tplowe56 for testing]
  • CacheManager only global variables have been moved to static class properties just for organizational reasons [acrylian]
• class-video: Re-add somehow lost support for .m4a audio files and completely removes last parts of support for outdated formats like flash and quicktime [acrylian, vincent3569]
• contact_form: Now features a content macro [ CONTACTFORM ] so it can be embedded into Zenpage pages (or elsewhere). This adds flexibiliy making the usual static custom theme page contact.php obsolete for themes that support the Zenpage plugin [acrylian]
• cookieconsent: Now uses the default link and link text set on the general data usage options if no individual plugin ones are set. [acrylian]
• dynamic_locale: XSS issue fixed (see security section, too) [acrylian]
• menu_manager [acrylian - Thanks to vincent3569]:
  • Display set of current theme on main tab if available
  • Fix link to plugin's options
  • Exclude known theme custom pages that make no sense to link to from menu manager custom page selector
  • Add "homepage" menu item type (may of course be the same as the gallery index if none is defined) 
  • Fix "title" setting for custompages and hide "link" field
  • Fix custom theme page menu items to follow rewriteToken settings
• scriptless-socialsharing: Google+ is gone and so is its sharing button [acrylian]
• sitemap-extended: Normalize numbering of generated sitemap files.[fretzl]
• slideshow2: Non image file formats are now ignored as they may break the script [acrylian]
• Zenpage:
  • Because of the new template OwnerAuthor function set (see above) the following template functions have been deprecated: getAuthor(), getNewsAuthor(), printNewsAuthor(), getPageAuthor(), printPageAuthor() [acrylian] 
  • The internal Zenpage class files have been renamed to match the general nameing class-*-php. Also some classes that shared one file have been moved to individual ones. In normal usages this should not affect anything [acrylian].
  • The lastchangeauthor database column of Zenpage news and pages has been renamed to lastchangeuser to align with the other objects (see entry above). If you use the general related class methods in custom coding it will still work for now but you should switch from set/getLastChangeAuthor() to set/getLastChangeUser(). If you used db queries for some reason those queries will break.
  • There is now an option to always prepend or append a date string to the titlelink of newly created articles, categories or pages. Default is off but Zenpage will also do this automatically if you are otherwise creating a duplicate of an existing titlelink. [acrylian]
  • Articles can now be sorted by last change date on the backend [acrylian, fretzl]

 Utilities

• list_locales: A utility to list the locales currently supported on the server. Zenphoto uses gettext for multilingual support which requires the matching locales to be installed natively to work correctly. This has been adapted from the former standalone script of the same name to help users to easier find out what they are able to use. Requires the native ResourceBundle PHP class [acrylian]

Translations

• Dutch [fretzl]
• French [vincent3569]
• Italian [bic-ed]
• German [acrylian]

Note: The locale folder names of the older Chinese translations have been changed to the actual officially used locale names:

• zh_CN -> zh_Hans_CN
• zh_TW -> zh_Hant_TW