Serendipity - Plugins

Netmirror.org Outage, Spartacus affected.

mail@garv.in (Garvin) — Fri, 16 May 2008 16:33:42 +0200

As of today, the netmirror.org server seems to be having a hiccup. The serendipity Plugin Spartacus by default requires this server to provide automatic plugin and theme updates and downloads. The inavailibility of this server can lead to timeouts and not being able to install new plugins.

The issue should resolve itself once netmirror.org is up again. Temporarily you can either reconfigure your Spartacus-plugin to use the SourceForge-Mirrors, or completely disable the Spartacus plugin. Using the s9y.org mirror will not help you, as this server is currently not hosting any files.

I will post an update once the server is up again. Sorry for the inconvenience.

Spamblock and blogg.de blacklist

mail@garv.in (Garvin) — Sat, 08 Dec 2007 10:16:00 +0100

The Serendipity Anti-Spam plugin allows to utilize the blogg.de IP blacklist service to block spam. Their service seems to have ceased existence, or at least is rejecting connections. This can lead to comments to your serendipity blog to be rejected. You can easily disable the blogg.de blacklist service in your Anti-Spam plugin configuration.

Note that this option is by default disabled in Serendipity since blogg.de announced that they are no longer actively maintaining the blacklist. A well fit alternative to this service is the Akismet API, which the spamblock plugin also supports.

SEO and meta tags for s9y, updated plugin

carlgalloway@gmail.com (Carl Galloway) — Tue, 13 Nov 2007 08:54:49 +0100

Recently there has been a lot of discussion about using SEO on Serendipity powered blogs, which has resulted in at least one plugin update and many suggestions for SEO improvements in templates.

The meta description event plugin has been updated by Don Chambers, Jude Anthony and Garvin Hicking, and now provides a separate title, meta keywords, and meta description on a per entry basis, as well as a default title and description for all other pages.

Previously users were only able to adjust the meta keywords and description per entry, and other pages would miss out, leading many users to install the HTML head nugget as well if they wanted meta keywords and descriptions on overview pages.

Don has written up a full description of the updated meta description plugin on his own site, and is promising to continue developing plugins and templates, so bookmarking his site might be a great idea.

Your help in sorting serendipity plugins

mail@garv.in (Garvin) — Thu, 16 Aug 2007 10:20:05 +0200

Like announced earlier on the serendipity blog, fellow usability expert Joachim Harloff is currently trying to improve the listing of Serendipity Plugins so that they are more accessible to users.

He needs your help to fulfill them. Initially he planned to personally meet with serendipity users, but this proved more complex than initially hoped. Thus he has created a smaller, text-based version of it.

You can download the file at http://www.softuse.com/serendipity_sorting.zip. It contains detailed instructions. You can also feel free to personally contact Joachim about any questions you have.

Joachim estimates this questionnaire to take you about 1,5 hours of your time. You could greatly help to improve the serendipity usability, so please participate! Joachim wants to evaluate your responses starting on September the 8th.

Serendipity 1.1.4 released, security bug in entryproperties plugin

mail@garv.in (Garvin) — Wed, 08 Aug 2007 11:14:34 +0200

Thanks to Erich Schubert, we were made aware of a bug and security issue in the Plugin Extended properties for entries. Since this plugin is delivered with the core release, we have created a new Serendipity release for both the current stable 1.1 version tree, as well as a new 1.2 beta version.

Serendipity Users that are using the mentioned plugin do not need to upgrade the full release, they can just fetch the updated version of the plugin through this direct link. Put that updated file into your plugins/ serendipity_event_entryproperties/ serendipity_event_entryproperties.php file.

The actual bug was, that people were able to deliver custom entryproperties settings to the Serendipity Frontend via a HTTP-Request, which made them able to bypass a possibly used passwort protection. Any other restriction of viewability of entries done via category read-privileges were not affected, though.

Bottom line is: If you are using password protection for entries, this security update is mandatory for you. Also if you were generally using the entryproperties plugin (which is not installed by default in Serendipity), you are urged to update your plugin. Only people not using this plugin need not care about this issue.

You can download the new full releases as always on the Serendipity download page.

Show staticpages via smarty function

mail@garv.in (Garvin) — Thu, 14 Jun 2007 12:37:00 +0200

I upgraded the staticpage plugin in CVS to version 3.50 yesterday (which should be available via Spartacus now already).

It now supports to use a custom smarty function to show static pages. This can be used in your custom template files (like the userprofile .tpls) to emit specific staticpages depending on variables.

Go ahead and play with it. The API is quite basic and described in the new 'smarty.inc.php' file. It basically works like this:

{staticpage_display template="$TEMPLATE" pagevar="$PAGEVAR" id="$ID" permalink="$PERMALINK" pagetitle="$PAGETITLE" authorid="$AUTHORID" query="$QUERY"}

The API is quite fundamanetal right now. If you want to access more properties/parameters, please let me know, and I'll implement them. Please discuss this feature on our forums in this thread.

OpenID - Testing help needed

mail@garv.in (Garvin) — Wed, 09 May 2007 11:51:03 +0200

rrichards from the forums published his first public OpenID-Plugin results. Check out this thread on the forums. If you're interested in testing the plugin or are interested in OpenID, please give it a look and report about it.

Many thanks to rrichards and all volunteers!

Serendipity 1.0.4 released!

mail@garv.in (Garvin) — Fri, 01 Dec 2006 10:37:00 +0100

This new Serendipity release addresses a local file inclusion security issue discovered yesterday. It was possible to give a special parameter to a serendipity file to include a file on your own web-tree (or other files the webserver has read access to). If used on clear-text files, this could be used to disclose information like the apache logfiles on your website.

This error can only happen in a scenario with two prerequisites: Register_Globals needs to be turned on in your PHP configuration AND your webserver must ignore the default Serendipity .htaccess file. This .htaccess file usually prevents to directly call Serendipity's include files via HTTP. Thus we feel that only a very low percentage of installations should be affected by this bug.

However, Serendipity 1.0.4 is a recommended upgrade for everyone taking security responsibly, like we do. We are thankful to the community for inspecting Serendipity, searching for bugs and security issues and reporting them to us. In this case, many thanks to Majestic from the forums for notifying us.

Most of the plugins (both bundled and available via spartacus) were upgraded to also circumvent that bug, so you should upgrade all of your active plugins to the recent versions as well.

The Serendipity 1.1 release tree was also modified with a patch for this issue. It will be contained in todays snapshot, and the 1.1-beta6 release file. The easy steps to perform an upgrade are documented in our FAQ on http://www.s9y.org/.

Freetag plugin: Automatted keywords

mail@garv.in (Garvin) — Sun, 19 Nov 2006 21:26:00 +0100

Thanks to Robert from the forums he convinced me to implement a feature for him. Well, actually he bribed me to do it. ;-)

Nevertheless, now that I implemented the feature, I kinda like it. The enhancement to the Freetag plugin (version 2.7, should be available via Spartacus now) allows you to enter a list of comma seperated keywords for each tag you have available on your blog.

Whenever you save an article now, the plugin will analyze the content of your entry. For each keyword that you entered and that is found in the article, the corresponding tag will be auotmatically assigned to your entry (taking care that no duplicate tags happen).

So, if you have the Tag "PHP" you could enter keywords like "Serendipity,php,s9y,phpbb,xss,sesser". When you now create an entry where you use the keyword "Serendipity", the freetag plugin will automatically assign the tag "PHP" to this entry.

Thus, especially if you have a low count of tags you can save a lot of time by assigning meaningful keywords to your tags. Beware that if you enter a lot of keywords for a lot of tags, that this might slow down saving an entry. This happens because a list of EVERY available keyword needs to be compiled and matched against your saved article to be able to see which keywords were used.

Have fun!

Updated Google Sitemap plugin

mail@garv.in (Garvin) — Tue, 14 Nov 2006 19:16:16 +0100

Google seems to have changed their URLs where pings to the sitemap webmaster helper tool are sent to.

Thus, the Serendipity Google Sitemap plugin requires you to either manually update to the right URL. The updated plugin in Spartacus has been committed today and should be available tomorrow.

The new URL to use is: http://www.google.com/webmasters/tools/ping?sitemap=%s (see this thread)

New plugin "QuickNotes"

mail@garv.in (Garvin) — Tue, 17 Oct 2006 13:14:00 +0200

I've committed a new plugin to Spartacus that allows users to use a very simply Notification System.

Users can create text (HTML formatting configurable) that will appear on the Admin Backend. A small goodie is a feature that notifications are subject to specific usergroups - only the usergroups for which the creator intentionally posted the message will see it.

The plugin also allows to configure whether normal users are allowed to use the messaging system. In the future this could be enhanced for more granular control, but for the time being it should proove a nice tool. The display of the messages can be controlled via a bundled notes.css CSS file.

CSS formatting also allows to format new incoming messages differently. Now try it out and have fun

Plugin Execution Permissions

mail@garv.in (Garvin) — Thu, 24 Aug 2006 15:09:00 +0200

Despite my downtime, I was able to find the time to commit some changes I was having up my sleeve to the 1.1 beta version.

It involves, what many people have asked for: Specify, which user/usergroups are able to have access to certain plugins. My standpoint until now was, that plugins should implement the versatile permission management of Serendipity, available since version 0.9.

However, reality got me when I saw that no plugin was really ported yet to use that permission management setup to provide custom permission sets. But people wanted to have the ability to say "The staticpage plugin is only available to user XY".

Thus, I implemented a rather hackish way into the groupmanagement: You can now specify complete plugins, or specific event hooks which are forbidden for a usergroup. This way, you can say that group X is not allowed to execute a 'Staticpage' plugin.

This approach should work quite well for many usage scenarios - the upside is, that all old plugins are supported instantly. However, the neater approach of course is to modify plugins so that they provide their own permissions for more granulate control of what you want to achieve.

To enable this functionality you must first enable the option "Enable Plugin ACL for usergroups" in the serendipity configuration. The reason why you must explicitly enable this is, because those plugin checks decrease the performance of the plugin API. Every executed plugin hook must be checked against the blacklist, and those checks would hurt bloggers that do not intent to use this feature. To satisfy everyone, you have an option for this.

You can try the feature in the nightly builds created today, or using an SVN checkout. The feature is contained in 1.1-beta4.

Cronjob functionality

mail@garv.in (Garvin) — Thu, 06 Jul 2006 14:41:00 +0200

Two new plugins have been added to CVS by me:

serendipity_event_metadesc / "HTML META-Tags" allows you to define meta-description and meta-keywords per entry. Those will then be shown on the detailed entry page within the HTML head. As a nice bonus, if you leave the fields empty, the plugin tries to auto-detect keywords and description based on your text. For that it evaluates Bold/Strong tags in HTML to auto-guess your content.

serendipity_event_cronjob / "Cronjob scheduler" finally offers some cronjob functionality that people have sometimes requested. A lengthy explaination of this plugin follows. :-)

For anyone that does not know what "Cronjobs" are: This is a service, one of the UNIX/LINUX server oldies, that permanently runs on a webserver and executes scheduled scripts at a given time/period. With this you can setup repetitive tasks, like to purge all your SPAM E-Mails every day.

Now, such cronjobs usually require you to have administrative privileges on the server where it is operated on. The Cron Daemon needs to run all the time, because only then it can execute a job at the exact configured time. Now a common use some people want is: "Fetch my E-Mail account every day to see if there are mails that shall get blogged!".

If you only own a usual PHP webspace, this will get problematic. You cannot create cronjobs there, and since PHP only gets activated when someone visits your blog, you can't really say "Execute this script at 00:00", because you don't know if your script is called at that time. This is the reason, why "cronjobs" are usually not encouraged to use on a PHP-basis.

The best way it can be emulated is like this: Every page call to your serendipity Blog can contain an invisible image that your visitors call again and again, and each time the script is called, it calculates the difference between the last script call and will then check which cronjobs need to be executed.

If your blog is low on visitors, this means that maybe a cronjob that is scheduled every 5 minutes would only get executed once an hour. There's nothing you can really do about that, unless you own a server were you can create a remote cronjob that calls WGET or similars on your URL, to fake regular visits to your blog.

Now that the principle bheind this is clear, here's what the cronjob plugin does: It emits exactly the invisible picture, and servers up multiple plugin API hooks that other plugins can use. Currently, only the popfetcher (1.13) and aggregator (0.7) plugins support cronjobs. Once you have the cronjob plugin installed you can configure these plugins inseid their own configuration to be executed on the available cronjobs.

Feedback about this functionality is appreciated. Be warned that this script of course creates extra requests to your blog. So if there's any way for you to setup "real" cronjobs, you are advised to do so.

Lightbox, Thickbox, Lightbox2

mail@garv.in (Garvin) — Wed, 05 Jul 2006 14:54:46 +0200

Yesterday, Andyman77 from the forums brought the Thickbox project to my attention. Using his plugin, I intermingled that with the existing lightbox plugin so that you can now choose which JS library to use to format your links. Plus, lightbox2 got also added to the plugin.

What, you don't know what Lightbox is? It's a nifty javascript that will transform links to images into small "popup" links. When you thus link to a thumbnail images (<a href="large.jpg"><img src="thumb.jpg" />), lightbox will take on that image link, and once clicked on it, the large image will be shown on your page instead in a separate browser window. It sounds boring when explained, so just go to the lightbox pages and look at their installations.

The plugin installation is seamless, as all image links in serendipity will get automatically rewritten so that links from thumbnails will show up as lightbox links.

Thickbox brings fun into this thing by offering to also popup HTML links inside neat popups. Just add a 'class="thickbox"' attribute to your HTML links in your entries, and that's it.

Using Serendipity with Flock

mail@garv.in (Garvin) — Mon, 26 Jun 2006 11:42:49 +0200

Basically, Serendipity should support the Flock browser.

Sadly, due to a bug in their parsing/sending routine, applications that rely on PEARs XML-RPC extension won't work with flock. Serendipity falls under that category. It would work without flock auto-detecting a blog, but because flock's autodetection is blocking to successfully add Serendipity, this is a devil's circle.

This flock bug had been reported in February, but sadly no progress has yet been made. All the people who'd might like to use their Serendipity Blog and the XML-RPC posting plugin with Flock, please raise your kind voice here:

Flock Bugtracker.

I am pretty sure the nice people of Flock will report to popular demand - I'd really like to see progress in this issue :)