Serendipity - Plugins

Spartacus infrastructure change, Developers please read

nospam@example.com (Garvin Hicking) — Tue, 13 Dec 2011 14:06:21 +0100

Since the core Serendipity project is now maintained on github.com and every developer is quite happy about that, we decided to go the jquery-plugins route and delete all Serendipity plugins.

No, just kidding. We actually imported all data from the SourceForge.net CVS servers into the github infrastructure. The short version for normal end-users: Nothing should change for you!

https://github.com/s9y/additional_plugins

https://github.com/s9y/additional_themes

All current Serendipity developers also have access to those repositories to contribute code. Developers now no longer should commit code to CVS (actually, they can't, because I took all their committing karma *eg*).

The harder task for the Spartacus infrastructure service is the actual publishing of data. The Spartacus plugin operates on a PEAR-like XML format for each plugin, which luckily is automatically generated by a small shellscript which runs once daily on one of our webservers (emerge.sh). That script iterates on a checkout of all plugins and templates, creates the XML and uploads it to all mirror servers (currently netmirror.org, s9y.org and now also github.com).

Downloading the files also either works via the files that are uploaded daily to netmirror.org and s9y.org, or you always could use the SourceForge.net server, that published the file via a nasty ViewVC oddity. The spartacus plugin of the current github core code (version 2.25) now can also retrieve those files from the Github.com servers.

For all users that currently use the Spartacus plugin with the SourceForge.Net mirror, our daily script now pushes all changes in the GitHub tree also to CVS, so that both repositories *should* be kept in sync. This is done via the gitclone.sh and gitclone.php scripts in the additional_plugins repository, for anyone that's interested.

Most likely, something in this script won't work properly, so in the next days it might be that some glitches in the matrix can occur. In that case, please report issues and remain seated. Or buy christmas presents for your beloved. Or your beloved developers.

Security fix for flash-based cloud in Freetag plugin

nospam@example.com (Garvin Hicking) — Wed, 14 Sep 2011 09:17:48 +0200

MustLive discovered a HTML-injection vulnerability in the tagcloud.swf Flashfile that the Freetag-Plugin bundles and makes optionally available.

The issue is fixed in version 1.23 of the flashfile, which has now been committed to the Serendipity plugin (in version 3.30).

Since the swf-File is always bundled with the update, it is recommended to update to the latest version of the plugin for all users, or to delete that specific .swf file.

Thanks to MustLive for sharing the information with us.

Spartacus plugin: Change in download Mirrors

nospam@example.com (Garvin Hicking) — Mon, 27 Jun 2011 11:42:14 +0200

Christian Boltz notified us and provided a patch to fix the spartacus plugin properly being able to retrieve remote files. This became necessary when SourceForge.net changed their underlying structure.

If you are using Spartacus, you have several possibilities to fix this issue for you:

1: Manually download the updated plugin file plugins/ serendipity_event_spartacus/ serendipity_event_spartacus.php from here: serendipity_event_spartacus.php for Serendipity 1.6 / Development, serendipity_event_spartacus.php for Serendipity 1.5.

2: You can also simply configure your spartacus plugin and enable the use of Netmirror.org, or you can enter a custom mirror: http://php-blog.cvs.sourceforge.net/viewvc/php-blog/|http://netmirror.org/mirror/serendipity/

3: You can also simply edit your serendipity_event_spartacus.php file and replace all 2 occurences of the string *checkout* with viewvc.

Thanks to Christian for notifying us!

serendipity_event_freetag: Plugin update, XSS bug

nospam@example.com (Garvin Hicking) — Tue, 31 May 2011 12:00:00 +0200

Thanks to Stefan Schurtz, who reported a XSS issue in the serendipity_event_freetag plugin (SSCHADV2011-004). The issue was fixed in version 3.22 of the plugin, you can fetch the update through Spartacus or download via Spartacus.s9y.org.

The bug was introduced in version 3.20 of the plugin. Users of the plugin should upgrade, as it allows malicious users to trick people into visiting a specially crafted link on your blog to steal cookie login information for example, if you click on such a link.

New Plugin: Disqus comments

nospam@example.com (Garvin Hicking) — Mon, 23 May 2011 21:14:00 +0200

Even though the Disqus.com comment integration is easily integratable inside a serendipity template already, the need for a specific plugin was raised on the forums.

serendipity_event_disqus is now available on Spartacus and provides exactly this - a plug and play component to enable disqus comments on your blog, and it even allows you to only use this system for more recent blog entries, so that your old comments can be preserved.

Currently the plugin hides the Serendipity-internal comments and trackbacks through CSS. The plugin provides instructions on how to modify that, if you have a custom template.

Have fun using the plugin, and if you have issues or recommendations for it, feel free to discuss this on the Serendipity forums. :-)

Podcast plugin update

nospam@example.com (Garvin Hicking) — Sun, 15 May 2011 14:35:00 +0200

The podcast plugin has recently been improved to offer a much more flexible configuration with custom player and HTML5 audio/video support. The flowplayer has been added as a new, more flexible flash-video player replacement.

You can now specify custom feed options, and the RSS podcast format should now be iTunes compatible., as well as the Flowplayer replacement for Flash-Videos. Also, custom feed options that you can add to the RSS-Feed (rss.php?podcast_format=XXX) allow you to filter the enclosures only to specific file extensions.

The update should be compatible to older versions so that you can simply use the new features. If you customized any of the player files, you can now do that much easier through the configuration; be sure to backup any files you might have changed before upgrading.

Please report any issues you might have with this updates on the forums!

Bugfix for Cronjob plugin

nospam@example.com (Garvin Hicking) — Thu, 07 Apr 2011 10:07:00 +0200

It has come to our attention that the Cronjob-Plugin (serendipity_event_cronjob) has a bug that prevents it from properly detecting the next scheduled update time. This bug has been fixed in version 0.6, which should now be available through Spartacus and usual means.

If you use this plugin, this is a required update to ensure it's proper function. Thanks to Matthias2 from the forums for reporting this to us.

Flattr Plugin

nospam@example.com (Garvin Hicking) — Fri, 21 May 2010 09:21:00 +0200

Flattr is a new service that is up and coming the last days in the blogosphere. Their service offers a social micropayment platform that lets you show love for the things you like..

The service allows normal people (consumers) to create an account, where they can deposit a certain amount of money. Whenever they appreciate a blog entry, an image, a video or any other content they see on a flattr-enabled website, they can easily click a link to add support to this website. At the end of a certain period, the deposited money is distributed among all the authors of things, that the consumers liked.

In first regard, this is not really a service to get paid from, but rather a service to spend money on. The modern web has become more and more of a place where people expect free high-quality content. Now it's time to remember, that quality content is not something that has been free for all people all of the time. This is a new phenomenon of the internet, and people work hard on offering this content, just on their own and to contribute to mankind. With flattr, you can show appreciation for those great deeds, by giving something back to things that wouldn't otherwise be there.

This is a bit in the spirit of the early Paypal-donation days, but with a twist: The distribution of a specific deposit and the easy way to "bookmark" interesting things to rembemer them once a fresh billing cycle arrives. It's a bold move in the opposite direction that Facebook just recently went with their global "I like" method. Flattr not only gathers the information, but enables the originating authors to notice that other people appreciated their work.

Much ado about something, a plugin to this Interface from within Serendipity is mandatory. Even though the API of Flattr is terribly easy to implement with a small javascriptlet, the Serendipity Plugin does have its unique usage scenarios:

You can decide on a per-entry basis if you want to announce a blog entry for flattr.com appreciations.
You can enter the metadata (language, category, description) seperately for each blog entry (inside the usual blog entry administration).
If you don't provide specific information, the globally entered fallback will take effect and is used for flattr-submission. Like if you did not specificy a custom category for a blog title, the global category will be used.
The flattr-Badges are integrated within the RSS-Feed (for javascript-enabled RSS readers)
When using the Freetag-Plugin, its tags can be automatically used as flattr-tags - or you can override them with custom tags.
The plugin allows you to place the badge either inside the entry footer, the entry body or even place it in a custom Smarty template variable so that you can place it anywhere.

The plugin is available now on Spartacus, or for direct download. Just unzip to your plugin directory, and enable the event plugin inside the Serendipity plugin management interface.

Feedback on how to improve the plugin is welcome, preferrable on the Serendipity Forums.

Improvement of Static Page plugin

nospam@example.com (Garvin Hicking) — Wed, 27 Aug 2008 11:04:04 +0200

(Deutsche Übersetzung gibt es auf meinem privaten Blog)

A huge issue of Serendipity's Static Page-Plugin has always been its visual presentation of the editing screen:

Voices have been raised in the past to dust up this interface, which is why I worked on it at the beginning of this week, and committed my changes already to the official plugin repository (staticpage.zip).

Technically, the changes are quite minimalistic und quick to implement (2 hours of my life time). But the impact is huge:

Starting as of now, static pages can be created and edited using a customized smarty template, plus a static page can now have custom properties, similar to blog entries.

By default, a template file saved as backend_templates/default_staticpage_backend.tpl is shipped with the plugin, in which the distribution of the input fields is contained. There is a new smarty helper function ({staticpage_input}) that takes care of accessing the usual introspection methods for emitting the default list of data fields.

Own templates can override this template file by putting it in their template subdirectory, so that you can now have your own editing masks depending on the currently used template. This should be a blessing for magazine-like templates such as Mimbo or Hemmingway.

You can also store multiple template files inside this backend_templates directory, so that they all will be available from within the selection dropdown of the interface. For our veterans, the old list-style view is still available, of course.

An example for saving custom fields for static pages is also contained within the default template, but is commented out so that you must manually enable it. All custom fields need to be implemented through usual HTML form elements, and need to save their values inside a serendipity[plugin][custom][XXX][ fieldname. Once entered, the data will be automatically saved inside the serendipity_staticpage_custom database table, and will be available through {$staticpage_custom.XXX} when later being displayed in the frontend.

This way, you can easily add new custom fields for a staticpage which could decide, which CSS-Body-ID to use for rendering the page. Or you could specify, which sidebars you want to see when a certain staticpage is rendered. Or specify a custom header image for each staticpage. Sky's the limit!

This all vastly improves Serendipity's CMS-abilities and even more pushes it into a custom CMS-Framework, where you can manage any kind of customized content.

I hope you like it. :-)

Netmirror.org Outage, Spartacus affected.

nospam@example.com (Garvin Hicking) — Fri, 16 May 2008 16:33:42 +0200

As of today, the netmirror.org server seems to be having a hiccup. The serendipity Plugin Spartacus by default requires this server to provide automatic plugin and theme updates and downloads. The inavailibility of this server can lead to timeouts and not being able to install new plugins.

The issue should resolve itself once netmirror.org is up again. Temporarily you can either reconfigure your Spartacus-plugin to use the SourceForge-Mirrors, or completely disable the Spartacus plugin. Using the s9y.org mirror will not help you, as this server is currently not hosting any files.

I will post an update once the server is up again. Sorry for the inconvenience.

Spamblock and blogg.de blacklist

nospam@example.com (Garvin Hicking) — Sat, 08 Dec 2007 10:16:00 +0100

The Serendipity Anti-Spam plugin allows to utilize the blogg.de IP blacklist service to block spam. Their service seems to have ceased existence, or at least is rejecting connections. This can lead to comments to your serendipity blog to be rejected. You can easily disable the blogg.de blacklist service in your Anti-Spam plugin configuration.

Note that this option is by default disabled in Serendipity since blogg.de announced that they are no longer actively maintaining the blacklist. A well fit alternative to this service is the Akismet API, which the spamblock plugin also supports.

SEO and meta tags for s9y, updated plugin

nospam@example.com (Carl Galloway) — Tue, 13 Nov 2007 08:54:49 +0100

Recently there has been a lot of discussion about using SEO on Serendipity powered blogs, which has resulted in at least one plugin update and many suggestions for SEO improvements in templates.

The meta description event plugin has been updated by Don Chambers, Jude Anthony and Garvin Hicking, and now provides a separate title, meta keywords, and meta description on a per entry basis, as well as a default title and description for all other pages.

Previously users were only able to adjust the meta keywords and description per entry, and other pages would miss out, leading many users to install the HTML head nugget as well if they wanted meta keywords and descriptions on overview pages.

Don has written up a full description of the updated meta description plugin on his own site, and is promising to continue developing plugins and templates, so bookmarking his site might be a great idea.

Your help in sorting serendipity plugins

nospam@example.com (Garvin Hicking) — Thu, 16 Aug 2007 10:20:05 +0200

Like announced earlier on the serendipity blog, fellow usability expert Joachim Harloff is currently trying to improve the listing of Serendipity Plugins so that they are more accessible to users.

He needs your help to fulfill them. Initially he planned to personally meet with serendipity users, but this proved more complex than initially hoped. Thus he has created a smaller, text-based version of it.

You can download the file at http://www.softuse.com/serendipity_sorting.zip. It contains detailed instructions. You can also feel free to personally contact Joachim about any questions you have.

Joachim estimates this questionnaire to take you about 1,5 hours of your time. You could greatly help to improve the serendipity usability, so please participate! Joachim wants to evaluate your responses starting on September the 8th.

Serendipity 1.1.4 released, security bug in entryproperties plugin

nospam@example.com (Garvin Hicking) — Wed, 08 Aug 2007 11:14:34 +0200

Thanks to Erich Schubert, we were made aware of a bug and security issue in the Plugin Extended properties for entries. Since this plugin is delivered with the core release, we have created a new Serendipity release for both the current stable 1.1 version tree, as well as a new 1.2 beta version.

Serendipity Users that are using the mentioned plugin do not need to upgrade the full release, they can just fetch the updated version of the plugin through this direct link. Put that updated file into your plugins/ serendipity_event_entryproperties/ serendipity_event_entryproperties.php file.

The actual bug was, that people were able to deliver custom entryproperties settings to the Serendipity Frontend via a HTTP-Request, which made them able to bypass a possibly used passwort protection. Any other restriction of viewability of entries done via category read-privileges were not affected, though.

Bottom line is: If you are using password protection for entries, this security update is mandatory for you. Also if you were generally using the entryproperties plugin (which is not installed by default in Serendipity), you are urged to update your plugin. Only people not using this plugin need not care about this issue.

You can download the new full releases as always on the Serendipity download page.

Show staticpages via smarty function

nospam@example.com (Garvin Hicking) — Thu, 14 Jun 2007 12:37:00 +0200

I upgraded the staticpage plugin in CVS to version 3.50 yesterday (which should be available via Spartacus now already).

It now supports to use a custom smarty function to show static pages. This can be used in your custom template files (like the userprofile .tpls) to emit specific staticpages depending on variables.

Go ahead and play with it. The API is quite basic and described in the new 'smarty.inc.php' file. It basically works like this:

{staticpage_display template="$TEMPLATE" pagevar="$PAGEVAR" id="$ID" permalink="$PERMALINK" pagetitle="$PAGETITLE" authorid="$AUTHORID" query="$QUERY"}

The API is quite fundamanetal right now. If you want to access more properties/parameters, please let me know, and I'll implement them. Please discuss this feature on our forums in this thread.