Trusted Authors Plugin

I have committed a new plugin "serendipity_event_xsstrust" to our additional plugins module.

This plugin can be very helpful for multi-user blogs where you do not fully trust your authors. Since Serendipity is aimed to providing an interface to type HTML code as an author, this means on a multi-user blog every user can insert JavaScript and any HTML he likes to your entries. This in effect also means that any author may insert "XSS" into your blog, and this is not a bug in itself since as a single blog owner you want to have the freedom to enter any HTML you like.

Thanks to Absynth, I got an idea to create this plugin. It can be configured by the site owner to tell, which authors are trusted. Only those trusted users can insert HTML code. All other authors get htmlspecialchars() applied to their code and can no longer exploit code.

If you don't want the plugin to break transformed BBcode or Emoticons, you need to stack the plugin BEFORE any other Markup related plugins, so that the htmlspecialchars() only gets applied to the user input and not any plugin outputs.

I urge the users who run an open membership blog to think about using this plugin. Have fun. :-)

Staticpages to support different templates

I have committed a patch to the staticpage plugin. In it's latest version 2.5, the plugin now supports to enter different smarty templates file for a specific static page.

This allows you to differently format certain static pages by altering their surrounding HTML structure. You can use any Smarty templating means available in those *.tpl files and you now no longer need to edit the PHP code if you want to make layout changes.

I hope some of you might find this feature interesting when using Serendipity for some CMS-like tasks.

TinyMCE + iManager

In fact the reason for my inclusion of TinyMCE was another great tool I discovered today. It's called iManager and is a tool that allows dynamic editing (crop, resize, ...) of images and integrates nicely with TinyMCE. There is a demo available here which left me speechless.

The plugin for tinymce now also supports to include the iManager tool if installed. Because I still haven't figured out licensing issues, it also requires you to install the iManager tool on your own. But the plugin contains an installation guide which should get you started. Basically it's only downloading a few files and configuring your media gallery path. Get the full script here and let me know what you think.

Many kudos to Marco M. Jaeger and the folks of TinyMCE. :)

New WYSIWYG editor: TinyMCE

Today I've committed a new plugin to our repository called "TinyMCE WYSIWYG editor support". It can only be used with the latest Serendipity SVN version, as new plugin hooks were introduced.

Because of license issues you'll need to download TinyMCE seperately and configure the path to the editor.

This is mostly for the people who always wanted to add their own WYSIWYG editor easily, now you can have a go at it. :)

Improving the CacheSimple plugin

Today I have committed version 0.2 of the cachesimple plugin. It features:

  1. Use of Conditional GET to prevent "cache busting"
  2. Shortcircuit larger parts of the Plugin API to gain some extra performance.

It is very important for the plugin's full performance that you place the cachesimple plugin as your first plugin in the Event plugin queue. The only plugins that should come before this plugin are

  1. serendipity_event_loginform
  2. serendipity_event_templatechooser
  3. serendipity_event_karma
  4. serendipity_event_phpopentracker
  5. serendipity_event_filter_entries
  6. serendipity_event_randomblogdescription

(if you do not want to loose their functionality, that is)

If the plugin is not first in the queue, it results in all the other plugins being initialised before the cachesimple plugin is able to exit the serendipity Framework.

Feedback, improvements/patches and reports if this breaks any functionality is heartly welcome. The plugin should be available in spartacus tomorrow, you can of course download the diff from the URL location above; this should be available in a few hours.