Category Properties plugin gets password protection

The just committed version 0.3 of the Plugin Properties/Templates of categories (serendipity_event_categorytemplates) now contains support to password-protect single categories.

The authentication is currently based on HTTP auth. Internal routines may get added later, but for the time being this allows for simple protection of entries set within categories. Usually you can already hide entries from special users (and groups), but those entries can only be seen when a user is logged in to Serendipity and it has to be set per-entry time and again.

With the new password protection you can effectively hide ALL entries in a special category from those users. Once they enter the category view for the protected category, the need to enter the right password (username does not matter) and then the users will see the entries of that category.

Have fun with the new plugin, which should be available in CVS and Spartacus within the next 24 hours. NOTE that this is a plugin for Serendipity 0.9! You will need to have the latest snapshot created tomorrow - on earlier 0.9 versions the calendar will no longer show entries once the plugin is activated!

Serendipity 0.8.4 released

Serendipity 0.8.4 has been released today. As mentioned in this blog post, this release addresses the security issues with the PEAR:XML_RPC library.

If you already deleted your serendipity_xmlrpc.php file, an upgrade is not required. If you do not want to upgrade, just delete your current serendipity_xmlrpc.php file and you will not be affected by security issues.

Anyone who wants to use XML-RPC posting to Serendipity will now need to install the XML-RPC posting plugin, as discussed in the blog entry mentioned above.

This release also addresses a few other minor issues:

  • Fix the problem that sometimes calendar images are displayed too large in the Internet Explorer
  • Hide title of an entry when an entry is a draft (Bug #1260667)
  • Allow Serendipity to use an existing PEAR installation on the server. Set "$serendipity['use_PEAR'] = true;" in your serendipity_config_local.inc.php or serendipity_config.inc.php file. The required packages can be found in the bundled-libs/.current_version file.
  • Append the comment id to the mail that is sent to subscribers of an entry, so that they can jump to the submitted comment immediately.

You can download the release here: Download. SVN (tags/0.8.4) and CVS (HEAD) repositories have also been updated.

Have fun with Serendipity!

New WYSIWYG editor plugins: Xinha, FCKEditor

Thanks to Ziyad Saeed from the forums, I have just committed his two plugins to our CVS repository that allows you to use the Xinha or FCKEditor WYSIWYG editors with serendipity. Together with htmlarea (bundled default) and TinyMCE, we now have a boast of WYSIWYG editors to use as your liking.

Note that the plugins only work with current 0.9 versions of Serendipity and you need to additionally download the WYSIWYG editor's. There are installation notes that tell you exactly what to do within the plugins. The plugins will be downloadable from CVS and Spartacus within the next 24 hours.

Thanks a lot, Ziyad!

XML-RPC API unbundled from Serendipity 0.9

In the current development version of Serendipity, we have unbundled the XML-RPC API functions from the release version and made the functionality to post entries via XML-RPC (MT/Blogger API) calls available as a additional plugin called Post via XML-RPC (serendipity_event_xmlrpc).

The reason for this is that very few people use XML-RPC posting to our experience, and it is a inherent security risk to have this functionality available if you don't use it, as the past has proven. To overcome this possible vulnerability, you need to now actively install the mentioned plugin to make XML-RPC posting available. Sending and receiving trackbacks is NOT affected by this, only the "Server"-Part of that API is.

The URL for the API endpoings will not change; if you have not installed the plugin, you will see an error message displayed. Outsourcing this functionality as a plugin allows the Serendipity Team to respond easier to new issues with the plugin and make enhancements to the XMLRPC module.

A general advice for Serendipity 0.8.3 users is to remove the serendipity_xmlrpc.php file if you do not use XML-RPC entry posting.

New Theme: Leaf

From the forums, the user Ziyad "MySchizoBuddy" Saeed contributed a new template called leaf, which is a port of a very pretty Nucleus theme by Ivan Fong. I have added his template to our CVS repository where it can be downloaded quite soon (< 24 hours because of SourceForge lag). People using the 0.9 checkouts will be able to fetch the template via Spartacus.

Here's a preview screenshot:

Thanks a lot!