TinyMCE Security Advisory

There has been a security advisory for TinyMCE which urges you to upgrade your TinyMCE WYSIWYG Editor, in case you are using it.

Serendipity offers a TinyMCE plugin so that you can use the TinyMCE editor. The users who have installed that plugin should remember, that they needed to manually download the TinyMCE package and upload it to their Serendipity plugin directory. This means that the Serendipity project does not bundle and/or have control over the actual TinyMCE editor files and you need to maintain this package manually, by uploading a new TinyMCE editor version.

This might sound a bit complicated, but we do not bundle the TinyMCE plugin because of it's large filebase and possible licensing issues. The good side-effect of this is that if you did not already manually take the route to install and use the TinyMCE plugin, you must not be afraid of any security harms to your Serendipity installation. Other (blog-)applications are now forced to issue a complete new release because of this. ;-)

Template chooser problems solved

A few of you have reported problems with the template chooser plugin in the past, where new selected templates would only show their true design after you've manually refreshed the page (F5 in most browsers).

The root of this problem was that browser cached the CSS stylesheet on their own, without making HTTP requests to check for changes. Since serendipity uses URL rewriting to achieve pretty URLs for stylesheets, this interfered with the one-time caching of stylesheets, even though their contents changed.

As a workaround, I've just committed a fix to our repository of the nightlies and an upcoming 0.9.2 maintenance release. This change makes the plugin always use a URL that contains the name of the stylesheet, and thus works around the caching issue by emitting individual stylesheets.

Theme requests wanted!

Since Carl has been so hard-working on template ports the past time, he now feels quite well (and comfortable) with Serendipity's cool templating and customization features.

He has asked in a forum posting if there are any theme requests from users, for any theme ports or special ideas. If you have a wish, please go to the forums and post there. I'm sure Carl will have an open ear for you all.

Many thanks to Carl for being so generous with sharing his creativity!

Serendipity in Space Stations

We got word from a fellow Serendipity user, who told us how happily he is using Serendipity:

I use Serendipity on a lot of my blogs, and I know it is simple to use and reliable as a result of the work you the rest of the project have put in.

I picked it up and used it for the GIOVE-A satellite launch, this is the first satellite of the new European satellite navigation system Galileo which is similar in principle to GPS. The launch was scheduled to take place on Boxing day, 26th December but may be delayed.

It is all exciting stuff, so I reckon there are lots of people like me who use Serendipity and think this would be pretty cool too. I'm using the remote RSS reader sidebar plugin to pull in an RSS feed of press releases, other self-confessed tech-heads may wish to do the same with the blog feed - this doesn't happen every week!

The site will be displaying a live countdown to the launch and provide background on the the Gailileo project, podcasts and links to live video footage. Using the categories sidebar I have provided a variety of feeds for journalists, tech-heads and team members to keep up with events.

Anyway, I'd like to thank Serendipity for making this possible and let's spread the word!

URL: http://www.engineeringbritain.com/space

I will gladly write a more in depth "success story" for the S9 project at a later date.

Best Regards,

Robin Wolstenholme MEng MIEE MIEEE

Thanks a lot for sharing your experience, and we wish you all the best with the project!

A Community Rating plugin

I recently met with a friend and Serendipity user, Lewe. Since we both are die-hard movie freaks and often rate our movies, we thought about a mean to ease up our rating and IMDB integration scheme.

First we used the cool Custom Fields feature of the entryproperties plugin to insert our Rating numbers and an IMDB link. But then I took a different approach, and put all of that functionality into a plugin called Community Rating.

The result is a versatile rating plugin, which cannot only rate movies but also amazon titles or anything other you can think of. It's smarty template driven, so that you can differently style each rating type. It can convert your rating numbers into rating images.

And the actually coolest feature is, that it can share your ratings based on the ID (like an IMDB movie ID) and export your rating as a XML file over the web. This file can be read by the plugin on any other blog, and embed your own ratings on that page. With the owner of that blog having the full ability to style and change the display of your rating any way he likes!

So now, I embed my own ratings on my movies - and in case Lewe has also seen that movie, his rating will be shown below mine. Ain't that cool?

The plugin has a good documentation delivered in a README file, and is available in CVS and also via Spartacus. Have a try!

UPDATE: - Look at Lewe's blog and for more examples of this plugins' use

Favatars, Gravatars and Trackbacks

It seems that as a new mean against trackback spam, several blogs tend to use HTTP redirection for Trackback URL endpoints. Serendipity did not yet support this, since it didn't follow any HTTP header redirections.

This has been changed in recent snapshots of Serendpity 1.0-alpha, were we now utilize the PEAR HTTP::Request class to send trackbacks, which is able to follow HTTP redirections. Together with the plugin for sending manual trackbacks to specified URLs, this now allows you to again trackback to any blog that supports trackbacking.

Please have a try with those recent nightlies, if you are currently experiencing problems with sending trackbacks!

The other news is about the Gravatar plugin. A fellow user, Mattsches, sent me a patch for a favatar plugin (avatar icons based on the commenting user's homepage URL favicon). I took that one and implemented it into the existing gravatar plugin, which is now able to support both Gravatars and Favatars. It even uses a fallback method to use the other avatar type, if the first one failed. And of course it caches the results, so that your blog does not need to open many outgoing connections.