Development - 11 – Serendipity

The first release candidate for Serendipity 1.4 can now be downloaded.

Serendipity 1.4 mainly addresses improvements in the now Double-Opt-In comment subscription (plus support for fulltext comment notifications) and ships with a new bundled default WYSIWYG editing component (Xinha, the successor of HTMLArea). This new component is more reliable and cross-browser capable than the old version, by still supporting everything that worked with HTMLArea previously.

Things that are visually noticeable include a new "widget-style" configuration option for the "Entryproperties"-Plugin, so that you can arrange and enable/disable each feature of that plugin to your own liking. Also you can now configure each sidebar plugin directly from your frontend.

Also, the Bulletproof has now been promted as new default template, imitating the design of the previous default template - but offering a now completely new distinct default look to the admin panel.

The Remote RSS-Feed sidebar plugin now is templated, so that you can achieve distinct look for certain feeds on the sidebar.

Serendipity also addresses some minor bugs usually only affecting very special environments. Other changes include new PostgreSQL ts_vector fulltext search, comment approval-by-mail for the spamblock plugin, better HTTP header status updates for CGI environments. For developers, some API improvements and new variables/parameters have been added. The performance of the entryroperties plugin can be enhanced by new configuration options that let you fiddle with the involved SQL generation.

The complete list of all changes is documented within the docs/NEWS file of the release. This serendipity release is also the first one to include checksums to verify your installation integrity.

Updating is easy and documented online: Just upload the new files onto your web, possibly refresh/purge your browser cache (and if you upgrade from Serendipity older than 1.2, you might need to purge your old cookies), go to the admin panel and you're done. For shared installations, make sure all deployed htmlarea directories are updated with the new files (if not, the old htmlarea will still be there, not Xinha).

Also, the new version contains release checksums. This makes sure that the files you uploaded correspond with the checksums generated through the release. This way, bad FTP uploads will no longer be driving you nuts. If this makes any trouble for you, try to upload the files in BINARY mode in your FTP client.

Please report any trouble with this new release candidate on the Serendipity Forums or here on this blog. Even though we find this release quite stable and generally believe it production ready, feedback is much required. If all goes well, the final version will be released in december.

For the future, Serendipity is still planning on minor and major features. We always keep a close ear to the wishes of our users, some of those that cannot be solved instantly have been documented here: Future of Serendipity. If you're a developer or designer, and want to help in proving that Serendipity is a flexible and easy to use Blogging/CMS-application - your help is needed and appreciated!

(Deutsche Übersetzung gibt es auf meinem privaten Blog)

A huge issue of Serendipity's Static Page-Plugin has always been its visual presentation of the editing screen:

Voices have been raised in the past to dust up this interface, which is why I worked on it at the beginning of this week, and committed my changes already to the official plugin repository (staticpage.zip).

Technically, the changes are quite minimalistic und quick to implement (2 hours of my life time). But the impact is huge:

Starting as of now, static pages can be created and edited using a customized smarty template, plus a static page can now have custom properties, similar to blog entries.

By default, a template file saved as backend_templates/default_staticpage_backend.tpl is shipped with the plugin, in which the distribution of the input fields is contained. There is a new smarty helper function ({staticpage_input}) that takes care of accessing the usual introspection methods for emitting the default list of data fields.

Own templates can override this template file by putting it in their template subdirectory, so that you can now have your own editing masks depending on the currently used template. This should be a blessing for magazine-like templates such as Mimbo or Hemmingway.

You can also store multiple template files inside this backend_templates directory, so that they all will be available from within the selection dropdown of the interface. For our veterans, the old list-style view is still available, of course.

An example for saving custom fields for static pages is also contained within the default template, but is commented out so that you must manually enable it. All custom fields need to be implemented through usual HTML form elements, and need to save their values inside a serendipity[plugin][custom][XXX][ fieldname. Once entered, the data will be automatically saved inside the serendipity_staticpage_custom database table, and will be available through {$staticpage_custom.XXX} when later being displayed in the frontend.

This way, you can easily add new custom fields for a staticpage which could decide, which CSS-Body-ID to use for rendering the page. Or you could specify, which sidebars you want to see when a certain staticpage is rendered. Or specify a custom header image for each staticpage. Sky's the limit!

This all vastly improves Serendipity's CMS-abilities and even more pushes it into a custom CMS-Framework, where you can manage any kind of customized content.

I hope you like it. :-)

When I started working on Serendipity about 5 years ago, this happened mainly because of a personal itch to scratch: I wanted to see my personal blogging and CMS-needs fulfilled on my own page.

Since then, development of Serendipity was mostly caused by my personal thoughts of usable features, and of course the wishes of this community. In my oppinion, this has worked out quite well, the features of the past years have been received well by you.

Despite of that, this also means that Serendipity does not have an outlined Feature-Agenda.

The differentiation of Serendipity against other blog engines is quite important to me. Serendipity cannot and willnot be a WordPress-Clone, but fills its own user base: A lean base system with strong expandibility, secure and bugfree code basis and workflows/usage methods close to the user. A 'bottom-up' development process is my favouriteed variant, as a Developer I would never want to push features into the product, that have not been mentioned by users (=non-developers).

For the next Serendipity 1.4 version I am still missing a few new useful functions, which is why I would like to ask the community, which things you currently miss most, or in which places see strong indicators to put work into. Because this is, where I would like to improve things.

Please write down your wishes and ideas for the future of Serendipity. This entry has also been posted on the Serendipity Forums, where it can be easily commented.

As of today, the netmirror.org server seems to be having a hiccup. The serendipity Plugin Spartacus by default requires this server to provide automatic plugin and theme updates and downloads. The inavailibility of this server can lead to timeouts and not being able to install new plugins.

The issue should resolve itself once netmirror.org is up again. Temporarily you can either reconfigure your Spartacus-plugin to use the SourceForge-Mirrors, or completely disable the Spartacus plugin. Using the s9y.org mirror will not help you, as this server is currently not hosting any files.

I will post an update once the server is up again. Sorry for the inconvenience.

Serendipity 1.3 has finally been released. The new release is mainly a feature consolidation release, but also contains XSS security fixes:

• The karma rating plugin has been upgraded to support nice, CSS-based rating graphics (see this post) and an overall rehaul on the its coding.
• Make the Spartacus plugin be able to use FTP upload, a workaround for SafeMode PHP restrictions. Also add a remote backend for plugin update checks.
• An importer for phpNuke and lifetype has been added.
• Support for pingbacks has been improved a lot. Trackbacks can now be blocked based on Sender IP checks.
• Add better CSS styling for some internal plugins and the embedding of images. Also made the Remote-RSS plugin to be capable of Smarty-Templating.
• Increased Smarty templating features for the {serendipity_fetchPrintEntries} function, to be able to check for entry properties.
• Add support for SQRelay.
• Minor CSS and graphic updates to the Bulletproof template.

The full list of 41 changes to this release are documented within the NEWS file.

Regarding Security, the bundled Smarty library has been updated to version 2.6.19 and adresses an issue in environments where the PHP security mode is required. Also, the new Serendipity release contains tighter backend XSS checks so that environments with untrusted authors can be more secure - many thanks to Hanno Böck for addressing this. Most importantly, an issue with XSS attacks within received trackbacks has been discovered by Peter Hüwe and was fixed.

The update is easy as usual, and recommended for Serendipity users - especially if you do not regularly moderate or check your incoming trackbacks.

Upgrade pointers can be found in the FAQ and is as easy as just to upload the new files.

Have fun!

Serendipity 1.3-beta1 has been released. This beta is considered a release candidate before the final 1.3 release, which is scheduled to be released at the end of this month.