Development - 13 – Serendipity

For Serendipity, only the frontend (what the visitors see) could be subject to Smarty-Templating. One reason for not utilizing these features in the backend was to maintain stability, ease of change for core developers and reduce migration woes so that the Admin Backend would always be accessible.

What we have now added to the Serendipity 1.2 snapshots (that will soon become public beta and a final release in late Summer) is functionality that allows you to template the backend layout as well as the 'New/Edit Entry' screen. Other functions like category manager, plugin manager etc. will remain hardcoded and eventually changed, because most of their look can already be controlled with CSS only.

To maintain stability and prevent migration problems where Smarty might not be initialized, Serendipity can fall back to the usual PHP-only backend. This is done using a tricky session variable scheme - when Smarty cannot be loaded, a session variable is set, and on the next page call, this variable will force the Serendipity framework to use the fallback routines. Nifty stuff. :-)

Please try out the new theming possibilites and give feedback. The default admin stylesheet can be found in the templates/default/admin/index.tpl and templates/default/admin/entries.tpl templates, and can be copied to your own theme directory as usual.

Due to a bug in PHP 5.2.2, the Serendipity XML-RPC plugin will no longer work, because PHP does not initialize a required variable correctly.

The bug is listed on PHP.net here and has been fixed in their CVS already. To fix the problem in Serendipity you will need to either update your PHP installation, or downgrade to the previous version.

Since this bug happens at a place where Serendipity has no possibility to interact, the bug cannot be circumvented by the XML-RPC posting plugin, and your provider definitely needs to upgrade PHP as soon as it will be out officially.

rrichards from the forums published his first public OpenID-Plugin results. Check out this thread on the forums. If you're interested in testing the plugin or are interested in OpenID, please give it a look and report about it.

Many thanks to rrichards and all volunteers!

As you might have read in the Serendipity 1.1.1 release announcement, we have a fundamental code change in Serendipity 1.2 concerning the authentication theme.

Those changes were discussed in this forum thread

It basically evolves around those things:

1. Introduce a new, first event hook that can be fired to authenticate external users.
   
   
2. This new event hook requires to execute a plugin before the whole language system is initialized, and thus language preferences have been fetched. To accomodate this, a new cookie has been introduced that defines the language your used has chosen.
   
   
3. A new HTTP / HTTPS session sharing system is now in effect, which allows you to login via HTTPS and be able to work using the HTTP connection and be recognized as logged-in.
   
   

Those changes might introduce new glitches, especially in environments where HTTPS is used, and/or the multilingual plugin features.

Everyone using such an environment, please download a recent Serendipity 1.2 snapshot and try it out on a test-system. You can easily clone an existing installation of yours by copying all files to a second directory, copying the database tables to a different table (or with a different table prefix) and then uploading the Serendpity 1.2 Snapshot to that dummy directory. After your login to that new installation, change the path locations in your Serendipity Configuration and you can test the new install with the data of your production blog.

Your help is much required to ensure the stability of Serendipity. Any problems you face that did not previously show up in older Serendipity versions should please be reported on our forums!

Many thanks go to rrichards_ from the original thread, who implemented the new functionality that will hopefully ultimately lead to OpenID integration into Serendipity. :-)

After the well-received Serendipity 1.1 release, we put our ears to the community and searched for any bugs left. Luckily, those were very few (like the IIS server cookie bug) - we didn't at first believe it, so we let some time go by to be absolutely sure there were no other things to fix before issuing a maintenance release.

And here it is now: Serendipity 1.1.1 is a bugfix-only release to fix these reported issues:

• Windows IIS server cookie/session authentication problem when not running via HTTPS
• Change execution order of trackbacks to properly send them when a failure occurs
• Display proper plugin permissionship restrictions when the admin user is not part of the group that is restricted
• Fixed a bug that some plugins were not able to properly execute in the entry detail view

This is not a security-related upgrade. You only need to apply it if you think you are affected by any of the bugs listed.

Meanwhile, we continue to work on Serendipity 1.2 for feature improvements. Together with helpful users of the forum we are currently working on improving the authentication/plugin API sequence to better support future plugins like OpenID. Any help is appreciated, have a look at the forum thread. Also we are working on improving the Spartacus API, PDO::PostgreSQL support has been added, spamblock plugin improvements and some tweaks to the permalink system.

You can download the new version (or a recent snapshot of Serendipity 1.2) as always on our Download page. Detailed upgrade steps are explained in our FAQ, but it's as simply as: Download, extract, go to the Admin panel. :-)

Have fun!

Some users have reported on the forums that they had login problems to their Serendipity Admin suite since the upgrade to version 1.1.

Thanks to the help of Shadowin it was discovered that a problematic $_SERVER['HTTPS'] variable setting by the Windows IIS Server caused this. According to the PHP documentation, $_SERVER['HTTPS'] should only contain a non-empty value in case of enabled SSL/HTTPS connections, in which case Serendipity would issue a "secure" cookie.

To fix this odd behaviour in Serendipity 1.1 you need to open the file include/functions_config.inc.php and replace the line

$secure = !empty($_SERVER['HTTPS']) ? true : false;

with

$secure = (strtolower($_SERVER['HTTPS']) == 'on') ? true : false;. Also replace this line in the file serendipity_config.inc.php:

if ($_SERVER['HTTPS'])) {
  @ini_set('session.name', 'SSLSID');
  @ini_set('session.cookie_secure', '1');
}

with

if (strtolower($_SERVER['HTTPS']) == 'on') {
  @ini_set('session.name', 'SSLSID');
  @ini_set('session.cookie_secure', '1');
}

This will use a more stricter check. For people who are afraid to edit that file, simply download this file and replace it with your current include/functions_config.inc.php file. Also please download this file and replace it with the 'serendiptiy_config.inc.php' file.

A fully patched 1.1.1 version will be made available later, when we have made sure that there are no other bugs left. So far, the 1.1 version has been received very stable by the public! Thanks for improving Serendipity through your reports and help!