Development - 8 – Serendipity

The Serendipity Team is proud to present the final release of Serendipity 1.6. We are steadily walking towards a Serendipity 2.0 release and would be happy about any developer who may want to join our cause. The list of things is available on http://www.s9y.org/238.html and open for discussion on the Serendipity Forums.

This new version mainly covers:

• Bundle jQuery by default to enable plugin and template authors to easier provide extended functionality to the frontend
• Support for templates, so that they can also use config-groups like plugins already have (added to bulletproof template)
• Templates can now enable core-provided options like a global navigation setup
• Fixed a bug in the automatic media database synchronization that did not properly add new files with the same basename but different file extensions
• Added a .htaccess parameter to prevent IE9 CSS-trouble
• API changes: Added "shortcuts" to commonly used constructs (language loading, hack protection)
• Several minor feature additions in plugins (Karma, Akismet, Mailer) and the core (comment subscriptions, multiple comment moderation)
• Fulltextsearch improvements with "*" expansion
• Added a "hidden" option for specific author groups, so that their members are not revealed on usual author listings by plugins etc.
• Fixes a backend XSS issue in the karma plugin and media database filtering, thanks to Stefan Schurtz!

The current release can be easily installed on any previous Serendipity installation. Just unpack, upload and visit your admin panel to perform possible database upgrades. Upon first login with an old password, Serendipity will store your old password in the new format - please be sure to make a backup of your Database prior to upgrading, and read the upgrade pointers on Upgrading Serendipity.

Also, this release marks our move from the closing BerliOS service (thanks for the great service during those years) on to our new GitHub repository. Contributions are welcome of course!

Have fun using Serendipity, and let us know on the Forums if you have any issues!

This is just a reference posting to indicate something important going on. Please read here on the process of the Serendipity source code repository being about to move to GitHub

Read the posting on the s9y forums

Christian Boltz notified us and provided a patch to fix the spartacus plugin properly being able to retrieve remote files. This became necessary when SourceForge.net changed their underlying structure.

If you are using Spartacus, you have several possibilities to fix this issue for you:

1: Manually download the updated plugin file plugins/ serendipity_event_spartacus/ serendipity_event_spartacus.php from here: serendipity_event_spartacus.php for Serendipity 1.6 / Development, serendipity_event_spartacus.php for Serendipity 1.5.

2: You can also simply configure your spartacus plugin and enable the use of Netmirror.org, or you can enter a custom mirror: http://php-blog.cvs.sourceforge.net/viewvc/php-blog/|http://netmirror.org/mirror/serendipity/

3: You can also simply edit your serendipity_event_spartacus.php file and replace all 2 occurences of the string *checkout* with viewvc.

Thanks to Christian for notifying us!

It has come to our attention that the Cronjob-Plugin (serendipity_event_cronjob) has a bug that prevents it from properly detecting the next scheduled update time. This bug has been fixed in version 0.6, which should now be available through Spartacus and usual means.

If you use this plugin, this is a required update to ensure it's proper function. Thanks to Matthias2 from the forums for reporting this to us.

The Internet Explorer 9 has been released a few days ago. It's a great improvement over old versions, despite of one mayor breakage.

Usually, a web-browser requests a CSS URL with a variety of HTTP-headers. The "Accept" HTTP-Header instructs the remote server, which valid content-types it can handle. In the past, most web-browsers sent a "Accept: text/css; */*" header, which means they prefer "text/css", but would also interpret any other file types as CSS.

Now, the IE9 does no longer send */* as an accepted content-Type, thus it will now ONLY render stylesheets if they have the Content-Type "text/css". If that does not happen, IE9 complains with a "HTTP 406" error and refuses to parse/render the stylesheet.

That does not sound so bad yet, but many web-applications (including Serendipity) provide dynamic CSS stylesheets that hide behind a PHP file. Serendipity compiles this PHP through a file called "serendipity.css.php". If URL rewriting is enabled, to mask that PHP file, a RewriteRule is added that will accept "serendipity.css" and send it to the main serendipity index.php file, which in turn will include serendipity.css.php and deliver the appropriate output.

Now certain Apache setups use a module mod_negotiation that will detect "Hey- there's a file serendipity.css.php, but the browser requested serendipity.css. He surely must be mistaken, I better serve up this serendipity.css.php file instead". Sadly, it does so, BEFORE executung mod_rewrite that would "fix" this behaviour.

Finally - mod_negotiate would basically properly execute the PHP file and return valid CSS. But it does that by returning a Content-Type that matches the original negotiated request, which is "application/x-httpd-php". IE9 will receive this, and refuse to render the proper CSS, because it does not accept */*.

IMHO this is a very bad mixture of several components acting weird altogether. But the easiest place to fix this is inside IE9, to restore the "Accept" behaviour of all other major browsers, so that mod_negotiated sites will not break.

I have posted on a IE9 Team blog since it seems, Microsoft does not accept bug reports anywhere. If anybody knows of a proper place to get a hold of their team, please let us know.

FINALLY - WHAT YOU CAN DO IF THIS AFFECTS YOUR SERENDIPITY BLOG:

Edit your .htaccess file, and add the directive Options -Multiviews at the top of the file. As long as your server has the AllowOveride ability enabled for you (that's mostly the case, as soon as you are allowed to use mod_rewrite) you can remove the negotiation feature of Apache.

This change in the default .htaccess will also be part of upcoming Serendipity versions.

Clarification: This is not only IE9's fault, but rather a bad combination of multiple factors: One being that s9y has a .php file called the same way like a rewritten URL. One being that mod_negotiate does not pass a request through to mod_rewrite and fatally catches it before other means are not used up. And the last being that IE9 does not accept a fallback contenttype for CSS.

The reason why I think this should be considered a IE9 bug, is because the restrictive parsing stats against current plans to make the web as accessible as possible. XHTML actually failed in its restrictive, XML-based parsing (google mime-type application/x-html+xml) was stomped down in favor of a lax HTML5 parsing. Users should never be locked out of content, and that's why I think a fallback */* should not hurt. This allows for applications to overcome mod_negotiate and allows the browser to evaluate the final Content-Type, and not an intermediate negotiated one.

Onli has contributed a new plugin to spartacus, called serendipity_event_autoupdate. It is currently very much in experimental state and is meant to aid in the process of upgrading Serendipity (which already is quite easy, but automatic might even be better, right?).

If you are interested in this feature, now is the time to help develop it! Please give Feedback to online (german) or directly on the corresponding forum thread.