serendipity_event_freetag: Plugin update, XSS bug

Thanks to Stefan Schurtz, who reported a XSS issue in the serendipity_event_freetag plugin (SSCHADV2011-004). The issue was fixed in version 3.22 of the plugin, you can fetch the update through Spartacus or download via

The bug was introduced in version 3.20 of the plugin. Users of the plugin should upgrade, as it allows malicious users to trick people into visiting a specially crafted link on your blog to steal cookie login information for example, if you click on such a link.

New Plugin: Disqus comments

Even though the comment integration is easily integratable inside a serendipity template already, the need for a specific plugin was raised on the forums.

serendipity_event_disqus is now available on Spartacus and provides exactly this - a plug and play component to enable disqus comments on your blog, and it even allows you to only use this system for more recent blog entries, so that your old comments can be preserved.

Currently the plugin hides the Serendipity-internal comments and trackbacks through CSS. The plugin provides instructions on how to modify that, if you have a custom template.

Have fun using the plugin, and if you have issues or recommendations for it, feel free to discuss this on the Serendipity forums. :-)

Podcast plugin update

The podcast plugin has recently been improved to offer a much more flexible configuration with custom player and HTML5 audio/video support. The flowplayer has been added as a new, more flexible flash-video player replacement.

You can now specify custom feed options, and the RSS podcast format should now be iTunes compatible., as well as the Flowplayer replacement for Flash-Videos. Also, custom feed options that you can add to the RSS-Feed (rss.php?podcast_format=XXX) allow you to filter the enclosures only to specific file extensions.

The update should be compatible to older versions so that you can simply use the new features. If you customized any of the player files, you can now do that much easier through the configuration; be sure to backup any files you might have changed before upgrading.

Please report any issues you might have with this updates on the forums!

Bugfix for Cronjob plugin

It has come to our attention that the Cronjob-Plugin (serendipity_event_cronjob) has a bug that prevents it from properly detecting the next scheduled update time. This bug has been fixed in version 0.6, which should now be available through Spartacus and usual means.

If you use this plugin, this is a required update to ensure it's proper function. Thanks to Matthias2 from the forums for reporting this to us.

Flattr Plugin

Flattr is a new service that is up and coming the last days in the blogosphere. Their service offers a social micropayment platform that lets you show love for the things you like..

The service allows normal people (consumers) to create an account, where they can deposit a certain amount of money. Whenever they appreciate a blog entry, an image, a video or any other content they see on a flattr-enabled website, they can easily click a link to add support to this website. At the end of a certain period, the deposited money is distributed among all the authors of things, that the consumers liked.

In first regard, this is not really a service to get paid from, but rather a service to spend money on. The modern web has become more and more of a place where people expect free high-quality content. Now it's time to remember, that quality content is not something that has been free for all people all of the time. This is a new phenomenon of the internet, and people work hard on offering this content, just on their own and to contribute to mankind. With flattr, you can show appreciation for those great deeds, by giving something back to things that wouldn't otherwise be there.

This is a bit in the spirit of the early Paypal-donation days, but with a twist: The distribution of a specific deposit and the easy way to "bookmark" interesting things to rembemer them once a fresh billing cycle arrives. It's a bold move in the opposite direction that Facebook just recently went with their global "I like" method. Flattr not only gathers the information, but enables the originating authors to notice that other people appreciated their work.

Much ado about something, a plugin to this Interface from within Serendipity is mandatory. Even though the API of Flattr is terribly easy to implement with a small javascriptlet, the Serendipity Plugin does have its unique usage scenarios:

  • You can decide on a per-entry basis if you want to announce a blog entry for appreciations.
  • You can enter the metadata (language, category, description) seperately for each blog entry (inside the usual blog entry administration).
  • If you don't provide specific information, the globally entered fallback will take effect and is used for flattr-submission. Like if you did not specificy a custom category for a blog title, the global category will be used.
  • The flattr-Badges are integrated within the RSS-Feed (for javascript-enabled RSS readers)
  • When using the Freetag-Plugin, its tags can be automatically used as flattr-tags - or you can override them with custom tags.
  • The plugin allows you to place the badge either inside the entry footer, the entry body or even place it in a custom Smarty template variable so that you can place it anywhere.

The plugin is available now on Spartacus, or for direct download. Just unzip to your plugin directory, and enable the event plugin inside the Serendipity plugin management interface.

Feedback on how to improve the plugin is welcome, preferrable on the Serendipity Forums.

Improvement of Static Page plugin

(Deutsche Übersetzung gibt es auf meinem privaten Blog)

A huge issue of Serendipity's Static Page-Plugin has always been its visual presentation of the editing screen:

Voices have been raised in the past to dust up this interface, which is why I worked on it at the beginning of this week, and committed my changes already to the official plugin repository (

Technically, the changes are quite minimalistic und quick to implement (2 hours of my life time). But the impact is huge:

Starting as of now, static pages can be created and edited using a customized smarty template, plus a static page can now have custom properties, similar to blog entries.

By default, a template file saved as backend_templates/default_staticpage_backend.tpl is shipped with the plugin, in which the distribution of the input fields is contained. There is a new smarty helper function ({staticpage_input}) that takes care of accessing the usual introspection methods for emitting the default list of data fields.

Own templates can override this template file by putting it in their template subdirectory, so that you can now have your own editing masks depending on the currently used template. This should be a blessing for magazine-like templates such as Mimbo or Hemmingway.

You can also store multiple template files inside this backend_templates directory, so that they all will be available from within the selection dropdown of the interface. For our veterans, the old list-style view is still available, of course.

An example for saving custom fields for static pages is also contained within the default template, but is commented out so that you must manually enable it. All custom fields need to be implemented through usual HTML form elements, and need to save their values inside a serendipity[plugin][custom][XXX][ fieldname. Once entered, the data will be automatically saved inside the serendipity_staticpage_custom database table, and will be available through {$staticpage_custom.XXX} when later being displayed in the frontend.

This way, you can easily add new custom fields for a staticpage which could decide, which CSS-Body-ID to use for rendering the page. Or you could specify, which sidebars you want to see when a certain staticpage is rendered. Or specify a custom header image for each staticpage. Sky's the limit!

This all vastly improves Serendipity's CMS-abilities and even more pushes it into a custom CMS-Framework, where you can manage any kind of customized content.

I hope you like it. :-)