Plugins - 8 – Serendipity

I was pretty annoyed to see, that even though Serendipity is meant to be a blogging framework, there was no functionality to call a "print and fetch entry" function available within Serendipity.

Obviously, everyone was able to print his entries in a "blog-mannor" up today, with the default options to fetch and display entries. You had a lot flexibility by tweaking the entries.tpl template or by using Plugins. But now, we've taken it a bit further:

"More Power to Smarty" vollständig lesen

Thanks to a user on the Forums I was notified of an arbitrary Header injection issue of the "Mail Entry" plugin. This plugin is only available in our additional_plugins repository and neither bundled nor installed by default, and a not frequently used plugin (according to the forum messages). In this plugin it was possible for spammers to inject arbitrary E-Mail header fields into an email that was passed to the PHP mail() function. This can lead to your server being used as a SPAM or phishing mail relay. It does not affect compromising SQL or author data or makes your blog as such insecure. Many Mail servers also do not let spam mails like these go through, if they make apply some level of relay checking. The additional_plugins repository contains several plugins from other people, for which the Serendipity developers can only taken a ground-level of responsibility. We leave much of the responsibility up to the authors, even though we perform several tests on new plugins, and we are very sorry for this security issue in the plugin. We strongly advise plugin authors to use the serendipity_sendMail() function to send E-Mails, which applies some validation of E-Mail headers. Version 1.20 of the plugin has just been committed and can be fetched from CVS after the usual SourceForge anonymous lag of about 24 hours. Users of that plugin are urged to either remove that plugin or temporarily deactivate it until they have upgraded to the new version.

I've committed two new plugins to the repository. First the serendipity_event_markread ("Show read/unread state of entries for visitors"), which is a plugin that allows to you mark entries as read for your visitors. Just as the description says *g*. This is very usable for aggregator-sites; the plugin offers new smarty variables (look at the PHP code for info) so that you can custom style your entry layout depending on the read state of an entry.

You could, for example, show the extended body for all unread entries, and only show the first 20 characters for all read entries. Use the power!

The read state is saved in an additional DB table and sets a cookie to remember your visitor ID. If you're a registed author/user of a blog, it will set your cookie in a way that you can also log on to other computers where the read state will also be carried over to. As anonymous user, your read-state will be per-computer.

The second plugin is serendipity_plugin_showentries ("Show entries in sidebar"). It allows you to show an entry listing with body texts and so on of certain entries inside the sidebar. You can show entries of a specific category there, which makes it great for moblogging sidebars, where you can fetch all entries of a "Moblog" category

Have fun and a nice weekend, Garvin

As a response to a Feature Request from Karotte, I have just committed an enhancement to the entryproperties plugin to 0.9-beta3 of our SVN (which will hopefully be turned into a 0.9 final at the end of this month).

The plugin configuration has now been altered so that you can add a comma-separated list of custom fieldnames, which you can then fill in when creating an entry.

That means, you can create two custom fields called Listening and Playing (don't use whitespace or special characters for fieldnames). Create an entry, and fill in values for those two fields. Now edit your entries.tpl template and place the Smarty Codes

Now listening to: {$entry.properties.ep_Listening}
Now playing: {$entry.properties.ep_Playing}

anywhere you like inside the entry loop. Remember to prefix your property keyname with ep_. Then you'll see those fields at the place you configured. You can also add the usual Smarty markup to check if a variable is empty, and add some DIV or other tags to surround your output.

This brings Serendipity a bit closer to CMS-features, once again. :-)

(The SVN nightlies will be built tomorrow, containing the new patch. SVN checkouts contain the change already at this time - users familiar with SVN only need to fetch the plugins/ serendipity_event_entryproperties/ serendipity_event_entryproperties.php file)

Surely to the delight of many Smarty-Users, the categories plugin has now been made to work with Smarty templates in latest 0.9 nightlies. It can now also count the numbers of entries per category. Both options need to be enabled in the configuration of the internal categories plugin.

Also new for 0.9 versions, I have modified the Spamblock plugin today. It now allows you to one-click add an author or URL to the content filter from within the "Comments"-Admin section. This allows you to adapt your own list of filters as you go. Also the spamblock configuration is now reachable via the Comments section quite easily.

Quite a few people have complained in the past, that the output of the categories plugin is not themable. Even though this has its reasons (using smarty for that process is a bit overkill in terms of performance), I took some time to make the categories plugin of the 0.9 branch (beta2, currently) be able to use Smarty templates.

You can now enable this in the configuration of the plugin and make your own "plugin_categories.tpl" just like you can have your own "plugin_calendar.tpl" right now.