2024-04-07: FlatPress 1.3 "Andante"
- FlatPress 1.3 runs under PHP up to 8.3; minimum required PHP version increases to 7.1.
- Also, the PHP extension intl becomes mandatory.
- Template engine Smarty updated to version 4.3.1 (#94, #227)
The Smarty API has changed significantly from v2 to v4 - please make sure your themes and plugins continue to work with the new Smarty version! - Added SECURITY.md
- README: added "help and support" section
- Re-activated useful "Stats" panel in Admin Area / Entries
- "Follow on Mastodon" added as an alternative to X (Twitter) in the welcome entry
- PhotoSwipe plugin added: Displays images and galleries with PhotoSwipe (#109, #253, #255)
- Gallery captions plugin added: Manages image captions for gallery images (#108)
- SEO Meta Tag Info plugin added: Manages SEO meta tags (#145)
- FlatPress Protect plugin added: Adds HTTP headers for hardening your blog (#146)
- DateChanger plugin added: Allows you to change the publication date for (new) entries.
- Feed plugin added: Displays the RSS and Atom feed via a widget (#317)
- CookieBanner plugin added: Discreet reference to the use of cookies (#325)
- Emoticons plugin added: Allows accessible emoticons via an editor toolbar. Suggested by @DeltaLima
- Support plugin added: Support data for the FlatPress admin and the community can be accessed via the admin maintenance menu.
- jQuery plugin: Updated jQuery (3.5.1 => 3.6.1) and jQueryUI (1.12.1 => 1.13.2)
- Media Manager plugin shows 50 items per page, not 10
- BBCode plugin: Added "h4" icon to editor toolbar (#201)
- BBCode plugin: Facebook-Video now uses the latest video player API and the lazy loading mechanism of the browser; also now has localized languages with language tag (#252) - see also https://developers.facebook.com/docs/javascript/internationalization
- BBCode plugin: Added optional "target" attribute to the "url" element - (PR270 by @sjustesen)
- Comment center plugin (Akismet) revised to enable a more understandable operation (#273)
- Comment center plugin: The admin must authorize comments (set as default) (#101)
- Removed Akismet plugin: Akismet spam check is already included in the comment center plugin.
Before updating FlatPress to 1.3, enter your Akismet key into the Comment Center plugin, and delete the Akismet plugin.
- LastCommentsAdmin plugin will not even attempt to delete or rebuild LastComments caches if LastComments plugin is not available (#43)
- Comment Center plugin: Fixed errors on the config page (#90)
- Comment Center plugin: Fixed error on sending mails with umlaut subjects (#211)
- Akismet plugin: Fixed PHP warnings (#83)
- BBCode plugin: Allows local video files ("attachs/video.mp4") and outputs valid HTML (#192)
- BBCode plugin: Initial settings after fresh install shown correctly (#102)
- Calendar plugin: Fixed incorrect text output when Russian is set as language
- Footnotes plugin: Compatibility with Markdown plugin established (#322)
- PrettyURLs plugin: Works properly again with non-Latin characters in entry titles and category names (#281)
- Reworked Installer (#266)
- Image files, which are not used by the installer, were removed.
- In the setup CSS, unused IDs, classes and incorrect references to fonts have been removed.
- The installer header now shines in a simple FlatPress style.
- Added missing language files for Greek, Spanish and French (#214)
- The installer tries to write permissions recursively for owners and groups, which had to be done manually before.
- Setup determines local time zone and UTC offset automatically (#99).
-
Reworked "Leggero v2" style, Admin Area now responsive (#259)
- Adjusted the alignment of the calendar widget and the search widget
- The theme now adapts better at screen widths between 720px and 768px
- Media queries were created for individual device classes (smartphone, netbook, laptop and PC) in order to achieve a better display, especially for mobile devices
- The overall appearance is now not so angular/edgy
- A single PhotoSwipe image or a whole gallery is now centered in the responsive design (#150)
- BBcode videos are no longer chopped off in responsive design, but adjusted to the width and center aligned
- A left or right aligned BBcode video will now be centered if the screen < 960 px
- The BBcode toolbar adapted for a better display at the screen width of 640px
- The menu and submenu in the administration area now also has a "slightly" more modern design
- Template and CSS from Uploader > Gallery: image texts; button and table adapted to Leggero V2 style
- Text within the pre element is now printed completely by line break
- Fixes a problem in the admin area when rendering font-sizes in Safari, Chrome and Firefox (iPhone/iPad) (#256)
- Added "background-attachment: fix" -workaround for mobile devices.
- Admin area now has Leggero-v2 style background instead of white background.
-
Further fixes in "Leggero" theme
- All Leggero theme css files now comply with CSS level 3
- Fixed searchbox glitch in FlatMaas revisited style (#97)
- Fixed missing bullets in preview (#98)
- CSS of the Leggero style had some glitches on mobile devices
- Invalid HTML output fixed (#106, #156)
- Removed unneccessary external font resource (#112)
- "Add comment" link has its own line (#135)
- Removed legacy/invalid CSS (#133, #134)
- Fixed description of Leggero and Leggero v2 styles (#137)
- Obsolete bullet points removed (#136)
- Updated preview image (#139)
- Fixed comments date format (#237)
- Fixed several layout/CSS glitches (#140, #144, #201, #247, #249)
- Lucida Console [code] ... [/code] is now correct as a font in the CSS file
- In the admin area, the configuration panel has been revised
- Fixed vertical alignment of BBCode toolbar in write panel
- Removes obsolete acronym element in the language files and replaces it with the abbr element
- The menu bar in Leggero style is now centered if the screen width is less than 768px
- URLs to the wiki or other external pages are now opened in a second tab in the administration area
- External URLs in the administration area are now exclusively HTTPS
- The number of views is now also displayed for the active PostViews plugin when comments are locked (#346)
- Comments: "The Name and Comment fields are mandatory fields." should not be displayed if the admin is logged in. (#367)
- Added translation: Slovenian, Danish and Russian (#278)
- Reworked translations: Spanish, Portuguese, Dutch, and Italian
- Fixed wrong pt-br country code (#100)
- German translation for Comment Center plugin added (#148)
- Fixed not-yet-translated phrases in Blog view and Admin Area (#171), (#276)
- Contact form: Admin notification mail is now localized (#205)
- Setup tries to determine local language automatically (#197, #216, #262)
- The HTML of the installer now has a lang attribute in the html start tag to specify the language.
- BBCode plugin: Localized toolbar button tooltips
- Footnotes plugin: Hard-coded output now localized (#322)
- Admin comment edit panel: Error messages localized (#304)
- Plugin management page: Removed empty warning messages box
- Fixed error at prev link on first / next link on last entry (#95)
- Logout redirects to home page again (#119)
- Fixed disappearing non-Latin characters in page title (#49 and #91)
- Worked around strftime() marked as deprecated as of PHP 8.1 (#92) - thx @bohwaz
- Comments and contact form: Fixed error on sending mails with umlaut subjects (#207, #209)
- Added missing properties in order to prevent "Dynamic properties are deprecated" error under PHP 8.2 (#115)
- Admin maintenance panel: Check file access rights after reset
- Admin comment edit panel: Validation added (#304)
- Fixed broken links in the administration area
- After clearing the theme and template cache, the list of recent comments is rebuilt (#85)
- Possible XSS prevented: Session cookie missed the "secure" and "httponly" flags
- Proper check of uploaded files (#152, #170, #217)
- Possible XSS prevented: Admin Area URL (#153)
- Possible XSS prevented: Upload of misc. XML file types (#172, #178, #188)
- Directory browsing prevented (#174)
- Possible XSS in setup prevented (#176)
- Possible XSS in Media Manager plugin prevented (#177)
- Possible path traversal in Media Manager plugin prevented (#179)
- Possible XSSs in Admin Area prevented (#180, #183, #187)
- Possible XSS in comments prevented (#186)
- Possible CSRFs in Admin Area prevented (#64)
- Possible XSS in FlatPress Installer prevented (#220)
- Write permission for others removed by default (#173)
2021-06-19: FlatPress 1.2.1
- BOM in French language files lead to blank page in admin area (see #82)
- Added Dutch language pack by Macmee
2021-03-20: FlatPress 1.2 "Legato"
- FlatPress now runs smoothly with PHP 7.4 and PHP 8
- Performance: Lazy loading for images
- GDPR compatibility: Data of commenters are not stored in cookies any more
- SEO: Added XML sitemap for search engines (details)
- Leggero v2 is default theme (see #57)
- Leggero v1 is now responsive
- Updated Smarty to release 2.6.31
- Added CONTRIBUTORS.md
- BBCode plugin:
- Added image attribute "loading", default is "lazy"
- Enhanced [video] element accepts video URLs for YouTube, Vimeo and Facebook
- Added "mail" tag (replaces the Protected Mail Links plugin)
- Selectboxes of attachments and images in the editor toolbar are sorted by name
- jQuery plugin: Updated jQuery and jQuery UI to their current versions
- CommentCenter plugin is part of the FP standard distribution
- PrettyUrls and Comment Center are activated by default, LastComments and LastCommentsAdmin are not
- Protected Mail Links plugin removed
- Overhauled v0.812.2 fix for local file inclusion vulnerability (more details)
- Comments are sanitized properly (see #62)
- Uploader checks for forbidden files more carefully
- User password isn't hashed with MD5 any more (see #59)
- Mail adresses are accepted in a broader range (see #48)
- HTTPS URLs in the contact form are now handled correctly (see #55)
- Fixed redirects after login
- Fixed "syntax error, unexpected '['" bug, reported here
- Setup sets date and FP version for the freshly created static pages
- Annoying translation error in German language pack fixed
- ... and many more!
- Added French language pack by Marc Thibeault and Dimitri Soufflet, reworked by Gee
- Added Japanese Language Pack by NORTH HILL WORK STUDIO
- Added Brazilian Portuguese language pack by randy
- Added Italian language pack by Giacomo Margarito
- Added Spanish language pack by karelv
- Reworked German language pack by Detlef
2019-02-22: FlatPress 1.1 "Da capo"
- Languages added: Greek, German, Czech (feel free to send in your language packs!)
- Admin: Fancyfied editor toolbar with more BBCode elements
- Changelog: Missing releases added
- Plugin added: Protected Mail Links
- jQuery plugin: jQuery files are loaded locally now
- Readmore plugin: Now localized (feel free to send in your translation!)
- Searchbox plugin: Full text search enabled by default
- Footnotes plugin: Usage how-to added
- Lightbox plugin: Slimbox version updated, broken overlay fixed
- Security fix: Possible CSRF attack prevented (see details)
- Correct handling of special characters in URLs (see PR11)
- HTTPS allowed in comment URLs
- BBCode element "video" serves Youtube videos in iFrame instead of SWF object
- Leggero theme: No more mixed content warning (see #31)
- Update checker works with HTTPS URL (see #36)
2018-12-16: FlatPress 1.0.3.php7
First release after Edoardo handed over the project ownership to Arvid. "Emergency release" to bring FlatPress back to the present.
- Runs under PHP7
- HTTPS support
- Plugins added: Last comments admin, Media manager
2015-06-12: FlatPress 1.0.3
- This release fixes an XSS (CVE-2014-100036).
- Bonus: a new style for Leggero theme by @MarcThibeault and other UI enhancements by @MarcThibeault and @liquibyte
2013-12-11: FlatPress 1.0.2
Another bugfix release.
- Fixes errors in the rushed patched vulnerability in v1.0.1.
- Clears some issues with strict standards.
- Timezone now defaults to UTC. You can set your own time offset in the configuration panel of the admin area
2013-11-21: FlatPress 1.0.1
Bugfix release.
- Addresses Issue #3 http://www.exploit-db.com/exploits/29515/
- ...still to be documented...
- Rewritten bootstrap, index centralized
- New database backend (soon to be rewroked ;))
- New draft system
- New secure hashing algorhytms for passwords
- New widget system
- Post view count moved to plugin PostViews
- Rewritten main config file
- Allowing custom appearance for date/time
- New URLs (still compatible)
- Allow static pages as home
- mysite.com/flatpress/?random post goodie :)
- New PostViews plugin
- New favicon plugin
- New prettyurls plugin, supporting pathinfo! (check plugin for help)
- Added GUI to BlockParser
- Added GUI to Akismet F Fixed accessible antispam F BBCode now allows inline HTML (check plugin for help): this allows WYSIWYG lovers to install their favourite editor (e.g. TinyMCE, see the forum for more) F Modified and cleaned interactions of BBCode with thumbs and lightbox plugins F Lightbox shouldn't crash IE7 anymore F Akismet shouldn't timeout anymore U jsUtils is mootools 1.1 full (complete download)
- New GUI
- Allowing plugins to add panels
- Validating now without sessions
- New Widget GUI
- New Plugin GUI
- New Theme/Styles GUI
- New Options (formerly config) GUI
- FIXED: removed /test.php
- FIXED: version number
FIXED: typo in admin.entry.delete.php
- FIXED: XSS vulnerabilities in comments.tpl and contact.tpl
- FIXED: Backported from Crescendo+1 fix for XSS in $_GET fields
- FIXED: bug in static handling (THEME_LEGACY_MODE not checked)
- FIXED: Moved html escaping from default-filters to bbcode plugin
- FIXED: Added option to bbcode plugin to allow inline html! (no more ugly [html] tags! :)
- FIXED: severe bug with
- FIXED: smaller one with commslock
FIXED: several XSS vulnerabilities
FIXED: XSS in search.php
FIXED: input validation problems
Small bug fixes
- FIXED: bbcode: [u] tag missing
- FIXED: bbcode/syntaxhighlighter: [code=MY_SYNTAX] works again
- FIXED: fixed error handling with missing categories
- UPDATED: jsUtils : Mootools 1.11
- FIXED: URL issues with BBCODE
- FIXED: small issues with thumb plugin
- FIXED: spaces in file names are escaped as dashes "-" when uploaded
- FIXED: various bbcode issues
- FIXED: scale/width bbcode/thumb issues
- MDFD: now thumb creates a .thumb dir for each subdir of images/
- FIXED: leggero CSS
- FIXED: double entity encoding
- ADDED: (since RC1): when loggedin trying to open a non-existent static page will bring you to the "add new static" panel
- FIXED: plugin/bbcode: broken non-local urls
- FIXED: core/FPDB archive function: /?y=nn didn't work if a month wasn't specified
- FIXED: core/entry/cache : buggy workarounded function (see previous) is now fixed
- FIXED: core/users : session was not kept if user IP changed
- FIXED: core/rss : template now works, fixed core accordingly
- ADDED: core/rss : full content support
- UPDATED: plugin/jsUtils, upgraded to mootools 1.1
- UPDATED: plugin/lightbox updated accordingly to slimbox 1.4
- RMVD: temporarily removed prettyurls plugin (todo: remove from default config); I'm working to a newer cooler version, but it will require probably some changes in core, so no-go for this release
- ADDED: Lang/it-it: added some strings I forgot
- added: some entry/cache hooks
- added: many plugin translations thanx to cimangi (http://luielei.altervista.org/)
- added: panel notifications for plugins
- added: new theme, new icons (updated old admin css)
- fixed: lightbox updated and fixed
- fixed: removed quote escaping in entries (removed and added fix for old versions)
- fixed: directory deletion under php5 (thx cimangi)
- fixed: entry_delete did not remove visit counter (cimangi)
- fixed: session retaining in control panel under certain conditions (smartyvalidate)
- changed: some behaviours in cache; need some rework as introduced a little bug... d'oh!
- fixed: utils_mail()
- fixed: bbcode url trim
- fixed: bbcode remote image timeouts
- changed: WHOLE new POST behaviour (no longer "POSTDATA" messages)
- changed: new theme tags (almost finished). support for old themes; soon deprecated
- changed: graphics for the old theme (almost finished)
- changed: a whole bunch of graphic thingies
- changed: plugin organization
- added: [video] tag support http://flatpress.nowhereland.it/index.php?entry=entry070210-211548
- added: update checker (experimental)
- added: error/success notification system with fancy graphics :P
NOTE: italian language is still there until the wiki is ready