FlatPress 1.3 "Andante"

What's new?

Most importantly, FlatPress 1.3 "Andante" brings FlatPress to PHP 8.1, 8.2, and 8.3.
We had to change a lot for making that happen; most important part was upgrading the template engine Smarty to version 4.
The Smarty API has changed significantly from v2 to v4 - please make sure your themes and plugins continue to work with the new Smarty version!

The minimum required PHP version increases to 7.1. Also, the PHP extension intl becomes mandatory.

FlatPress 1.3 comes with helpful new plugins:

• PhotoSwipe displays images and galleries in a very sexy manner, using the PhotoSwipe library.
• The Gallery captions plugin manages image captions for gallery images.
• SEO Meta Tag Info helps you to optimize your blog for search engines.
• The FlatPress Protect plugin adds HTTP headers for hardening your blog.
• To promote the RSS/Atom feed of FlatPress, the Feed plugin displays the feed links in a widget.
• The CookieBanner plugin shows a banner according to GDPR.
• Add some fun and color to your blog with the Emoticons plugin!
• The Support plugin displays helpful details about your FlatPress installation which you can share when asking the community for support.

Having Slovenian, Danish and Russian translations added, FlatPress becomes more and more international. Thanks to all the translators!

FlatPress 1.3 contains many other improvements, bugfixes and security fixes. See the detailed list below.

Installation

Download flatpress-1.3.zip and follow the easy installation steps documented on the FlatPress download page.

Update

To update from 1.2 to 1.3, please use the update package 12to13.zip and follow the update instructions on the FlatPress download page.
Please backup your whole FlatPress directory before applying the update.

Detailed Changelog

Changed requirements

• FlatPress 1.3 runs under PHP up to 8.3; minimum required PHP version increases to 7.1.
• Also, the PHP extension intl becomes mandatory.

General

• Template engine Smarty updated to version 4.3.1 (#94, #227)
  _{The Smarty API has changed significantly from v2 to v4 - please make sure your themes and plugins continue to work with the new Smarty version!}
• Added SECURITY.md
• README: added "help and support" section
• Re-activated useful "Stats" panel in Admin Area / Entries
• "Follow on Mastodon" added as an alternative to X (Twitter) in the welcome entry

Plugins

Additions

• PhotoSwipe plugin added: Displays images and galleries with PhotoSwipe (#109, #253, #255)
• Gallery captions plugin added: Manages image captions for gallery images (#108)
• SEO Meta Tag Info plugin added: Manages SEO meta tags (#145)
• FlatPress Protect plugin added: Adds HTTP headers for hardening your blog (#146)
• DateChanger plugin added: Allows you to change the publication date for (new) entries.
• Feed plugin added: Displays the RSS and Atom feed via a widget (#317)
• CookieBanner plugin added: Discreet reference to the use of cookies (#325)
• Emoticons plugin added: Allows accessible emoticons via an editor toolbar. Suggested by @DeltaLima
• Support plugin added: Support data for the FlatPress admin and the community can be accessed via the admin maintenance menu.

Changes

• jQuery plugin: Updated jQuery (3.5.1 => 3.6.1) and jQueryUI (1.12.1 => 1.13.2)
• Media Manager plugin shows 50 items per page, not 10
• BBCode plugin: Added "h4" icon to editor toolbar (#201)
• BBCode plugin: Facebook-Video now uses the latest video player API and the lazy loading mechanism of the browser; also now has localized languages with language tag (#252) - see also https://developers.facebook.com/docs/javascript/internationalization
• BBCode plugin: Added optional "target" attribute to the "url" element - (PR270 by @sjustesen)
• Comment center plugin (Akismet) revised to enable a more understandable operation (#273)
• Comment center plugin: The admin must authorize comments (set as default) (#101)
• Removed Akismet plugin: Akismet spam check is already included in the comment center plugin.
  _{Before updating FlatPress to 1.3, enter your Akismet key into the Comment Center plugin, and delete the Akismet plugin.}

Bugfixes

• LastCommentsAdmin plugin will not even attempt to delete or rebuild LastComments caches if LastComments plugin is not available (#43)
• Comment Center plugin: Fixed errors on the config page (#90)
• Comment Center plugin: Fixed error on sending mails with umlaut subjects (#211)
• Akismet plugin: Fixed PHP warnings (#83)
• BBCode plugin: Allows local video files ("attachs/video.mp4") and outputs valid HTML (#192)
• BBCode plugin: Initial settings after fresh install shown correctly (#102)
• Calendar plugin: Fixed incorrect text output when Russian is set as language
• Footnotes plugin: Compatibility with Markdown plugin established (#322)
• PrettyURLs plugin: Works properly again with non-Latin characters in entry titles and category names (#281)

Setup

• Reworked Installer (#266)
  • Image files, which are not used by the installer, were removed.
  • In the setup CSS, unused IDs, classes and incorrect references to fonts have been removed.
  • The installer header now shines in a simple FlatPress style.
  • Added missing language files for Greek, Spanish and French (#214)
  • The installer tries to write permissions recursively for owners and groups, which had to be done manually before.
  • Setup determines local time zone and UTC offset automatically (#99).

Themes

• Reworked "Leggero v2" style, Admin Area now responsive (#259)

  • Adjusted the alignment of the calendar widget and the search widget
  • The theme now adapts better at screen widths between 720px and 768px
  • Media queries were created for individual device classes (smartphone, netbook, laptop and PC) in order to achieve a better display, especially for mobile devices
  • The overall appearance is now not so angular/edgy
  • A single PhotoSwipe image or a whole gallery is now centered in the responsive design (#150)
  • BBcode videos are no longer chopped off in responsive design, but adjusted to the width and center aligned
  • A left or right aligned BBcode video will now be centered if the screen < 960 px
  • The BBcode toolbar adapted for a better display at the screen width of 640px
  • The menu and submenu in the administration area now also has a "slightly" more modern design
  • Template and CSS from Uploader > Gallery: image texts; button and table adapted to Leggero V2 style
  • Text within the pre element is now printed completely by line break
  • Fixes a problem in the admin area when rendering font-sizes in Safari, Chrome and Firefox (iPhone/iPad) (#256)
  • Added "background-attachment: fix" -workaround for mobile devices.
  • Admin area now has Leggero-v2 style background instead of white background.

• Further fixes in "Leggero" theme

  • All Leggero theme css files now comply with CSS level 3
  • Fixed searchbox glitch in FlatMaas revisited style (#97)
  • Fixed missing bullets in preview (#98)
  • CSS of the Leggero style had some glitches on mobile devices
  • Invalid HTML output fixed (#106, #156)
  • Removed unneccessary external font resource (#112)
  • "Add comment" link has its own line (#135)
  • Removed legacy/invalid CSS (#133, #134)
  • Fixed description of Leggero and Leggero v2 styles (#137)
  • Obsolete bullet points removed (#136)
  • Updated preview image (#139)
  • Fixed comments date format (#237)
  • Fixed several layout/CSS glitches (#140, #144, #201, #247, #249)
  • Lucida Console [code] ... [/code] is now correct as a font in the CSS file
  • In the admin area, the configuration panel has been revised
  • Fixed vertical alignment of BBCode toolbar in write panel
  • Removes obsolete acronym element in the language files and replaces it with the abbr element
  • The menu bar in Leggero style is now centered if the screen width is less than 768px
  • URLs to the wiki or other external pages are now opened in a second tab in the administration area
  • External URLs in the administration area are now exclusively HTTPS
  • The number of views is now also displayed for the active PostViews plugin when comments are locked (#346)
  • Comments: "The Name and Comment fields are mandatory fields." should not be displayed if the admin is logged in. (#367)

Internationalization

• Added translation: Slovenian, Danish and Russian (#278)
• Reworked translations: Spanish, Portuguese, Dutch, and Italian
• Fixed wrong pt-br country code (#100)
• German translation for Comment Center plugin added (#148)
• Fixed not-yet-translated phrases in Blog view and Admin Area (#171), (#276)
• Contact form: Admin notification mail is now localized (#205)
• Setup tries to determine local language automatically (#197, #216, #262)
• The HTML of the installer now has a lang attribute in the html start tag to specify the language.
• BBCode plugin: Localized toolbar button tooltips
• Footnotes plugin: Hard-coded output now localized (#322)
• Admin comment edit panel: Error messages localized (#304)

Bugfixes

• Plugin management page: Removed empty warning messages box
• Fixed error at prev link on first / next link on last entry (#95)
• Logout redirects to home page again (#119)
• Fixed disappearing non-Latin characters in page title (#49 and #91)
• Worked around strftime() marked as deprecated as of PHP 8.1 (#92) - thx @bohwaz
• Comments and contact form: Fixed error on sending mails with umlaut subjects (#207, #209)
• Added missing properties in order to prevent "Dynamic properties are deprecated" error under PHP 8.2 (#115)
• Admin maintenance panel: Check file access rights after reset
• Admin comment edit panel: Validation added (#304)
• Fixed broken links in the administration area
• After clearing the theme and template cache, the list of recent comments is rebuilt (#85)

Security

• Possible XSS prevented: Session cookie missed the "secure" and "httponly" flags
• Proper check of uploaded files (#152, #170, #217)
• Possible XSS prevented: Admin Area URL (#153)
• Possible XSS prevented: Upload of misc. XML file types (#172, #178, #188)
• Directory browsing prevented (#174)
• Possible XSS in setup prevented (#176)
• Possible XSS in Media Manager plugin prevented (#177)
• Possible path traversal in Media Manager plugin prevented (#179)
• Possible XSSs in Admin Area prevented (#180, #183, #187)
• Possible XSS in comments prevented (#186)
• Possible CSRFs in Admin Area prevented (#64)
• Possible XSS in FlatPress Installer prevented (#220)
• Write permission for others removed by default (#173)

New Contributors

• @zidingz made their first contribution in #89
• @fabianosantosnet made their first contribution in #166
• @Fraenkiman made their first contribution in #181
• @cosmopolityan made their first contribution in #278
• @eagleman made their first contribution in #285
• @sjustesen made their first contribution in #270

Full Changelog: 1.2.1...1.3