Hébergement Zenphoto

1.5.6
 (version de sécurité)
9 Novembre - 55MB1.5.6



Bug Fixes

Fix issue with too strict backend HTTP security headers breaking the jQuery-uploader



Plugins

openstreetmap: Fix undefined variable $selectedlayerslist and remove the discontinued “OpenStreetMap.BlackAndWhite” map/layer from options.

scriptless-socialsharing: Fix broken URLs being shared



TranslationsTop

Argentinian Spanish

Dutch

German

Spanish



1.5.5



Security

elFinder: See plugin section below

Backend headers: The backend now sets some additional headers by default

We got a security report that hijacking clicks by embeding sites using frames/iFrames is possible. We decided not to inlcude any standard headers hardcoded as this requires special configuration. We know of lot sites that go the "lazy way" of simply embedding Zenphoto within their own main site via iFrame that could then break. Instead we introduce the new http_security_headers plugin (see below) so site owners can configure it as needed and also some other security related headers. However we have setup some defaults that cover this by default. We set a few headers but because of lots of especially legacy JS code we had to make them pretty relaxed as otherwise things break.



Bug Fixes

"updateddate" is now set for an album and/or parents if file system contents change ("lastchange" which all item types have is for non file system content like title, descriptions etc.). The database field "updateddate" is there since forever and was formlery only triggered if a new image was added. This means it is set if a new image or subalbum is discovered/added, subalbum/image removal, copying (for the destination) or moving (for both source and desination). It has also been added to the sorting selectors on the Options > Gallery and each of the album's selectors.

Fix "return unpublished" search option not being set correctly on dynamic album creation

Fix issue with search/dynamic albums wrongfully returning published items from unpublished parent items which are considered unpublished by hierachical inheritance. Introduces new class method isPublic() for all theme object classes called which checks parents for their publish state as the existing getShow() method just checks the item itself

Fixes issue with custom sortorders for albums and images

If the site is set to maintenance mode (aka “closed for update”) it now sends the correct HTTP status code "503 Service Unavailble" instead of "302 Found". Retry request is set to 3600 seconds



Plugins

cookieconsent: Script updates; JS/CSS loading disabled for loggedin users so they do not unnecessarily get the overlay

downloadList: Default Matomo content tracking support corresponding the new Matomo plugin option

elFinder: Update elFinder to 2.1.50 which fixes several security issues of the elFinder script according to its developer

http_security_headers: Allows basic setting of various security related HTTP header policies. Beware that this is advanced usage and misconfiguration may break your site.

matomo: Adds content tracking options. To use this your site may require special HTML attribute markup. See the matomo docs for more info

openstreetmap: Update leaflet-providers

reCaptcha: Add CSS styles

sitemap-extended: Fix wrong dynamic album URL‘s in sitemap. Some visibiliy check improvements and prevent empty image sitemaps being generated

static_html_cache: Emphasize the importance of certain excluded pages

zenphotoDonate: Form does not load external file from Paypal anymore



Utilities

http_header_inspector: A small utility to view which headers the frontend or backend send. Usefull for checking the use of the http_security_headers plugin or adding HTTP headers in other ways



Themes

basic: Center login form properly



Translations

Danish

Dutch

French

Italian

Slovak

Lire la suite: http://zenphoto.org/news/zenphoto-1.5.6






1.5.4

21 Juin - 42MB1.5.4



General

Fixes broken redirection after successful login via main admin form [acrylian – Thanks to UDZGure and GaneshKandu]

Template password form (as used on a theme's password.php) now prints a message instead of the form if you are already logged in [acrylian]

More height for admin tags lists of albums and images [acrylian]

Fixes (new) translations being enabled unwantedly [acrylian - Thanks to tw2003]

UTC (Universal time) is now included in the time zone option [acrylian]

Small change in the display of flags during setup [fretzl]



Plugins

favorites: Fixes typo in favoritesClass [acrylian – Thanks to guirala]

reCaptcha: Changes wrapper element from  to  to help solving display issues in some themes [fretzl]



Themes

garland: Fixes issue with album thumb display of sidecar images (e.g. video thumbs) [acrylian, MarkRH]



1.5.3



General

Fix serious bug of redirectURL() unintentionally breaking setup on fresh installs [acrylian]

Extend allowed tags option defaults to include HTML5 elements and some more standard ones. To get these on existing install you need to revert the option to its defaults (copy custom settings before doing that!) [acrylian]

Internal cURL request function now follows up to 3 redirections [acrylian]

Fixes wrong supported image type list if using GD library [acrylian]

Fix missing width/height attributes on images if using custom album thumb sizes [bic-ed]

Fixes watermarking causing cached images not being created. This was primarily related to upscaling working not well with very small watermark images. Since upscaling images does almost never look good the "allow upscale" option has been removed so that watermarks are never made larger than the actual image is. [acrylian, fretzl, Thanks to ctdlg)



Plugins

hitcounter: Adds getTotalHitcounter() function [acrylian]

openstreetmap: LeafletJS and leaftleat-providers script updates [vincent3569]



Themes

garland, zenpage, zpMobile: Fixes issue with page validity check that broke pagination of favorites [acrylian]



1.5.2



Important

Sadly 1.5.2 includes a serious bug preventing fresh installs. This issue is fixed by 15.3.



Security

Fixes XSS issue in the dynamic locale plugin [acrylian - Thanks to bic and special thanks to Andre Krooss for the report]



General

Fixes SERVER_PROTOCOL constant and related option not reflecting the protocol setting within the config file [acrylian – Thanks to MarkRH]

lib-imagick: zp_imageDims() and zp_imageIPTC() now use the same standard PHP function getimagesize() as the lib-gd instead of the Imagick class method pingImage(). Tests showed this to have better performance especially when processing hundreds of images via the cacheManager [acrylian]

New album class methods getNumAllAlbums() and getNumAllImages() added (the older template function getTotalImagesIn() is now deprecated). Other than the existing getNumAlbums() and getNumImages() these now get these numbers for the album itself and all sub albums on all levels [acrylian]

User data export utiltiy allows results by setting the user name, user email address or both. [acrylian – Thanks to vincent3569]

New general template functions introduced for search URL's to the current item's owner (Gallery albums and images) or author (Zenpage news articles and pages). Currently they use a search engine URL but this may eventually link to an actual front end owner/author profile page in the future. Official themes have not been setup to use these. You find their documentation within zp-core/template-functions.php file: getOwnerAuthor(), printOwnerAuthor(), getOwnerAuthorURL(), printOwnerAuthorURL(), getUserURL(), printUserURL()

Fixes PNG24 alpha transparency and GIF transparency with GD library. Note: Alpha transparant watermarks on alpha transparent PNG's do not work properly with GD (yet). [acrylian]

Calculating 35mmEquivFocalLength more accurately, especially for smaller focal lengths (like mobile phones or action cams) [kochs-online]

Fixes an issue with paginiation within search mode [wongm|

lastchanged dates saved for all item types: Add lastchange and lastchangeuser columns to all item database tables (images, albums, administrators, comments, Zenpage categories - articles and pages already had it. lastchange is set with a date Y-m-d H:m:s whever an item is saved/updated. Either by code on core level or via an admin request which then also sets the lastchangeuser to the current admin. [acrylian]

lastchanged dates saved for all item types: Saving of items on the backend is now only triggered if there are actually changes to save. Formerly we did just re-save regardless [acrylian

lastchanged dates saved for all item types: New core class methods get/setLastChange() and get/setLastchangeUser() are available for all item types [acrylian]

Native support for WebP image format added to GD and Imagick. To work properly it requires PHP and the PHP libaries on the server to be compiled with support. You also need a capable browser to display these images. [acrylian]

New template helper function getFullimageFilesize() plus image class method getFilesize() [acrylian]

There is now a confirmation dialogue if you try to delete a 3rd party theme on the backend [acrylian - Thanks to vincent3569]

Fixed that the admintoolbox allowed the creation of new albums on the index/gallery index even if the current user had only rights limited to one or more certain albums [acrylian]

Fix setup cURL request not properly checking modrewrite [acrylian]

Fix text truncation via pagebreak and revert some code [bic-ed, acrylian]

Fix accidentally cleared plugin options after running setup. Cause was a wrong creator set if the option has no default value set via setOptionDefault() and is saved manually on the backend. If you encountered this in the past just manually save the plugin options in question on the backend again [acrylian - Thanks to bic-ed, Vincent3569, kochs-online]

Languages on the options are marked with icon if there is not matching locale installed on the server. Requires the nativ ResourceBundle PHP class [acrylian]

HTTP URL requests are now internally redirected to https (and vice versa) if you have the server protocol option set to it and your server does not do it already [acrylian]

The admintoolbox again allows image editing if in dynamic album context [bic-ed]

The sorting dropdown selector on the images admin tab within albums has been divided into a sortorder selector and a status selector [acrylian]. Note while you can sort by owner and last change user, results may be a bit confusing if not all images have those values already set. Last change user is only set if there is a last change. The owner may be inherited from the parent album or even parent levels so is not noted in the database itself as well.



New plugins

redirector: A plugin to redirect internal URL's. Primarily intended for URL's that otherwise would cause 404 not found errors. Configuration via CSV or JSON file [acrylian]



Plugins

bxslider_thumb_nav, colorbox, slideshow2: Abandon concept of manually enabling scripts on specific theme pages for plugins which often caused confusion among users if things were not working somewhere. Browsers will have to load it anyway at some point and also cache it. [acrlyian]

cacheManager: Performance improvements for processing really lots of images and albums. Also an option has been introduced to switch between the class image output way (again default) or the newly introduced and actually better cURL way of precaching images. Sadly the cURL way seems not to work properly on all hosts and we couldn't figure out why [acrylian, fretzl - Thanks to tplowe56 for testing]

cacheManager: CacheManager only global variables have been moved to static class properties just for organizational reasons [acrylian]

class-video: Re-add somehow lost support for .m4a audio files and completely removes last parts of support for outdated formats like flash and quicktime [acrylian, vincent3569]

contact_form: Now features a content macro



Documentation

In 1.5.1 we had just fixed the links to the plugin function documentation from the backend and our site's extension entries. Since a lot of ZP's code consists of procedural functions which are not really organized by code structure like classes or namespaces, we had grouped several files together using the @package/@subpackage tag within docblocks. Sadly newer PHP version of our (local) servers required an update to the doc generator. Now none of these do output documentation grouped by those anymore (although their docs say they can...) so we have no URL for plugins to link to anymore. Therefore we had to completely remove the plugin doc links from the backend for now again.

We suggest to look into the plugin's files itself as that contains the same documentation. Development IDE's like Netbeans, Eclipse or the like also help a lot in this regard.

The functions documenation is now organized in subfolders. We generally do keep the last three versions of the documentation online. The current is found at https://docs.zenphoto.org/1.5.2/.



1.5.1



Important

This is a bugfix and rather minor security release.



Security

Open URL redirection issue on logging in fixed [acrylian, Thanks to security-provensec for the report]

Too less strict permissions on clearing log files fixed [acrylian|

XSS issues with search values [acrylian - Thanks to www.netsparker.com for the report]

Plugin PHPmailer library updated to 6.0.6. More info: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6 



General

Fixes issues with undefined path constants preventing setup to run correctly on primarily fresh installs [acrylian]

Setup now recommends PHP cURL and tidy support for some functionality [acrylian, fretzl]

Setup uses cURL if available to more reliable setup plugin and theme default options [acrylian, fretzl]

Fixes undefinded default core rewrite constants if the rewrite token defines in the config file are missing completly or partially. As long as using the defaults, they are not required to be set in the config file anymore [acrylian] 

Fixes various issues with (default image size) image cache file names unnecessarily introduced in 1.5. This resulted in non properly generated images and due wrong filename invalidated actually proper cache files. We apologize that this caused some troube for some users with large galleries. [acrylian, fretzl]

Fixes accidentally included reference in package to already removed Efferscence+ theme due to a forgotten hardcoded reference in the package generator [acrylian]

Fixes issue that https could not be set via options correctly [acrylian, fretzl]

Hotfix for 35mm Equivalent Focal Length in exifer library [kochs-online]

Data privacy policy page option: Shows all unprotected pages now no matter if published or unpublished and also notes nesting level in selector [acrylian]

Add missing shortenindicator on pagebreak truncated strings [acrylian]

Image metadata fields now use general db column sizes since some classic EXIF 32 char limits make no real sense anymore: Numbers/time type use varchar(255), string type use mediumtext. The old actual size definition of the definition in $_zp_exifvars is ignored. [acrylian]

Introduces replaceOption() and replaceThemeOption() functions in case options are renamed and need to be migrated [acrylian]

Fixes bug with wrong sizes thumbs for multimedia items [acrylian]

All menu entry (tabs) and utility button URLs defines must be absolute instead of relative now. On certain sublevels or on plugin based ones they could/would/do break otherwise. Any third party plugin defining menu entries or utility buttons should be updated to follow this [acryian, vincent3569, bic-ed, fretzl]



Plugins

bxslider_thumb_nav: Scripts update to 4.2.1d - themes using it may require CSS adjustments [acrylian]

cachemanager: Fixes issue with default thumb and sized image sizes not being registered correctly and introduces new option to enable these default sizes. [acrylian]

cachemanager: Also partly rework of pre-caching backend functionality to work more reliable (requires PHP cURL extension) [acrylian]

cachemanager: Some functions have been moved to the cacheManager class or have been deprecated. Some naming changed as the cacheManger often referred to "theme cache sizes" although it covered plugins as well [acrylian]

comment_form: Fixes data privacy note disabling admin e-mail notifications on new comments [acrylian]

contact_form: Proper linebreaks for privacy agreement sentence in mails sent [acrylian]

contact_form: Fix small issue on saving if Zenpage is enabeld but pages are not [acrylian]

contact_form: Fix issue with form being cleard if data privacy statement agreement required and not given [acrylian]

cookieconsent: Removes several options that were not yet used and restore some accidentally unused [vincent3569, fretzl]

html_metatags: Fixes Facebook ID [acrylian, Thanks to undagiga]

jPlayer: Update player scripts to 2.9.2 [acrylian|

mobileTheme: mobile_detect library updated to 2.8.33 [acrylian]

openstreetmap: Various script updates to leafletjs and the plugins control MiniMap, leaflet-providers, leaflet markerclusters [vincent3569]

openstreetmap: New tile layer selector option to allow visitors to switch between different map tile styles [vincent3569]

phpMailer: phpMailer updated to 6.0.6 - See security section above[fretzl, acrylian]

rewriteTokens: Works now with missing rewrite token defines in the config file and will re-add defines on saving options [acrylian]

rss: Prevent invalid rss feeds if there are no item results by providing a placeholder  entry [acrylian]

rss: Album title is now correctly added to the channel title for album feeds [acrylian]

seo_zenphoto: Fix duplicated hyphens and some wrong special char (German umlauts specifially) conversion [acrylian, thanks to kochs-online|

sitemap: Fixes usages for outdated method [Simounet]

slideshow2: cycle2 scripts updated [acrylian]



Themes

basic: Some CSS cleanup [fretzl|

Zenpage: Defines the default thumb size for cachemanager plugin correctly [acrylian]

Lire la suite: http://zenphoto.org/news/zenphoto-1.5.4






1.5
 (version majeure) (version de sécurité)
30 Août 2018 - 42MBSecurity

Fixes three very minor local file inclusion security issues on the backend and only if you already had access to the backend anyway [acrylian, Thanks to JPCERT/CC for the report]

Setup now does not expose the MySQL password in the source code in case db credentials don't work or are wrong. However only admins with the full rights to run setup would have been exposed [acrylian|



Highlights

Adds new option (Options > Security) to anonymize IP addresses which Zenphoto stores internally on some occasions (e.g. spam fighting & comments) for privacy concerns. Required and strongely recommended in e.g. EU countries especially regarding the new European General Data Privacy Rule (GDPR). The function getUserIP() also has a parameter to override the option if needed [acrylian, Thanks to Ralf Kerkhoff]

Adds new options for a general data usage confirmation notice and a related defined data privacy page (static or Zenpage page) also to comply with the EU GDPR.

This option is used by official form plugins (see next list entry and the plugin section below), others can implement it if needed. [acrylian]

Themes that don't support the Zenpage CMS plugin and its pages features, can use the new printPrivacyPageLink() function to automatically add such a link if a data privacy page is defined on. The included Basic theme provides example usage. [acrylian]

Official form plugins (contact, comment, register_user) got a GDPR compliant checkbox option for data storage and handling confirmation [acrylian]

There is now a utitily button to export an overview of personal data stored about user name and mail address combinations. as HTML or JSON. Full admins can use this to export any user's data. Additionally users with lower rights can export their data from their own user account. [acrylian]



Full Changelog

Some improvements on cookie/session handling. The login cookies are now set with https paths if the server uses it and always with the httponly parameter so scripts have no access. If sessions are used, they are properly destroyed on logout. NOTE: Since cookies can only be deleted safely if deleted with the same parameters as set and these parameters have changed, you may need to force clear cookies via your browser first if encountering login issues. [acrylian]

Setup files are now automatically protected after setup has run successfully. [acrylian]

Setup does not run automatically anymore if Zenphoto detects a (smaller) change. You will only get an info window. And if you know what you are doing you can now choose to skip the request. You will not be reminded again unless further changes are detected since a new install signature will then be generated internally! If the security_logger plugin is active this action will be logged. [acrylian]

Fixes wrong trailing slash in .htaccess file's rewriteBase created by setup for root installs [fretzl]

Adds table for albums by most viewed (popular) images to backend gallery statistics [wongm]

The extra zenphoto.js file is not loaded on the frontend anymore if not logged in [acrylian, Thanks to Simounet]

Access to files within the root /backup folder that is created when using the auto_backup plugin is now protected by .htaccess. Users on non Apache systems or systems not supporting .htaccess will need other server settings to achieve something similar [acrylian,Thanks to simonrash]

Fixed missing automatic rotation of sidecar images like video/audio thumbs [acrylian]

Owner of primary album is now set to the user's ID [fretzl]

Improvements of unnecessary form warnings regarding unsaved data [acrylian, Thanks to vincent3569 and thany]

Core rewrite token support for the standard custom index page gallery.php based on sbillard's old unsupported galleryToken plugin [acrylian, Thanks to vincent3569]

Introduces new (internal) path constant SERVER_HTTP_POST [acrylian]

New default sort order options for search results of Zenpage news articles and pages (Options > Search) [acrylian]

Fixes for dynamic albums and search cache [acrylian]

Improvements to custom text truncation and repairing broken HTML applied generally to Zenpage items but also if you are using shortendContent() [acrylian, vincent3569]

The links to the functions/class documentation of included official plugins from the backend plugins page work again [acrylian]

The admin tool box now provides links to delete items [acrylian]

Title attribute added as optional parameter to all "print" image template functions [acrylian, Thanks to mebels]

SQL improvements for print/getRandomImages() template functions [wongm]

Lire la suite: http://zenphoto.org/news/zenphoto-1.5






1.4.14
 (version de sécurité)
30 Janvier 2017 - 42MBThis security issue affects specifially the third party phpmailer library used by the PHPMailer plugin.



General

Zenphoto now exposes only the general Zenphoto version and the script generation time within the html comment at the bottom of  front end theme files. Formerly it also exposes some server related data like the graphic lib and which plugins are being used.
This was of course to help us supporting on the forum as we would get an some base information about the install even if those haven't been provided. But of course it might give more information than necessary to some people who have non helpful ideas in mind… The former full info is now only exposed if your install is within debug mode via the markRelease plugin. [acrylian – Thanks to nheiniger for the reminder]
Fix rare sql issue with getRandomImagesAlbum() [acrylian – Thanks to coach777]
On new installs in subfolders setup now sets the .htaccess rewriteBase with trailing slash. Most servers do work without so it is not changed on existing working installs [acrylian – Thanks to kilroy]


Plugins

GoogleMap: Option for the now required Google Maps API key added [fretzl]
GoogleMap: Now responsive by default. Changes can be done in CSS [fretzl]
hitcounter: "Page-Hitcounter-*" hitcounts are now deleted from the options table if resetted [acrylian]
PHPMailer: phpmailer 5.2.22 update [fretzl]
static_html_cache: Cached files now stored with actual .html suffix. If you used the cache you best clear it to remove the old files and generate new ones [acrylian]
rss: Now stores hitcounts as "rsshitcount" correctly. It used "hitcount" which wasn't for example not checked by the gallery statisics [acrylian]
tinymce4: Update TinyMCE 4.5.2 and language pack update [acrylian]
Zenpage: Fix news category protection [acrylian – Thanks to vincent3569]
Zenpage: Fix news category default rewrite link [acrylian]

Lire la suite: http://zenphoto.org/news/zenphoto-1.4.14



Afficher plus de versions




1.4.13

18 Août 2016 - 42MBThis is a minor bugfix release. 



General

Follow-up fixes regarding the new dirty form check on the backend [fretzl]
Some fixes regarding PHP 7 compatibility [fretzl]
New parameter $printHomeURL added to printGalleryIndexURL() function to hide the home-link if desired [fretzl - thanks to vincent3569]
Fix getParentBreadcrumb() where toplevel parent returned wrong page number[acrylian, fretzl]


Themes

Fix issue with gallery page number in Garland theme [fretzl]
Fix issue with Custom Homepage option in Garland theme [fretzl]


Plugins

Fix themeSwitcher plugin to work with new admintoolbox layout [acrylian]
Better layout of the site_upgrade plugin placeholder page and finaly got rid of the ugly placeholder image whose usage wasn't clear as no license was known [acrylian]
Fix slideshow plugins to work with the new trailings slash url change [acrylian]
Some RSS feed fixes [Thanks to cbraymen]
Fix GoogleMap marker clusters [fretzl – Thanks to cbraymen]
Fix broken content when HTML in comments is truncated by printLatestComments() [fretzl – Thanks to cbraymen]
Fix double pathurlencoding in some extensions which caused links to fail. [fretzl – Thanks to cbraymen]

Lire la suite: http://zenphoto.org/news/zenphoto-1.4.13






1.4.12
 (version de sécurité)
14 Mars 2016 - 42MBThis is a bugfix and security update.



General

Fixes a RFI and – on older PHP versions – possible LFI security issues on log downloads on the backend [acrylian - Thanks to Tim Coen/Curesec]
Zenphoto now consequently generates urls with a trailing slash. That is basically any url except for the single image page which normally uses a suffix. The .htaccess file includes new lines to always direct to the trailing slash url to avoid duplicated content because url's without it will still work. If you are not on an Apache server (like Nginx) that does not support htaccess your might need to setup something on your server yourself [acrylian - Thanks to Simounet for the htaccess addition]
The admin toolbox you get on your site frontend in the top right corner if loggedin has been modified to a fullwidth toolbar now. The reason is that especially on mobile themes/ small viewport sizes the old button may cover and therefore disables the actual site menu in that corner. For this reason the toolbox now pushes the  down so no overlapping should occur. Also the list entries have been made bigger so it is more suitable for touch device usage.
In case it still conflicts with your custom theme you may need to setup it to support the toolbox properly by overriding the styles via your theme's CSS. Or alternatively you can remove the toolbox via the theme_body_close filter. [acrylian]
Fix Imagick rendering of .bmp and .tiff files [fretzl]
Fixes full-image access with hotlinking if non standard HTTP ports are used [ludgerh]
Fixes setup with custom session path handlers like Redis (follow up fix to 1.4.10) [acrylian]
Fixes a general issue that prevented some plugins like downloadList to work correctly if the static_html_cache was enabled [acrylian]
Minor bugfix in printPagelistWithNav() [IliyanGochev]
Album breadcrumbs now returns to the page the album is on for sub albums, too [acrylian]
We got frequent reports that our form change check script jquery.are-you-sure triggered often unwanted. Although we couldn't reproduce most issues ourselves we decided to switch to jquery.dirtyforms now. It is the other "major" script for this task and also more current and actively developed [acrylian, fretzl]


Plugins

Zenpage: printNestedMenu() plus printPageMenu() and printAllNewsCategories() using it internally now have always default ids/classes attached if none are set respectively not set to null [acrylian]:  
Zenpage: main id: menu_pages or menu_categories
Zenpage: top level active class: menu_topactive
Zenpage: sub list class: submenu
Zenpage: sub level active class: menu_active
Zenpage: Additionally the link element of entries that are protected have the class has_password attached. 
printZenpageItemsBreadcrumb() incorporates the news index url now so you return to the right page number from single article pages. Minor theme change require: You have to remove printNewsIndexURL() from news.php and pages.php. Otherwise you will get a double "news" in the breadcrumb. [acrylian]
static_html_cache: Album and images pages in search results are now handled correctly [acrylian]
html_meta_tags: Abandons individual open graph options for a general one as most are required anyway. You might need to reset the option if you wish to use these [acrylian]
print_album_menu: The list variant now has always default ids/classes attached if none are set respectively not set to null [acrylian]: 
main id: menu_albums
main id: top level active class: menu_topactive
main id: sub list class: submenu
main id: sub level active class: menu_active
main id: Additionally, the link element of entries that are protected have the class has_password attached. 
uploader_http: Fixes unwanted changes of publish status if uploading images [fretzl, acrylian]
GoogleMap: cacheManager support for marker overlay thumbs added to workaround conflicts with the static_html_cache plugin [acrylian, fretzl]
tinymce4: Update to TinyMCE 4.3.3
elFinder: Update to elFinder 2.1.6
dynamic_locale: Some fixes for subdomain usage and with seo_locale [reine-k adapted from a fix by sbillard]

Lire la suite: http://zenphoto.org/news/zenphoto-1.4.12






1.4.11
 (version de sécurité)
1 Décembre 2015 - 42MBThis is a bugfix and security update.



General

Fix some XSS and LFI issues on the backend [acrylian, trisweb – Special thanks to John Page aka hyp3rlinx]
Fix wrong number of un-published images in Gallery statistics [fretzl, acrylian]
Fix wrong order display in image/album search date archives if sorting was set to "title" [acrylian]
Fix dymanic album issue that could result in inability to rename titles etc. [acrylian]
Fixes issue with image watermarks if Imagick is enabled [fretzl, acrylian]


Themes

basic: Some formatting [fretzl]
zenpage and zpmobile: Correctly display language flags or language select dropdown  [fretzl]


Plugins

security_logger: Removes really bad logging of failed logon attempt passwords in cleartext. The exposed passwords might be wrong for this site but might potentially be right elsewhere as users tend to confuse passwords from several services or are lazy with secure ones. Especially in combination with the logged user name this presents potential hackers directly a lot of sensitive data [acrylian – Special thanks to Oliver Dietz]
sitemap-extended: Option to reference the full image instead of cached sized images if the Google image/video extension is enabled [acrylian]
html_meta_tags: Add og:image sizes to cacheManager [acrylian]
class-video: Update getID3 library [fretzl]

Lire la suite: http://zenphoto.org/news/zenphoto-1.4.11






1.4.10

21 Septembre 2015 - 42MBThis is a bugfix release.



Bugs fixed

Accidentally some PHP 5.4+ only syntax sneaked in that broke Zenphoto with older PHP versions. However, we encourage using newer PHP versions. Zenphoto is generally tested up to PHP 5.6 currently [acrylian – Thanks to vincent3569]
Fixes MySQL errors with search results or image order set to publish order (actually fixes a former a bit too premature fix) [acrylian, fretzl]
user groups and user prime album: User prime albums are not removed from the managed album list anymore if not part of the managed albums of the user's group; Creating prime album also does not remove albums from other users' managed album lists [acrylian, fretzl]
Fixes sorting of multilingual content fields [sphoto]
Zenphoto does not check or set the server session save path anymore. As reported several times that does not work well with custom path handlers. So we now trust the server setting on that. If you try to use sessions and they don't work, change your server configuration or ask your host. [acrylian]


Plugins

Fixes various plugins that caused fatal errors if the cacheManager plugin was not enabled [acrylian, sphoto]
html_meta_tags: Fixes wrong canonical and alternate language urls if the seo_locale plugin is enabled. Also correctly references page numbers on paginated pages. [acrylian]
dynamic_locale: Fixes urls related to above and also a broken "en_US" url for the base version [acrylian]
slideshow2: Now supports plugins folder and theme based custom css [acrylian]
wordpress importer: Requires MySQLi as the default database handler to work [acrylian]


Themes

Search on all themes is now consistently a global search for everything and not limited to the current item type [acylian, fretzl]

Lire la suite: http://zenphoto.org/news/zenphoto-1.4.10






1.4.9
 (version de sécurité)
9 Juillet 2015 - 42MBThis is a security and bugfix release.



General

Fixes several SQL Injection, XSS and path traversal security issues [trisweb – Thanks to Tim Coen for the report and help]
Fixes issue with single image edit page if accessing via front end admin toolbox and "back" button to bulk edit page [trisweb, acrylian – Thanks to MarkRH]
Fixes the zenphoto package file which caused an unnecessary file warning on running setup [acrylian - Thanks to vincent3569]
Fixes function getNotViewableImages() that failed to exclude said images, e.g. used if "check tag access" for tag lists if tag_suggest is enabled [amalani]
Fixes wrong image/album search result order by title [acrylian]


Small change for theme breadcrumbs

Normally on basic themes the gallery index is the same as the site index ( = home page). But on themes that set a custom gallery index page (e.g. Zenpage, Garland, Efferscene+) those are really different pages so the breadcrumb was actually wrong. Therefore a new template function printGalleryIndexURL() has been introduced that automatically prints a home link if needed (e.g. printing Home > Gallery index) or the real index link where needed. This internally uses an also new function set of get/printSiteHomeURL() that always returns/prints the home page url. This is additional functionality and your custom or customized theme doesn't require any update if you are fine with the old (wrong) behaviour. 


Plugins

sitemap-extended: Fixes missing trailing slash in rewritten album URL's [acrylian – Thanks to gingo for the note]
html_meta_tags: Maxspace options for open graph mages to be able to better cover general now bigger (and changing) sizes of various social media services and don't use thumb mode so watermarks set are used [acrylian]


Themes

default: Fixes missing clearing of footer causing the layout being misaligned [fretzl]

Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.9






1.4.8
 (version de sécurité)
18 Mai 2015 - 42MBThis is a security and bugfix release for some issues that unfortunately sneaked in. As usual this release is recommend for all users.



It is also recommend to users of the zpBase theme because it is directly affected by the print_album_menu bug listed below.



General

Fixes security issue related to the image processor. [trisweb – Thanks to JPCERT]
Fixes automatic image cache rebuild on rather rare occasions [davosmith]
Fixes bug with album statisticcs in the backend Gallery statistics [acrylian – Thanks to MarkRH]
Image rotation bugs fixed [fretzl – Thanks to unrealdtc]
Fixes bug accessing the wrong single image edit via the admin toolbox [acrylian - Thanks to MarkRH]
Dynamic album creation directly on the backend without prior front end search [acrylian]
Fixes wrong html in admin toolbox [wongm]


Plugins

jPlayer: Fixes CSS issue with our skins [fretzl]
image_album_statistics: get/printAlbumStatistics() bug fix for returning subalbum properly instead of itself if albumfolder is set [acrylian]
image_album_statistics: Restores accidentally lost collection functionality for image statistics and also adds it for album statistics [acrylian]
image_album_statistics: Fixes unwanted listing of unpublished items [acrylian, gjr]
RSS & externalFeed: Fixes bug related to internal changes of the image_album_statistics plugin [acrylian]
print_album_menu: Fixes Jump menu [acrylian]
bxslider_thumb_nav, jCarousel_thumb_nav, paged_thumbs_nav: Fixes broken dynamic album image page links and also search context [acrylian – Thanks to bic]
register_user (+backend): On registering or manually creating a user it is now checked if the email address is already used by another user (It is not checked for existing users!) [acrylian - Thanks to haroon310]
downloadlist: Fixes issue with wrong link encoding that caused broken downloads especially on https sites [trisweb]


Themes

zpMobile: Add data attribute via jquery to admin toolbox and downloadlist links so jquery mobile does not take them over [acrylian – Thanks to RB26 for the tip a while ago]
basic: Support opening full images in colorbox added [acrylian]
basic: Fixes display issues with styles in both slideshow plugins [acrylian – Thanks to Bob03]
All themes: Fixes missing username for user_login_out plugin [acrylian – Thanks to Wurzel555]

Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.8






1.4.7
 (version de sécurité)
10 Février 2015 - 42MBGeneral

Bug fixed that could cause loosing all text data entered on subalbums and images if the parent album is moved, copied or renamed [acrylian, fretzl]
Bug resulting content loss of standard image fields like location, copyright etc. and tag assignments if saving data on the main images bulk edit page [gjr, acrylian]
Minor security injection iissue regarding cookie handling fixed [acrylian – Thanks to Manuel Garcia Cardenas for the report]
Minor security SQL injection issue regarding image sorting if logged in fixed [acrylian – Thanks to Navaid Zafar Ansari for the report]
Improvements for lost changes warnings on the backend [gjr]
Option (Options > Image) to convert line breaks on meta data importing of IPTC ImageCaptions to line breaks (
) [acrylian - Thanks to MarkRH]
Image quality setting if using the Imagick libary now works correctly [MarkRH, kagutsuchi]
Full single image editing including tags on the backend is now done on a separate page. This work around ensures that the number of form elements does not * exceed server POST limits especially on shared hosts and also speeds up the image tab page display [acrylian]
The admin toolbox – always being actually part of the admin and not the theme anyway – now comes with a predefined style for a consistent look on all themes. Individual styling via theme css is not needed anymore [trisweb]
Confusing nonsense questions on password resets have been removed [fretzl]
randomImages functions now longer returns images that are future (scheduled) published or expired [acrylian – Thanks to vincent3569]
On the front end search form you can now uncheck or check all search fields [acylian]
getAllTagsAs() – used on the standard archive theme page for example – and getAllTagsCount() now have optional parameters to exclude unassigned tags and tags that are assigned to inaccessible items for the current visitor (tag access check). getAllTagsUnique() has only a parameter for the access check. This is also an option to the tag_suggest plugin now. This optional and off by default as it may cause overhead on larger sites. The use of the static_html_cache plugin is strongely recommended if you need to do this [acrylian]
Support for adding new tags containing brackets on admin item edit pages [SubJunk]


Themes

zpMobile: Some layout issues and broken gallery page navigation fixed [acrylian, gjr]
zpMobile: Support for login_out, register_user and slideshow plugins [acrylian]
zpMobile: JS conflict with jquery mobile on the register password form fixed (actually that form is core but affected only this theme) [acrylian]


Plugins

favorites: It is not longer necessary for a user to have "manage all albums" rights to create favorites. Any logged in user now can [acrylian]
downloadList: Fixes non working download rights password checks and download access bypassing private gallery settings [trisweb, acrylian]
downloadList: Album zip handling fixed for Windows systems [gjr]
galleryArticles: Fix multilingual titles of articles created [acrylian]
html_meta_tags: Some corrections on wrong meta items. [acrylian, fretzl]
image_album_statistics: Threshold parameter for image/album statistics and "toprated", "mostrated" and "popular" options [gjr] 
image_album_statistics: getImageStatistics() and getAlbumStatistics() work now without getAllAccessibleAlbums() internally and should be faster [Thanks to gjr for pointing out]; getAlbumStatistics() now returns an array of album objects similar to getImageStatistics() instead of an array with album values - Update your code if your do custom stuff; get/printAlbumStatistics() now generally supports stats from dynamic albums [acrylian]
jPlayer: Update to 2.8.1 and improvements to our own player skins [acrylian, fretzl]
jPlayer: The official jPlayer circle skin has been removed because it requires special handling to all other skins by loading extra JS files and it is a limited audio only skin anyway [acrylian]
jPlayer: Now correctly displays playlists with contents from dynamic albums or even search results if they are supported formats [acrylian]
menu_manager: Does not throw fatal errors anymore if the Zenpage plugin is disabled but Zenpage items exist in the menu set [acrylian]
mergedRSS: Cache improvements [acrylian]
print_album_menu: Jump menu version reworked a bit and now with a parameter for album level display and one for just printing the  entries without the full  part. The helper function printAlbumMenuJumpAlbum() has been removed being obsolete. [acrylian]
register_user: Wrong verify links in emails fixed [acrylian]
sitemap-extended: Fixes some url rewrite token and subdomain links for Zenpage pages if in multilingual mode [acrylian]
tinymce4: Update to TinyMCE 4.1.x
tinymce4: Option for writing directionality. Also if a language is writing from right to left it switches automatically [acrylian]
tag_suggest: The plugin has now options to exclude unassigned tags and tags that are assigned to items that are not accessible for the current vistor [acrylian]
zenpage: New options to optionally disable news or pages tabs on the backend. Themes can also check for this state optionally using the boolean constants ZP_NEWS_ENABLED or ZP_PAGES_ENABLED. See the Zenpage theme's sidebar.php for an example [acrylian]

Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.7






1.4.6
 (version majeure)
5 Juin 2014 - 42MB
New template functions getHeadTitle() / printHeadTitle() to for usage within/for the HTML page's head 'title' tag [acrylian]
Improved 404 handling [sbillard]
imagick options to hint image sizes to better utilize server memory. [yaourt]
Various HTML validation issues on the backend corrected [acrylian, sbillard, sphoto]
New options for search pattern matching [sbillard]
Plugins may now "declare" deprecated functions. [sbillard]
Bulk options and edit links for images on the images order tab [sbillard, acrylian]
Backend pages now warn about possible unsaved data in forms if you try to leave a page [sbillard]
If you are using plugins with content macros that generate html, a conflict with TinyMCE's automatically wrapping everything using paragraphs could occur. Zenphoto now validates such html using the server side PHP Tidy extension if it is present on the server used.

Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.6






1.4.5.9
 (version de sécurité)
23 Janvier 2014 - 42MBThis is a security and bugfix release. Multiple minor errors are corrected.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5.9






1.4.5.8

24 Décembre 2013 - 42MBThis is a bugfix release. Multiple minor errors are corrected.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5.8






1.4.5.7

3 Novembre 2013 - 42MBThis release fixes a critical issue in the Zenphoto 1.4.5.6 involving storing characters with diacritical marks.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5.7






1.4.5.6

2 Novembre 2013 - 42MBThis is a bugfix release. Multiple minor errors are corrected.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5.6






1.4.5.5

4 Octobre 2013 - 42MBThis release fixes a problem on site closure introduced in the 1.4.4.4 support release. You will not be able to close your site unless the root index.php file from this release is first uploaded to your site.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5.5






1.4.5.4
 (version de sécurité)
3 Octobre 2013 - 42MBZenphoto 1.4.5.4 is a security update. For more detailed info about the fixes please review the GitHub issues list.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5.4






1.4.5.2

9 Septembre 2013 - 42MBMultiple minor errors are corrected.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5.2






1.4.5.1

5 Août 2013 - 42MBMultiple minor errors are corrected.



Applications:

This version of Zenphoto incorrectly identifies itself as version "1.4.5". A patch for this issue has been included.

Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5.1






1.4.5
 (version majeure)
2 Juillet 2013 - 42MB
Zenphoto is now release under the license GPL v2 or later (before: GPL v2 only) to be compatible with GPL v3 which a lot 3rd party tools use nowadays.
All themes and the backend are now defined as HTML5 doctype to assure compatibility with newer and future 3rd party tools we adapt. Although the new semantic HTML5 elements may not be used yet and we still use the compatible XHTML syntax in many places. Slow work in progress so to speak. [sbillard, acrylian]
Zenphoto uses jQuery 1.9.1 and jQuery UI 1.9.1 which is as ususal loaded on themes. Since jQuery 1.9 removed some functions older jQuery based tools may break. You find info about those changes and a jQuery migrate plugin to workaround here: http://jquery.com/upgrade-guide/1.9.
Themes may now have slideshows from their favorites [sbillard]
Use of Flash has been removed from themes and plugins (except fallback in jPlayer for older browsers naturally).
The GD library now supports freetype fonts. (sbillard, kagutsuchi)
The number of comments shown on the admin/comments tab is now an option. [sbillard]
Simplified mod_rewrite rules [sbillard]
Redefine URL keywords [sbillard]
Portable RSS feed links option that allows a users to see their feeds even when not logged-in [sbillard]
Lots of small fixes [rlerdorf]

Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.5






1.4.4.8

1 Juin 2013 - 42MBZenphoto 1.4.4.8 is a bugfix release. Multiple minor errors are corrected.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.4.8






1.4.4.5

26 Avril 2013 - 42MBMultiple minor errors are corrected. A Cross Site Reference Forgery security hole has also been closed. Thanks to Daniel Yang for reporting the issue to us.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.4.5






1.4.4.4

11 Avril 2013 - 42MBMultiple minor errors are corrected.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.4.4






1.4.4.3

3 Mars 2013 - 42MBMultiple minor errors are corrected.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.4.3






1.4.4.1b

1 Février 2013 - 42MBCorrects the check_for_update plugin so that it does not improperly report that there is a newer release and prevents lowercasing the default database handler name.
Lire la suite: http://www.zenphoto.org/news/zenphoto-1.4.4.1b






1.4.4
 (version majeure)
2 Janvier 2013 - 42MBGeneral

Pagination added to the plugin & plugin options tabs. In addition, plugins are now organized by class and there is a sub-tab for each class (as well as a subtab for the complete list.) [sbillard]
Portable URLs: Zenphoto will now store URLs in a WEB path independent form if embedded into content of articles and pages or image/album descriptions using tinyZenpage manually. When the data is retrieved the current WEB path will be used for these URLs. This simplifies moving your WEBsite or replicating the content to a new location. NOTE: this change is in effect only when you "save" the content. Changing URLs that already exist in your database requires that you re-save the object containing them [sbillard]
Image caching: Zenphoto now limits the number of worker processes that may resize images in parallel [sbillard, d4gurasu]


		Security

Multiple security threats closed.
New stronger password hashing algorithm pbkdf2.
Password hashing may be changed without impacting existing password cookies so you can strengthen your security and it will be applied whenever a user changes is password. (See also the user_expiry plugin below.)

Lire la suite: http://www.zenphoto.org/news/Zenphoto-1.4.4






1.4.3.5

3 Décembre 2012 - 40MB





1.4.3.4

2 Novembre 2012 - 40MB





1.4.3.3

2 Octobre 2012 - 40MB





1.4.3.2

1 Septembre 2012 - 40MB





1.4.3.1

3 Août 2012 - 40MB





1.4.3
 (version majeure)
2 Juillet 2012 - 40MB





1.4.2.4

12 Mai 2012 - 40MB





1.4.2.3

4 Avril 2012 - 40MB





1.4.2.2

2 Mars 2012 - 40MB





1.4.2.1

2 Février 2012 - 40MB





1.4.2
 (version majeure)
16 Janvier 2012 - 40MB





1.4.1.6

14 Novembre 2011 - 50MB





1.4.1.4

20 Octobre 2011 - 50MB