Zenphoto 1.6
14 December 2022
Zenphoto version 1.6 is now available (major release).
Upgrading to Zenphoto 1.6
Zenphoto 1.6 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply Zenphoto updates as new versions are released, or use Installatron's Clone feature to duplicate an existing Zenphoto install to test the 1.6 upgrade prior to applying it live. Get started managing your Zenphoto installations with Installatron
What's New in Zenphoto 1.6
Security
- elFinder has been updated to fix some security related issue [fretzl, acrylian]
- backup_restore utility: File names now get a random key appended so they are not that easy to guess
- backup_restore utility: The backup folder can now be renamed and optionally be placed outside the webroot, just like the albums folder, via the config file. Use $conf['backupfolder_folder'] and $conf['backup_folder_class']. Otherwise it follows the documentation of the albums folder. Note that the folder of course must exist in the location defined, as it will not be created automatically [acrylian - Thanks to abdulrahman|
- Serveral PHP object injection issues with unserialize() usages fixes. Also adds additional parameter to getSerializedArray(). This affected the plugins GoogleMaps, register_user, and user_expiry [acrylian - Thanks to abdulrahman]
- XSS issue with searchform [acrylian – Thanks to JPCERT]
General
- All functions and class methods deprecated for 1.6 have now been removed. See also the section about changed deprecation handling below [acrylian]
- The native PHP function strftime() has been deprecated in PHP 8.1
- Fix missing comment bulk actions on albums and images [acrylian]
- Improve dispaly of theme and plugin deprecation notes [acrylian]
- Changes colors of noteboxes (now blue, formerly orange) and warningboxes (now orange, formerly yelllow) [acrylian, fretzl]
- Fix image processor issue with webp images that didn't allow the suffix [acrylian, fretz – Thanks to sam-19 and sbillard]
- New thumb transition page handling: You now have much more control over how many image thumbs will be shown [acrylian, fretzl]
- Fix an issue with maxspace thumbs of default and custom sidecar images [acrylian, fretzl - Thanks to kjonescubist]
- Debug modes can now be enabled via the config file instead of hacking a core file [acrylian]
- Fix the blocking of the Matomo widget and the tinyMCE Preview modal by adding directives to the Content-Security-Policy header [fretzl]
- Speed improvement regarding site with lots of users and content [SubJunk]
- Fix for avoiding duplicate options table entries on setup [SubJunk]
- Fixes single image prev/next pagination within dynamic albums [acrylian]
- Fix site and image custom copyright url not being saved and used properly [acrylian]; printCopyrightNotice() now a wrapper for gallery and image copyright nottices, [acrylian, bic-ed - Thanks to JesseC]; shortcuts printGalleryCopyrightNotice() and printImageCopyrightNotice() added, parameter $linked added; fixes gallery and image class getCopyrightURL() methods neither using custom urls or Zenpage page urls at all; Option to enable site gallery copyright notice moved from theme options to gallery options to group related options in one place; Adds display image copyright notice option.
- Admin sortorder options: Custom sort orders for all item types have been removed on the backend. [acrylian]; Basically MySQL code was entered here that possibly caused serious issues if used by inexperienced user both with MySQL and ZenphotoCMS and its table column names .Instead, if custom sort orders are required they should be added via the new "admin_sortbyoptions" filter or via the object model; Additionally we have added some more default options.
- Image flipping: Images can now be flipped horizontally or vertically on the image edit pages. Note that this will modify the original images. It is strongely recommended to only use this when Imagick is available as a graphics handler becuase the GDlibrary will delete embeded meta data [acrylian, fretzl]
- Proper redirections to current page on logouts. Also a propler header request is sent to advise browsers to invalidate their caches [acrylian, fretzl, bic]
- htmLawed 1.2.8 update [acrylian]
- The json fallback library lib-json.php has been removed because json is already part of the PHP core for a while and now expected to be available [acrylian]
- Fix case insenstive test failing on open_basedir restriction [brucepimenta]
- Users – for example self-registered ones – now have the right to at least change their own user credentials. The right has also been added to the default groups where applicable. Existing users or groups will not be changed. [acrylian]
- Fix unwanted empty album date on meta data refresh [acrylian, fretzl]
- Fix sidecar images not being moved with their main item if using the admin move tool [acrylian – Thanks to ctdlg]
New maintenance_mod
- You'll find a new button "Maintenance mode" on the admin overview page. It contains options to switch the modes instead of the confusing way it was before. Usage instructions are included.
- New is that whenever you run setup the site will be closed automatically. It will not re-open automatically so you can test your site first.
- If the site is closed or in test mode there is a clear note shown on all admin page so you don't forget to disable it.
- Previously created custom closed.htm and rss-closed.xml placeholder within /plugins/site_upgrade/ should work as before. The former closed.php file has been abandoned and is only used if it already exists. The maintenance mode will use basic placeholders if these files are missing.e