Dotclear

Dotclear News

Entries feed - Comments feed

2019 Aug 12

Dotclear 2.15

A very new version of Dotclear, focusing on code robustness, there is no more inline javasript and it's better for security; the backend is a little bit more comfortable with responsives lists and tables. It will be easier to cope with list of comments on your smartphone.

Note that the audio and video Flash players have been removed from this release — but they are not deleted during update.

Dashboard speaking you will be able to organize at will the position of differents "blocks" (icons, news, …); the WebP format is now supported — as far as your server is configured for ; some new codes have been added to the wiki syntax (subscript, superscript).

Check the « CHANGELOG » ;-)

Have fun and enjoy and happy birthday, tomorrow, to our favourite blog engine \o/

2018 Sep 26

Dotclear 2.14.3

A little update which fix a configuration problem, experienced at least on some 1&1 servers, with a memory_limit value (in PHP.ini) set to -1 (unlimited).

2018 Sep 4

Dotclear 2.14.2

A little update which fixes some problems as:

  • Security (two minor vulnerabilities)
  • Syntax coloration with the theme editor
  • Template filters attributes

Note: Some web browser extensions, as ad blocker, may block some features of the backend of your installation, as the wysiwyg editors. You should use their white list of those extension is this case.

2018 Aug 17

Dotclear 2.14.1

A little update which fixes some problems as:

  • The wizard installation script
  • The default font size in user preferences
  • The compression of js scripts

2018 Aug 14

Dotclear 2.14 and PHP version

Some of you reported me some problems with this new release of Dotclear on servers running PHP 5.5 (which is obsolete).

So I recommend to switch to the 5.6 version of PHP or even better to the 7.1 or 7.2

2018 Aug 13

Dotclear 2.14

Codename: Dark Crystal

Crystal because it's today the 15th anniversary of Dotclear which run on the best servers on this planet!

Dark because there is a new dark mode in the administration interface!

Dark Crystal because I do like this animation movie published 35 years ago :-)

Otherwise, it's business as usual…

Enjoy!

2018 Jan 27

Dotclear 2.13.1

A small update that fixes two annoying bugs in the theme editor (when syntax coloration is enabled) and with the traditional Dotclear editor, in XHTML mode.

2018 Jan 13

Dotclear 2.13

Some few words:

  • PHP 5.5+ mandatory as a more secure system has been implemented for passwords stored in the database, system which needs at least this version of PHP
  • Informations displayed on dashboard, as Dotclear updates or news, are now fetch from Dotclear server in asynchronous way, so no more dashboard blocked by a ghost server!
  • A new driver for MySQL databases encoded with UTF8-mb4
  • Some bugs fixed
  • Some refinements in administrative UX

Enjoy!


Note for users and administrator:

The new encryption system for password does not require any migration procedure. This will be done only once at the very next user authentication.

Notes for developers:

The new password system implies two backward incompatibilities:

  1. The function checkPassword() (/inc/core/class.dc.auth.php) requires now a non encrypted password (usually form field contents) rather than an encrypted form.
    So you now have to use $core->auth->checkPassword($_POST['your_pwd']) rather than $core->auth->checkPassword($core->auth->crypt($_POST['your_pwd'])).

  2. The function crypt() (/inc/core/class.dc.auth.php) no more give the same results with the same parameter. If you need an "old fashion" encrypted password, you have to use cryptLegacy() function (same file).

If you need a unique UID/key, use http::browserUID(DC_MASTER_KEY.$core->auth->userID().$core->auth->cryptLegacy($core->auth->userID())) (may be refined in future).

2017 Aug 13

Dotclear 2.12.1

A little update to fix a bug with the mustek default template set, used by a lot of themes. This release fixes also a small bug with media title during upload.

Do not forget to empty the cache of the templates (Maintenance plugin) as well as the cache of your browser after having made an update. In case you have opted for a manual update, do not forget to disconnect and reconnect, some updates (concerning the database) are made at this time.

2017 Jul 27

Dotclear 2.12

Tiny but eventually not so tiny update as the CHANGELOG shows. Anyway there is no new functionality, only improvements and bug fixes.

As the team is reduced since a lot of months/years, I decided to reduced the scope in terms of development as I'm the only dev still in activity and I have not more much courage to start (relatively) big projects[1] — yes, we have a bus factor of 1 in Dotclear.

So exit the REST API I wish to develop — but a third party plugin is in development to provide this feature —, exit also the integration of the Twig template engine, exit also a lot of tickets which stayed opened without anybody to take care of them.

I will continue to maintain Dotclear, indeed, in order to add some tiny missing features as UTF8-MB4 support for MySQL, a more robust password management and this will be included in the next 2.13 release which will need, at least, PHP 5.5 version — it's time to forget the older PHP 5.3 not more maintained now.

Note

[1] First it's not funny at all to develop alone, second the lack of code review is as far as I know dangerous

2016 Dec 29

Dotclear 2.11.2

A new small update today that fixes some annoying bugs with PHP 5.3 and PHP 5.4; It also solves the problem of previewing the posts and pages being edited.

Do not forget to empty the cache of the templates (Maintenance plugin) as well as the cache of your browser after having made an update. In case you have opted for a manual update, do not forget to disconnect and reconnect, some updates (concerning the database) are made at this time.

2016 Dec 28

Dotclear 2.11.1

A small update that fixes a problem when using a version of PHP earlier than 5.5.

This problem prevents the administration menu (left column) from being displayed with most plugins, or even prevents their access.

Dotclear 2.11

A new version that deviates from our habits, since it is not published a 13, and ahead of schedule, since it was planned mid-February 2017. It also derogates with the habit of having a copious CHANGELOG (list of modifications / corrections).

Indeed, this version does not bring anything extraordinary except that it facilitates the use of Dotclear, and it corrects some bugs sometimes annoying on a daily basis:

  • Easier access to plugin settings,
  • A more advanced customization (text size, display or not of additional information, ...),
  • Some additional attributes for theme developers / hackers,
  • The webmentions which are added to the existing trackbacks and pingbacks,
  • The Berlin theme is now based on the template set dotty, which exploits at best HTML5,
  • ...

The general aspect of the administration also changes because the 2.11 uses the system font available on your machine rather than the usual Helvetica Neue. It also changes because it implements a font size that fits, between two thresholds, the space available on your screen. You can change the general font size in your preferences (3 settings are available).

Note that we have dropped the support of old browsers, especially old versions of Internet Explorer, up to version 9 included; It makes it possible to use a little more easily some innovations of CSS 3, in particular the flex system.

But I let you discover this at home, once you have made the awaited update!

PS: This version requires PHP 5.3 a minimum, but I advise you to use PHP 5.6 or even PHP 7 without waiting - the latter offers a speed gain very appreciable. It is quite possible that the next version of Dotclear requires a newer version than the already obsolete 5.3.


Some technical details for plugin developers and blog administrators:

Plugin settings

The new version 2.11 introduces a new system that allows to define and find the different places where a plugin may have settings.

Definitions

It is necessary to define in the file _define.php of the plugin an additional property, named settings and which is constructed in the following way:

'settings' => array (
    'self' => '',
    'blog' => '#params.id',
    'pref' => '#user-options.id'
)

The line with 'self' indicates that there are settings on the main page of the plugin (that is, for developers, in the index.php file).

The line with 'blog' indicates that there are settings in the blog settings, normally on the 'Settings' tab (#params is used for this) and at the first item id equal to the plugin id (you can for example position this id on the title element, h4 or h5, which precedes the options of the plugin).

The line with 'pref' indicates that there are settings in the user preferences, normally on the 'My options' tab (the #user-options is used for this) and at the first item id equal to the plugin id.

You can, and even must, specify only the lines that are relevant.

It is not obligatory to specify the id, in this case it is enough to simply specify the tab. It is also not necessary to specify the tab, in this case simply leave an empty string (").

The links will be displayed in the order in which they are defined in the 'settings' property.

Note: To this link list will be added first, if it exists, the link to the plugin's _config.php file.

Examples of definitions

Antispam plugin

'settings' => array (
    'self' => '',
    'blog' => '#params.antispam_params'
)
  • self → access to main plugin settings on its own page (index.php)
  • blog → access to secondary settings in blog settings

Tags plugin

'settings' => array (
    'pref' => '#user-options.tags_prefs'
)
  • pref → access to keyword list format setting in user preferences

Maintenance plugin

'settings' => array (
    'self' => '#settings'
)
  • self → access to the "Settings" tab of the plugin's own page (index.php)

Display

The setting URLs are displayed in two places:

  • On the plugin management page, by unfolding the additional info (just click on the name of the plugin to get them)
  • On each of the main pages of the plugins, provided you have the rights to access them

If you need more information on these technical developments, use the forum and/or development mailing list, or even the IRC channel #dotclear (irc.freenode.net) ...

2016 Nov 2

Dotclear 2.10.4

A tiny update which fixes a database connection problem for installation using PostgreSQL lower than 9.1

If you are not in this case, the automatic update will run as usual.

If you are in this case, in order to do this very next automatic update, you have to follow this procedure:

  1. Open the file /inc/libs/clearbricks/dblayer/class.pgsql.php
  2. Insert a new line before the line number 103 and put the following code in this line, then save the file:
return;

You should have something like that:

		/** @ignore */
		private function db_post_connect($handle,$database)
		{
return;
			$result = $this->db_query($handle,"SELECT * FROM pg_collation WHERE (collcollate LIKE '%.utf8')");
			if($this->db_num_rows($result) > 0) {
				$this->db_result_seek($result, 0);
				$row = $this->db_fetch_assoc($result);
				$this->utf8_unicode_ci = '"'.$row['collname'].'"';
			}
		}

This modification will give you again access to your installation.

In order to apply the automatic update, you will have, first, to install a specific plugin, FakeMeUp (available on the DotAddict website), which allow to bypass the control of modified files before update.

Once this plugin installed, make the update and when finished, disable or uninstall the FakeMeUp plugin, as you wish.

Your dashboard should also offer you to upgrade your installation today or tomorrow (depending on your settings). There's also a patch for the developers who prefer this method.


CHANGELOG of this release :

Dotclear 2.10.4 - 2016-11-02
===========================================================
* PostgreSQL < 9.1 fix

2016 Nov 1

Dotclear 2.10.3

A tiny update to fix two minor security vulnerabilities and to allow some specific proxy/ssl server configuration.

Your dashboard should also offer you to upgrade your installation today or tomorrow (depending on your settings). There's also a patch for the developers who prefer this method.


CHANGELOG of this release :

Dotclear 2.10.3 - 2016-11-01
===========================================================
* Security: Fix CVE-2016-7903: Password Reset Address Spoof — Thank's Hongkun Zeng for report
* Security: Fix CVE-2016-7902: Media Manager, unrestricted File Upload — Thank's Hongkun Zeng for report
* CSP: Cope with external sources used in editor's iframe to preview public external content
* Fix: Cope with post.post_position field during flat import
* Fix: Prevents precondition failed during currently activated theme update
* Fix: Remove unecessary header (cope by dotclear) in page plugin
* Fix: Let some proxies playing with standard http and https ports
* Fix: Let SSL runs through a proxy, it may be ok, sometimes
* 🐛 → Various bugs and typos fixed

- page 2 of 7 -

Sites map