Dotclear

Une new minor release which fixes some issues:

• Avoid weird side-effect of JS minifier
• Insertion of default type media (non image/audio/video) in XHTML entries
• Cope with old themes for 'remember me' string defined in JS

A small update that should fix the problem of modifying pages and posts in a language different from the interface language, when using CKEditor. It should also solve the problem encountered when updating 2.15 by users of PostgreSQL databases.

A little update which fix a configuration problem, experienced at least on some 1&1 servers, with a memory_limit value (in PHP.ini) set to -1 (unlimited).

A little update which fixes some problems as:

• The wizard installation script
• The default font size in user preferences
• The compression of js scripts

Codename: Dark Crystal

Crystal because it's today the 15th anniversary of Dotclear which run on the best servers on this planet!

Dark because there is a new dark mode in the administration interface!

Dark Crystal because I do like this animation movie published 35 years ago :-)

Otherwise, it's business as usual…

Enjoy!

Some few words:

• PHP 5.5+ mandatory as a more secure system has been implemented for passwords stored in the database, system which needs at least this version of PHP
• Informations displayed on dashboard, as Dotclear updates or news, are now fetch from Dotclear server in asynchronous way, so no more dashboard blocked by a ghost server!
• A new driver for MySQL databases encoded with UTF8-mb4
• Some bugs fixed
• Some refinements in administrative UX

Enjoy!

Note for users and administrator:

The new encryption system for password does not require any migration procedure. This will be done only once at the very next user authentication.

Notes for developers:

The new password system implies two backward incompatibilities:

1. The function checkPassword() (/inc/core/class.dc.auth.php) requires now a non encrypted password (usually form field contents) rather than an encrypted form.
   So you now have to use $core->auth->checkPassword($_POST['your_pwd']) rather than $core->auth->checkPassword($core->auth->crypt($_POST['your_pwd'])).
   
   
2. The function crypt() (/inc/core/class.dc.auth.php) no more give the same results with the same parameter. If you need an "old fashion" encrypted password, you have to use cryptLegacy() function (same file).

If you need a unique UID/key, use http::browserUID(DC_MASTER_KEY.$core->auth->userID().$core->auth->cryptLegacy($core->auth->userID())) (may be refined in future).

Tiny but eventually not so tiny update as the CHANGELOG shows. Anyway there is no new functionality, only improvements and bug fixes.

As the team is reduced since a lot of months/years, I decided to reduced the scope in terms of development as I'm the only dev still in activity and I have not more much courage to start (relatively) big projects^[1] — yes, we have a bus factor of 1 in Dotclear.

So exit the REST API I wish to develop — but a third party plugin is in development to provide this feature —, exit also the integration of the Twig template engine, exit also a lot of tickets which stayed opened without anybody to take care of them.

I will continue to maintain Dotclear, indeed, in order to add some tiny missing features as UTF8-MB4 support for MySQL, a more robust password management and this will be included in the next 2.13 release which will need, at least, PHP 5.5 version — it's time to forget the older PHP 5.3 not more maintained now.