Vydána aktualizace ZenPhoto20

Byla vydána aktualizace galerie ZenPhoto20, tentokrát rovnou

Hlavní novinky od verze 1.6:

  • Upgrade jQuery na verzi 3.3 (z verze 1.12).
  • Příprava na GDPR – nové pluginy, změna některých vnitřních procesů v galerii.
  • Další velká aktualizace češtiny v galerii (oprava překlepů, aktualizace překladu,…).
  • Tagy nyní mohou být označeny jako soukromé.
  • VzhledGray_highlights odebrán z galerii.
  • Oprava některých drobných chyb v kódu + vylepšení.
  • A mnohé další…


Ke stažení:



Kompletní přehled změn od verze 1.6 v angličtině:


This release fixes multiple bugs and security holes. For details see the change log.

There has been a slight reorganization of the Administrative Overview section. The „Installation information“ section is now a separate page accessible from the OVERVIEW fly-out. User information has been added to the Gallery stats display.


The SecuritySetup, and Debug logs can be encrypted. This provides additional protection of possible sensitive data in these files. The options to encrypt the logs is found on the Security options page. All encryption requires that the php_openssl extension is enabled.

Note: The log encryption depends on reading the state of an option. So if the log entry is generated before option handling is initialized the entries will NOT be encrypted. This could happen the database is not available such as in the early stages of page loading. In these cases your log may have a mixture of encrypted and unencrypted records. When these are displayed on the Logs page the unencrypted records will be garbled.

A further consideration is that encrypted records cannot be deciphered „off line.“ You should carefully consider which logs you encrypt.  For instance, the records of a site crash may not be available for analysis until the site is back up and running. This would make analyzing and correcting the problem more difficult.


Some tools have been added to help sites conform to the General Data Protection Regulation. There is a new general option, Usage policy, which if enabled will force viewers to acknowledge your site usage policy.  A new function, policySubmitButton(), will display a checkbox until the viewer has acknowledged the policy (by checking the box.) The „submit“ button replaces this checkbox once the acknowledgement has occurred.

The acknowledged state is persistent. For a registered user it remains until cleared by the administrator. For anonymous visitors it is retained by a cookie so will persist until the cookie expires. (If gallery sessions is enabled it persists for the visitor’s session.)

Standard forms, such as the comment form, which may capture user data, implement this button. There is also a new plugin, GDPR_required, that allows you to redirect first time viewers to your site usage page for confirmation before they can view any other content.

GDPR and cookies

Your site usage policy should include a statement about the use of cookies. For best viewing experience ZenPhoto20 uses cookies to save browsing state via the viewer’s web client. These are used for such things as remembering logins, policy page acknowledgements, search parameters, form data, etc. Cookies will expire based on the setting of cookie duration. (Some will persist for shorter periods.). A visitor always has the option of viewing and clearing cookie data via his browser settings. None of this cookie information is saved on the web server. It exists only in the web client and fleetingly during page generation on the server.

If use of cookies is an issue for your site they may be avoided by using gallery sessions. With this option in use state that would normally be in a cookie in the client browser will be contained in a PHP session variable. (Note: PHP session handling actually uses a cookie in the web client in order to identify the session variable.) PHP sessions will normally expire when the web client closes, but may persist for less time. Usually using PHP sessions for client viewing state provides an unsatisfactory user experience.

GDPR and IP addresses

The GDPR states that IP addresses should be considered personal data as it enters the scope of ‘online identifiers’. See the description of personal data.

Your site usage policy statement may need to address these uses. They are described below:

Security uses*:

  1. The accessThreshold plugin records site visit frequency by IP address for the purpose of blocking denial of service attacks.
  2. The IP_blocker plugin allows an administrator to manually enter an IP address that is to be denied (allowed) access to the site.
  3. The security log contains the IP address of site which caused the security log entry†.
  4. In the logging of 404 errors to the debug log.

†Except for the security log, there is no direct link between and IP address and a user. Encrypt the content of the security log for further protection of this data.

Uses as a unique identifier*:

  1. Cached searches
  2. Search statistics
  3. Rating
  4. Recorded comments

*If the php_openssl library is enabled the IP address will be encrypted.


We have migrated to jQuery version 3.3 with this release since older versions of jQuery are no longer in support. jQuery v3.3 has several deprecations that require script upgrades. See the jQuery Core 3.0 Upgrade Guide for details. ZenPhoto20 now has provisions to support the jQuery Migrate Plugin or revert (for themes) to jQuery v1.12 via options in the Debug plugin. You may need to set these options to run or update incompatible scripts.


Tags may now be classified as „private.“ Within tag administration, private tags are indicated by a highlight, e.g. aTag. Only users with TAGS_RIGHTS will have visibility to private tags. This means they will not show up in tag suggestions, tag clouds, or search results for the general public or for users who do not have TAGS_RIGHTS.

Private tags may be used for such things as identifying images for dynamic albums without exposing this organization to the site visitors. For custom search results you may invoke the class search method setSearchPrivateTags() to cause private tags to be found.


Processing of search strings has been enhances. You may now use the backslash (\) character to escape a quotation thus rendering the mark a literal character rather than the delimiter for a string sequence. For example searching on 123"45&67"890 would normally render a search string of 12345&67890. (The & is treated as part of the string, not the AND operator.) 123\"45&67\"890 would result in two target strings, 123"45 and  67"890, both of which must be present (because of the &.)

There is now a search property named specialCharacters. it is an array containing indexed by character (quotation marks and backslash) If you set the value of a character to false it will have no special meaning in the parsing of search strings. (E.g. $search_engine->specialCharacters['\\]=false; will disable the escape character and treat it simply as a backslash.

Specifying search fields with a bit mask has been deprecated. It is unlikely that this feature is used anywhere as it was from the early days of zenphoto. If a use is detected, a deprecated message will be placed in the debug log.



There are now individual codeblock sets for each object (gallery, image, album, article, news category, and page.) This enables a different default for each. The codeblocks set from prior releases will be imported into each of the object codeblocks that were checked in the Objects option.


A plugin to require that visitors view and acknowledge a site policy page upon the first visit to your site. The plugin requires a zenpage page object or a custom page script which states the site usage policy. See the plugin usage information for implementation details.

The plugin contains a method GDPR_required::button() that may be placed in a codeblock of your zenpage page or as part of your custom page script. This method will display a policySubmitButton that will redirect to the site index page.


The Disguise IP option has been removed as it is now redundant. The IP address is now always encrypted. It is suggested you clear ratings with this update since old ratings cannot be associated with the originator.


There is now an option, News label, to set the „name“ of news items. This will allow you to show a different name, for instance „Blog,“ on your website. The option also changes the rewrite token for news to match. For multilingual sites, the token will be set from the site language string for the option if present. If not it will default to the string for the current locale, the en_US string, or the first language string, which ever is present.

Note: Themes should now use the define NEWS_LABEL instead of gettext("News"). The distributed themes have been updated to use NEWS_LABEL in places where the text „news“ appeared. These changes include theme custom menus, but existing custom menus must be deleted and repopulated before the new structures will be used.


Provides a function to displays a zoomable image based on jQuery Zoom by Jack Moore. The viewer may zoom in on the image using mouse or touch/press actions. There are four behaviors for the zooming.


A plugin ported from the legacy zenphoto to add a cookie notify dialog to comply with the EU cookie law and Google’s requirement for Google Ads and more https://www.cookiechoices.org. This is a „light-weight“ alternative to the GDPR_required plugin dealing with cookies only.


A plugin for showing OpenStreetMap maps using LeafletJS for images, images from albums with embeded geodata, or from custom geodata. Ported from legacy zenphoto.


A plugin portedc from legacy zenphoto that provides numerous social media buttons. The specific buttons displayed are selectable by plugin option.



This theme has been removed from the ZenPhoto20 distribution,


The Basic theme now has support for Articles and Pages. Of course, the support is „basic.“

Martin Kroul
Follow me

Martin Kroul

Od roku 2012 nadšenec do Zenphoto. Pak v létě 2014 utekl k ZenPhoto20, které překládá a na kterém provozuje galerii s 16 700 fotografiemi a videi.
Martin Kroul
Follow me

Write a comment

19 − seven =