Merge remote-tracking branch 'remotes/origin/master' into responsiveadmin

2021-11-01 12:37:38 +01:00 · 2021-11-01 12:37:38 +01:00 · 213642324c
commit 213642324c
parent 9cc5ef1a70 44df55eaef
13 changed files with 179 additions and 147 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,4 +1,4 @@
-# 2021-xx-xx: FlatPress 1.2.1
+# 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1)
 ## Bugfixes
 - BOM in French language files lead to blank page in admin area (see [#82](https://github.com/flatpressblog/flatpress/issues/82))
 ## Translations
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -6,7 +6,7 @@ If you think someone's missing here, please let us know.
 ## The team
 FlatPress was initially developed by [Edoardo Vacchi (NoWhereMan)](https://github.com/evacchi "github.com/evacchi"). Edoardo was supported by [Hydra](http://hydra.clans.it/ "hydra.clans.it"), [drudo](https://drudotec.wordpress.com/ "drudotec.wordpress.com"), giulio, [alcor](http://alcor.altervista.org/ "alcor.altervista.org"), and [Tychondriax](http://tychondriax.altervista.org/blog/ "tychondriax.altervista.org").<br>
 <br>
-Since 2018, FlatPress is taken care of by [Arvid Zimmermann](https://arvidzimmermann.de "arvidzimmermann.de").
+Since 2018, FlatPress is taken care of by [Arvid Zimmermann](https://github.com/azett "github.com/azett").

 ## Coding
 - Piero VDFN introduced the plugins Comment Center, jQuery, and LightBox2.
--- a/README.md
+++ b/README.md
@ -1,15 +1,41 @@
-<a href="https://github.com/flatpressblog/flatpress/releases" title="See releases"><img alt="See releases" src="https://img.shields.io/github/release/flatpressblog/flatpress.svg?label=Latest%20release&style=plastic"></a> <a href="./LICENSE.md" title="License"><img alt="License" src="https://img.shields.io/github/license/flatpressblog/flatpress.svg?style=plastic"></a><br>
-[[flatpress.org](https://www.flatpress.org/)] [[Support forum](https://forum.flatpress.org/)] [[Wiki](https://wiki.flatpress.org/)] [[GitHub](https://github.com/flatpressblog/flatpress)] [<a rel="me" href="https://fosstodon.org/@flatpress">Mastodon</a>] [[Twitter](https://www.twitter.com/FlatPress)] [[Changelog](./CHANGELOG.md)] [[Contributors](./CONTRIBUTORS.md)]
+[![Home page](https://img.shields.io/badge/Home%20page-🏠-555?style=plastic)](https://www.flatpress.org "Home page")
+[![Support forum](https://img.shields.io/badge/Support%20forum-💬-555?style=plastic)](https://forum.flatpress.org "Support forum")
+[![Wiki](https://img.shields.io/badge/Wiki-📖-555?style=plastic)](https://wiki.flatpress.org "Wiki")
+[![Mastodon](https://img.shields.io/badge/Mastodon-🐘-555?style=plastic)](https://fosstodon.org/@flatpress "FlatPress@Mastodon")
+[![Twitter](https://img.shields.io/badge/Twitter-🐦-555?style=plastic)](https://twitter.com/FlatPress "FlatPress@Twitter")
+[![Change log](https://img.shields.io/badge/Change%20log-📜-555?style=plastic)](./CHANGELOG.md "Change log")
+[![Security policy](https://img.shields.io/badge/Security%20policy-⚡-555?style=plastic)](./SECURITY.md "Security policy")
+[![Contributors](https://img.shields.io/badge/Contributors-😎-555?style=plastic)](./CONTRIBUTORS.md "Contributors")
+
+[![Releases](https://img.shields.io/github/release/flatpressblog/flatpress.svg?label=Latest%20release&style=plastic)](https://github.com/flatpressblog/flatpress/releases "See all releases")
+[![License](https://img.shields.io/github/license/flatpressblog/flatpress.svg?style=plastic)](./LICENSE.md "License")
+[![Open issues](https://img.shields.io/github/issues-raw/flatpressblog/flatpress?style=plastic)](https://github.com/flatpressblog/flatpress/issues "See open issues")
+[![Last commit](https://img.shields.io/github/last-commit/flatpressblog/flatpress?style=plastic)](https://github.com/flatpressblog/flatpress/commits/ "Last commit")

 # Welcome to FlatPress!
 FlatPress is a lightweight, easy-to-set-up blogging engine. Plain and simple, just PHP. No database needed!

+## Features
+- Independent, standard-compliant blog software
+- Works on files, __no database__
+- Easy to setup, easy to backup
+- Powerful __plugin system__ with widget support
+- Easy to customize with __themes__, powered by [Smarty](http://www.smarty.net/)
+- __Comments__ function with spam protection
+- __Free software__ under [GNU GPLv2](LICENSE.md)
+
+
 ## Getting started
 Installing and running FlatPress is really easy:
 - [Download FlatPress](https://www.flatpress.org/download), unzip, upload
 - Browse to your web server, run simple FlatPress installer
 - Enjoy blogging with FlatPress!

+## Help and support
+Visit our [wiki](https://wiki.flatpress.org) to learn everything about blogging with FlatPress, how to work with themes and plugins and where to find them. The wiki also has the [general FAQ](https://wiki.flatpress.org/doc:faq) and the [tech FAQ](https://wiki.flatpress.org/doc:techfaq).
+
+Ask your questions, show off your FlatPress blog and meet fellow FlatPressers at the [support forum](https://forum.flatpress.org).
+
 ## Requirements
 FlatPress runs on any web server (e.g. Apache or IIS) with PHP 5.6 or higher. Since all data is stored in files, no database is needed.

--- a/SECURITY.md
+++ b/SECURITY.md
@ -0,0 +1,5 @@
+# Security Policy
+Thank you for your efforts on the security of the FlatPress software. Feel free to report any vulnerability you stumble upon!
+
+## Reporting a vulnerability
+Please report security issues to `hello@flatpress.org`, it's as simple as that. Thanks!
--- a/defaults.php
+++ b/defaults.php
@ -120,10 +120,9 @@ if (isset($_SERVER ['HTTPS'])) {
 }
 $serverport = "false";
 // Unterstützung für Apache und IIS
+ini_set('session.cookie_secure', 1);
 if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
 	$serverport = "https://";
-	// Uses a secure connection (HTTPS) if possible
-	ini_set('session.cookie_secure', 1);
 } else {
 	$serverport = "http://";
 }
--- a/fp-includes/core/core.cookie.php
+++ b/fp-includes/core/core.cookie.php
@ -1,138 +1,141 @@
 <?php

 function cookie_setup() {
+	global $fp_config;

-global $fp_config;
+	// md5(BLOG_BASEURL);

-// md5(BLOG_BASEURL);
+	if (!defined('COOKIEHASH'))
+		define('COOKIEHASH', $fp_config ['general'] ['blogid']);

-if ( !defined('COOKIEHASH') )
-	define('COOKIEHASH', $fp_config['general']['blogid']);
-
-if ( !defined('USER_COOKIE') )
-        define('USER_COOKIE', 'fpuser_'. COOKIEHASH);
-if ( !defined('PASS_COOKIE') )
-        define('PASS_COOKIE', 'fppass_'. COOKIEHASH);
-if ( !defined('SESS_COOKIE') )
-        define('SESS_COOKIE', 'fpsess_'. COOKIEHASH);
-
-if ( !defined('COOKIEPATH') )
-        define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL ) );
-if ( !defined('SITECOOKIEPATH') )
-        define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL ) );
-if ( !defined('COOKIE_DOMAIN') )
-        define('COOKIE_DOMAIN', false);
-        
+	if (!defined('USER_COOKIE'))
+		define('USER_COOKIE', 'fpuser_' . COOKIEHASH);
+	if (!defined('PASS_COOKIE'))
+		define('PASS_COOKIE', 'fppass_' . COOKIEHASH);
+	if (!defined('SESS_COOKIE'))
+		define('SESS_COOKIE', 'fpsess_' . COOKIEHASH);

+	if (!defined('COOKIEPATH'))
+		define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
+	if (!defined('SITECOOKIEPATH'))
+		define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
+	if (!defined('COOKIE_DOMAIN'))
+		define('COOKIE_DOMAIN', false);
+	if (!defined('COOKIE_SECURE'))
+		define('COOKIE_SECURE', true);
 }

-if ( !function_exists('wp_get_cookie_login') ):
-function wp_get_cookie_login() {
-	if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
-		return false;
+if (!function_exists('wp_get_cookie_login')) :

-	return array('login' => $_COOKIE[USER_COOKIE],	'password' => $_COOKIE[PASS_COOKIE]);
-}
+	function wp_get_cookie_login() {
+		if (empty($_COOKIE [USER_COOKIE]) || empty($_COOKIE [PASS_COOKIE]))
+			return false;
+
+		return array(
+			'login' => $_COOKIE [USER_COOKIE],
+			'password' => $_COOKIE [PASS_COOKIE]
+		);
+	}

 endif;

-function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
-	if ( !$already_md5 )
-		$password = md5( md5($password) ); // Double hash the password in the cookie.

-	if ( empty($home) )
+function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
+	if (!$already_md5)
+		$password = md5(md5($password)); // Double hash the password in the cookie.
+
+	if (empty($home))
 		$cookiepath = COOKIEPATH;
 	else
-		$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' );
+		$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/');

-	if ( empty($siteurl) ) {
+	if (empty($siteurl)) {
 		$sitecookiepath = SITECOOKIEPATH;
 		$cookiehash = COOKIEHASH;
 	} else {
-		$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' );
+		$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/');
 		$cookiehash = md5($siteurl);
 	}

-	if ( $remember )
+	if ($remember)
 		$expire = time() + 31536000;
 	else
 		$expire = 0;

-	setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN);
-	setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN);
+	setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);

-	if ( $cookiepath != $sitecookiepath ) {
-		setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN);
-		setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN);
+	if ($cookiepath != $sitecookiepath) {
+		setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
 	}
 }

 function cookie_clear() {
-	setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
-	setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
+	setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
 }

+if (!function_exists('wp_login')) :

-if ( !function_exists('wp_login') ) :
-function wp_login($username, $password, $already_md5 = false) {
-	global $wpdb, $error;
+	function wp_login($username, $password, $already_md5 = false) {
+		global $wpdb, $error;

-	$username = sanitize_user($username);
+		$username = sanitize_user($username);

-	if ( '' == $username )
-		return false;
+		if ('' == $username)
+			return false;

-	if ( '' == $password ) {
-		$error = __('<strong>ERROR</strong>: The password field is empty.');
-		return false;
-	}
-
-	$login = get_userdatabylogin($username);
-	//$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
-
-	if (!$login) {
-		$error = __('<strong>ERROR</strong>: Invalid username.');
-		return false;
-	} else {
-		// If the password is already_md5, it has been double hashed.
-		// Otherwise, it is plain text.
-		if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
-			return true;
-		} else {
-			$error = __('<strong>ERROR</strong>: Incorrect password.');
-			$pwd = '';
+		if ('' == $password) {
+			$error = __('<strong>ERROR</strong>: The password field is empty.');
 			return false;
 		}
+
+		$login = get_userdatabylogin($username);
+		// $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
+
+		if (!$login) {
+			$error = __('<strong>ERROR</strong>: Invalid username.');
+			return false;
+		} else {
+			// If the password is already_md5, it has been double hashed.
+			// Otherwise, it is plain text.
+			if (($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password))) {
+				return true;
+			} else {
+				$error = __('<strong>ERROR</strong>: Incorrect password.');
+				$pwd = '';
+				return false;
+			}
+		}
 	}
-}
 endif;

-if ( !function_exists('is_user_logged_in') ) :
-function is_user_logged_in() {
-	$user = wp_get_current_user();
+if (!function_exists('is_user_logged_in')) :

-	if ( $user->id == 0 )
-		return false;
+	function is_user_logged_in() {
+		$user = wp_get_current_user();

-	return true;
-}
-endif;
+		if ($user->id == 0)
+			return false;

-if ( !function_exists('auth_redirect') ) :
-function auth_redirect() {
-	// Checks if a user is logged in, if not redirects them to the login page
-	if ( (!empty($_COOKIE[USER_COOKIE]) &&
-				!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
-			 (empty($_COOKIE[USER_COOKIE])) ) {
-		nocache_headers();
-
-		wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
-		exit();
+		return true;
 	}
-}
 endif;

+if (!function_exists('auth_redirect')) :
+
+	function auth_redirect() {
+		// Checks if a user is logged in, if not redirects them to the login page
+		if ((!empty($_COOKIE [USER_COOKIE]) && !wp_login($_COOKIE [USER_COOKIE], $_COOKIE [PASS_COOKIE], true)) || (empty($_COOKIE [USER_COOKIE]))) {
+			nocache_headers();
+
+			wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER ['REQUEST_URI']));
+			exit();
+		}
+	}
+endif;

 ?>
--- a/fp-includes/core/core.session.php
+++ b/fp-includes/core/core.session.php
@ -1,44 +1,41 @@
 <?php

-	
+function sess_setup() {
+	if (SESSION_PATH != '')
+		session_save_path(SESSION_PATH);

-	function sess_setup() {
-		if (SESSION_PATH != '')
-			session_save_path(SESSION_PATH);
-		
-		session_name(SESS_COOKIE);
-		
-		session_start();
-		
+	session_name(SESS_COOKIE);
+	setcookie(SESS_COOKIE, '', 0, '', COOKIE_DOMAIN, COOKIE_SECURE);
+
+	session_start();
+}
+
+function sess_add($key, $val) {
+	$_SESSION [$key] = $val;
+}
+
+function sess_remove($key) {
+	if (isset($_SESSION [$key])) {
+		$oldval = $_SESSION [$key];
+		unset($_SESSION [$key]);
+		return $oldval;
 	}
-	
-	
-	function sess_add($key, $val) {
-		$_SESSION[$key] = $val;
-	}
-	
-	
-	function sess_remove($key) {
-		if (isset($_SESSION[$key])) {
-			$oldval=$_SESSION[$key];
-			unset($_SESSION[$key]);
-			return $oldval;
-		}
-	}
-	
-	function sess_get($key) {
-		 if (isset($_SESSION[$key]))
-			 return $_SESSION[$key];
-		 else return false;
-	}
-		
-	function sess_close() {
-		unset($_SESSION);
-		if (isset($_COOKIE[session_name()])) {
-			setcookie(session_name(), '', time()-42000, '/');
-			session_set_cookie_params(-42000);
-		}
-		session_destroy();
+}
+
+function sess_get($key) {
+	if (isset($_SESSION [$key]))
+		return $_SESSION [$key];
+	else
+		return false;
+}
+
+function sess_close() {
+	unset($_SESSION);
+	if (isset($_COOKIE [session_name()])) {
+		setcookie(session_name(), '', time() - 42000, '/', COOKIE_SECURE);
+		session_set_cookie_params(-42000);
 	}
+	session_destroy();
+}

 ?>
--- a/fp-includes/core/core.system.php
+++ b/fp-includes/core/core.system.php
@ -68,7 +68,7 @@ function system_hashsalt_save($force = false) {
 	return true;
 }

-define('SYSTEM_VER', '1.2');
+define('SYSTEM_VER', '1.2.1');

 function system_ver() {
 	return 'fp-' . SYSTEM_VER;
--- a/fp-includes/core/core.users.php
+++ b/fp-includes/core/core.users.php
@ -64,8 +64,8 @@ function user_login($userid, $pwd, $params = null) {
 	if ($loggedin) {
 		// session_regenerate_id();
 		$expire = time() + 31536000;
-		setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
-		setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
+		setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
 	}

 	return $loggedin;
@ -76,8 +76,8 @@ function user_logout() {

 	if (user_loggedin()) {

-		setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
-		setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
+		setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
 	}

 	$loggedin = false;
--- a/fp-includes/core/core.wp-pluggable-funcs.php
+++ b/fp-includes/core/core.wp-pluggable-funcs.php
@ -290,12 +290,12 @@ if (!function_exists('wp_setcookie')) :
 			$cookiehash = md5($siteurl);
 		}

-		setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath);
-		setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath);
+		setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath, COOKIE_SECURE);
+		setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath, COOKIE_SECURE);

 		if ($cookiepath != $sitecookiepath) {
-			setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath);
-			setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath);
+			setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
+			setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
 		}
 	}
 endif;
@ -303,10 +303,10 @@ endif;
 if (!function_exists('wp_clearcookie')) :

 	function wp_clearcookie() {
-		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
-		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
-		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
-		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
+		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
 	}
 endif;

--- a/fp-plugins/commentcenter/tpls/editpol.tpl
+++ b/fp-plugins/commentcenter/tpls/editpol.tpl
@ -52,7 +52,11 @@
 <!-- That isn't the real id but... -->
 <fieldset id="admin-entry-categories">
 <legend>{$plang.categories}</legend>
+{if isset($policy.categories)}
 {list_categories type=form selected=$policy.categories}
+{else}
+{list_categories type=form}
+{/if}
 </fieldset>

 <fieldset>
--- a/fp-plugins/commentcenter/tpls/listcomments.tpl
+++ b/fp-plugins/commentcenter/tpls/listcomments.tpl
@ -25,7 +25,7 @@
 {/if}
 </td>
 <td>{if isset($comm.url)}<a href="{$comm.url|wp_specialchars}">{$comm.name|wp_specialchars}</a>{else}{$comm.name|wp_specialchars}{/if}</td>
-<td><a href="mailto:{$comm.email|wp_specialchars}">{$comm.email|wp_specialchars}</a></td>
+<td>{if isset($comm.email)}<a href="mailto:{$comm.email|wp_specialchars}">{$comm.email|wp_specialchars}</a>{else} {/if}</td>
 {* a bit hackish: {$comm.ip-adress} would lead to $this->_tpl_vars['comm']['ip']-$this->_tpl_vars['ddress']; *}
 {assign var=ipadress value="ip-address"}
 <td>{$comm.$ipadress}</td>
--- a/fp-plugins/lastcomments/plugin.lastcomments.php
+++ b/fp-plugins/lastcomments/plugin.lastcomments.php
@ -35,14 +35,12 @@ function plugin_lastcomments_widget() {

 	if ($count = count($list)) {
 		while ($arr = array_pop($list)) {
-			theme_comments_filters($arr, $id);
-
 			$q = new FPDB_Query(array(
 				'id' => $arr ['entry']
 			), null);
 			// first element of the array is dropped, as it is the ID, which
 			// we already know
-			@list (, $entry) = $q->getEntry($query);
+			@list (, $entry) = $q->getEntry();

 			if (!$entry) {
 				$count--;