From 14d503dfa99b190054b525497ea937aeb9b17f0e Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sat, 19 Jun 2021 13:57:30 +0200
Subject: [PATCH 01/14] version bump

---
 fp-includes/core/core.system.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fp-includes/core/core.system.php b/fp-includes/core/core.system.php
index 557726d..f58cbeb 100755
--- a/fp-includes/core/core.system.php
+++ b/fp-includes/core/core.system.php
@@ -68,7 +68,7 @@ function system_hashsalt_save($force = false) {
 	return true;
 }
 
-define('SYSTEM_VER', '1.2');
+define('SYSTEM_VER', '1.2.1');
 
 function system_ver() {
 	return 'fp-' . SYSTEM_VER;

From 6d083a89827bf4758b1c2a68077a940e023703af Mon Sep 17 00:00:00 2001
From: Arvid Zimmermann <azett@users.noreply.github.com>
Date: Sat, 19 Jun 2021 14:08:02 +0200
Subject: [PATCH 02/14] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d30eeb4..195feb1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-# 2021-xx-xx: FlatPress 1.2.1
+# 2021-06-19: FlatPress 1.2.1
 ## Bugfixes
 - BOM in French language files lead to blank page in admin area (see [#82](https://github.com/flatpressblog/flatpress/issues/82))
 ## Translations

From e5b964eb915d523a2e0f37027b21dcc9ef393994 Mon Sep 17 00:00:00 2001
From: Arvid Zimmermann <azett@users.noreply.github.com>
Date: Sat, 19 Jun 2021 14:11:38 +0200
Subject: [PATCH 03/14] Update CHANGELOG.md

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 195feb1..3d36aa4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,4 +1,4 @@
-# 2021-06-19: FlatPress 1.2.1
+# 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1)
 ## Bugfixes
 - BOM in French language files lead to blank page in admin area (see [#82](https://github.com/flatpressblog/flatpress/issues/82))
 ## Translations

From a6d8b80ffc119d6a4168cc8f9c2588b007f4b8d5 Mon Sep 17 00:00:00 2001
From: Ziding Zhang <zidingz@gmail.com>
Date: Thu, 14 Oct 2021 14:50:03 +0100
Subject: [PATCH 04/14] Create SECURITY.md

---
 SECURITY.md | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 SECURITY.md

diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..4fe8f37
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please report security issues to `hello@flatpress.org`
\ No newline at end of file

From acb80eeddb4fd411161c254ea228f0bcfeee2f1b Mon Sep 17 00:00:00 2001
From: Arvid Zimmermann <azett@users.noreply.github.com>
Date: Wed, 20 Oct 2021 19:47:14 +0200
Subject: [PATCH 05/14] Added link to Security Policy

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 533e507..805cd11 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 <a href="https://github.com/flatpressblog/flatpress/releases" title="See releases"><img alt="See releases" src="https://img.shields.io/github/release/flatpressblog/flatpress.svg?label=Latest%20release&style=plastic"></a> <a href="./LICENSE.md" title="License"><img alt="License" src="https://img.shields.io/github/license/flatpressblog/flatpress.svg?style=plastic"></a><br>
-[[flatpress.org](https://www.flatpress.org/)] [[Support forum](https://forum.flatpress.org/)] [[Wiki](https://wiki.flatpress.org/)] [[GitHub](https://github.com/flatpressblog/flatpress)] [<a rel="me" href="https://fosstodon.org/@flatpress">Mastodon</a>] [[Twitter](https://www.twitter.com/FlatPress)] [[Changelog](./CHANGELOG.md)] [[Contributors](./CONTRIBUTORS.md)]
+[[flatpress.org](https://www.flatpress.org/)] [[Support forum](https://forum.flatpress.org/)] [[Wiki](https://wiki.flatpress.org/)] [[GitHub](https://github.com/flatpressblog/flatpress)] [<a rel="me" href="https://fosstodon.org/@flatpress">Mastodon</a>] [[Twitter](https://www.twitter.com/FlatPress)] [[Changelog](./CHANGELOG.md)] [[Contributors](./CONTRIBUTORS.md)] [[Security Policy](./SECURITY.md)]
 
 # Welcome to FlatPress!
 FlatPress is a lightweight, easy-to-set-up blogging engine. Plain and simple, just PHP. No database needed!

From 1a5138557b5711f4b555f1e74afe79edfda0c56c Mon Sep 17 00:00:00 2001
From: Arvid Zimmermann <azett@users.noreply.github.com>
Date: Wed, 20 Oct 2021 19:49:46 +0200
Subject: [PATCH 06/14] Added a few more words

---
 SECURITY.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/SECURITY.md b/SECURITY.md
index 4fe8f37..6430db5 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +1,5 @@
 # Security Policy
+Thank you for your efforts on the security of the FlatPress software. Feel free to report any vulnerability you stumble upon!
 
-## Reporting a Vulnerability
-
-Please report security issues to `hello@flatpress.org`
\ No newline at end of file
+## Reporting a vulnerability
+Please report security issues to `hello@flatpress.org`, it's as simple as that. Thanks!

From f4209dc7a895bedd7ac6613279bc61afc6dc40a8 Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sat, 23 Oct 2021 19:21:39 +0200
Subject: [PATCH 07/14] removed obsolete code

---
 fp-plugins/lastcomments/plugin.lastcomments.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fp-plugins/lastcomments/plugin.lastcomments.php b/fp-plugins/lastcomments/plugin.lastcomments.php
index b32d41a..0f9787a 100644
--- a/fp-plugins/lastcomments/plugin.lastcomments.php
+++ b/fp-plugins/lastcomments/plugin.lastcomments.php
@@ -35,14 +35,12 @@ function plugin_lastcomments_widget() {
 
 	if ($count = count($list)) {
 		while ($arr = array_pop($list)) {
-			theme_comments_filters($arr, $id);
-
 			$q = new FPDB_Query(array(
 				'id' => $arr ['entry']
 			), null);
 			// first element of the array is dropped, as it is the ID, which
 			// we already know
-			@list (, $entry) = $q->getEntry($query);
+			@list (, $entry) = $q->getEntry();
 
 			if (!$entry) {
 				$count--;

From e2a6bf1a8a289ff68411c498e53c6a208251ba6a Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sat, 23 Oct 2021 20:25:09 +0200
Subject: [PATCH 08/14] Fixed security issue reported by huntr.dev: Session
 cookie missed the "secure" flag. Thanks for reporting!

---
 defaults.php                                 |   3 +-
 fp-includes/core/core.cookie.php             | 177 ++++++++++---------
 fp-includes/core/core.session.php            |  71 ++++----
 fp-includes/core/core.users.php              |   8 +-
 fp-includes/core/core.wp-pluggable-funcs.php |  16 +-
 5 files changed, 137 insertions(+), 138 deletions(-)

diff --git a/defaults.php b/defaults.php
index 290918d..e6e066b 100755
--- a/defaults.php
+++ b/defaults.php
@@ -120,10 +120,9 @@ if (isset($_SERVER ['HTTPS'])) {
 }
 $serverport = "false";
 // Unterstützung für Apache und IIS
+ini_set('session.cookie_secure', 1);
 if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
 	$serverport = "https://";
-	// Uses a secure connection (HTTPS) if possible
-	ini_set('session.cookie_secure', 1);
 } else {
 	$serverport = "http://";
 }
diff --git a/fp-includes/core/core.cookie.php b/fp-includes/core/core.cookie.php
index 79b79e5..dd99493 100644
--- a/fp-includes/core/core.cookie.php
+++ b/fp-includes/core/core.cookie.php
@@ -1,138 +1,141 @@
 <?php
 
 function cookie_setup() {
+	global $fp_config;
 
-global $fp_config;
+	// md5(BLOG_BASEURL);
 
-// md5(BLOG_BASEURL);
+	if (!defined('COOKIEHASH'))
+		define('COOKIEHASH', $fp_config ['general'] ['blogid']);
 
-if ( !defined('COOKIEHASH') )
-	define('COOKIEHASH', $fp_config['general']['blogid']);
-
-if ( !defined('USER_COOKIE') )
-        define('USER_COOKIE', 'fpuser_'. COOKIEHASH);
-if ( !defined('PASS_COOKIE') )
-        define('PASS_COOKIE', 'fppass_'. COOKIEHASH);
-if ( !defined('SESS_COOKIE') )
-        define('SESS_COOKIE', 'fpsess_'. COOKIEHASH);
-
-if ( !defined('COOKIEPATH') )
-        define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL ) );
-if ( !defined('SITECOOKIEPATH') )
-        define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL ) );
-if ( !defined('COOKIE_DOMAIN') )
-        define('COOKIE_DOMAIN', false);
-        
+	if (!defined('USER_COOKIE'))
+		define('USER_COOKIE', 'fpuser_' . COOKIEHASH);
+	if (!defined('PASS_COOKIE'))
+		define('PASS_COOKIE', 'fppass_' . COOKIEHASH);
+	if (!defined('SESS_COOKIE'))
+		define('SESS_COOKIE', 'fpsess_' . COOKIEHASH);
 
+	if (!defined('COOKIEPATH'))
+		define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
+	if (!defined('SITECOOKIEPATH'))
+		define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', BLOG_BASEURL));
+	if (!defined('COOKIE_DOMAIN'))
+		define('COOKIE_DOMAIN', false);
+	if (!defined('COOKIE_SECURE'))
+		define('COOKIE_SECURE', true);
 }
 
-if ( !function_exists('wp_get_cookie_login') ):
-function wp_get_cookie_login() {
-	if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
-		return false;
+if (!function_exists('wp_get_cookie_login')) :
 
-	return array('login' => $_COOKIE[USER_COOKIE],	'password' => $_COOKIE[PASS_COOKIE]);
-}
+	function wp_get_cookie_login() {
+		if (empty($_COOKIE [USER_COOKIE]) || empty($_COOKIE [PASS_COOKIE]))
+			return false;
+
+		return array(
+			'login' => $_COOKIE [USER_COOKIE],
+			'password' => $_COOKIE [PASS_COOKIE]
+		);
+	}
 
 endif;
 
-function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
-	if ( !$already_md5 )
-		$password = md5( md5($password) ); // Double hash the password in the cookie.
 
-	if ( empty($home) )
+function cookie_set($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
+	if (!$already_md5)
+		$password = md5(md5($password)); // Double hash the password in the cookie.
+
+	if (empty($home))
 		$cookiepath = COOKIEPATH;
 	else
-		$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/' );
+		$cookiepath = preg_replace('|https?://[^/]+|i', '', $home . '/');
 
-	if ( empty($siteurl) ) {
+	if (empty($siteurl)) {
 		$sitecookiepath = SITECOOKIEPATH;
 		$cookiehash = COOKIEHASH;
 	} else {
-		$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/' );
+		$sitecookiepath = preg_replace('|https?://[^/]+|i', '', $siteurl . '/');
 		$cookiehash = md5($siteurl);
 	}
 
-	if ( $remember )
+	if ($remember)
 		$expire = time() + 31536000;
 	else
 		$expire = 0;
 
-	setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN);
-	setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN);
+	setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
 
-	if ( $cookiepath != $sitecookiepath ) {
-		setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN);
-		setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN);
+	if ($cookiepath != $sitecookiepath) {
+		setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
 	}
 }
 
 function cookie_clear() {
-	setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
-	setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
-	setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN);
+	setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
 }
 
+if (!function_exists('wp_login')) :
 
-if ( !function_exists('wp_login') ) :
-function wp_login($username, $password, $already_md5 = false) {
-	global $wpdb, $error;
+	function wp_login($username, $password, $already_md5 = false) {
+		global $wpdb, $error;
 
-	$username = sanitize_user($username);
+		$username = sanitize_user($username);
 
-	if ( '' == $username )
-		return false;
+		if ('' == $username)
+			return false;
 
-	if ( '' == $password ) {
-		$error = __('<strong>ERROR</strong>: The password field is empty.');
-		return false;
-	}
-
-	$login = get_userdatabylogin($username);
-	//$login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
-
-	if (!$login) {
-		$error = __('<strong>ERROR</strong>: Invalid username.');
-		return false;
-	} else {
-		// If the password is already_md5, it has been double hashed.
-		// Otherwise, it is plain text.
-		if ( ($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password)) ) {
-			return true;
-		} else {
-			$error = __('<strong>ERROR</strong>: Incorrect password.');
-			$pwd = '';
+		if ('' == $password) {
+			$error = __('<strong>ERROR</strong>: The password field is empty.');
 			return false;
 		}
+
+		$login = get_userdatabylogin($username);
+		// $login = $wpdb->get_row("SELECT ID, user_login, user_pass FROM $wpdb->users WHERE user_login = '$username'");
+
+		if (!$login) {
+			$error = __('<strong>ERROR</strong>: Invalid username.');
+			return false;
+		} else {
+			// If the password is already_md5, it has been double hashed.
+			// Otherwise, it is plain text.
+			if (($already_md5 && md5($login->user_pass) == $password) || ($login->user_login == $username && $login->user_pass == md5($password))) {
+				return true;
+			} else {
+				$error = __('<strong>ERROR</strong>: Incorrect password.');
+				$pwd = '';
+				return false;
+			}
+		}
 	}
-}
 endif;
 
-if ( !function_exists('is_user_logged_in') ) :
-function is_user_logged_in() {
-	$user = wp_get_current_user();
+if (!function_exists('is_user_logged_in')) :
 
-	if ( $user->id == 0 )
-		return false;
+	function is_user_logged_in() {
+		$user = wp_get_current_user();
 
-	return true;
-}
-endif;
+		if ($user->id == 0)
+			return false;
 
-if ( !function_exists('auth_redirect') ) :
-function auth_redirect() {
-	// Checks if a user is logged in, if not redirects them to the login page
-	if ( (!empty($_COOKIE[USER_COOKIE]) &&
-				!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true)) ||
-			 (empty($_COOKIE[USER_COOKIE])) ) {
-		nocache_headers();
-
-		wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER['REQUEST_URI']));
-		exit();
+		return true;
 	}
-}
 endif;
 
+if (!function_exists('auth_redirect')) :
+
+	function auth_redirect() {
+		// Checks if a user is logged in, if not redirects them to the login page
+		if ((!empty($_COOKIE [USER_COOKIE]) && !wp_login($_COOKIE [USER_COOKIE], $_COOKIE [PASS_COOKIE], true)) || (empty($_COOKIE [USER_COOKIE]))) {
+			nocache_headers();
+
+			wp_redirect(get_option('siteurl') . '/wp-login.php?redirect_to=' . urlencode($_SERVER ['REQUEST_URI']));
+			exit();
+		}
+	}
+endif;
 
 ?>
\ No newline at end of file
diff --git a/fp-includes/core/core.session.php b/fp-includes/core/core.session.php
index 581cc9e..7a428e2 100755
--- a/fp-includes/core/core.session.php
+++ b/fp-includes/core/core.session.php
@@ -1,44 +1,41 @@
 <?php
 
-	
+function sess_setup() {
+	if (SESSION_PATH != '')
+		session_save_path(SESSION_PATH);
 
-	function sess_setup() {
-		if (SESSION_PATH != '')
-			session_save_path(SESSION_PATH);
-		
-		session_name(SESS_COOKIE);
-		
-		session_start();
-		
+	session_name(SESS_COOKIE);
+	setcookie(SESS_COOKIE, '', 0, '', COOKIE_DOMAIN, COOKIE_SECURE);
+
+	session_start();
+}
+
+function sess_add($key, $val) {
+	$_SESSION [$key] = $val;
+}
+
+function sess_remove($key) {
+	if (isset($_SESSION [$key])) {
+		$oldval = $_SESSION [$key];
+		unset($_SESSION [$key]);
+		return $oldval;
 	}
-	
-	
-	function sess_add($key, $val) {
-		$_SESSION[$key] = $val;
-	}
-	
-	
-	function sess_remove($key) {
-		if (isset($_SESSION[$key])) {
-			$oldval=$_SESSION[$key];
-			unset($_SESSION[$key]);
-			return $oldval;
-		}
-	}
-	
-	function sess_get($key) {
-		 if (isset($_SESSION[$key]))
-			 return $_SESSION[$key];
-		 else return false;
-	}
-		
-	function sess_close() {
-		unset($_SESSION);
-		if (isset($_COOKIE[session_name()])) {
-			setcookie(session_name(), '', time()-42000, '/');
-			session_set_cookie_params(-42000);
-		}
-		session_destroy();
+}
+
+function sess_get($key) {
+	if (isset($_SESSION [$key]))
+		return $_SESSION [$key];
+	else
+		return false;
+}
+
+function sess_close() {
+	unset($_SESSION);
+	if (isset($_COOKIE [session_name()])) {
+		setcookie(session_name(), '', time() - 42000, '/', COOKIE_SECURE);
+		session_set_cookie_params(-42000);
 	}
+	session_destroy();
+}
 
 ?>
diff --git a/fp-includes/core/core.users.php b/fp-includes/core/core.users.php
index f8f0580..82d61d6 100755
--- a/fp-includes/core/core.users.php
+++ b/fp-includes/core/core.users.php
@@ -64,8 +64,8 @@ function user_login($userid, $pwd, $params = null) {
 	if ($loggedin) {
 		// session_regenerate_id();
 		$expire = time() + 31536000;
-		setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN);
-		setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN);
+		setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
 	}
 
 	return $loggedin;
@@ -76,8 +76,8 @@ function user_logout() {
 
 	if (user_loggedin()) {
 
-		setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
-		setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN);
+		setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
 	}
 
 	$loggedin = false;
diff --git a/fp-includes/core/core.wp-pluggable-funcs.php b/fp-includes/core/core.wp-pluggable-funcs.php
index bd9fd7e..1e1957e 100755
--- a/fp-includes/core/core.wp-pluggable-funcs.php
+++ b/fp-includes/core/core.wp-pluggable-funcs.php
@@ -290,12 +290,12 @@ if (!function_exists('wp_setcookie')) :
 			$cookiehash = md5($siteurl);
 		}
 
-		setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath);
-		setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath);
+		setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath, COOKIE_SECURE);
+		setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath, COOKIE_SECURE);
 
 		if ($cookiepath != $sitecookiepath) {
-			setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath);
-			setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath);
+			setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
+			setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
 		}
 	}
 endif;
@@ -303,10 +303,10 @@ endif;
 if (!function_exists('wp_clearcookie')) :
 
 	function wp_clearcookie() {
-		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
-		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH);
-		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
-		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH);
+		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
 	}
 endif;
 

From 6eaa3ea41484c563b6c446a472d4436a2099b2b7 Mon Sep 17 00:00:00 2001
From: Arvid Zimmermann <azett@users.noreply.github.com>
Date: Sat, 23 Oct 2021 23:04:34 +0200
Subject: [PATCH 09/14] added "help and support" section

---
 README.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/README.md b/README.md
index 805cd11..211b810 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,11 @@ Installing and running FlatPress is really easy:
 - Browse to your web server, run simple FlatPress installer
 - Enjoy blogging with FlatPress!
 
+## Help and support
+Visit our [wiki](https://wiki.flatpress.org) to learn everything about blogging with FlatPress, how to work with themes and plugins and where to find them. The wiki also has the [general FAQ](https://wiki.flatpress.org/doc:faq) and the [tech FAQ](https://wiki.flatpress.org/doc:techfaq).
+
+Ask your questions, show off your FlatPress blog and meet fellow FlatPressers at the [support forum](https://forum.flatpress.org).
+
 ## Requirements
 FlatPress runs on any web server (e.g. Apache or IIS) with PHP 5.6 or higher. Since all data is stored in files, no database is needed.
 

From dc018d6e3c319124f706db41cc231510fd07876d Mon Sep 17 00:00:00 2001
From: Arvid Zimmermann <azett@users.noreply.github.com>
Date: Sat, 23 Oct 2021 23:14:48 +0200
Subject: [PATCH 10/14] better link

---
 CONTRIBUTORS.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
index 451fc68..c149894 100644
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@@ -6,7 +6,7 @@ If you think someone's missing here, please let us know.
 ## The team
 FlatPress was initially developed by [Edoardo Vacchi (NoWhereMan)](https://github.com/evacchi "github.com/evacchi"). Edoardo was supported by [Hydra](http://hydra.clans.it/ "hydra.clans.it"), [drudo](https://drudotec.wordpress.com/ "drudotec.wordpress.com"), giulio, [alcor](http://alcor.altervista.org/ "alcor.altervista.org"), and [Tychondriax](http://tychondriax.altervista.org/blog/ "tychondriax.altervista.org").<br>
 <br>
-Since 2018, FlatPress is taken care of by [Arvid Zimmermann](https://arvidzimmermann.de "arvidzimmermann.de").
+Since 2018, FlatPress is taken care of by [Arvid Zimmermann](https://github.com/azett "github.com/azett").
 
 ## Coding
 - Piero VDFN introduced the plugins Comment Center, jQuery, and LightBox2.

From 99c6c5262802ff46866dbd1692a079c9e6e20649 Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sat, 30 Oct 2021 13:11:50 +0200
Subject: [PATCH 11/14] Fix for #90: Comment Center config page threw errors.

---
 fp-plugins/commentcenter/tpls/configure.tpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fp-plugins/commentcenter/tpls/configure.tpl b/fp-plugins/commentcenter/tpls/configure.tpl
index bd32512..4d92e67 100644
--- a/fp-plugins/commentcenter/tpls/configure.tpl
+++ b/fp-plugins/commentcenter/tpls/configure.tpl
@@ -9,13 +9,13 @@
 <dl class="option-set">
 	<dt><label for="log_all">{$plang.log_all}</label></dt>
 	<dd>
-		<input type="checkbox" name="log_all" id="log_all"{if $pl_conf.log_all} checked="checked"{/if} /><br />
+		<input type="checkbox" name="log_all" id="log_all"{if isset($pl_conf.log_all) and $pl_conf.log_all} checked="checked"{/if} /><br />
 		{$plang.log_all_long}
 	</dd>
 
 	<dt><label for="email_alert">{$plang.email_alert}</label></dt>
 	<dd>
-		<input type="checkbox" name="email_alert" id="email_alert"{if $pl_conf.email_alert} checked="checked"{/if} /><br />
+		<input type="checkbox" name="email_alert" id="email_alert"{if isset($pl_conf.email_alert) and $pl_conf.email_alert} checked="checked"{/if} /><br />
 		{$plang.email_alert_long}
 	</dd>
 </dl>
@@ -24,7 +24,7 @@
 <dl class="option-set">
 	<dt><label for="akismet_check">{$plang.akismet_use}</label></dt>
 	<dd>
-		<input type="checkbox" name="akismet_check" id="akismet_check"{if $pl_conf.akismet_check} checked="checked"{/if} />
+		<input type="checkbox" name="akismet_check" id="akismet_check"{if isset($pl_conf.akismet_check) and $pl_conf.akismet_check} checked="checked"{/if} />
 	</dd>
 	<dt class="akismet_opts"><label for="akismet_key">{$plang.akismet_key}</label></dt>
 	<dd class="akismet_opts">

From b1156dcf0fd944e9e176c7274b40eb42a496385e Mon Sep 17 00:00:00 2001
From: azett <githubregistrierung@azett.com>
Date: Sat, 30 Oct 2021 13:39:23 +0200
Subject: [PATCH 12/14] More template fixes for #90

---
 fp-plugins/commentcenter/tpls/editpol.tpl     | 22 +++++++++++--------
 .../commentcenter/tpls/listcomments.tpl       |  2 +-
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/fp-plugins/commentcenter/tpls/editpol.tpl b/fp-plugins/commentcenter/tpls/editpol.tpl
index ed2dff5..be4ff38 100644
--- a/fp-plugins/commentcenter/tpls/editpol.tpl
+++ b/fp-plugins/commentcenter/tpls/editpol.tpl
@@ -4,19 +4,19 @@
 <dl class="option-set">
 	<dt>{$plang.apply_to}</dt>
 	<dd>
-		<input type="radio" name="apply_to" id="all_entries" value="all_entries"{if $policy.is_all} checked="checked"{/if} />
+		<input type="radio" name="apply_to" id="all_entries" value="all_entries"{if isset($policy.is_all) and $policy.is_all} checked="checked"{/if} />
 		<label for="all_entries">{$plang.all_entries}</label><br />
-		<input type="radio" name="apply_to" id="some_entries" value="some_entries"{if !empty($policy.entry)} checked="checked"{/if} />
+		<input type="radio" name="apply_to" id="some_entries" value="some_entries"{if isset($policy.entry) and !empty($policy.entry)} checked="checked"{/if} />
 		<label for="some_entries">{$plang.some_entries}</label><br />
-		<input type="radio" name="apply_to" id="properties" value="properties"{if !$polnew && !$policy.is_all & empty($policy.entry)} checked="checked"{/if} />
+		<input type="radio" name="apply_to" id="properties" value="properties"{if !$polnew && isset($policy.is_all) & !$policy.is_all & isset($policy.entry) & empty($policy.entry)} checked="checked"{/if} />
 		<label for="properties">{$plang.properties}</label><br />
 	</dd>
 	<dt><label for="behavoir">{$plang.behavoir}</label></dt>
 	<dd>
 		<select name="behavoir" id="behavoir">
-			<option value="1"{if $policy.do==1} selected="selected"{/if}>{$plang.allow}</option>
-			<option value="0"{if $policy.do==0 && !$polnew} selected="selected"{/if}>{$plang.approvation}</option>
-			<option value="-1"{if $policy.do==-1} selected="selected"{/if}>{$plang.block}</option>
+			<option value="1"{if isset($policy.do) and $policy.do==1} selected="selected"{/if}>{$plang.allow}</option>
+			<option value="0"{if isset($policy.do) and $policy.do==0 && !$polnew} selected="selected"{/if}>{$plang.approvation}</option>
+			<option value="-1"{if isset($policy.do) and $policy.do==-1} selected="selected"{/if}>{$plang.block}</option>
 		</select>
 	</dd>
 </dl>
@@ -27,16 +27,16 @@
 <p>{$plang.se_desc|sprintf:"<i>`$plang.some_entries`</i>"}</p>
 <p>{$plang.se_fill}</p>
 
-{if !empty($policy.entry) && !is_array($policy.entry)}
+{if isset($policy.entry) && !empty($policy.entry) && !is_array($policy.entry)}
 {assign var="parity" value=1}
 <input type="text" name="entries[]" value="{$policy.entry|wp_specialchars}" />
-{elseif !empty($policy.entry)}
+{elseif isset($policy.entry) && !empty($policy.entry)}
 {foreach name=entries_foreach from=$policy.entry item=entry}
 <input type="text" name="entries[]" value="{$entry|wp_specialchars}" /> {if ($smarty.foreach.entries_foreach.iteration % 2)==0}<br />{/if}
 {if ($smarty.foreach.entries_foreach.iteration % 2)==1 && $smarty.foreach.entries_foreach.last}{assign var="parity" value=1}{/if}
 {/foreach}
 {/if}
-{if $parity==1} <input type="text" name="entries[]" value="" /><br />{/if}
+{if isset($parity) && $parity==1} <input type="text" name="entries[]" value="" /><br />{/if}
 
 <input type="text" name="entries[]" value="" />
 <input type="text" name="entries[]" value="" /><br />
@@ -52,7 +52,11 @@
 <!-- That isn't the real id but... -->
 <fieldset id="admin-entry-categories">
 <legend>{$plang.categories}</legend>
+{if isset($policy.categories)}
 {list_categories type=form selected=$policy.categories}
+{else}
+{list_categories type=form}
+{/if}
 </fieldset>
 
 <fieldset>
diff --git a/fp-plugins/commentcenter/tpls/listcomments.tpl b/fp-plugins/commentcenter/tpls/listcomments.tpl
index b1ea548..8e429e2 100644
--- a/fp-plugins/commentcenter/tpls/listcomments.tpl
+++ b/fp-plugins/commentcenter/tpls/listcomments.tpl
@@ -25,7 +25,7 @@
 {/if}
 </td>
 <td>{if isset($comm.url)}<a href="{$comm.url|wp_specialchars}">{$comm.name|wp_specialchars}</a>{else}{$comm.name|wp_specialchars}{/if}</td>
-<td><a href="mailto:{$comm.email|wp_specialchars}">{$comm.email|wp_specialchars}</a></td>
+<td>{if isset($comm.email)}<a href="mailto:{$comm.email|wp_specialchars}">{$comm.email|wp_specialchars}</a>{else} {/if}</td>
 {* a bit hackish: {$comm.ip-adress} would lead to $this->_tpl_vars['comm']['ip']-$this->_tpl_vars['ddress']; *}
 {assign var=ipadress value="ip-address"}
 <td>{$comm.$ipadress}</td>

From 076ff5ebbab28698c72b31ef8f1ebf17a6c71003 Mon Sep 17 00:00:00 2001
From: Arvid Zimmermann <azett@users.noreply.github.com>
Date: Sat, 30 Oct 2021 21:01:59 +0200
Subject: [PATCH 13/14] Added features; overhauled top button bar

---
 README.md | 25 +++++++++++++++++++++++--
 1 file changed, 23 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 211b810..879123e 100644
--- a/README.md
+++ b/README.md
@@ -1,9 +1,30 @@
-<a href="https://github.com/flatpressblog/flatpress/releases" title="See releases"><img alt="See releases" src="https://img.shields.io/github/release/flatpressblog/flatpress.svg?label=Latest%20release&style=plastic"></a> <a href="./LICENSE.md" title="License"><img alt="License" src="https://img.shields.io/github/license/flatpressblog/flatpress.svg?style=plastic"></a><br>
-[[flatpress.org](https://www.flatpress.org/)] [[Support forum](https://forum.flatpress.org/)] [[Wiki](https://wiki.flatpress.org/)] [[GitHub](https://github.com/flatpressblog/flatpress)] [<a rel="me" href="https://fosstodon.org/@flatpress">Mastodon</a>] [[Twitter](https://www.twitter.com/FlatPress)] [[Changelog](./CHANGELOG.md)] [[Contributors](./CONTRIBUTORS.md)] [[Security Policy](./SECURITY.md)]
+[![Home page](https://img.shields.io/badge/Home%20page-🏠-555?style=plastic)](https://www.flatpress.org "Home page")
+[![Support forum](https://img.shields.io/badge/Support%20forum-💬-555?style=plastic)](https://forum.flatpress.org "Support forum")
+[![Wiki](https://img.shields.io/badge/Wiki-📖-555?style=plastic)](https://wiki.flatpress.org "Wiki")
+[![Mastodon](https://img.shields.io/badge/Mastodon-🐘-555?style=plastic)](https://fosstodon.org/@flatpress "FlatPress@Mastodon")
+[![Twitter](https://img.shields.io/badge/Twitter-🐦-555?style=plastic)](https://twitter.com/FlatPress "FlatPress@Twitter")
+[![Change log](https://img.shields.io/badge/Change%20log-📜-555?style=plastic)](./CHANGELOG.md "Change log")
+[![Security policy](https://img.shields.io/badge/Security%20policy-⚡-555?style=plastic)](./SECURITY.md "Security policy")
+[![Contributors](https://img.shields.io/badge/Contributors-😎-555?style=plastic)](./CONTRIBUTORS.md "Contributors")
+
+[![Releases](https://img.shields.io/github/release/flatpressblog/flatpress.svg?label=Latest%20release&style=plastic)](https://github.com/flatpressblog/flatpress/releases "See all releases")
+[![License](https://img.shields.io/github/license/flatpressblog/flatpress.svg?style=plastic)](./LICENSE.md "License")
+[![Open issues](https://img.shields.io/github/issues-raw/flatpressblog/flatpress?style=plastic)](https://github.com/flatpressblog/flatpress/issues "See open issues")
+[![Last commit](https://img.shields.io/github/last-commit/flatpressblog/flatpress?style=plastic)](https://github.com/flatpressblog/flatpress/commits/ "Last commit")
 
 # Welcome to FlatPress!
 FlatPress is a lightweight, easy-to-set-up blogging engine. Plain and simple, just PHP. No database needed!
 
+## Features
+- Independent, standard-compliant blog software
+- Works on files, __no database__
+- Easy to setup, easy to backup
+- Powerful __plugin system__ with widget support
+- Easy to customize with __themes__, powered by [Smarty](http://www.smarty.net/)
+- Comments function with spam protection
+- __Free software__ under [GNU GPLv2](LICENSE.md)
+
+
 ## Getting started
 Installing and running FlatPress is really easy:
 - [Download FlatPress](https://www.flatpress.org/download), unzip, upload

From 44df55eaef27490c16704c2a1f481836176951c6 Mon Sep 17 00:00:00 2001
From: Arvid Zimmermann <azett@users.noreply.github.com>
Date: Sat, 30 Oct 2021 21:14:28 +0200
Subject: [PATCH 14/14] Text formatting

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 879123e..06a076d 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ FlatPress is a lightweight, easy-to-set-up blogging engine. Plain and simple, ju
 - Easy to setup, easy to backup
 - Powerful __plugin system__ with widget support
 - Easy to customize with __themes__, powered by [Smarty](http://www.smarty.net/)
-- Comments function with spam protection
+- __Comments__ function with spam protection
 - __Free software__ under [GNU GPLv2](LICENSE.md)