Merge branch 'master' of https://github.com/flatpressblog/flatpress into issue94_smartyupdate

# resolved conflicts: # fp-includes/smarty/plugins/function.html_select_date.php
2022-10-08 13:43:33 +02:00 · 2022-10-08 13:43:33 +02:00 · c30d52b284
commit c30d52b284
parent 8bdb37448f d88262ad9a
34 changed files with 865 additions and 327 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -7,29 +7,42 @@
 - [README](https://github.com/flatpressblog/flatpress/blob/master/README.md): added "help and support" section
 ## Plugins
- Gallery captions plugin added (see [#108](https://github.com/flatpressblog/flatpress/issues/108))
+- Gallery captions plugin added ([#108](https://github.com/flatpressblog/flatpress/issues/108))
- PhotoSwipe plugin added (see [#109](https://github.com/flatpressblog/flatpress/issues/109))
+- PhotoSwipe plugin added ([#109](https://github.com/flatpressblog/flatpress/issues/109))
 - jQuery plugin: Updated jQuery (3.5.1 => 3.6) and jQueryUI (1.12.1 => 1.13.1)
 - Media Manager plugin shows 50 items per page, not 10
 - LastComments plugin will not even attempt to delete or rebuild LastComments caches if LastComments plugin is not available ([#43](https://github.com/flatpressblog/flatpress/issues/43))
 - Comment Center config page threw errors ([#90](https://github.com/flatpressblog/flatpress/issues/90))
 ## Themes
- Leggero theme: Fixed searchbox glitch in FlatMaas revisited style (see [#97](https://github.com/flatpressblog/flatpress/issues/97))
+- Leggero
- Leggero theme: Fixed missing bullets in preview (see [#98](https://github.com/flatpressblog/flatpress/issues/98))
+  - Fixed searchbox glitch in FlatMaas revisited style ([#97](https://github.com/flatpressblog/flatpress/issues/97))
- Leggero theme: CSS of the Leggero style had some glitches on mobile devices
+  - Fixed missing bullets in preview ([#98](https://github.com/flatpressblog/flatpress/issues/98))
- Leggero theme: Invalid HTML output fixed (see [#106](https://github.com/flatpressblog/flatpress/issues/106))
+  - CSS of the Leggero style had some glitches on mobile devices
- Leggero theme: Removed unneccessary external font resource (see [#112](https://github.com/flatpressblog/flatpress/issues/112))
+  - Invalid HTML output fixed ([#106](https://github.com/flatpressblog/flatpress/issues/106), [#156](https://github.com/flatpressblog/flatpress/issues/156))
  - Removed unneccessary external font resource ([#112](https://github.com/flatpressblog/flatpress/issues/112))
  - "Add comment" link has its own line ([#135](https://github.com/flatpressblog/flatpress/issues/135))
  - Removed legacy/invalid CSS ([#133](https://github.com/flatpressblog/flatpress/issues/133), [#134](https://github.com/flatpressblog/flatpress/issues/134))
  - Fixed description of Leggero and Leggero v2 styles ([#137](https://github.com/flatpressblog/flatpress/issues/137))
  - Obsolete bullet points removed ([#136](https://github.com/flatpressblog/flatpress/issues/136))
  - Updated preview image ([#139](https://github.com/flatpressblog/flatpress/issues/139))
-## Bugfixes
+## Internationalization
 - Comment Center config page threw errors (see [#90](https://github.com/flatpressblog/flatpress/issues/90))
 - Fixed glitches in Spanish an Portuguese language files
 - Fixed wrong pt-br country code ([#100](https://github.com/flatpressblog/flatpress/issues/100))
 - Search page: Month names displayed in configured frontend language ([#132](https://github.com/flatpressblog/flatpress/issues/132))
 - German translation for Comment Center plugin added ([#148](https://github.com/flatpressblog/flatpress/issues/148))
 ## Other bugfixes
 - Plugin management page: Removed empty warning messages box
- Fixed wrong pt-br country code (see [#100](https://github.com/flatpressblog/flatpress/issues/100))
+- Fixed error at prev link on first / next link on last entry ([#95](https://github.com/flatpressblog/flatpress/issues/95))
- Fixed error at prev link on first / next link on last entry (see [#95](https://github.com/flatpressblog/flatpress/issues/95))
+- Logout redirects to home page again ([#119](https://github.com/flatpressblog/flatpress/issues/119))
- LastComments plugin will not even attempt to delete or rebuild LastComments caches if LastComments plugin is not available (see [#43](https://github.com/flatpressblog/flatpress/issues/43))
+- Fixed disappearing non-Latin characters in page title ([#49](https://github.com/flatpressblog/flatpress/issues/49) and [#91](https://github.com/flatpressblog/flatpress/issues/91))
 ## Security
- Fixed security issue reported by huntr.dev: Session cookie missed the "secure" flag
+- Possible XSS prevented: Session cookie missed the "secure" and "httponly" flags
 - Possible path traversal in Media Manager plugin prevented
 - Uploaded files wheren't checked properly ([#152](https://github.com/flatpressblog/flatpress/issues/152))
 # 2021-06-19: [FlatPress 1.2.1](https://github.com/flatpressblog/flatpress/releases/tag/1.2.1)
 ## Bugfixes
--- a/CONTRIBUTORS.md
+++ b/CONTRIBUTORS.md
@ -37,3 +37,4 @@ FlatPress utilizes the following free frameworks and libraries. Thanks to their
 ## Other contributions
 - [Julian Rademacher](https://moortaube.de/) generously donated his Twitter account [@FlatPress](https://twitter.com/FlatPress). Also thanks for your useful pull requests!
 - [Fraenkiman](https://github.com/Fraenkiman) tests FlatPress to its very core and creates a metric ton of very helpful [issues](https://github.com/flatpressblog/flatpress/issues).
--- a/README.md
+++ b/README.md
@ -1,16 +1,16 @@
 [![Home page](https://img.shields.io/badge/Home%20page-🏠-555?style=plastic)](https://www.flatpress.org "Home page")
 [![Support forum](https://img.shields.io/badge/Support%20forum-💬-555?style=plastic)](https://forum.flatpress.org "Support forum")
 [![Wiki](https://img.shields.io/badge/Wiki-📖-555?style=plastic)](https://wiki.flatpress.org "Wiki")
 [![Mastodon](https://img.shields.io/badge/Mastodon-🐘-555?style=plastic)](https://fosstodon.org/@flatpress "FlatPress@Mastodon")
 [![Twitter](https://img.shields.io/badge/Twitter-🐦-555?style=plastic)](https://twitter.com/FlatPress "FlatPress@Twitter")
 [![Change log](https://img.shields.io/badge/Change%20log-📜-555?style=plastic)](./CHANGELOG.md "Change log")
 [![Security policy](https://img.shields.io/badge/Security%20policy-⚡-555?style=plastic)](./SECURITY.md "Security policy")
 [![Contributors](https://img.shields.io/badge/Contributors-😎-555?style=plastic)](./CONTRIBUTORS.md "Contributors")
 [![Wiki](https://img.shields.io/badge/Donate-💛-555?style=plastic&logo=paypal)](https://www.flatpress.org/donate "Send us a little Thank You")
 [![Releases](https://img.shields.io/github/release/flatpressblog/flatpress.svg?label=Latest%20release&style=plastic)](https://github.com/flatpressblog/flatpress/releases "See all releases")
 [![License](https://img.shields.io/github/license/flatpressblog/flatpress.svg?style=plastic)](./LICENSE.md "License")
 [![Open issues](https://img.shields.io/github/issues-raw/flatpressblog/flatpress?style=plastic)](https://github.com/flatpressblog/flatpress/issues "See open issues")
 [![Last commit](https://img.shields.io/github/last-commit/flatpressblog/flatpress?style=plastic)](https://github.com/flatpressblog/flatpress/commits/ "Last commit")
 <a href="https://fosstodon.org/users/flatpress/remote_follow" title="Follow on Mastodon"><img alt="Mastodon Follow" src="https://img.shields.io/mastodon/follow/326815?domain=https%3A%2F%2Ffosstodon.org&style=social" alt="Follow on Mastodon"></a> <a href="https://twitter.com/intent/follow?screen_name=flatpress" title="Follow on Twitter"><img src="https://img.shields.io/twitter/follow/flatpress.svg?style=social&logo=twitter" alt="Follow on Twitter"></a>
 # Welcome to FlatPress!
 FlatPress is a lightweight, easy-to-set-up blogging engine. Plain and simple, just PHP. No database needed!
@ -41,7 +41,3 @@ FlatPress runs on any web server (e.g. Apache or IIS) with PHP 7.1 or higher. Si
 ## Credits
 There are many people who contributed to FlatPress over the years. [See them here.](./CONTRIBUTORS.md)
 <a href="https://fosstodon.org/users/flatpress/remote_follow" title="Follow on Mastodon"><img alt="Mastodon Follow" src="https://img.shields.io/mastodon/follow/326815?domain=https%3A%2F%2Ffosstodon.org&style=social" alt="Follow on Mastodon"></a><br>
 <a href="https://twitter.com/intent/follow?screen_name=flatpress" title="Follow on Twitter"><img src="https://img.shields.io/twitter/follow/flatpress.svg?style=social&logo=twitter" alt="Follow on Twitter"></a>
--- a/admin/panels/uploader/admin.uploader.php
+++ b/admin/panels/uploader/admin.uploader.php
@ -102,133 +102,136 @@ class admin_uploader_default extends AdminPanelAction {
 		foreach ($_FILES ["upload"] ["error"] as $key => $error) {
-			if ($error == UPLOAD_ERR_OK) {
+			// Upload went wrong -> jump to the next file
-				$tmp_name = $_FILES ["upload"] ["tmp_name"] [$key];
+			if ($error != UPLOAD_ERR_OK) {
-				$name = $_FILES ["upload"] ["name"] [$key];
+				continue;
 				$dir = ATTACHS_DIR;
 				/*
 				 * second check extension list
 				 * https://stackoverflow.com/questions/4166762/php-image-upload-security-check-list
 				 *
 				 * 2019-11-24 - laborix
 				 */
 				$uploadfilename = strtolower($tmp_name);
 				$isForbidden = false;
 				$deeptest = array();
 				$extcount = 0;
 				$deeptest = explode('.', $uploadfilename);
 				$extcount = count($deeptest);
 				if ($extcount == 1) {
 					/*
 					 * none extension like .jpg or something else
 					 *
 					 * possible filename = simple-file-without-extension - linux like ok
 					 */
 					$isForbidden = false;
 				} elseif ($extcount == 2) {
 					/*
 					 * Only one possible extension
 					 *
 					 * possible filename = 1.jpg
 					 * possible filename = admin.uploader.php
 					 * possible filename = .htaccess
 					 * and so on...
 					 */
 					$check_ext1 = "";
 					$check_ext1 = trim($deeptest [1], "\x00..\x1F");
 					if (in_array($check_ext1, $blacklist_extensions)) {
 						$isForbidden = true;
 					} else {
 						$isForbidden = false;
 					}
 				} elseif ($extcount > 2) {
 					/*
 					 * Chekc only the last two possible extensions
 					 *
 					 * Hint: OWASP - Unrestricted File Upload
 					 *
 					 * In Apache, a php file might be executed using the
 					 * double extension technique such as "file.php.jpg"
 					 * when ".jpg" is allowed.
 					 *
 					 * possible filename = 1.PhP.jpg
 					 * possible filename = admin.uploader.php.JPg
 					 * and so on...
 					 */
 					$check_ext1 = "";
 					$check_ext2 = "";
 					$check_ext1 = trim($deeptest [$extcount - 1], "\x00..\x1F");
 					if (in_array($check_ext1, $blacklist_extensions)) {
 						$isForbidden = true;
 					} else {
 						$isForbidden = false;
 					}
 					/* Test only if first extension check are not in the blacklist */
 					if (!$isForbidden) {
 						$check_ext2 = trim($deeptest [$extcount - 2], "\x00..\x1F");
 						if (in_array($check_ext2, $blacklist_extensions)) {
 							$isForbidden = true;
 						} else {
 							$isForbidden = false;
 						}
 					}
 				}
 				/*
 				 * If one blacklisted extension found then
 				 * return with -1 = An error occurred while trying to upload.
 				 */
 				if ($isForbidden) {
 					$this->smarty->assign('success', $success ? 1 : -1);
 					sess_add('admin_uploader_files', $uploaded_files);
 					return -1;
 				}
 				/*
 				 * third check extension
 				 * if someone upload a .php file as .gif, .jpg or .txt
 				 * if someone upload a .html file as .gif, .jpg or .txt
 				 *
 				 * 2019-11-24 - laborix
 				 */
 				if (version_compare(PHP_VERSION, '5.3.0') < 0)
 					return -1;
 				if (!function_exists('finfo_open'))
 					return -1;
 				$finfo = finfo_open(FILEINFO_MIME_TYPE);
 				$mime = finfo_file($finfo, $tmp_name);
 				finfo_close($finfo);
 				if (($mime == "text/x-php") || ($mime == "text/html")) {
 					$this->smarty->assign('success', $success ? 1 : -1);
 					sess_add('admin_uploader_files', $uploaded_files);
 					return -1;
 				}
 				$ext = strtolower(strrchr($name, '.'));
 				if (in_array($ext, $imgs)) {
 					$dir = IMAGES_DIR;
 				}
 				$name = sanitize_title(substr($name, 0, -strlen($ext))) . $ext;
 				$target = "$dir/$name";
 				@umask(022);
 				$success = move_uploaded_file($tmp_name, $target);
 				@chmod($target, 0766);
 				$uploaded_files [] = $name;
 				// one failure will make $success == false :)
 				$success &= $success;
 			}
 			$tmp_name = $_FILES ["upload"] ["tmp_name"] [$key];
 			$name = $_FILES ["upload"] ["name"] [$key];
 			$dir = ATTACHS_DIR;
 			/*
 			 * second check extension list
 			 * https://stackoverflow.com/questions/4166762/php-image-upload-security-check-list
 			 *
 			 * 2019-11-24 - laborix
 			 */
 			$uploadfilename = strtolower($name);
 			$isForbidden = false;
 			$deeptest = array();
 			$extcount = 0;
 			$deeptest = explode('.', $uploadfilename);
 			$extcount = count($deeptest);
 			if ($extcount == 1) {
 				/*
 				 * none extension like .jpg or something else
 				 *
 				 * possible filename = simple-file-without-extension - linux like ok
 				 */
 				$isForbidden = false;
 			} elseif ($extcount == 2) {
 				/*
 				 * Only one possible extension
 				 *
 				 * possible filename = 1.jpg
 				 * possible filename = admin.uploader.php
 				 * possible filename = .htaccess
 				 * and so on...
 				 */
 				$check_ext1 = "";
 				$check_ext1 = trim($deeptest [1], "\x00..\x1F");
 				if (in_array($check_ext1, $blacklist_extensions)) {
 					$isForbidden = true;
 				} else {
 					$isForbidden = false;
 				}
 			} elseif ($extcount > 2) {
 				/*
 				 * Chekc only the last two possible extensions
 				 *
 				 * Hint: OWASP - Unrestricted File Upload
 				 *
 				 * In Apache, a php file might be executed using the
 				 * double extension technique such as "file.php.jpg"
 				 * when ".jpg" is allowed.
 				 *
 				 * possible filename = 1.PhP.jpg
 				 * possible filename = admin.uploader.php.JPg
 				 * and so on...
 				 */
 				$check_ext1 = "";
 				$check_ext2 = "";
 				$check_ext1 = trim($deeptest [$extcount - 1], "\x00..\x1F");
 				if (in_array($check_ext1, $blacklist_extensions)) {
 					$isForbidden = true;
 				} else {
 					$isForbidden = false;
 				}
 				/* Test only if first extension check are not in the blacklist */
 				if (!$isForbidden) {
 					$check_ext2 = trim($deeptest [$extcount - 2], "\x00..\x1F");
 					if (in_array($check_ext2, $blacklist_extensions)) {
 						$isForbidden = true;
 					} else {
 						$isForbidden = false;
 					}
 				}
 			}
 			/*
 			 * If one blacklisted extension found then
 			 * return with -1 = An error occurred while trying to upload.
 			 */
 			if ($isForbidden) {
 				$this->smarty->assign('success', $success ? 1 : -1);
 				sess_add('admin_uploader_files', $uploaded_files);
 				return -1;
 			}
 			/*
 			 * third check extension
 			 * if someone upload a .php file as .gif, .jpg or .txt
 			 * if someone upload a .html file as .gif, .jpg or .txt
 			 *
 			 * 2019-11-24 - laborix
 			 */
 			if (version_compare(PHP_VERSION, '5.3.0') < 0)
 				return -1;
 			if (!function_exists('finfo_open'))
 				return -1;
 			$finfo = finfo_open(FILEINFO_MIME_TYPE);
 			$mime = finfo_file($finfo, $tmp_name);
 			finfo_close($finfo);
 			if (($mime == "text/x-php") || ($mime == "text/html")) {
 				$this->smarty->assign('success', $success ? 1 : -1);
 				sess_add('admin_uploader_files', $uploaded_files);
 				return -1;
 			}
 			$ext = strtolower(strrchr($name, '.'));
 			if (in_array($ext, $imgs)) {
 				$dir = IMAGES_DIR;
 			}
 			$name = sanitize_title(substr($name, 0, -strlen($ext))) . $ext;
 			$target = "$dir/$name";
 			@umask(022);
 			$success = move_uploaded_file($tmp_name, $target);
 			@chmod($target, 0766);
 			$uploaded_files [] = $name;
 			// one failure will make $success == false :)
 			$success &= $success;
 		}
 		if ($uploaded_files) {
--- a/admin/res/admin.css
+++ b/admin/res/admin.css
@ -167,7 +167,7 @@ input.maxsize { width: 99% }
 #main ul.msgs, ul.msgs {
 	margin-top: 1em;
 	margin-left: 0em;
-	padding: 1em 2em
+	padding: 1em 2em;
 }
 .errors {
--- a/defaults.php
+++ b/defaults.php
@ -121,6 +121,7 @@ if (isset($_SERVER ['HTTPS'])) {
 $serverport = "false";
 // Unterstützung für Apache und IIS
 ini_set('session.cookie_secure', 1);
 ini_set('session.cookie_httponly', 1);
 if (isset($_SERVER ['HTTPS']) && ($_SERVER ['HTTPS'] == '1' || strtolower($_SERVER ['HTTPS']) == 'on')) {
 	$serverport = "https://";
 } else {
--- a/fp-includes/core/core.cookie.php
+++ b/fp-includes/core/core.cookie.php
@ -23,6 +23,8 @@ function cookie_setup() {
 		define('COOKIE_DOMAIN', false);
 	if (!defined('COOKIE_SECURE'))
 		define('COOKIE_SECURE', true);
 	if (!defined('COOKIE_HTTPONLY'))
 		define('COOKIE_HTTPONLY', true);
 }
 if (!function_exists('wp_get_cookie_login')) :
@ -62,20 +64,20 @@ function cookie_set($username, $password, $already_md5 = false, $home = '', $sit
 	else
 		$expire = 0;
-	setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(USER_COOKIE, $username, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
-	setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, $password, $expire, $cookiepath, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
 	if ($cookiepath != $sitecookiepath) {
-		setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(USER_COOKIE, $username, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
-		setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, $password, $expire, $sitecookiepath, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
 	}
 }
 function cookie_clear() {
-	setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
-	setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
-	setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(USER_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
-	setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(PASS_COOKIE, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
 }
 if (!function_exists('wp_login')) :
--- a/fp-includes/core/core.session.php
+++ b/fp-includes/core/core.session.php
@ -5,7 +5,7 @@ function sess_setup() {
 		session_save_path(SESSION_PATH);
 	session_name(SESS_COOKIE);
-	setcookie(SESS_COOKIE, '', 0, '', COOKIE_DOMAIN, COOKIE_SECURE);
+	setcookie(SESS_COOKIE, '', 0, '', COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
 	session_start();
 }
@ -32,7 +32,7 @@ function sess_get($key) {
 function sess_close() {
 	unset($_SESSION);
 	if (isset($_COOKIE [session_name()])) {
-		setcookie(session_name(), '', time() - 42000, '/', COOKIE_SECURE);
+		setcookie(session_name(), '', time() - 42000, '/', COOKIE_SECURE, COOKIE_HTTPONLY);
 		session_set_cookie_params(-42000);
 	}
 	session_destroy();
--- a/fp-includes/core/core.users.php
+++ b/fp-includes/core/core.users.php
@ -64,8 +64,8 @@ function user_login($userid, $pwd, $params = null) {
 	if ($loggedin) {
 		// session_regenerate_id();
 		$expire = time() + 31536000;
-		setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(USER_COOKIE, $userid, $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
-		setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, $user ['password'], $expire, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
 	}
 	return $loggedin;
@ -76,8 +76,8 @@ function user_logout() {
 	if (user_loggedin()) {
-		setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(USER_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
-		setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE);
+		setcookie(PASS_COOKIE, ' ', time() - 31536000, COOKIEPATH, COOKIE_DOMAIN, COOKIE_SECURE, COOKIE_HTTPONLY);
 	}
 	$loggedin = false;
--- a/fp-includes/core/core.wp-formatting.php
+++ b/fp-includes/core/core.wp-formatting.php
@ -487,25 +487,21 @@ function sanitize_title($title, $fallback_title = '') {
 function sanitize_title_with_dashes($title) {
 	$title = strip_tags($title);
 	if (seems_utf8($title)) {
 		if (function_exists('mb_strtolower')) {
 			$title = mb_strtolower($title, 'UTF-8');
 		}
 		$title = utf8_uri_encode($title);
 	}
 	// Preserve escaped octets.
 	$title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '---$1---', $title);
 	// Remove percent signs that are not part of an octet.
 	$title = str_replace('%', '', $title);
 	// Restore octets.
 	$title = preg_replace('|---([a-fA-F0-9][a-fA-F0-9])---|', '%$1', $title);
 	// and finally: Kill octets
 	$title = preg_replace('|%([a-fA-F0-9][a-fA-F0-9])|', '', $title);
 	// remove accents
 	$title = remove_accents($title);
 	if (seems_utf8($title)) {
 		if (function_exists('mb_strtolower')) {
 			$title = mb_strtolower($title, 'UTF-8');
 		}
 		$title = utf8_uri_encode($title);
 	}
 	// title is in lower case always
 	$title = strtolower($title);
--- a/fp-includes/core/core.wp-pluggable-funcs.php
+++ b/fp-includes/core/core.wp-pluggable-funcs.php
@ -6,7 +6,7 @@
 */
 function _get_nextprev_link($nextprev) {
 	global $fpdb;
-	$q = & $fpdb->getQuery();
+	$q = &$fpdb->getQuery();
 	list ($caption, $id) = call_user_func(array(
 		&$q,
@ -42,7 +42,7 @@ if (!function_exists('get_nextpage_link')) :
 	function get_nextpage_link() {
 		global $fpdb;
-		$q = & $fpdb->getQuery();
+		$q = &$fpdb->getQuery();
 		$a = _get_nextprev_link('NextPage');
@ -59,7 +59,7 @@ if (!function_exists('get_prevpage_link')) :
 	function get_prevpage_link() {
 		global $fpdb;
-		$q = & $fpdb->getQuery();
+		$q = &$fpdb->getQuery();
 		$a = _get_nextprev_link('PrevPage');
@ -292,12 +292,12 @@ if (!function_exists('wp_setcookie')) :
 			$cookiehash = md5($siteurl);
 		}
-		setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath, COOKIE_SECURE);
+		setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $cookiepath, COOKIE_SECURE, COOKIE_HTTPONLY);
-		setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath, COOKIE_SECURE);
+		setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $cookiepath, COOKIE_SECURE, COOKIE_HTTPONLY);
 		if ($cookiepath != $sitecookiepath) {
-			setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
+			setcookie('wordpressuser_' . $cookiehash, $username, time() + 31536000, $sitecookiepath, COOKIE_SECURE, COOKIE_HTTPONLY);
-			setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath, COOKIE_SECURE);
+			setcookie('wordpresspass_' . $cookiehash, $password, time() + 31536000, $sitecookiepath, COOKIE_SECURE, COOKIE_HTTPONLY);
 		}
 	}
 endif;
@ -305,10 +305,10 @@ endif;
 if (!function_exists('wp_clearcookie')) :
 	function wp_clearcookie() {
-		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE, COOKIE_HTTPONLY);
-		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, COOKIEPATH, COOKIE_SECURE, COOKIE_HTTPONLY);
-		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpressuser_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE, COOKIE_HTTPONLY);
-		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE);
+		setcookie('wordpresspass_' . COOKIEHASH, ' ', time() - 31536000, SITECOOKIEPATH, COOKIE_SECURE, COOKIE_HTTPONLY);
 	}
 endif;
--- a/fp-includes/smarty/plugins/function.html_select_date.php
+++ b/fp-includes/smarty/plugins/function.html_select_date.php
@ -0,0 +1,373 @@
 <?php
 /**
 * Smarty plugin
 *
 * @package Smarty
 * @subpackage plugins
 */
 /**
 * Smarty {html_select_date} plugin
 *
 * Type: function<br>
 * Name: html_select_date<br>
 * Purpose: Prints the dropdowns for date selection.
 *
 * ChangeLog:<br>
 * - 1.0 initial release
 * - 1.1 added support for +/- N syntax for begin
 * and end year values. (Monte)
 * - 1.2 added support for yyyy-mm-dd syntax for
 * time value. (Jan Rosier)
 * - 1.3 added support for choosing format for
 * month values (Gary Loescher)
 * - 1.3.1 added support for choosing format for
 * day values (Marcus Bointon)
 * - 1.3.2 support negative timestamps, force year
 * dropdown to include given date unless explicitly set (Monte)
 * - 1.3.4 fix behaviour of 0000-00-00 00:00:00 dates to match that
 * of 0000-00-00 dates (cybot, boots)
 *
 * @link http://smarty.php.net/manual/en/language.function.html.select.date.php {html_select_date}
 *       (Smarty online manual)
 * @version 1.3.4
 * @author Andrei Zmievski
 * @author Monte Ohrt <monte at ohrt dot com>
 * @param
 *        	array
 * @param
 *        	Smarty
 * @return string
 */
 function smarty_function_html_select_date($params, &$smarty) {
 	require_once $smarty->_get_plugin_filepath('shared', 'escape_special_chars');
 	require_once $smarty->_get_plugin_filepath('shared', 'make_timestamp');
 	require_once $smarty->_get_plugin_filepath('function', 'html_options');
 	/* Default values. */
 	$prefix = "Date_";
 	$start_year = strftime("%Y");
 	$end_year = $start_year;
 	$display_days = true;
 	$display_months = true;
 	$display_years = true;
 	$month_format = "%B";
 	/* Write months as numbers by default GL */
 	$month_value_format = "%m";
 	$day_format = "%02d";
 	/* Write day values using this format MB */
 	$day_value_format = "%d";
 	$year_as_text = false;
 	/* Display years in reverse order? Ie. 2000,1999,.... */
 	$reverse_years = false;
 	/*
 	 * Should the select boxes be part of an array when returned from PHP?
 	 * e.g. setting it to "birthday", would create "birthday[Day]",
 	 * "birthday[Month]" & "birthday[Year]". Can be combined with prefix
 	 */
 	$field_array = null;
 	/*
 	 * <select size>'s of the different <select> tags.
 	 * If not set, uses default dropdown.
 	 */
 	$day_size = null;
 	$month_size = null;
 	$year_size = null;
 	/*
 	 * Unparsed attributes common to *ALL* the <select>/<input> tags.
 	 * An example might be in the template: all_extra ='class ="foo"'.
 	 */
 	$all_extra = null;
 	/* Separate attributes for the tags. */
 	$day_extra = null;
 	$month_extra = null;
 	$year_extra = null;
 	/*
 	 * Order in which to display the fields.
 	 * "D" -> day, "M" -> month, "Y" -> year.
 	 */
 	$field_order = 'MDY';
 	/* String printed between the different fields. */
 	$field_separator = "\n";
 	$time = time();
 	$all_empty = null;
 	$day_empty = null;
 	$month_empty = null;
 	$year_empty = null;
 	$extra_attrs = '';
 	foreach ($params as $_key => $_value) {
 		switch ($_key) {
 			case 'prefix':
 			case 'time':
 			case 'start_year':
 			case 'end_year':
 			case 'month_format':
 			case 'day_format':
 			case 'day_value_format':
 			case 'field_array':
 			case 'day_size':
 			case 'month_size':
 			case 'year_size':
 			case 'all_extra':
 			case 'day_extra':
 			case 'month_extra':
 			case 'year_extra':
 			case 'field_order':
 			case 'field_separator':
 			case 'month_value_format':
 			case 'month_empty':
 			case 'day_empty':
 			case 'year_empty':
 				$$_key = (string) $_value;
 				break;
 			case 'all_empty':
 				$$_key = (string) $_value;
 				$day_empty = $month_empty = $year_empty = $all_empty;
 				break;
 			case 'display_days':
 			case 'display_months':
 			case 'display_years':
 			case 'year_as_text':
 			case 'reverse_years':
 				$$_key = (bool) $_value;
 				break;
 			default:
 				if (!is_array($_value)) {
 					$extra_attrs .= ' ' . $_key . '="' . smarty_function_escape_special_chars($_value) . '"';
 				} else {
 					$smarty->trigger_error("html_select_date: extra attribute '$_key' cannot be an array", E_USER_NOTICE);
 				}
 				break;
 		}
 	}
 	if (preg_match('!^-\d+$!', $time)) {
 		// negative timestamp, use date()
 		$time = date('Y-m-d', $time);
 	}
 	// If $time is not in format yyyy-mm-dd
 	if (preg_match('/^(\d{0,4}-\d{0,2}-\d{0,2})/', $time, $found)) {
 		$time = $found [1];
 	} else {
 		// use smarty_make_timestamp to get an unix timestamp and
 		// strftime to make yyyy-mm-dd
 		$time = strftime('%Y-%m-%d', smarty_make_timestamp($time));
 	}
 	// Now split this in pieces, which later can be used to set the select
 	$time = explode("-", $time);
 	// make syntax "+N" or "-N" work with start_year and end_year
 	if (preg_match('!^(\+|\-)\s*(\d+)$!', $end_year, $match)) {
 		if ($match [1] == '+') {
 			$end_year = strftime('%Y') + $match [2];
 		} else {
 			$end_year = strftime('%Y') - $match [2];
 		}
 	}
 	if (preg_match('!^(\+|\-)\s*(\d+)$!', $start_year, $match)) {
 		if ($match [1] == '+') {
 			$start_year = strftime('%Y') + $match [2];
 		} else {
 			$start_year = strftime('%Y') - $match [2];
 		}
 	}
 	if (strlen($time [0]) > 0) {
 		if ($start_year > $time [0] && !isset($params ['start_year'])) {
 			// force start year to include given date if not explicitly set
 			$start_year = $time [0];
 		}
 		if ($end_year < $time [0] && !isset($params ['end_year'])) {
 			// force end year to include given date if not explicitly set
 			$end_year = $time [0];
 		}
 	}
 	$field_order = strtoupper($field_order);
 	$html_result = $month_result = $day_result = $year_result = "";
 	$field_separator_count = -1;
 	if ($display_months) {
 		$field_separator_count++;
 		$month_names = array();
 		$month_values = array();
 		if (isset($month_empty)) {
 			$month_names [''] = $month_empty;
 			$month_values [''] = '';
 		}
 		// Using the month_names from the FlatPress language files
 		global $lang;
 		$replace_month_names = array();
 		$replace_month_names [0] = '-';
 		$replace_month_value_format = array(
 			"00",
 			"01",
 			"02",
 			"03",
 			"04",
 			"05",
 			"06",
 			"07",
 			"08",
 			"09",
 			"10",
 			"11",
 			"12"
 		);
 		$fp_lang_months = array();
 		$fp_lang_months = $lang ['date'] ['month'];
 		$fplm = 0;
 		for($lm = 1; $lm <= 12; $lm++) {
 			$replace_month_names [$lm] = $fp_lang_months [$fplm];
 			$fplm++;
 		}
 		for($i = 1; $i <= 12; $i++) {
 			$month_names [$i] = $replace_month_names [$i];
 			$month_values [$i] = $replace_month_value_format [$i];
 		}
 		// /FlatPress change
 		$month_result .= '<select name=';
 		if (null !== $field_array) {
 			$month_result .= '"' . $field_array . '[' . $prefix . 'Month]"';
 		} else {
 			$month_result .= '"' . $prefix . 'Month"';
 		}
 		if (null !== $month_size) {
 			$month_result .= ' size="' . $month_size . '"';
 		}
 		if (null !== $month_extra) {
 			$month_result .= ' ' . $month_extra;
 		}
 		if (null !== $all_extra) {
 			$month_result .= ' ' . $all_extra;
 		}
 		$month_result .= $extra_attrs . '>' . "\n";
 		$month_result .= smarty_function_html_options(array(
 			'output' => $month_names,
 			'values' => $month_values,
 			'selected' => (int) $time [1] ? strftime($month_value_format, mktime(0, 0, 0, (int) $time [1], 1, 2000)) : '',
 			'print_result' => false
 		), $smarty);
 		$month_result .= '</select>';
 	}
 	if ($display_days) {
 		$field_separator_count++;
 		$days = array();
 		if (isset($day_empty)) {
 			$days [''] = $day_empty;
 			$day_values [''] = '';
 		}
 		for($i = 1; $i <= 31; $i++) {
 			$days [] = sprintf($day_format, $i);
 			$day_values [] = sprintf($day_value_format, $i);
 		}
 		$day_result .= '<select name=';
 		if (null !== $field_array) {
 			$day_result .= '"' . $field_array . '[' . $prefix . 'Day]"';
 		} else {
 			$day_result .= '"' . $prefix . 'Day"';
 		}
 		if (null !== $day_size) {
 			$day_result .= ' size="' . $day_size . '"';
 		}
 		if (null !== $all_extra) {
 			$day_result .= ' ' . $all_extra;
 		}
 		if (null !== $day_extra) {
 			$day_result .= ' ' . $day_extra;
 		}
 		$day_result .= $extra_attrs . '>' . "\n";
 		$day_result .= smarty_function_html_options(array(
 			'output' => $days,
 			'values' => $day_values,
 			'selected' => $time [2],
 			'print_result' => false
 		), $smarty);
 		$day_result .= '</select>';
 	}
 	if ($display_years) {
 		$field_separator_count++;
 		if (null !== $field_array) {
 			$year_name = $field_array . '[' . $prefix . 'Year]';
 		} else {
 			$year_name = $prefix . 'Year';
 		}
 		if ($year_as_text) {
 			$year_result .= '<input type="text" name="' . $year_name . '" value="' . $time [0] . '" size="4" maxlength="4"';
 			if (null !== $all_extra) {
 				$year_result .= ' ' . $all_extra;
 			}
 			if (null !== $year_extra) {
 				$year_result .= ' ' . $year_extra;
 			}
 			$year_result .= ' />';
 		} else {
 			$years = range((int) $start_year, (int) $end_year);
 			if ($reverse_years) {
 				rsort($years, SORT_NUMERIC);
 			} else {
 				sort($years, SORT_NUMERIC);
 			}
 			$yearvals = $years;
 			if (isset($year_empty)) {
 				array_unshift($years, $year_empty);
 				array_unshift($yearvals, '');
 			}
 			$year_result .= '<select name="' . $year_name . '"';
 			if (null !== $year_size) {
 				$year_result .= ' size="' . $year_size . '"';
 			}
 			if (null !== $all_extra) {
 				$year_result .= ' ' . $all_extra;
 			}
 			if (null !== $year_extra) {
 				$year_result .= ' ' . $year_extra;
 			}
 			$year_result .= $extra_attrs . '>' . "\n";
 			$year_result .= smarty_function_html_options(array(
 				'output' => $years,
 				'values' => $yearvals,
 				'selected' => $time [0],
 				'print_result' => false
 			), $smarty);
 			$year_result .= '</select>';
 		}
 	}
 	// Loop thru the field_order field
 	for($i = 0; $i <= 2; $i++) {
 		$c = substr($field_order, $i, 1);
 		switch ($c) {
 			case 'D':
 				$html_result .= $day_result;
 				break;
 			case 'M':
 				$html_result .= $month_result;
 				break;
 			case 'Y':
 				$html_result .= $year_result;
 				break;
 		}
 		// Add the field seperator
 		if ($i < $field_separator_count) {
 			$html_result .= $field_separator;
 		}
 	}
 	return $html_result;
 }
 /* vim: set expandtab: */
 ?>
--- a/fp-interface/lang/nl-nl/lang.admin.config.php
+++ b/fp-interface/lang/nl-nl/lang.admin.config.php
@ -3,17 +3,17 @@
 	$lang['admin']['config']['default'] = 
 	array(
 		'head'		=> 'Opties',
-		'descr'		=> 'Aanpassen en configureren jouw FlatPress
+		'descr'		=> 'Aanpassen en configureren van de FlatPress
 					installatie.',
 		'submit'		=> 'Bewaar aanpassingen',
 		'sysfset'		=> 'Algemene systeeminformatie',
 		'syswarning'	=> '<big>Warschuwing!</big> Deze informatie is van cruciaal belang en moet correct zijn,
-	anders FlatPress zal (waarschijnlijk) weigeren om goed te werken.',
+	anders zal FlatPress  (waarschijnlijk) weigeren om goed te werken.',
 		'blog_root'		=> '<strong>Absoluut pad naar flatpress</strong>. Opmerking: 
 	over het algemeen hoeft u dit niet te bewerken, wees hoe dan ook voorzichtig, want we kunnen niet
 	controleren of het correct is of niet.',
-		'www'		=>'<strong>Blog root</strong>. URL naar je blog, compleet met 
+		'www'		=>'<strong>Blog root</strong>. URL naar de blog, compleet met 
 	subdirectories. <br />
 	VB: https://www.mydomain.com/flatpress/ (voorwaard slash is nodig)',
@ -24,10 +24,10 @@
 		'blogsubtitle'		=> 'Blog subtitel',
 		'blogfooter'		=> 'Blog voettekst',
 		'blogauthor'		=> 'Blog auteur',
-		'startpage'		=> 'De home page van deze web site is',
+		'startpage'		=> 'De home page van deze website is',
 		'stdstartpage'		=> 'mijn blog (default)',
 		'blogurl'			=> 'Blog URL',
-		'blogemail'			=> 'Blog email',
+		'blogemail'			=> 'Blog e-mail',
 		'notifications'		=> 'Notificaties',
 		'mailnotify'		=> 'E-mailmelding inschakelen voor opmerkingen',
 		'blogmaxentries'	=> 'Aantal berichten per pagina',
--- a/fp-interface/lang/nl-nl/lang.admin.static.php
+++ b/fp-interface/lang/nl-nl/lang.admin.static.php
@ -11,7 +11,7 @@
 	$lang['admin']['static']['list'] = array(
 		'head'		=> 'Statische paginas',
-		'descr'		=> 'Selecteer een pagina om te bewerken of <a href="admin.php?p=static&amp;action=write">voeg nieuw toe</a>.',
+		'descr'		=> 'Selecteer een pagina om te bewerken of <a href="admin.php?p=static&amp;action=write">voeg een nieuwe toe</a>.',
 		'sel'		=> 'Selecteer', // checkbox
 		'date'		=> 'Datum',
--- a/fp-interface/lang/nl-nl/lang.admin.widgets.php
+++ b/fp-interface/lang/nl-nl/lang.admin.widgets.php
@ -19,19 +19,19 @@
 						thema dat u kiest.</p>
 						<p>FlatPress komt met verschillende widgets: zo zijn er widgets om je met inloggen te helpen, om 
-						deen zoek box te tonen, etc.</p>
+						een zoekbox te tonen, etc.</p>
-						<p>Elke Widget is gedefineert door een <a class="hint" '.
+						<p>Elke Widget is gedefineerd door een <a class="hint" '.
 						'href="https://wiki.flatpress.org/res:plugins" title="Wat is een Widget?">plugin</a>.',
 		'availwdgs'	=> 'Beschikbare Widgets',
-		'trashcan'	=> 'Sleep het hier om te verwijderen',
+		'trashcan'	=> 'Sleep het hierheen om te verwijderen',
 		'themewdgs' => 'Widgetsets voor dit thema',
-		'themewdgsdescr' => 'Het thema wat je nu hebt geslekteerd heeft de volgende widgetsets',
+		'themewdgsdescr' => 'Het thema wat je nu hebt geselekteerd heeft de volgende widgetsets',
 		'oldwdgs'	=> '\\\andere widgetsets',
-		'oldwdgsdescr' =>'De volgende widgetsets lijkt niet behoren tot elke andere van de '.
+		'oldwdgsdescr' =>'De volgende widgetsets lijken niet te behoren tot elke  van de andere '.
-						'widgetsets als boven getoond. Dit kan herinneringen zijn van andere thema.',
+						'widgetsets als boven getoond. Dit kan een overblijfsel zijn van een ander thema.',
 		'submit'	=> 'Bewaar veranderingen',
--- a/fp-interface/lang/nl-nl/lang.comments.php
+++ b/fp-interface/lang/nl-nl/lang.comments.php
@ -3,7 +3,7 @@ $lang ['comments'] ['mail'] = 'Beste %toname%,
 "%fromname%" %frommail% heeft een commentaar geplaatst op de volgende post met als titel "%entrytitle%".
-Dit het commentaar link naar je blog:
+Dit de commentaar link naar je blog:
 %commentlink%
 Hier is het commentaar dat net is geplaatst:
--- a/fp-interface/lang/nl-nl/lang.contact.php
+++ b/fp-interface/lang/nl-nl/lang.contact.php
@ -1,14 +1,16 @@
 <?php
 	$lang['contact'] = array(
-		'head'		=> 'Contact mij',
+		'head'		=> 'Neem contact op',
-		'descr'		=> 'Vuk het formulier hieronder in om een feedback te sturen. Vul je email als je een antwoord wilt.',
+		'descr'		=> 'Vul het formulier hieronder in. 
-		'fieldset1'	=> 'Gebruiker gegevens',
+		Om een antwoord te krijgen is een e-mail adres nodig.
 		(*) verplicht in te vullen velden',
 		'fieldset1'	=> 'Gegevens gebruiker',
 		'name'		=> 'Naam (*)',
 		'email'		=> 'Email:',
 		'www'		=> 'Web:',
-		'cookie'	=> 'Herinner mij',
+		'cookie'	=> 'Stuur herinnering',
-		'fieldset2'	=> 'Jouw bericht',
+		'fieldset2'	=> 'Bericht',
 		'comment'	=> 'Bericht (*):',
 		'fieldset3'	=> 'Stuur',
 		'submit'	=> 'Stuur',
@ -17,10 +19,10 @@
 	);
 	$lang['contact']['error'] = array(
-		'name'		=> 'Je moet een naam invullen',
+		'name'		=> 'Er dient een naam ingevuld te worden',
-		'email'		=> 'Je moet een geldig email invullen',
+		'email'		=> 'Geen geldig e-mail adres',
-		'www'		=> 'Je moet een geldig URL invullen',
+		'www'		=> 'Geen geldige URL ',
-		'content'	=> 'Je moet een bericht invullen',
+		'content'	=> 'Het bericht mag niet blanko zijn',
 	);
 	$lang['contact']['msgs'] = array(
--- a/fp-interface/lang/nl-nl/lang.default.php
+++ b/fp-interface/lang/nl-nl/lang.default.php
@ -129,56 +129,56 @@ $lang ['comments'] ['error'] = array(
 $lang ['date'] ['month'] = array(
-	'Januari',
+	'januari',
-	'Februari',
+	'februari',
-	'Maart',
+	'maart',
-	'April',
+	'april',
-	'Mei',
+	'mei',
-	'Juni',
+	'juni',
-	'July',
+	'juli',
-	'Augustus',
+	'augustus',
-	'September',
+	'september',
-	'October',
+	'oktober',
-	'November',
+	'november',
-	'December'
+	'december'
 );
 $lang ['date'] ['month_abbr'] = array(
-	'Jan',
+	'jan',
-	'Feb',
+	'feb',
-	'Mrt',
+	'mrt',
-	'Apr',
+	'apr',
-	'Mei',
+	'mei',
-	'Jun',
+	'jun',
-	'Jul',
+	'jul',
-	'Aug',
+	'aug',
-	'Sep',
+	'sep',
-	'Oct',
+	'okt',
-	'Nov',
+	'nov',
-	'Dec'
+	'dec'
 );
 $lang ['date'] ['weekday'] = array(
-	'Zondag',
+	'zondag',
-	'Maandag',
+	'maandag',
-	'Dinsdag',
+	'dinsdag',
-	'Woensdag',
+	'woensdag',
-	'Donderdag',
+	'donderdag',
-	'Vrijdag',
+	'vrijdag',
-	'Zaterdag'
+	'zaterdag'
 );
 $lang ['date'] ['weekday_abbr'] = array(
-	'Zo',
+	'zo',
-	'Ma',
+	'ma',
-	'Di',
+	'di',
-	'Wo',
+	'wo',
-	'Do',
+	'do',
-	'Vr',
+	'vr',
-	'Za'
+	'za'
 );
 ?>
--- a/fp-interface/sharedtpls/comment-form.tpl
+++ b/fp-interface/sharedtpls/comment-form.tpl
@ -1,5 +1,5 @@
 {if !$entry_commslock}
-<h4>{$lang.comments.head}</h4>
+<h4 id="addcomment">{$lang.comments.head}</h4>
 <p>{$lang.comments.descr}</p>
--- a/fp-interface/sharedtpls/comments.tpl
+++ b/fp-interface/sharedtpls/comments.tpl
@ -1,5 +1,5 @@
 {if !$entry_commslock}
-<h4>{$lang.comments.head}</h4>
+<h4 id="addcomment">{$lang.comments.head}</h4>
 <p>{$lang.comments.descr}</p>
--- a/fp-interface/sharedtpls/search.tpl
+++ b/fp-interface/sharedtpls/search.tpl
@ -9,7 +9,7 @@
 	</fieldset>
 	<fieldset><legend>{$lang.search.fset2}</legend>
-	<p>{html_select_date start_year=2000 end_year=$smarty.now|date_format:"%Y" field_separator=" - " field_order="DMY" time="0000-00-00" all_empty="--"}</p>
+	<p>{html_select_date reverse_years="true" start_year=2000 end_year=$smarty.now|date_format:"%Y" field_separator=" - " field_order="DMY" time="0000-00-00" all_empty="--"}</p>
 	<p>{$lang.search.datedescr}</p>
 	</fieldset>
--- a/fp-interface/themes/leggero/flatmaas-rev/res/common.css
+++ b/fp-interface/themes/leggero/flatmaas-rev/res/common.css
@ -435,4 +435,9 @@ div#widget-searchbox li {
 	margin:0px;
 	padding:0px;
 }
 form#search ul { 
 	list-style-type: none;
 }
 form#search ul li:before {
 content: none	
 }
--- a/fp-interface/themes/leggero/leggero-v2/res/common.css
+++ b/fp-interface/themes/leggero/leggero-v2/res/common.css
@ -210,7 +210,6 @@ h4 { font-size: 1.2em; }
 	#main h4 { margin: 2em 0 0 0}
 	#main {
 		float: center;
 		width: 90%;
 		font-size: 100%;
 		padding: 15px;
@ -220,54 +219,6 @@ h4 { font-size: 1.2em; }
 	}
 }
 /* ===== INTERNET EXPLORER ===== */
@media \0screen\,screen\9{
 	body { margin: 10px 0 10px 0 }
 	/* ===== BODY CONTAINER ===== */
 	#body-container {
 		text-align: left;
 		max-width: 1000px;
 		width: 100%;
 		margin: 0 auto 0 auto;
 		padding: 5px;
 		background:none;
 		background-color:rgba(0,0,0,0.75);
 		-ms-filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#BF000000,endColorstr=#BF000000);
 		filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#BF000000,endColorstr=#BF000000);
 		zoom:1;
 		border-radius: 3px;
 	}
 	/* ===== MAIN ===== */
 	#main h4 { margin: 2em 0 0 0}
 	#main {
 		float:left;
 		position: relative;
 		width: 65%;
 		font-size: 100%;
 		padding: 25px;
 		margin: 20px;
 		background:none;
 		background-color:rgba(255,255,255,0.9);
 		-ms-filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#E6FFFFFF,endColorstr=#E6FFFFFF);
 		filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#E6FFFFFF,endColorstr=#E6FFFFFF);
 		zoom:1;
 		border-radius: 3px;
 	}
 	#head {
 		background:none;
 		background-color:rgba(184,60,46,0.7);
 		-ms-filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#B3b83c2e,endColorstr=#B3b83c2e);
 		filter:progid:DXImageTransform.Microsoft.gradient(startColorstr=#B3b83c2e,endColorstr=#B3b83c2e);
 		zoom:1;
 	}
 }
 #main p { line-height: 1.4em; margin-top: 1em; }
 #main img { margin: .5em }
@ -283,6 +234,8 @@ h4 { font-size: 1.2em; }
 	padding: 0 1.6em 0 1.6em
 }
 h4#addcomment {clear:both;}
 	#commentform fieldset p { margin: 0 0 .5em 0 }
 	#comments li {
@ -350,6 +303,9 @@ h4 { font-size: 1.2em; }
 		margin-bottom: 3em
 	}
 	form#search ul { 
 		list-style-type: none;
 	}
 /* ===== FOOTER ===== */
 #footer {
--- a/fp-interface/themes/leggero/leggero-v2/res/globals.css
+++ b/fp-interface/themes/leggero/leggero-v2/res/globals.css
@ -16,7 +16,8 @@ Module: globals.css
 /* ===== NOTIFICATION ===== */
 #main ul.msgs, ul.msgs {
 	margin: 0;
-	padding: 1em 2em
+	padding: 1em 2em;
 	list-style-type: none;
 }
 .errors {
--- a/fp-interface/themes/leggero/leggero-v2/style.conf.php
+++ b/fp-interface/themes/leggero/leggero-v2/style.conf.php
@ -1,22 +1,21 @@
 <?php
 /*
-Style Name: Leggero V2
+ * Style Name: Leggero V2
-Style URI: http://www.flatpress.org/
+ * Style URI: http://www.flatpress.org/
-Description: A modern version of the default FlatPress theme.
+ * Description: The default FlatPress theme which brings a breath of fresh mint air. Responsive and a great start for own themes!
-Version: 0.705
+ * Version: 0.705
-Author: NoWhereMan, Drudo and Marc Thibeault
+ * Author: NoWhereMan, Drudo and Marc Thibeault
-Author URI: http://www.flatpress.org/
+ * Author URI: http://www.flatpress.org/
-*/
+ */
 $style ['name'] = 'leggero-v2';
 $style ['author'] = 'NoWhereMan';
 $style ['www'] = 'http://www.flatpress.org/';
-	$style['name'] = 'leggero-v2';
+$style ['version'] = 0.705;
 	$style['author'] = 'NoWhereMan';
 	$style['www'] = 'http://www.flatpress.org/';
-	$style['version'] = 0.705;
+$style ['style_def'] = 'style.css';
-		
+$style ['style_admin'] = 'admin.css';
-	$style['style_def'] = 'style.css';
+$style ['style_print'] = 'print.css';
-	$style['style_admin'] = 'admin.css';
+$style ['style'] = 'default';
 	$style['style_print'] = 'print.css';
 	$style['style'] = 'default';
 ?>
--- a/fp-interface/themes/leggero/leggero/res/common.css
+++ b/fp-interface/themes/leggero/leggero/res/common.css
@ -327,6 +327,10 @@ h4 { font-size: 1.2em; }
 		margin-bottom: 5em
 	}
 	form#search ul { 
 		list-style-type: none;
 	}
 /* ===== FOOTER ===== */
 #footer {
--- a/fp-interface/themes/leggero/leggero/res/globals.css
+++ b/fp-interface/themes/leggero/leggero/res/globals.css
@ -20,7 +20,8 @@ Module: globals.css
 /* ===== NOTIFICATION ===== */
 #main ul.msgs, ul.msgs {
 	margin: 0;
-	padding: 1em 2em
+	padding: 1em 2em;
 	list-style-type: none;
 }
 .errors {
--- a/fp-interface/themes/leggero/leggero/style.conf.php
+++ b/fp-interface/themes/leggero/leggero/style.conf.php
@ -2,7 +2,7 @@
 /*
 * Style Name: Leggero
 * Style URI: http://www.flatpress.org/
- * Description: The default FlatPress theme which brings a breath of fresh mint air. Responsive and a great start for own themes!
+ * Description: A responsive and more flat version of the default FlatPress theme.
 * Version: 1.2
 * Author: NoWhereMan and Drudo, optimised by Laborix
 * Author URI: https://www.flatpress.org/
--- a/fp-interface/themes/leggero/preview.png
+++ b/fp-interface/themes/leggero/preview.png
--- a/fp-plugins/calendar/plugin.calendar.php
+++ b/fp-plugins/calendar/plugin.calendar.php
@ -31,8 +31,9 @@ function generate_calendar($year, $month, $days = array(), $day_name_length = 3,
 	// Begin calendar. Uses a real <caption>. See http://diveintomark.org/archives/2002/07/03
 	// PHP7 compatibility: Since $pn is never passed, we do not need to create "previous" and "next" elements.
-	$p = '';
+
-	$n = '';
+	$p = '<span class="calendar-prev"><a href="' . get_month_link($year, $month - 1) . '">&laquo;</a></span>&nbsp;';
 	$n = '&nbsp;<span class="calendar-next"><a href="' . get_month_link($year, $month + 1) . '">&raquo;</a></span>';
 	// Commented out to prevent deprecated each() function from being executed.
 	// @list($p, $pl) = each($pn); @list($n, $nl) = each($pn); #previous and next links, if applicable
 	// if($p) $p = '<span class="calendar-prev">'.($pl ? '<a href="'.($pl).'">'.$p.'</a>' : $p).'</span>&nbsp;';
--- a/fp-plugins/commentcenter/lang/lang.de-de.php
+++ b/fp-plugins/commentcenter/lang/lang.de-de.php
@ -0,0 +1,182 @@
 <?php
 $lang ['admin'] ['entry'] ['submenu'] ['commentcenter'] = 'Comment Center';
 $lang ['admin'] ['entry'] ['commentcenter'] = array(
 	// Header of the panel
 	'title' => 'Comment Center',
 	'desc1' => 'Dieses Panel ermöglicht es Ihnen, die Kommentare in Ihrem Blog zu verwalten.',
 	'desc2' => 'Hier können Sie mehrere Dinge tun:',
 	// Links
 	'lpolicies' => 'Verwaltung der Richtlinien',
 	'lapprove' => 'Blockierte Kommentare anzeigen',
 	'lmanage' => 'Kommentare verwalten',
 	'lconfig' => 'Konfigurieren des Plugins',
 	// Policies
 	'policies' => 'Richtlinien',
 	'desc_pol' => 'Hier können Sie die Richtlinien für Kommentare bearbeiten.',
 	'select' => 'Auswählen',
 	'criteria' => 'Kriterien',
 	'behavoir' => 'Verhalten',
 	'options' => 'Einstellungen',
 	'entry' => 'Eintrag',
 	'entries' => 'Einträge',
 	'categories' => 'Kategorien',
 	'nopolicies' => 'Es gibt keine Richtlinien',
 	'all_entries' => 'Alle Einträge',
 	'fol_entries' => 'Die Richtlinie gilt für die folgenden Einträge:',
 	'fol_cats' => 'Die Richtlinie gilt für Einträge in den folgenden Kategorien:',
 	'older' => 'Die Richtlinie gilt für Einträge, die älter als %d Tag (e) sind.',
 	'allow' => 'Kommentare erlauben',
 	'block' => 'Kommentare verbieten',
 	'approvation' => 'Kommentare müssen genehmigt werden',
 	'up' => 'Nach oben',
 	'down' => 'Nach unten',
 	'edit' => 'Bearbeiten',
 	'delete' => 'Löschen',
 	'newpol' => 'Eine neue Richtlinie hinzufügen',
 	'del_selected' => 'Ausgewählte Richtlinie (n) löschen',
 	'select_all' => 'Alle auswählen',
 	'deselect_all' => 'Keine auswählen',
 	// Configuration page
 	'configure' => 'Konfigurieren des Plugins',
 	'desc_conf' => 'Hier können Sie die Optionen des Plugins ändern.',
 	'log_all' => 'Blockierte Kommentare protokollieren',
 	'log_all_long' => 'Aktivieren Sie diese Option, wenn Sie auch blockierte Kommentare protokollieren möchten.',
 	'email_alert' => 'Benachrichtigung per E-Mail',
 	'email_alert_long' => 'Wenn Sie einen Kommentar zum Genehmigen prüfen sollen, können Sie ' . 'über E-Mail informiert werden.',
 	'akismet' => 'Akismet',
 	'akismet_use' => 'Kommentar-Prüfung mit Akismet',
 	'akismet_key' => 'Akismet-Schlüssel',
 	'akismet_key_long' => 'Der Akismet-Dienst stellt Ihnen einen Schlüssel zur Verfügung. Fügen Sie diesen hier ein.',
 	'akismet_url' => 'Blog-URL für Akismet',
 	'akismet_url_long' => 'Für den kostenlosen Service von Akismet sollten Sie nur eine Domain verwenden. ' . 'Sie können dieses Feld leer lassen. Es wird dann <code>%s</code> verwendet.',
 	'save_conf' => 'Einstellungen speichern',
 	// Edit policy page
 	'apply_to' => 'Anwenden auf',
 	'editpol' => 'Bearbeiten einer Richtlinie',
 	'createpol' => 'Erstellen einer Richtlinie',
 	'some_entries' => 'Bestimmte Einträge',
 	'properties' => 'Eintrag mit bestimmten Eigenschaften',
 	'se_desc' => 'Wenn Sie die Option %s ausgewählt haben, fügen Sie bitte Einträge ein, die Sie auf diese Richtlinie anwenden möchten.',
 	'se_fill' => 'Bitte füllen Sie die Felder mit der ID der Einträge aus (<code>entryYYMMDD-HHMMSS</code>).',
 	'po_title' => 'Eigenschaften',
 	'po_desc' => 'Wenn Sie die Option %s ausgewählt haben, füllen Sie bitte die Eigenschaften aus.',
 	'po_comp' => 'Die Felder sind nicht obligatorisch, aber Sie müssen mindestens eines ausfüllen oder die Richtlinie ' . 'wird auf alle Einträge gelten.',
 	'po_time' => 'Zeiteinstellungen',
 	'po_older' => 'Auf Einträge anwenden, die älter sind als ',
 	'days' => 'Tage.',
 	'save_policy' => 'Richtlinie speichern',
 	// Delete policies page
 	'del_policies' => 'Richtlinien löschen',
 	'del_descs' => 'Sie werden diese Richtlinie löschen: ',
 	'del_descm' => 'Sie werden diese Richtlinien löschen: ',
 	'sure' => 'Sind Sie sicher?',
 	'del_subs' => 'Ja, bitte löschen',
 	'del_subm' => 'Ja, bitte löschen Sie sie',
 	'del_cancel' => 'Nein, zurück zu den Einstellungen.',
 	// Approve comments page
 	'app_title' => 'Genehmigen Sie den Kommentar',
 	'app_desc' => 'Hier können Sie Kommentare genehmigen.',
 	'app_date' => 'Datum',
 	'app_content' => 'Kommentar',
 	'app_author' => 'Verfasser',
 	'app_email' => 'Email',
 	'app_ip' => 'IP',
 	'app_actions' => 'Maßnahmen',
 	'app_publish' => 'Veröffentlichung',
 	'app_delete' => 'Löschen',
 	'app_nocomms' => 'Es gibt keinen Kommentar.',
 	'app_pselected' => 'Ausgewählte Kommentare veröffentlichen',
 	'app_dselected' => 'Ausgewählte Kommentare entfernen',
 	'app_other' => 'Sonstige Bemerkungen',
 	'app_akismet' => 'Als Spam erkannt',
 	'app_spamdesc' => 'Diese Kommentare wurden von Akismet blockiert.',
 	'app_hamsubmit' => 'Beim Veröffentlichen auch gleich als Ham an Akismet melden.',
 	'app_pubnotham' => 'Veröffentlichen, aber nicht an Akismet übertragen',
 	// Delete comments page
 	'delc_title' => 'Kommentare löschen',
 	'delc_descs' => 'Sie werden diesen Kommentar löschen: ',
 	'delc_descm' => 'Sie werden diese Kommentare löschen: ',
 	// Manage comments page
 	'man_searcht' => 'Einen Eintrag suchen',
 	'man_searchd' => 'Fügen Sie die ID des Eintrags ein, dessen Kommentare Sie verwalten möchten.',
 	'man_search' => 'Suche',
 	'man_commfor' => 'Bemerkungen für %s',
 	'man_spam' => 'Als Spam an Akismet melden',
 	// The simple edit
 	'simple_pre' => 'Die Kommentare zu diesem Eintrag ',
 	'simple_1' => 'werden erlaubt.',
 	'simple_0' => 'benötigen Ihre Zustimmung.',
 	'simple_-1' => 'werden geblockt.',
 	'simple_manage' => 'Verwalten Sie die Kommentare zu diesem Eintrag.',
 	'simple_edit' => 'Richtlinien bearbeiten',
 	// Akismet warnings
 	'akismet_errors' => array(
 		-1 => 'Der Akismet-Schlüssel ist leer. Bitte geben Sie diesen ein.',
 		-2 => 'Wir konnten die Akismet-Server nicht erreichen.',
 		-3 => 'Die Reaktion von Akismet schlug fehl.',
 		-4 => 'Der Akismet-Schlüssel ist ungültig.'
 	),
 	// Messages
 	'msgs' => array(
 		1 => 'Konfiguration gespeichert.',
 		-1 => 'Beim Speichern der Konfiguration ist ein Fehler aufgetreten.',
 		2 => 'Richtlinie gespeichert.',
 		-2 => 'Beim Speichern der Richtlinie ist ein Fehler aufgetreten (vielleicht sind Ihre Einstellungen falsch).',
 		3 => 'Richtlinie verschoben.',
 		-3 => 'Beim Versuch, die Richtlinie zu verschieben, ist ein Fehler aufgetreten (oder sie kann nicht verschoben werden).',
 		4 => 'Richtlinie (n) entfernt.',
 		-4 => 'Beim Versuch, die Richtlinie (n) zu entfernen, ist ein Fehler aufgetreten (oder Sie haben keine Richtlinie ausgewählt).',
 		5 => 'Kommentar (e) veröffentlicht.',
 		-5 => 'Beim Versuch, die Kommentare zu veröffentlichen, ist ein Fehler aufgetreten.',
 		6 => 'Kommentar (e) entfernt.',
 		-6 => 'Beim Versuch, die Kommentare zu entfernen, ist ein Fehler aufgetreten (oder Sie haben keinen Kommentar ausgewählt).',
 		7 => 'Kommentar eingereicht.',
 		-7 => 'Beim Absenden des Kommentars ist ein Fehler aufgetreten.'
 	),
 	// Errors
 	'errors' => array(
 		'pol_nonex' => 'Die Richtlinie, die Sie bearbeiten möchten, existiert nicht.',
 		'entry_nf' => 'Der gewählte Eintrag existiert nicht.'
 	)
 );
 $lang ['plugin'] ['commentcenter'] = array(
 	'akismet_error' => 'Sorry, wir stossen auf technische Schwierigkeiten.',
 	'lock' => 'Dieser Eintrag kann leider nicht kommentiert werden.',
 	'approvation' => 'Der Kommentar wurde gespeichert, aber der Administrator muss ihn freischalten, bevor er angezeigt wird.',
 	// Mail for comments
 	'mail_subj' => 'Neuer Kommentar zu genehmigen %s'
 );
 $lang ['plugin'] ['commentcenter'] ['mail_text'] = 'Hallo %toname%,
 "%fromname%" %frommail% hat einen Kommentar zu dem Eintrag geschrieben mit dem Titel "%entrytitle%"
 Aber dieser braucht deine Zustimmung, bevor dieser veröffentlicht wird.
 Folgendes wurde als Kommentar geschrieben:
 __________________________________________
 %content%
 __________________________________________
 Automatisch generiert von
 %blogtitle%
 ';
--- a/login.php
+++ b/login.php
@ -13,7 +13,7 @@ function login_validate() {
 	$pass = trim(@$_POST ['pass']);
 	$error = array();
-	$lerr = & $lang ['login'] ['error'];
+	$lerr = &$lang ['login'] ['error'];
 	if (!$user) {
 		$error ['user'] = $lerr ['user'];
@ -44,7 +44,8 @@ function main() {
 			user_logout();
 			function myredirect() {
-				// login_redirect('.');
+				// logout redirects to home page
 				login_redirect('.');
 			}
 			add_filter('wp_head', 'myredirect');
@ -53,6 +54,7 @@ function main() {
 		} elseif (user_loggedin()) {
 			function myredirect() {
 				// login redirects to Admin Area
 				login_redirect('admin.php');
 			}
--- a/setup/index.php
+++ b/setup/index.php
@ -1,10 +1,9 @@
 <?php
-//require_once('../init.php');
+// require_once('../init.php');
-//utils_redirect('../admin.php');
+// utils_redirect('../admin.php');
 ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<!DOCTYPE html>
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head>
 	<title>FlatPress</title>
--- a/setup/tpls/header.tpl.php
+++ b/setup/tpls/header.tpl.php
@ -1,5 +1,4 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+<!DOCTYPE html>
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml">
 <head><title>Flatpress installer</title>
 		<link href="setup/res/setup.css" type="text/css" rel="stylesheet" /></head>
@ -11,4 +10,6 @@
 		<div id="main">
-<form class="storycontent" method="post" action="<?php echo BLOG_BASEURL ?>setup.php"> 
+<form class="storycontent" method="post" action="<?php
 echo BLOG_BASEURL?>setup.php">