Hide AddUser error block on close and make the AddUser popin scrollable with layout fixes. Also refine two French translations (password and login key).
When generating URLs for the web service (IN_WS), ensure the argument separator is a raw '&' instead of the HTML entity '&'. add_url_params now switches the separator to '&' if IN_WS is defined and '&' was requested. Removed a redundant str_replace call in ws_std_get_urls since get_action_url/add_url_params now produce the correct separator. This prevents double-escaped ampersands.
Simplify pwg_token setup during PWG_API_KEY_REQUEST by unconditionally assigning get_pwg_token() to both $_POST['pwg_token'] and $_GET['pwg_token']. Removes prior isset() checks so the token is always present for API key requests; be aware this will overwrite any existing pwg_token values in request arrays.
Use binary (1024-based) prefixes instead of decimal (1000-based) for
storage unit conversion. Previously dividing by 1000000 and 1000,
now correctly dividing by 1048576 (1024*1024) and 1024.
Fixes#2502
Detect if running in a official container and replace updates buttons by links to the documentation
fixed on master with bfbc8f68
fixed on 16.x with d238c545
Replace the explicit "An email has been sent with a verification code" message with a privacy-preserving wording: "If your account exists, a verification code has been sent to your email address." This avoids account enumeration. Updated language entries in en_UK and fr_FR, the server-side message in password.php, and the password reset template.
Add a more granular container detection
Replace is_in_container by get_container_info
Currently detect Official container (once they update a version with a tagfile) and LinuxServer container
All other container are marked as Unknown
Report two field :
- container_type ( none | Official | LinuxServer | Unknown
- container_version ( build Version number like 16.2.0a, only reported if Official container is detected )
A trigger_notify call for 'merge_tags' was added before deleting tags in the tag merge process. This allows plugins or extensions to react to tag merges.
Refactors how derivative and disabled_derivatives config values are loaded from the database, supporting both parameters and using a new safe_unserialize function. Updates ImageStdParams to use the global config and ensures proper serialization/deserialization of disabled type maps, with improved save logic to avoid unnecessary writes.
If the user as added open_basedir restriction the function will fail with a Warning :
Warning: file_exists(): open_basedir restriction in effect. File(/proc/2/sched) is not within the allowed path(s)
This fix add a check that assume piwigo is not in a container when open_basedir is set
Replaces usage of the Authorization header with X-PIWIGO-API for API key authentication. This improves consistency and may address issues with standard Authorization header handling.
Introduces a compatibility implementation of str_starts_with for environments where it is not available. Updates common.inc.php to include the polyfill if the function does not exist.
