Replace the explicit "An email has been sent with a verification code" message with a privacy-preserving wording: "If your account exists, a verification code has been sent to your email address." This avoids account enumeration. Updated language entries in en_UK and fr_FR, the server-side message in password.php, and the password reset template.
Add a more granular container detection
Replace is_in_container by get_container_info
Currently detect Official container (once they update a version with a tagfile) and LinuxServer container
All other container are marked as Unknown
Report two field :
- container_type ( none | Official | LinuxServer | Unknown
- container_version ( build Version number like 16.2.0a, only reported if Official container is detected )
A trigger_notify call for 'merge_tags' was added before deleting tags in the tag merge process. This allows plugins or extensions to react to tag merges.
Refactors how derivative and disabled_derivatives config values are loaded from the database, supporting both parameters and using a new safe_unserialize function. Updates ImageStdParams to use the global config and ensures proper serialization/deserialization of disabled type maps, with improved save logic to avoid unnecessary writes.
If the user as added open_basedir restriction the function will fail with a Warning :
Warning: file_exists(): open_basedir restriction in effect. File(/proc/2/sched) is not within the allowed path(s)
This fix add a check that assume piwigo is not in a container when open_basedir is set
Replaces usage of the Authorization header with X-PIWIGO-API for API key authentication. This improves consistency and may address issues with standard Authorization header handling.
Introduces a compatibility implementation of str_starts_with for environments where it is not available. Updates common.inc.php to include the polyfill if the function does not exist.
Adds a check to initialize $_SESSION['connected_with'] to 'pwg_ui' if it is not already set. This ensures the session variable is always defined before proceeding with cache deletion.
