Gallery is een programma waarmee online fotoalbums kunnen worden gemaakt. Het is geschreven in PHP en daardoor platformonafhankelijk, eenvoudig te installeren, makkelijk te gebruiken en biedt tal van mogelijkheden. Zo is er de Photo Management-optie die bijvoorbeeld automatisch thumbnails kan creŽren, foto's roteren, en de grootte ervan aanpassen. Daarnaast is het mogelijk om lees- en/of schrijfrechten toe te kennen aan de albums. Het programma is in verschillende talen te gebruiken door het toevoegen van zogenaamde language packs.
Zojuist is de zesde patch level van versie 1.4.4 uitgekomen en deze verhelpt een bug met betrekking tot do_command XSS welke eigenlijk in de vijfde patch level al opgelost had moeten zijn. De release notes laten de volgende veranderingen zien sinds de laatste vermelding in de meuktracker:
- Fix: Incorrectly aligned parens render the do_command XSS fix useless
- Fix: PHP5 added to setup/.htaccess
- Fix: ImageMagick 6.0 auto-detection
- Fix: missing "global $gallery;" in AlbumDB could cause warning messages on PHP5
- Fix: Correct unsanitized user-input
- Fix: Adding $GLOBALS to the scrubList turned out to be... paranoia, basically. GLOBALS is always a recursive array, and always ended up being scrubbed.
- Fix: $photo was defined twice in view_photo.php. Second time it was relying on $GLOBALS and failed.
- Fix: Add GLOBALS to sensitiveList
- Fix: Security-related changes
- Fix: Also _SERVER["HTTP_COOKIE"] in phpinfo.
- Fix: Unset GRPC in phpinfo.php so that people don't accidentally post confidential information to the forums
- Fix: Completion of the new long filename fix (variable name typo in b1)
- Fix: Incomplete merge of _GetStyleSheetLink caused failure to recognize non-.default filenames.
- Fix: The longfilename / disclosure issue was completely broken in way too many ways.
- Change: Extra error handling in Album::getHighlightTag Blind stab at the 'incomplete delete and resize forms' issue which appears to be failing inside getHighlightTag.
- Fix: Several small fixes. Body text direction in poll_results, CSS file location from subdirs (tools), No files/All files in setup, stray binary char in setup, return to Gallery url in find_orphans, recursive slideshow in albums with no photos (only albums)
- Change: Addition of Bharat's cache code - this is good, sooner rather than later.
- Fix: Missing echo on gallery_error in save_photos from b14
- Fix: Make doubly-sure that we're setting mambo session vars when embedded, to prevent the 'No info' error.
- Fix: Added a setup option for "slowPhotoCount". The accurate photo count on the Gallery index page was a much requested change, however it proved to be so slow on some machines/Galleries that this will disable it unless explicitly enabled by the user during setup. (Galleries with vast numbers of albums or images could take as long as 30 seconds to load the index, by user reports)
- Fix: Navigation bar width was dependant on whether images were resized or not... this caused albums where resize_size was off to have the table width set to 0.
- Fix: Extra-long filename prevention in save_photos.php, as well as verifying that the uploaded file is a valid image format before saving to the temp directory
- Fixed a typo in classes/Album.php (missing ')')
- Fix: If 'shutterfly' is set, but not checked, unset it during the album upgrade. This caused shutterfly to appear even though it wasn't really enabled.
- Change: Add copyright to modules.php
- Fix: Print fatal error message instead of obscure PHP error when userDB fails to init before we try and use it.
- Fix: numAccessibleItems was incorrectly checking isHiddenRecurse() for albums. It needed to just be isHidden()
- Fix: Prevent foreach() error from being displayed when previewing watermark previews.
- Fix: Logging into Gallery as a non-admin and then trying to reset the admin password failed. The logged in user was used and the resetadmin file was ignored
- Fix: Extract HTTP_POST_FILES in phpBB2's modules.php
- Change: Remove modules.php.gz, add modules.php so that we can track code changes. There's no real reason for it to be gzip'ed.
- Fix: Correct the check_exec function which was being a little too liberal in its regex for exec. (shell_exec was incorrectly labeled as 'exec')
- Fix: Don't display clickable dimensions for movies
- Fix: Stack the custom fields on top of each other - users were really displeased by the side-by-side view
- Change: edit_appearance needs to properly handle the empty variable without issuing any PHP notices/warnings
- Fix: Disabling ALL print services in edit_appearance (album properties) did not work.
- Fix: Removed shorttags in classes/phpbb files
- Fix: The admin options on root albums were displaying inside the Mambo UI.
- Fix: view_comments would display albums without read permissions (user could not see anything except highlight image and album title)