My Image Gallery

File Release Notes and Changelog

Release Name: Mig 1.5.0

Notes:
I received a vulnerability report from SecWatch today, which describes two Cross-Site Scripting and a Information Disclosure Vulnerabilities. The rating from SecWatch is "less critical", but I encourage everyone to upgrade to this new version, which not only fixes the described vulnerabilities but also contains some improvements and minor bugfixes as well.

I you would like to stay with your version of Mig, please make shure that you include the changes by the anonymous bug-reporter from SecWatch. Have a look at the link in the Changelog for details.

Please note, that the template-handling has changed a bit to make the layout more customizeable. So if you use customized templates, make shure you'll include the changes.

I am very sorry for the awkwardness this may cause to you!

Changes:
Security:
 * merged fixes from "SecWatch 13/08/2005 - Mig Remote Cross-Site Scripting and Information Disclosure Vulnerabilities", see http://secwatch.org/advisories/secwatch/20050813_Mig.txt
 * introduce $imageFilenameRegexpr and $currDirNameRegexpr for a more secure handling of file- and directorynames (now PHP 3.0.9 is required!)

Improvements:
 * various XHTML-compatiblity-fixes
 * moved the outer table in folder-view from source to template (allows more flexible layouts)
 * moved the table around the description in large- and image-view from source to template (allows more flexible layouts)
 * never show an empty folder list, if "startfrom" is bigger then the amount of pages
 * If an non-image is viewed with pageType=image or pageType=large, a generic will be displayed and link to the file.   
 * added support for user-defined Content-Type with $httpContentType
 * fixed handling of magic_quotes_gpc to solve a bug with inverted commas in file- and foldernames (bug pointed out by Werner and Samuel)
 * added new file-types for video and audio: .swf, .flv, .rm, .divx, .wma, .ogg, .flac, .aac, .mpc, .mp+