Welcome, Guest! Log In | Create Account

File Release Notes and Changelog

Release Name: 1.5.3

Notes:
Gallery 1.5.3 is now available for download. This release is primarily a bug fix release, but it also includes an important security fix. The fixes:

    * Security: Not all user input was correctly sanitized for JavaScript injection. (Thanks to Aditya Mooley at adityamooley@sanisoft.com for reporting this and giving us plenty of time to fix it!)
    * HTML is allowed again in various places. (title, caption, comments)
    * Weird space around images inside the border that appeared in 1.5.2 is gone.
    * Proper order of items when uploaded in IE and Opera.
    * Language Mode 2 works again.
    * Several other minor things.

We recommend all Gallery 1 users upgrade to 1.5.3 to keep their Gallery as secure as possible. 


Changes:
2006-04-06 Chris Kelly <ckdake@ckdake.com> 1.5.3

 * Release: 1.5.3

2006-04-06 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b23

 * Change: Allow HTML again also in comments and user captions for images.

2006-04-06 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b22

 * Fix: ImageMap was opened was popup when no icons are used.

 * Change: Removed obsolete function showChoice()

2006-04-05 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b21

 * Fix: Frame around movies in photo view was broken.

2006-04-04 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b20

 * Fix: Use gTranslate instead of _( in albums.php, view_album.php and view_photo.php

2006-04-04 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b19

 * Change: Make select boxes in watermark form to stay at the value selected before a preview.
   Thanks to ejolley from forum.
   Change done as 1.5.3-cvs-b8 in HEAD


 * Change: Added icons for rotate and flip.

 * Change: Layout of rotate_photo.php.
   Thanks to Volksport.
   Change done as 1.5.3-cvs-b5 in HEAD

 * Fix: Language Mode 2 (Browserlanguage) was broken.

2006-03-28 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b18

 * SECURITY FIX *

  It was possible to use/"inject" Javascript inside various places to abuse this as a XSS Exploit.

  Now every userinput got from $_REQUEST is sanitized.
  We use the PEAR packages HTML_Safe and XML_HTMLSax3 to do this.
  Nice benefit is that HTML is now again possible in captions, titles, etc.

  The Team would like to thank Aditya Mooley for catching and reporting this.
  And giving us the time to fix it before going to public.

  Aditya Mooley is member of the Coppermine-Gallery Development team.
  So have a look at http://coppermine.sf.net, the page of our friendly competittion application.

2006-03-27 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b17

 * Fix: In some dropdown boxes the wrong items is selected.
        Appears e.g. in slideshow in IE where "blend" should be selected, but acutally
        "RANDOM" is.

        Thanks to Yuan from forums.

2006-03-27 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b16

 * Fix: When Gallery runs in joomla the complete framework is loaded into the
        progressbar when uploading pictures.

2006-03-27 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b15

 * Fix: Even if owner modification is set to "no" then owner are allowed to hide there pictures.
        Especially odd when owner is "everybody".

2006-03-27 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b14

 * Fix: When uploading files via the FORM method, the order was reverted in IE and Opera.

2006-03-27 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b13

 * Fix: When border is set to "solid" or "dots" then an unnice space appeared around thumbs.

2006-03-27 Jens Tkotz <jens@peino.de> 1.5.3-cvs-b12

 * Fix: When you have "Can every permitted user see a comments overview" set to 'yes'
        and then the permitted user goes to the overview he/she will get a "add comment" Button.
        Regardless wether the user is allowed to add comments, or not.

        This Fix makes the button only appear when user is allowed to add comments.

        Thanks to Yuan from forums.

 

About SourceForge

Find Software

Develop Software

Community

Help

Copyright © 2010 Geeknet, Inc. All rights reserved. Terms of Use