Mig - "My Image Gallery"

Index of downloads/mig-1.5.0

[ICO] Name Last modified Size
Parent directory -
README 2005-08-15 2.09K
mig-1.5.0.tar.gz 2005-08-15 171.81K
Version 1.5.0
=============

Hello Users,

I received a vulnerability report from SecWatch today, which describes two
Cross-Site Scripting and a Information Disclosure Vulnerabilities. The rating
from SecWatch is "less critical", but I encourage everyone to upgrade to this
new version, which not only fixes the described vulnerabilities but also
contains some improvements and minor bugfixes as well.

If you would like to stay with your version of Mig, please make sure that you
include the changes by the anonymous bug-reporter from SecWatch. Have a look
at the link in the Changelog (see below) for details.

Please note, that the template-handling has changed a bit to make the layout
more customizable. So if you use customized templates, make sure you'll
include the changes.

I am very sorry for the awkwardness this may cause to you!

Boris


Links
-----
Download: https://mig.wcht.de/downloads/mig-1.5.0/mig-1.5.0.tar.gz
CVE: https://nvd.nist.gov/vuln/detail/CVE-2005-2603

Changelog
---------

 Security
  merged fixes from "SecWatch 13/08/2005 - Mig Remote Cross-Site Scripting
  and Information Disclosure Vulnerabilities", see
  http://secwatch.org/advisories/secwatch/20050813_Mig.txt

  introduce $imageFilenameRegexpr and $currDirNameRegexpr for a more secure
  handling of file- and directorynames (now PHP 3.0.9 is required!)

 Improvements
  various XHTML-compatiblity-fixes

  moved the outer table in folder-view from source to template (allows more
  flexible layouts)

  moved the table around the description in large- and image-view from
  source to template (allows more flexible layouts)

  never show an empty folder list, if "startfrom" is bigger then the amount
  of pages
  
  If an non-image is viewed with pageType=image or pageType=large, a generic
  will be displayed and link to the file.

  added support for user-defined Content-Type with $httpContentType

  fixed handling of magic_quotes_gpc to solve a bug with inverted commas in
  file- and foldernames (bug pointed out by Werner and Samuel)

  added new file-types for video and audio:
  .swf, .flv, .rm, .divx, .wma, .ogg, .flac, .aac, .mpc, .mp+