Mig - "My Image Gallery"
Index of downloads/mig-1.5.0
I received a vulnerability report from SecWatch today, which describes two
Cross-Site Scripting and a Information Disclosure Vulnerabilities. The rating
from SecWatch is "less critical", but I encourage everyone to upgrade to this
new version, which not only fixes the described vulnerabilities but also
contains some improvements and minor bugfixes as well.
If you would like to stay with your version of Mig, please make sure that you
include the changes by the anonymous bug-reporter from SecWatch. Have a look
at the link in the Changelog (see below) for details.
Please note, that the template-handling has changed a bit to make the layout
more customizable. So if you use customized templates, make sure you'll
include the changes.
I am very sorry for the awkwardness this may cause to you!
merged fixes from "SecWatch 13/08/2005 - Mig Remote Cross-Site Scripting
and Information Disclosure Vulnerabilities", see
introduce $imageFilenameRegexpr and $currDirNameRegexpr for a more secure
handling of file- and directorynames (now PHP 3.0.9 is required!)
moved the outer table in folder-view from source to template (allows more
moved the table around the description in large- and image-view from
source to template (allows more flexible layouts)
never show an empty folder list, if "startfrom" is bigger then the amount
If an non-image is viewed with pageType=image or pageType=large, a generic
will be displayed and link to the file.
added support for user-defined Content-Type with $httpContentType
fixed handling of magic_quotes_gpc to solve a bug with inverted commas in
file- and foldernames (bug pointed out by Werner and Samuel)
added new file-types for video and audio:
.swf, .flv, .rm, .divx, .wma, .ogg, .flac, .aac, .mpc, .mp+