Mig - "My Image Gallery"

Index of /downloads/mig-1.5.0/

[ICO] Name Last modified Size
Parent directory -
README 2005-08-15 2.04K
mig-1.5.0.tar.gz 2005-08-15 171.81K
Version 1.5.0
=============

Hello Users,

I received a vulnerability report from SecWatch today, which describes two
Cross-Site Scripting and a Information Disclosure Vulnerabilities. The rating
from SecWatch is "less critical", but I encourage everyone to upgrade to this
new version, which not only fixes the described vulnerabilities but also
contains some improvements and minor bugfixes as well.

I you would like to stay with your version of Mig, please make shure that you
include the changes by the anonymous bug-reporter from SecWatch. Have a look
at the link in the Changelog (see below) for details.

Please note, that the template-handling has changed a bit to make the layout
more customizeable. So if you use customized templates, make shure you'll
include the changes.

I am very sorry for the awkwardness this may cause to you!

Boris


Download
--------

* https://mig.wcht.de/downloads/mig-1.5.0/mig-1.5.0.tar.gz


Changelog
---------

 Security
  merged fixes from "SecWatch 13/08/2005 - Mig Remote Cross-Site Scripting
  and Information Disclosure Vulnerabilities", see
  http://secwatch.org/advisories/secwatch/20050813_Mig.txt

  introduce $imageFilenameRegexpr and $currDirNameRegexpr for a more secure
  handling of file- and directorynames (now PHP 3.0.9 is required!)

 Improvements
  various XHTML-compatiblity-fixes

  moved the outer table in folder-view from source to template (allows more
  flexible layouts)

  moved the table around the description in large- and image-view from
  source to template (allows more flexible layouts)

  never show an empty folder list, if "startfrom" is bigger then the amount
  of pages
  
  If an non-image is viewed with pageType=image or pageType=large, a generic
  will be displayed and link to the file.

  added support for user-defined Content-Type with $httpContentType

  fixed handling of magic_quotes_gpc to solve a bug with inverted commas in
  file- and foldernames (bug pointed out by Werner and Samuel)

  added new file-types for video and audio:
  .swf, .flv, .rm, .divx, .wma, .ogg, .flac, .aac, .mpc, .mp+