Version 1.5.0 ============= Hello Users, I received a vulnerability report from SecWatch today, which describes two Cross-Site Scripting and a Information Disclosure Vulnerabilities. The rating from SecWatch is "less critical", but I encourage everyone to upgrade to this new version, which not only fixes the described vulnerabilities but also contains some improvements and minor bugfixes as well. If you would like to stay with your version of Mig, please make sure that you include the changes by the anonymous bug-reporter from SecWatch. Have a look at the link in the Changelog (see below) for details. Please note, that the template-handling has changed a bit to make the layout more customizable. So if you use customized templates, make sure you'll include the changes. I am very sorry for the awkwardness this may cause to you! Boris Links ----- Download: https://mig.wcht.de/downloads/mig-1.5.0/mig-1.5.0.tar.gz CVE: https://nvd.nist.gov/vuln/detail/CVE-2005-2603 Changelog --------- Security merged fixes from "SecWatch 13/08/2005 - Mig Remote Cross-Site Scripting and Information Disclosure Vulnerabilities", see http://secwatch.org/advisories/secwatch/20050813_Mig.txt introduce $imageFilenameRegexpr and $currDirNameRegexpr for a more secure handling of file- and directorynames (now PHP 3.0.9 is required!) Improvements various XHTML-compatiblity-fixes moved the outer table in folder-view from source to template (allows more flexible layouts) moved the table around the description in large- and image-view from source to template (allows more flexible layouts) never show an empty folder list, if "startfrom" is bigger then the amount of pages If an non-image is viewed with pageType=image or pageType=large, a generic will be displayed and link to the file. added support for user-defined Content-Type with $httpContentType fixed handling of magic_quotes_gpc to solve a bug with inverted commas in file- and foldernames (bug pointed out by Werner and Samuel) added new file-types for video and audio: .swf, .flv, .rm, .divx, .wma, .ogg, .flac, .aac, .mpc, .mp+