Download Gallery 1.4.4-pl6

Gallery is a program for creating online photo albums. It is written in PHP and therefore platform independent, easy to install, easy to use and offers many possibilities. For example, there is the Photo Management option that can automatically create thumbnails, rotate and resize photos, for example. It is also possible to assign read and/or write permissions to the albums. The program can be used in different languages ​​by adding so-called language packs†

The sixth patch level of version 1.4.4 has just been released and it fixes a bug related to do_command XSS which should have been fixed in the fifth patch level. The release notes show the following changes since the last entry in the junk tracker:

1.4.4-pl6 Release

• Fix: Incorrectly aligned parens render the do_command XSS fix useless

1.4.4-pl5 Release

• Fix: PHP5 added to setup/.htaccess
• Fix: ImageMagick 6.0 auto-detection
• Fix: missing “global $gallery;” in AlbumDB could cause warning messages on PHP5
• Fix: Correct unsanitized user input

1.4.4-pl4 release

• Fix: Adding $GLOBALS to the scrubList turned out to be… paranoia, basically. GLOBALS is always a recursive array, and always ended up being scrubbed.
• Fix: $photo was defined twice in view_photo.php. Second time it was relying on $GLOBALS and failed.

1.4.4-pl3 release

• Fix: Add GLOBALS to sensitiveList
• Fix: Security-related changes

1.4.4-pl2 release

• Fix: Also _SERVER[“HTTP_COOKIE”] in php info.
• Fix: Unset GRPC in phpinfo.php so that people don’t accidentally post confidential information to the forums
• Fix: Completion of the new long filename fix (variable name typo in b1)
• Fix: Incomplete merge of _GetStyleSheetLink caused failure to recognize non-.default filenames.
• Fix: The longfilename / disclosure issue was completely broken in way too many ways.

1.4.4-pl1 release

• Change: Extra error handling in Album::getHighlightTag Blind stab at the ‘incomplete delete and resize forms’ issue which appears to be failing inside getHighlightTag.
• Fix: Several minor fixes. Body text direction in poll_results, CSS file location from subdirs (tools), No files/All files in setup, stray binary char in setup, return to Gallery url in find_orphans, recursive slideshow in albums with no photos (only albums)
• Change: Addition of Bharat’s cache code – this is good, sooner rather than later.
• Fix: Missing echo on gallery_error in save_photos from b14
• Fix: Make doubly-sure that we’re setting mambo session vars when embedded, to prevent the ‘No info’ error.
• Fix: Added a setup option for “slowPhotoCount”. The accurate photo count on the Gallery index page was a much requested change, however it proved to be so slow on some machines/Galleries that this will disable it unless explicitly enabled by the user during setup. (Galleries with vast numbers of albums or images could take as long as 30 seconds to load the index, by user reports)
• Fix: Navigation bar width was dependant on whether images were resized or not… this caused albums where resize_size was off to have the table width set to 0.
• Fix: Extra-long filename prevention in save_photos.php, as well as verifying that the uploaded file is a valid image format before saving to the temp directory
• Fixed a typo in classes/Album.php (missing ‘)’)
• Fix: If ‘shutterfly’ is set, but not checked, unset it during the album upgrade. This caused shutterfly to appear even though it wasn’t really enabled.
• Change: Add copyright to modules.php
• Fix: Print fatal error message instead of obscure PHP error when userDB fails to init before we try and use it.
• Fix: numAccessibleItems was incorrectly checking isHiddenRecurse() for albums. It needed to just be isHidden()
• Fix: Prevent foreach() error from being displayed when previewing watermark previews.
• Fix: Logging into Gallery as a non-admin and then trying to reset the admin password failed. The logged in user was used and the resetadmin file was ignored
• Fix: Extract HTTP_POST_FILES in phpBB2’s modules.php
• Change: Remove modules.php.gz, add modules.php so that we can track code changes. There’s no real reason for it to be gziped.
• Fix: Correct the check_exec function which was being a little too liberal in its regex for exec. (shell_exec was incorrectly labeled as ‘exec’)
• Fix: Don’t display clickable dimensions for movies
• Fix: Stack the custom fields on top of each other – users were really displeased by the side-by-side view
• Change: edit_appearance needs to properly handle the empty variable without issuing any PHP notices/warnings
• Fix: Disabling ALL print services in edit_appearance (album properties) did not work.
• Fix: Removed short tags in classes/phpbb files
• Fix: The admin options on root albums were displaying inside the Mambo UI.
• Fix: view_comments would display albums without read permissions (user could not see anything except highlight image and album title)