Yapig Home Page
home | News | Documentation | Downloads | On-line Demo |

YaPiG Home Page - Yet Another PHP Image Gallery

YaPiG is a simple but powerful web album very useful for publishing your image galleries. It has a web-based admin tool, a very easy configuration, allows user to post coments and it has visit stats. It is written in PHP, uses the GD library for creating thumbnail images and it does not require to have any SQL data base installed in the web server.

New! You can see our On-line Demo or view the webs that use YaPiG. If you are using YaPiG and want to appear in this list, please, fill this form

Latest News

Yapig 0.95 Stable Released Mon, 04 Jul 2005 11:55:33 -0000 by

It has been long since the last Stable release. This new yapig is more or less the 0.94u but with some bugfixes and updates. All users of yapig are encouraged to update their versions. Some vulnerabilities have been published on security pages and might be used by malicious people. The main changes of this release are:

New Features
* Updated Exifier to version 1.5. Thanks to Sebastien.
* Added Polish translation (0.92b). Thanks to Kwachu (kwasimir).
* Updated Catal translation (0.92b). Thanks to Cai Roig Roca (cairoige @@@ tinet.org)
* Updated Italian translation (0.92b). Thanks to Lucio Benfante (benfy).
* Updated German translation. Thanks to Sven Schfer <pointer @@@ linux-blog.de>
* Updated French translation. Thanks to Sebastien <sebastieng @@@ pointbat.be>

Fixed Bugs
* Warning for set_timeout(#1230503).
* German locale file permisions problem. (#1230494)
* Page counter and page argument errors (#1182544)
* Vulnerability: Cross site scripting on add comment form (#1230491)
* Vulnerability: Save plain text login information in cookies (#1230491)
* Vulnerability: Arbitrary directory removal on upload.php (#1230491)
* Vulnerability: Extension checks on upload.php (#1230491)
* Vulnerability: Arbitrary file Inclusion global.php and last_gallery.php (#1230491)
* Vulnerability: Cross-site Scripting (#1230491)
* Vulnerability: Information disclosure in phid argument of view.php and slideshow.php (#1230491)
* Rotate Image thanks to Sebastian Muszynski <basti @@@ linkt.de>
* Link error in slideshow (#1173021)

You can download the file from:

Regards. Natasab.

Some vulnerabilities Have been discovered Fri, 10 Jun 2005 09:28:25 -0000 by

Well, in the world there are many people that has quite a lot free time (even they have time to take a look to yapig's source code!) and help us to live in a more safe computer software world. So some vulnerabilities have been discovered in yapig's code. You can take a look on them on:


Right now, there is no available patch. Lately, I'm quite busy so I hardly can take a look on these issues in a brief time. If you have time and enought knowledge, yapig users and me would appreciate a post on the patch section with the solution ;-). You can upload it on this URL:


Thank you. Juan (Natasab)

Problems uploading 0.94unstable File Sat, 19 Feb 2005 10:38:53 -0000 by

For some days the packaged version 0.94 was in reality 0.93 instead. If you donwloaded 0.94 recently and appears 0.93 as the script version you must download the script again.


Yapig 0.94u released! Sun, 06 Feb 2005 19:56:22 -0000 by

New Features:
* Updated Spanish Translation.
* Display some Exif information if available on the pic. Using exifier 1.4
* Slideshow. Thanks to Keith Nicholson (www.keithnicholson.net)
* Display current page and number of the image.
Fixed Bugs:
* SAFE MODE installation better explained.(#1070572)
* Security fix: now password protected galleries cannot change their
gallery thumbnail(#1056001)
* Resolved escaped \' and \&quot; on captions (#959969)
* Problems deleting files created with Yapig due to default server umask
* FINALLY FIXED JS Zoom stuff. Thanks to Christian Taepper fix! (#1025155)
* Stats dissapear due to concurrent access to text database files.


Patch for deleting yapig datafiles Mon, 31 Jan 2005 19:43:56 -0000 by

There is a bug that makes files created by yapig impossible to delete via ftp or ssh. This is because of the default user mask of the user running PHP. It is already solved on the CVS version, but for users that have 0.93u (latest) or previous, there is a patch on:


CVS running again! Sun, 07 Nov 2004 21:13:04 -0000 by

It's has been ages since I could update the CVS. Since 0.93 it is running again, I will try to keep it up to date. The module that will be with the last version will be yapig (all lowercase). There are other modules on the CVS, but forget them.

Yapig 0.93 unstable released Sat, 16 Oct 2004 22:16:31 -0000 by

After a long time we come back with a new release. This time many bugs have been fixed and has some little new features. Here is the changelog:

New Features:
* Added Slovak translation (0.92). Thanks to Andrej Zatko
* Added Norwegiam translation (0.92). Thanks to Bernt Egil Berntzen (zenmed)
* Added Japanese translation (0.92). Thanks to Tadashi Jokagi (elf2000)
* Added Finnish translation (0.92). Thanks to Miikka Mttl (mixxu)
* Added Hungarian translation (0.92). Thanks to Greg J. (greggood)
* Added Romanian translation (0.92). Thanks to Mat (kamikadzee)
* Added Galician language translation (0.92). Thanks to Rashgaroc (http://surf.to/rashgaroc )
* Updated Swedish language (0.92). Thanks to Jasmin Z.
* Updated Czech translation (0.92). Thanks to Jiri Cincura.
* last_gallery.php. Now you can display the last gallery you added in other pages
* User Interface (admin not yet) validated using XHTML Strict.
* W3C validator Valid CSS.
* Auto select browser language.
* Auto select language charset.
* index.html with redirections instead of blank files.
* Added posibility to have multiple columns in gallery index (config.php)
* Added allow configure multiple admin accounts (config.php)
* Some little JavaScript checks on user comments.
* Admin can order index of galleries using Yapig's web-admin.
* Email notification when a new comment is posted.
* Added security advices after install.

Fixed Bugs
* Minor changes in INSTALL file.
* Filter HTML on comments avoiding cross site scripting.(#1017552)
* Error in a link of modify_phid.php (#970184)
* Solved problem when logging IP and browser.
* Updated English Strings. Thanks to Jazmin Z for his corrections.(#965224)
* Error in Zoom JavaScript (#982335)
* Zoom JavaScript exit() removed.(#960191)
* Long strings in comments are wrapped. (#934441)
* Now MAX_IMG_SIZE on config.php works ok
* Changed Description: 0 when images did not have a caption
* Now thumbnails of images with rare names are shown on modify_phid (#950739)
* Removed '/' after $BASE_DIR on safe mode install (#948861)
* Automatically adds '/' on $SECURE_DIR when safe mode On (#936163)
* On view.php an H1 heading was printed before the HTML element (#999391)
* Corrected width x height on phid_info.php (#945894)
* Now email field on comment form length is 40 (#945894)
* Removed throw error during install if could not touch index.html(#937795)

Norwegian and Slovak translations available. Fri, 03 Sep 2004 09:17:04 -0000 by

We have available two new translations thanks to Bernt Egil Berntzen (zenmed) and Andrej Zatko. You can get them from the patch pages:
Slovak (lang-id = sk)

Remember you must update your yapig to version 0.92.2 (due to security bugs)

Heavy security bug! PHP insertion vulnerability Sun, 29 Aug 2004 20:52:44 -0000 by

During August Acidbits found a PHP insertion vulnerability, he sent me an email, post a bug (http://sourceforge.net/tracker/index.php?func=detail&aid=1007246&group_id=93674&atid=605076) and added a report on security pages such as SecurityFocus (http://securityfocus.com/bid/10891). I have been on holidays so I couldn't release a patched version before.

This is a heavy security bug, so users with versions previous to 0.92.2 must update their Yapig. There is an Exploit available so even script kiddies can play.

You can download the latest release from: http://prdownloads.sourceforge.net/yapig/yapig-092.2b.tar.gz?download

If you already have the 0.92b, you can download the new version and just replace functions.php and add_comment.php files with the new ones.

Thank you Acidbits.

PS: Soon there will be a new release with many fixes and some new features.

Japanese translation added! Thu, 05 Aug 2004 23:08:51 -0000 by

Thanks to Tadashi Jokagi (elf2000) it is available the japanese translation of yapig.

You can donwload it from:

lang-id: jp

RSS powered by Magpie RSS parser

© YaPIG :: http://yapig.sourceforge.net # natasab@users.sourceforge.net