YaPiG is a simple but powerful web album very useful for publishing your image galleries. It has a web-based admin tool, a very easy configuration, allows user to post coments and it has visit stats. It is written in PHP, uses the GD library for creating thumbnail images and it does not require to have any SQL data base installed in the web server.
It has been long since the last Stable release. This new yapig is more or less the 0.94u but with some bugfixes and updates. All users of yapig are encouraged to update their versions. Some vulnerabilities have been published on security pages and might be used by malicious people. The main changes of this release are:
* Updated Exifier to version 1.5. Thanks to Sebastien.
* Added Polish translation (0.92b). Thanks to Kwachu (kwasimir).
* Updated Catal translation (0.92b). Thanks to Cai Roig Roca (cairoige @@@ tinet.org)
* Updated Italian translation (0.92b). Thanks to Lucio Benfante (benfy).
* Updated German translation. Thanks to Sven Schfer <pointer @@@ linux-blog.de>
* Updated French translation. Thanks to Sebastien <sebastieng @@@ pointbat.be>
* Warning for set_timeout(#1230503).
* German locale file permisions problem. (#1230494)
* Page counter and page argument errors (#1182544)
* Vulnerability: Cross site scripting on add comment form (#1230491)
* Vulnerability: Save plain text login information in cookies (#1230491)
* Vulnerability: Arbitrary directory removal on upload.php (#1230491)
* Vulnerability: Extension checks on upload.php (#1230491)
* Vulnerability: Arbitrary file Inclusion global.php and last_gallery.php (#1230491)
* Vulnerability: Cross-site Scripting (#1230491)
* Vulnerability: Information disclosure in phid argument of view.php and slideshow.php (#1230491)
* Rotate Image thanks to Sebastian Muszynski <basti @@@ linkt.de>
* Link error in slideshow (#1173021)
You can download the file from:
Well, in the world there are many people that has quite a lot free time (even they have time to take a look to yapig's source code!) and help us to live in a more safe computer software world. So some vulnerabilities have been discovered in yapig's code. You can take a look on them on:
Right now, there is no available patch. Lately, I'm quite busy so I hardly can take a look on these issues in a brief time. If you have time and enought knowledge, yapig users and me would appreciate a post on the patch section with the solution ;-). You can upload it on this URL:
Thank you. Juan (Natasab)
For some days the packaged version 0.94 was in reality 0.93 instead. If you donwloaded 0.94 recently and appears 0.93 as the script version you must download the script again.
* Updated Spanish Translation.
* Display some Exif information if available on the pic. Using exifier 1.4
* Slideshow. Thanks to Keith Nicholson (www.keithnicholson.net)
* Display current page and number of the image.
* SAFE MODE installation better explained.(#1070572)
* Security fix: now password protected galleries cannot change their
* Resolved escaped \' and \" on captions (#959969)
* Problems deleting files created with Yapig due to default server umask
* FINALLY FIXED JS Zoom stuff. Thanks to Christian Taepper fix! (#1025155)
* Stats dissapear due to concurrent access to text database files.
There is a bug that makes files created by yapig impossible to delete via ftp or ssh. This is because of the default user mask of the user running PHP. It is already solved on the CVS version, but for users that have 0.93u (latest) or previous, there is a patch on:
It's has been ages since I could update the CVS. Since 0.93 it is running again, I will try to keep it up to date. The module that will be with the last version will be yapig (all lowercase). There are other modules on the CVS, but forget them.
After a long time we come back with a new release. This time many bugs have been fixed and has some little new features. Here is the changelog:
* Added Slovak translation (0.92). Thanks to Andrej Zatko
* Added Norwegiam translation (0.92). Thanks to Bernt Egil Berntzen (zenmed)
* Added Japanese translation (0.92). Thanks to Tadashi Jokagi (elf2000)
* Added Finnish translation (0.92). Thanks to Miikka Mttl (mixxu)
* Added Hungarian translation (0.92). Thanks to Greg J. (greggood)
* Added Romanian translation (0.92). Thanks to Mat (kamikadzee)
* Added Galician language translation (0.92). Thanks to Rashgaroc (http://surf.to/rashgaroc )
* Updated Swedish language (0.92). Thanks to Jasmin Z.
* Updated Czech translation (0.92). Thanks to Jiri Cincura.
* last_gallery.php. Now you can display the last gallery you added in other pages
* User Interface (admin not yet) validated using XHTML Strict.
* W3C validator Valid CSS.
* Auto select browser language.
* Auto select language charset.
* index.html with redirections instead of blank files.
* Added posibility to have multiple columns in gallery index (config.php)
* Added allow configure multiple admin accounts (config.php)
* Admin can order index of galleries using Yapig's web-admin.
* Email notification when a new comment is posted.
* Added security advices after install.
* Minor changes in INSTALL file.
* Filter HTML on comments avoiding cross site scripting.(#1017552)
* Error in a link of modify_phid.php (#970184)
* Solved problem when logging IP and browser.
* Updated English Strings. Thanks to Jazmin Z for his corrections.(#965224)
* Long strings in comments are wrapped. (#934441)
* Now MAX_IMG_SIZE on config.php works ok
* Changed Description: 0 when images did not have a caption
* Now thumbnails of images with rare names are shown on modify_phid (#950739)
* Removed '/' after $BASE_DIR on safe mode install (#948861)
* Automatically adds '/' on $SECURE_DIR when safe mode On (#936163)
* On view.php an H1 heading was printed before the HTML element (#999391)
* Corrected width x height on phid_info.php (#945894)
* Now email field on comment form length is 40 (#945894)
* Removed throw error during install if could not touch index.html(#937795)
We have available two new translations thanks to Bernt Egil Berntzen (zenmed) and Andrej Zatko. You can get them from the patch pages:
Slovak (lang-id = sk)
Remember you must update your yapig to version 0.92.2 (due to security bugs)
During August Acidbits found a PHP insertion vulnerability, he sent me an email, post a bug (http://sourceforge.net/tracker/index.php?func=detail&aid=1007246&group_id=93674&atid=605076) and added a report on security pages such as SecurityFocus (http://securityfocus.com/bid/10891). I have been on holidays so I couldn't release a patched version before.
This is a heavy security bug, so users with versions previous to 0.92.2 must update their Yapig. There is an Exploit available so even script kiddies can play.
You can download the latest release from: http://prdownloads.sourceforge.net/yapig/yapig-092.2b.tar.gz?download
If you already have the 0.92b, you can download the new version and just replace functions.php and add_comment.php files with the new ones.
Thank you Acidbits.
PS: Soon there will be a new release with many fixes and some new features.
Thanks to Tadashi Jokagi (elf2000) it is available the japanese translation of yapig.
You can donwload it from:
RSS powered by Magpie RSS parser