News

Important Zenphoto 1.0.7 Release

Zenphoto 1.0.7 has been released tonight with one small change — an important security fix for a problem with upwards directory traversal using “..” as the album name. I’ve simply filtered it out (in two places) and it shouldn’t be a problem again. Thanks to nicosomb for reporting this on the forums.

Everyone using any previous version should upgrade as soon as possible, though no need to worry — there’s not much risk from this bug, only the possibility of seeing folder names (and nothing else) in your web site’s directories that are accessible to your user. No files can be opened, nor any applications exploited. But upgrade anyway :-)

More on zenphoto to come.

 

Zenphoto 1.0.7

  • Large security bug patched; thanks to nicosomb for reporting it. [trisweb]
  • No other changes.

 

ZP 1.0.6

Following the mantra “Release early, release often” I’ve followed up 1.0.5 with (logically enough) 1.0.6! This release is small, but includes some good fixes for sorting, so I’m sure you want to upgrade!

On another note, I’ll be migrating to a VPS (“practically my own server”) hosting plan sometime this holiday season, so you might see some downtime, but probably not. Since I’m in no rush this time, the switch should be seamless. No rush also meant I could search and research (search again) all I wanted, and I believe I found a really great hosting company to stick with. One good sign is that they’re currently sold out, expecting more servers this week (so they don’t oversell, which is a Good Thing). After I get it set up, I’ll re-install Confluence and JIRA and Zenphoto will have its bug tracker and Wiki back up!

Go download 1.0.6! Install it! It’s easy!

 

Zenphoto 1.0.6

  • Bug: image sorting within albums fixed (getImageId() not found error). [trisweb]
  • Bug: image dimensions are now cached in the database again (no functional difference, but much faster). [trisweb]
  • Changed the default RewriteBase in .htaccess to /zenphoto to correspond with the default folder in the package. [trisweb]
  • Now detects changed images and reprocesses them if the cached versions are old. [trisweb]
  • When an image cannot be found/loaded, an error image is shown instead of no image (passing i.php?...&debug disables this and shows the error output) [trisweb]
  • Other minor bugfixes and code cleanups.

Zenphoto 1.0.5 Released

Just in case you don’t check the home page or forums, zenphoto 1.0.5 has been released with a ton of fixes (since 1.0.3). 1.0.5 was a quick fix for an overlooked little problem, all the real meat was in 1.0.4.

Big changes include:

  • Performance Improvements — lazy evaluation and some smart algorithms to sort the image array out of the database contribute to up to 12 times faster page processing in albums with lots of images.
  • Database Generalization — all data storage has been abstracted to a PersistentObject class, which the Image and Album classes inherit from. This reduces specific database calls, groups them together, and allows for easy addition of new classes and new database systems later on. This is a Good Thing.
  • New Themes included — I’ve included three new themes with the default release: Default Dark, Stoppeddesign, and Sterile. More choices! Yay.

The other big (...)

Zenphoto 1.0.5

  • 1.0.4 was littered with PHP short tags by accident (an SVN reversion somehow happened), now fixed. [trisweb]
  • No other changes.

Relevant links:

  • trisweb.com - Zenphoto 1.0.5 Released

 

Zenphoto 1.0.4

  • Backend performance improvements! Zenphoto is now up to 10 times faster at rendering album and image pages with extremely large albums, and at least three times as fast for moderately-sized ones. [trisweb]
  • Fixed bug where clicking the album or gallery in the breadcrumb would always go to page 1 [trisweb]
  • Fixed a bug with database constraint naming conflicts with multiple installations [trisweb]
  • Added an ini_set to try to adjust PHP's memory limit (may allow for larger images to be processed). [trisweb]
  • Better and more secure comment input filtering from the kses library. [Niels Leehneer]
  • Database access code abstracted and refactored. All (most) queries are now generalized through a new database class: PersistentObject. [trisweb]
  • Bugfixes in saving of "Place" field - formerly overwrote the title (oops) [trisweb]
  • Sub-albums half implemented (for TESTING ONLY). Use the Sub-Albums Test Theme to try (...)

Zenphoto 1.0.3 Released!

Ahh the smell of fresh code in the morning…

Just released zp 1.0.3. It’s got lots of new features and about a million bugfixes, so defininitely upgrade soon if you can. Get it at zenphoto.org as usual.

The coolest part of this release is a huge rework of i.php, the image processor. While it used to only have some limited resizing options (longest side, width, or cropped thumbnail), now it does anything you darn well want it to. You can specify exact width and height and crop dimensions and position. As of now, it’s kinda hard to formulate the input URLs for everyday use, but plugin authors and theme developers should find the new options pretty much awesome. If you want to (...)

Zenphoto 1.0.3 beta

  • Added more image size options to i.php (custom sizes and crops) [trisweb]
  • Added ability to get image size/orientation from a theme (see documentation) [trisweb]
  • Width and height attributes now filled in theme images (page loading looks much better) [trisweb]
  • Changed name of a function that conflicts with WordPress (is_valid_email) [trisweb]
  • Special characters in file and folder names should now work (with or without mod_rewrite) [trisweb]
  • Fixed several critical vulnerabilities and security issues. [trisweb]
  • Support for UTF-8 and any other desired character set added. [Niels Leehneer]
  • Added way for themes to have custom pages. Use index.php?p=page in your theme for access to /themes/yourtheme/page.php [trisweb]
  • Many other bugs fixed: View All

 

New Zenphoto Wiki and Bugtracker

I’m pleased to announce two new additions to the Zenphoto community:

The Zenphoto Wiki (wiki.zenphoto.org)

The Zenphoto Bugtracker (bugs.zenphoto.org)

If you use zenphoto, and especially if you develop themes or plugins, we’d love to have you help out with documentation, support, bug-catching… anything you can find time for. Also, we’ve officially cut our ties with berlios, so you don’t ever need to go back there.

So make some accounts and have fun!