, the well known Flash image viewing application has finally got it's Gallery 2 companion.
"alecmyers" has made a Gallery 2 plugin available that enables you to put up Simpleviewer as a front-end to a Gallery 2 album. Finally you can combine the back end features of Gallery 2 management, with the stylish presentation Simpleviewer offers.
The plugin is still in active development, and has not really been officially released yet, but you can find details and download information in the following forum thread.
If you want to have a quick look at how it works, check out my test install.
on Wordpress security. Very interesting read, and Stefan has some very valid points in regard to how issues are being adressed.
I would like to highlight two of the key points made in the interview:
If I recall correctly, the phpBB guys at one point used their collected money and payed a security company to audit the software. I strongly suggest that the WordPress guys do the same. I am quite sure that there are still several vulnearabilities in WordPress. The free audits that they get from people releasing advisories will never cover the whole code base.
One should think that given the success of wordpress.com, doing external revisions like this should be within reach for the Wordpress codebase as well. Of course, this would not extend to third party plugins and themes, but having someone not associated with the product review the core code for security issues would be a very good idea (tm).
I am very glad that Gallery 2 hires third party security experts to do code reviews for each of the major releases. It really does make me sleep a little bit better at night, and the Gallery 2 security track record has been very good due to this and it's great developers.
I would actually do two things:
1. Switch off the SQL error messages, because they give far too much information to potential attackers.
2. Ensure that the default SQL tableprefix is not chosen during installation.
This also makes a lot of sense. Not showing error messages to random browsers should be a priority. Error messages often display more information than any user should need to see, and having error messages shown is often a way for attackers to figure out a way to break into the system. Randomizing the SQL tableprefix would indeed make it a bit harder to try and inject data, but at the same time it wouldn't stop anyone from inserting data into the database if they have access to the installation. After all, the prefix needs to be stored somewhere and in such a manner that the application knows about it.
Gallery 2.2.2 is now available for download. As a minor stability release it adds no new features and includes bug fixes only.
Over 30 bugs have been fixed in this stability release. Some highlights are:
* Fixed WebDAV for OS X / GNOME clients - Items are now recognized as images * Fixed fallback theme / theme reset functionality * Fixed PHP error in fetchWebPage() on too many redirects * Fixed rewrite rule for embedded core.DownloadItem * Fixed Upgrade Code for IBM DB2 / MS SQL Server
Before you read this, please note that these are my own personal thoughts and wishes, not an offical post from the Gallery team.
There are a couple of things I, personally, would love to see happen with Gallery 2:
Akismet Plugin
We all know spam sucks, and Akismet does a great job moderating comments for lots of different web applications. Gallery 2 could really benefit from the same service.
Flock Support Flock natively supports several online solutions, how cool would it be if you could also post your photos to your Gallery 2 installation directly? This seems like a feature more people than me are looking for, and I'm sure some Flockstar out there has the capability of making it happen? After all, both Gallery 2 and Flock has pretty open APIs. Of course, a FireFox plugin would be great too, but that falls into the same category doesn't it?
Scheduled publication
I would love to see a Gallery 2 module that lets you scheduled publication of items, as well as scheduled removal. Most useful in photoblog situations I think, but it's a feature I would like to be able to use on my photoblog. I love automated things.
Improved RSS module
Gallery 2 has a pretty good RSS module, but it could use an overhaul to make it a bit simpler to use. As far as I'm concerned the current module has to many options, and is to difficult to set up. After all, most users only need a site feed, an album feed, and a comment feed. Right?
So, if anyone has the know-how, dedication and free time available (very likely, I know), I would be eternally grateful if someone decided to tackle one or more of these challenged.
I'm sure a lot of people want to add the new Google Analytics website tracker to their Gallery 2 installs. It's a pretty straight forward edition to make, but I'll outline it here.
1. Copy /gallery2/themes/matrix/templates/theme.tpl into a new directory under templates/ called local. The new copy should now reside in /gallery2/themes/matrix/templates/local/theme.tpl This makes Gallery 2 use the copy in templates/local/instead of the default one in templates/ and doing this ensures that any changes you have made will survive an update (either via a new Gallery 2 release or a cvs update). 2. Find the following:
{* Include this theme's style sheet *}
3. Insert the Google Analytics javascript somewhere between and like this:
{* Include this theme's style sheet *}
4. Remember to change the _uacct = "UA-xxxxx-x"; to your actual Analytics tracker ID. 5. Watch Google Analyzer give you statistics nirvana