Home

Moa

An easy to use open source web
image gallery for PHP/MySQL
username: admin
password: admin
Moa 1.2.0a released [Friday, 28 August 2009 10:20] E-mail
Written by Dan Brown   

This is a quick bugfix release to fix the following holes found by the security community -

Two of the three only took effect if you had PHP register_globals turned on which is against the PHP defaults nowdays and unlikely to be needed by anything. The third was an SQL injection vulnerability which had very limited scope to do anything malicious as the results are not echoed anywhere on the screen. It was limited to selecting data and not inserting or adding anything. It is our belief that all three exploits are fairly low risk, however you should upgrade to 1.2.0a to remove the chances of anything happening. We have also patched a number of similar routes that could be used to exploit the same behaviour.

 

If anyone finds any new problems, fell free to let us know. I can be contacted at This e-mail address is being protected from spambots. You need JavaScript enabled to view it

 

The new downloads are -

Just upload over the top of 1.2.0, no upgrade needed. If you have a previous version of Moa just upload and follow the update link. No new features are added from the default 1.2.0 install, this is purely a security release.
Last Updated on Wednesday, 09 September 2009 22:06
 
Security exploits [Thursday, 27 August 2009 23:00] E-mail

We have been informed of 3 vulnerabilities in Moa that have surfaced within the last 2-3 days. These could allow malicious people to get access to files or alter the database.

 

We have been working on fixes and have 2 of the exploits plugged. We are working on the third now, but as we need to test the fixes thouroughly before releasing them as they may break other things. Unfortunately we are both working tomorrow so it is likely to be Friday night or Saturday morning before we get this patch released. We are working on it though. I have taken the demo offline until we get fixes in place as this is the most public moa site.

 

Thanks to the security community at large for submitting these exploits, it is much appreciated and we have fixed several other gaps we found as well.

Last Updated on Thursday, 27 August 2009 23:17
 
Moa 1.2.0 Released E-mail

At last, 1.2.0 is out!

As well as putting in full template support, we took the time to make the HTML/CSS code much nicer. Gone are the nasty old table-based layouts, replaced by (mostly) semantically correct, maintainable and fairly clean markup. IE6 support is still lacking a bit but it does work and should be back  before long. We would love to drop it completely but galleries are something that may be viewed at work and sadly IE6 is still being forced on people there.

We are working on a template writing pack to be relased shortly which will help anyone that wants to create their own. You will need to know real HTML and CSS - this will not work in page builders such as Dreamweaver (although they could be used to help) as we use fragments of code rather than a full page at a time.

Also new are some navigation links on the image pages to go forward and back in the current gallery and view them full sized and a few speedups.

Let us know what you think of the new templates in the comments below or by email via the links on the sourceforge project page (click the sf logo at the top).

Lastly, we have decided to change the release system a bit from here on. Rather than big 1.x releases every few months we are aiming for 1.x.y releases ever few weeks. This lets new features out faster and keeps us on our toes...

Release notes are here.

Last Updated on Tuesday, 21 July 2009 23:35
 
Moa 1.1 released [Tuesday, 31 March 2009 09:34]

The rewrite is over and version 1.1 is out!

 

While this was mostly re-organizing the code there have been a few new features which can be seen in the release notes here.

 

Now we can start working on proper new features for 1.2. The first main one is the template system.

 
Moa 1.0 released [Thursday, 29 January 2009 02:15]

Finally we have released the proper version of 1.0. Adding unicode support took a lot longer than we thought. 

 

You can download it here.

 

Still need to add a bit more stuff to this site, including the new (basic) docs

 

Lots of new stuff planned as we work towards 1.1. Major code tidy-up, new upload and refined tagging system mainly. We have split the planned 1.1 features into 2 versions now to avoid being stuck without a new release for too long. So Templates have been bumped to 1.2 unfortunately. But as they need the code changes we do need to do that bit first. And as the upload/tag bits involve replacing the current sections it makes more sense to do them at the same time.

 
More Articles...
«StartPrev1234NextEnd»

Page 3 of 4
Powered by Joomla!. Valid XHTML and CSS.