Gallery 2.1 RC2a
I just noticed that the Gallery project has released RC 2of Gallery 2.1. This version finally includes support for hidden items (photos and albums which are not visible to guests browsing albums, but are accessible to guests if they know the direct URL of the item), and password-protected albums and photos. Both of these basic features are handy for sharing photos with a limited group of people, but not everyone.
The download was uneventful; I extracted the tarball over my existing 2.0 installation, as per the upgrade instructions. I then navigated to my gallery, and was greeted with an upgrade wizard.
After authenticating with the setup password, step 2 of the wizard is an environment check. There were no reds, but I did get some warnings:
Warning: Output buffering is enabled in your php by the outputbuffering parameter(s) in php.ini. Gallery can function with this setting - downloading files is even faster - but Gallery might be unable to serve large files (e.g. large videos) and run into the memory limit. Also, some features like the progress bars might not work correctly if output buffering is enabled unless iniset() is allowed.
and
Old files (3328)
These files are no longer part of Gallery. They probably won’t cause any problems but it is a good idea to remove them to keep your install clean. Gallery can’t remove these files for you, but you can download and run this script in your gallery2 directory to delete them for you.
I’m not sure why output buffering is enabled; I certainly don’t want my server output buffered, for just the reasons the warning mentions. The old files I’ll take care of later.
A quick edit of /usr/local/etc/php.ini:
output_buffering = Off
does the trick. Of course, apachectl restart to restart Apache is required before the changes kick in.
In the next step, the updater was unable to write to config.php; this is not a surprise, as I chmoded it after the initial setup. I’ll put it back to chmod 0666 just for the upgrade.
Step 3 went fine; putting config.php back to chmod 0444.
In Step 4 I elected to upgrade all installed modules to whatever the latest versions are. Apart from a warning that “ImageMagick module needs configuration”, all module upgrades were green.
That was it. All the other steps were without incident. The final upgrade screen said to go to the site admin to upgrade any other modules; I’ll have a look there to see if anything needs to happen…
The only module with an ‘upgrade’ link is ‘ImageMagick’. I clicked ‘upgrade’ and got ‘Successfully upgraded module ImageMagick’; too easy.
Next, I installed and activated the Hidden Items and Password Items modules, the availability of which is the only reason I upgraded at all. Once these modules were activated, I could use the Edit Item function on my albums and photos, and find two new sections: one with a check box to make the item hidden, and one with password boxes to set a password to view the item. Outstanding!
The hidden feature works flawlessly. The password feature has one gotcha that I can see: if the guest user does not have permission to view an item, then the password prompt just continuously reappears, without any indication of the problem. It could be argued that this is a security feature and not a bug, but I think a minor security tradeoff would be worth the usability boost. Oh well.
It seems the ImageMagick module is broken, as it shows up with a red circle w/ a line through it. Upon further investigation, it’s disabled itself because the version of ImageMagick I have, 6.2.2, has a known security vuln. I’m trying to upgrade it via a FreeBSD package, but I can’t find one handy. The vuln is an infinite loop on an intentionally malformed image; since I trust everyone w/ image upload privs, and an infinite loop isn’t a serious compromise, I’ll override this security warning and force the module to use the vulnerable version.
It also seems as though the upgrade, when it purged the cache, killed the thumbnails, so I’m using the Maintenance function in the site admin tool to rebuild the thumbnail/resized copies of all the images. Now that I turned buffering off, this produces a meaningful progress bar, which is kind of novel.
Tags: gallery, Migrated from Drupal, tech diary