trisweb.com

« archives

January 2007
S	M	T	W	T	F	S
« Dec		Feb »
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

recently

news from around the web

Microsoft is Dead - What do you know, he’s right. Old news, yes, but good to realize.
Kuler - A great color scheme sharing and searching site from Adobe.
Discussion thread from the original iPod announcement. - Just goes to show how much people underestimate the power of good design!
Customer Service - A great article at Joel on Software on why customer service is so important. He’s right!
The Last Question - If you’ve never read this, it’s quite possibly the best sci-fi story ever written. Short and sweet, and so beautiful and true.
How to pour ketchup from a full bottle - Someone showed me this at dinner last night and it really works. I was amazed.
365 Days of Skywatching - A free e-book that shows what you can see in the night sky every day this year.
Wordpress 2.0! - I’ll review it soon. It looks like an improvement so far!
Zenphoto beta - get it while it’s hot!
Mint - Looks like a very well made stats app.

» view all

daily reads

» more links

Archive for January 27th, 2007

Important Zenphoto 1.0.7 Release

Saturday, January 27th, 2007

Zenphoto 1.0.7 has been released tonight with one small change—an important security fix for a problem with upwards directory traversal using “..” as the album name. I’ve simply filtered it out (in two places) and it shouldn’t be a problem again. Thanks to nicosomb for reporting this on the forums.

Everyone using any previous version should upgrade as soon as possible, though no need to worry—there’s not much risk from this bug, only the possibility of seeing folder names (and nothing else) in your web site’s directories that are accessible to your user. No files can be opened, nor any applications exploited. But upgrade anyway

summer 2004