• Pixaria Gallery
• Gallery Features
• Gallery Demo

• AssetDeck
• AssetDeck Features
• AssetDeck Demo

• Further Info
• Tech Specs
• Requirements
• Get Web Hosting
• Sell Photos Online
• About Pixaria
• Privacy Statement
• E-mail Address

• Feeds
• Pixaria News
• Documentation
• Twitter

How to Get Technical Support

With the release of Pixaria Gallery 3, I've taken the opportunity to switch from the old PHPBB forum to a new help desk system powered by Zendesk that will make it faster and simpler to get technical support for Pixaria Gallery.

From Monday the 6th of December, all technical support enquiries should go through the Community Helpdesk and support requests sent to info@pixaria.com by e-mail will no longer be given priority treatment.

Security Patch Updated

Some users (mainly those running Pixaria Gallery on Windows servers) have reported problems with the security patch issued in response to a recent published remote file discovery exploit. For anyone who applied the patch and is having problems with large images not displaying, the file has been updated to fix the issue and can be downloaded here.

For any issues related to the patch, please email me at info@pixaria.com rather than posting in the forums as I check my e-mails far more regularly than the forum.

Security Vulnerability Fixed

Users have reported a security vulnerability in Pixaria which can be exploited if PHP's register_globals variable is turned on.

My current advice is for everyone to upgrade to the newly released version 1.4.3 or if that's not possible, to install this patched file: class.Smarty.php.zip into resources/includes on your current installation.

For reference, the installation documentation of Pixaria has been updated with information on how to prevent malicious access to Pixaria's 'include' and 'libraries' scripts as this can easily be prevented by creating a text file called .htaccess with the following text in it:

Order Deny,Allow 
Deny from all 

This file should then be uploaded to:

-/resources/incoming/
-/resources/library/
-/resources/includes/
-/resources/pixies/
-/resources/smarty/

To test whether this is working on your site, browse to these directories using your web browser like this:

http://www.mysite.com/pixaria/resources/includes/

You should get an error message and access denied warning.

PopPhoto Studio security update

PopPhoto Studio has been updated to patch a serious security vulnerability that could leave a server open to being compromised by malicious attackers by using a specially designed URL to include and execute remote PHP code.

Full details of the vulnerability are described in the Secunia security advisory SA SA20087 published on the 15th of May 2006.

The vulnerability only affects servers where the PHP configuration setting register_globals is turned on. PopPhoto does not require this value to be on and all users are advised to turn it off where possible in addition to applying the new security patch.

An updated version of PopPhoto (version 3.6.1) can be downloaded from the PopPhoto version history page which also provides details of the bug and a link to the file change log where you can see which file has been updated.

This security vulnerability is specific to PopPhoto Studio and does not affect Pixaria Gallery.