Thursday, October 2, 2008

Gallery Server Pro Version 2.1.3196 Released

Yesterday I released several bug fixes for Gallery Server Pro and updated a couple third party components. Instructions for installing and upgrading can be found in the Administrator’s Guide.

The most important fix was to address a problem with video and audio not playing in the Silverlight plug-in. When I released the Silverlight feature in August, I had tested it extensively on my internal network and, with the exception of some issues with Firefox 3, it worked great. However, after the release it became apparent that the plug-in did not work in many situations. A blue box would appear, indicating that the Silverlight control was instantiated, but the video never started.

In Gallery Server Pro, all media files – photos, video, etc – are served through an ASHX handler. This provides added security and fine tuned control over how the media is streamed to the browser. Unfortunately, the Silverlight plug-in is not behaving well with the handler, and as best I can tell the issue is with Silverlight and not the handler (when in doubt, blame the other guy, right?).

The browser requires Silverlight 1.0 or higher, but I am using javascript and a player that is distributed with the Silverlight 2.0 Beta 2 Developer Tools. When Silverlight 2.0 goes gold, I will get the latest files and try again. If it still doesn’t work, I’ll contact Microsoft for some assistance.

Meanwhile, there is an easy workaround that is implemented in this release – link directly to the media file instead of using the handler. The way to do this is to open ~/config/galleryserverpro.config and replace {MediaObjectUrl} with {MediaObjectAbsoluteUrlNoHandler} for each of the templates where Silverlight is specified (there are four). If you need more help, there are additional directions in the upgrade section in the Admin Guide. If your media objects directory is outside the Gallery Server Pro web application, you must use {MediaObjectRelativeUrlNoHandler} instead.

You may be wondering about my statement that the ASHX handler provides additional security. When you don’t use the handler, your users can view the HTML source and see something like this:

mediaSource:http://www.galleryserverpro.com/gsdemo-mediaobjects/Videos/3StrikesChipmunk_56.wmv

Anyone can copy this URL and use it to access your video any time they want. IIS happily serves the video without checking with ASP.NET (and the Gallery Server Pro user security model) to make sure the user is allowed to see it. I should note that there is a new feature in IIS 7 where you can restrict access to static files like wmv, but this feature does not provide access to the Gallery Server role/user security so it is not a viable solution.

If you are allowing anonymous users access to your gallery, then you don’t have anything to worry about, because you are not trying to restrict them anyway. I say this more as an FYI to those of you who lock down the gallery to restrict access to only logged-on users. And even then an anonymous user can get at your video only if they can guess the URL.

The Silverlight plug-in still does not reliably work in Firefox 3. Sometimes it plays the video; sometimes it doesn’t. Due to the intermittent nature it may be some kind of javascript timing issue. Microsoft has stated they will offer full support with the 2.0 release. I will keep an eye on this and release updated code as soon as I can.

This release also includes an updated version of the SQLite dll and the just-released 2008.2 ComponentArt Web.UI release. Gallery Server Pro uses many of the CA controls for enhanced UI functionality, including uploading files, the menu, tabs, and grids. Unfortunately, the new release still doesn’t fix an issue where the Add objects page becomes unusable after an upload is aborted, either through clicking Cancel during an upload or after the Upload control aborts an upload because the file exceeds the maximum limit. I am working with them to get a fix.

Below is the full list of bug fixes. If you are bored, you can read a detailed report of the bug fixes.

  • Silverlight media does not play with ASHX handler
  • Silverlight media not playing when %2b is in URL query string
  • Media objects are added in reverse order
  • Hard coded English text in web pages
  • Width and height properties not updated when small images are rotated
  • SQLite provider does not delete related data
  • Incorrect SQL in SQLiteProfileProvider
  • Records associated with anonymous users are not removed
  • SQLite DataReader closes connection during transaction
  • Web.config has <machineKey ...> element
  • Error occurs when creating an album with an empty name
  • Calendar popup appears behind edit album dialog
  • User is allowed to add an empty external object
  • SQL Server password accidentally set to encrypted
  • Invalid password attempt count too low
  • Null reference exception when session and profile are null

No comments: