Gallery 3 Rant

The architecture of the K&K site is pretty simple – WordPress 3 as a CMS for blogging, page administration, and theme presentation, and Gallery 3 for photos and (soon) video. At the moment, I’m just loading Gallery 3 with a custom theme in an iframe on a photos page. I experimented with direct integration with WordPress (nightmare) and custom themes for Gallery (basically impossible due to the way their CSS loads).

Overall, I’m pretty happy with Gallery 3. It’s a huge improvement over Gallery 2, which I was using before, and which was virtually unusable for what I wanted (upload photos in batch retaining uncompressed full size images). Given that G3 is in RC1 stage, I was expecting some problems with the software. I was also expecting that the developers would be willing to work through those problems if they arose. So, when I discovered that entering quotes in any field led to escaped quotes (‘ or “) being inserted into the database, I opened a trouble ticket on their SourceForge page, and provided helpful instructions on how to fix the problem. The response that I got back was that they wouldn’t fix the problem, because

magic quotes have been depreciated as of PHP 5.3 so we won’t be putting any code in gallery3 to support it.

Okay, yes, that’s true, and no one who has control over their server should have PHP 5 running with magic_quotes_gpc on. However, not all of us have control over our servers, PHP 5.3 is pretty new (not even a year old as of this posting), so many hosts haven’t upgraded to it yet, and the average user isn’t going to know jack about magic_quotes_gpc or how to turn it off. Being able to write PHP code isn’t a prerequisite for using Gallery, because it is created to be as easy to use as possible.

Gallery 3 does include an .htaccess file with instructions to Apache to tell PHP to turn magic_quotes_gpc off, but if Apache-level PHP config is disabled by the server (such as when it is being run as CGI, as in the case of my server), this method doesn’t work. You’d think, at this point, that the Gallery team would include a bit of code to check if magic_quotes_gpc is actually off, and if not, either:

  1. run stripslashes() on global variables to fix the problem, or at the VERY least
  2. inform the user that they need to take steps to turn magic_quotes_gpc off.

Since they do neither of these, the user will end up inserting slashes into their database, and this is somehow the user’s “fault” for not tracking down magic_quotes_gpc on their own. The attitude of the developers on this issue is a clear disdain for any non-cutting-edge technology: They don’t support Apache 1, they don’t support earlier than the latest version of PHP, they don’t support magic_quotes_gpc, despite the fact that having magic quotes on was the default configuration in PHP up until 5.3.0, which (as I said) was released 06/30/2009, less than a year ago.

Now, there’s some blame to go around here – my host, 1&1, is somewhat notorious for being a slow adopter of technology. They are still on Apache 1, they were slow to adopt PHP5, they were slow to adopt mySQL5, and they are slow on the PHP updates. They also have magic_quotes_gpc turned on by default, and they are running PHP5 as a CGI module, instead of as an Apache module (which is the preferred configuration), so the .htaccess directives in Gallery 3’s distribution don’t work properly. Because of these issues, plus crappy support, plus cost, I’m strongly considering moving my websites to a different host.

That said, it should be the responsibility of the Gallery developers to inform the user when their server configuration doesn’t meet specs (if they require Apache 2, warn the user if they are running Apache 1, etc). Or, they could just make sure that their software works with magic_quotes_gpc on – to do so is about 10 lines of code. I’ve been escaping superglobals for years now. If we, as web developers, need to continue to design websites that work with older browsers, they should certainly design their software to work with older server software. Not all of us have the knowledge, ability, or resources to manage our own servers with root access.

Given my configuration settings, the solution to my problem was to override the magic quotes setting using php.ini files. I say files and not file, because php.ini doesn’t cascade – it only affects the CWD. Therefore, I needed to put a php.ini file disabling magic quotes in every directory that contained php files in my Gallery installation. There are 108. Plus, any time I would upgrade Gallery, there’s a strong likelihood that these folders would get replaced, added to, changed, etc – so I would need to check the existence of php.ini files every time I ran an upgrade. Since I do happen to know what I’m doing with PHP, I wrote a PHP script to do this for me, which I will have to run at the end of every upgrade:

What’s worse, I had to plumb the database for backslash characters, and manually edit every entry that had them. This process was actually harder than I anticipated – apparently, when using the SQL LIKE clause, you have to double-escape your backslashes, like so:

Everything is all cleaned up now, but it’s going to require ongoing vigilance on my part to ensure that this problem stays fixed, because the Gallery team didn’t think it was important to support users that have magic_quotes_gpc turned on and can’t do anything about it, even at the .htaccess level. Hopefully the developers hear about this issue from other users and consider doing something more concrete about it in the future. In the meantime, I’m going to go shopping for new hosting companies.

Join the Conversation

1 Comment

  1. I agree 100%. I use goDaddy for a lot of my hosting, Gallery2 ran splendid on the server, but for some reason Gallery3 runs terribly slow. I am not sure why this is.

Leave a comment

Your email address will not be published. Required fields are marked *