Gallery

A polished photo gallery for Convoro — organise images into albums and categories, with a fullscreen lightbox, drag-and-drop uploads, album covers and likes. Free first-party exten...

A polished photo gallery for Convoro — organise images into albums and categories, with a fullscreen lightbox, drag-and-drop uploads, album covers and likes. Free first-party extension.

AI security review

✓

Reviewed safe · 92/100

A standard server-rendered gallery extension with proper permission checks, parameterized queries via Eloquent, validated input, output escaping, and SSRF-safe image handling that restricts URLs to same-origin or relative paths. No RCE, eval, dynamic includes, shell exec, hardcoded credentials, or exfiltration observed.

low · Likes/category enumeration on findOrFail — Like and edit endpoints use findOrFail on integer IDs; access control is enforced via canEditAlbum/canManage. Minor: like endpoint lets any authenticated user like any image regardless of album privacy, which is expected behavior but not visibility-checked.
low · Manual HTML string concatenation for rendering — Pages are built by concatenating HTML strings rather than templating. Output is consistently passed through self::e() (htmlspecialchars) and image URLs through safeImage(), so no injection was found, but this pattern is fragile if future edits omit escaping.

Automated review of v1.0.0 by claude-opus-4-8 1 week ago. This is an automated signal to aid your judgment — not a guarantee.