Hi,
I already announced the optimizations of TWG. I have now added the following stuff to the final version:
New: Bookmarkable/reloadable urls are now available even with ajax and flash navigation. The image number is now added to the url with a hash. See http://blog.mgm-tp.com/2011/10/must-know-url-hashtechniques-for-ajax-applications/
Security Fix: At the i_optionen.php all parameters where checked but after a detection of an XXS attack the script was not stopped like in the index.php. I have added this there too and now the Attacker gets a message displayed.
Security Fix: If you are logged in in the administration you could submit forms/requests that where the input was not checked. Now it is done like in the gallery itself. This is a minor issue because if you have access to the TWG administration you can use the TWGExplorer to do anything anyway…
Security Fix: All forms (site and administration) are now protected against CSRF attacks: See http://en.wikipedia.org/wiki/Cross-site_request_forgery.
Get this version on the download page: http://www.tinywebgallery.com/en/download.php
Have fun using TWG,
Michael