Author Topic: 4images 1.7.7  (Read 115492 times)

0 Members and 1 Guest are viewing this topic.

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.418
    • View Profile
    • 4images - Image Gallery Management System
4images 1.7.7
« on: May 14, 2009, 08:24:18 AM »
:flag-de: Die neue Version 4images 1.7.7 wurde veröffentlicht. Das Release bringt neue Funktionen sowie Detailverbesserungen und behebt einge kleine Fehler, sowie 2 sicherheitsrelativante Fehler.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.

:flag-en: The new version 4images 1.7.7 has been released. This release comes with lots of improvements and new features, bugfixes and minor changes.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".

Download:
http://www.4homepages.de/4images/download.php

Demo:
http://www.4homepages.de/4images/demo.php


Für Feedback zur 4images 1.7.7 Version bitte diesen Thread nutzen.

Please use this thread for feedback about the 4images 1.7.7 version.
« Last Edit: May 17, 2009, 05:14:01 PM by kai »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.418
    • View Profile
    • 4images - Image Gallery Management System
Re: 4images 1.7.7
« Reply #1 on: May 14, 2009, 08:57:00 AM »
=========================================================
ChangeLog Version 1.7.7
=========================================================
- Security fix for local inclusion vulnerability (http://www.4homepages.de/forum/index.php?topic=24526.0)
- Security Fix for XSS issue in member.php
- Fixed issue for search stop in english language (http://www.4homepages.de/forum/index.php?topic=24453.0)
- Fixed issue for accepting blank new password when changing password (http://www.4homepages.de/forum/index.php?topic=24503.0)
- Fixed incorrect text in additional fields in register.php (http://www.4homepages.de/forum/index.php?topic=19206.0)
- Fix for redirects on sites with non-standard port (http://www.4homepages.de/forum/index.php?topic=23081.0)
- Fix for losing IPTC data if converting images with ImageMagick
- Fixed issue with wrong Administrator joindate after installation of 4images
- Fixed issue Comments count not updated after user was deleted (http://www.4homepages.de/forum/index.php?topic=22606.0)
- Fix for additional user fields not being used for guests (http://www.4homepages.de/forum/index.php?topic=22727.0)
- Fix issue in top.php if the name of an image is an URL
- Fix for wrong message in ACP if image was not deleted from database (http://www.4homepages.de/forum/index.php?topic=23392.0)
- Fix for issue that redirects after login always to index.php (http://www.4homepages.de/forum/index.php?topic=22950)
- Fixed issue if users submits a non existing email address in the password forgotten form
- Fixed width of columns in detailed view (detail, EXIF, IPTC)
- Change of the displayed error information if the MySQL connection does not work
- Change from POST to GET in category dropdown
- Changed <link rel="stylesheet"...> in header.html template for being W3C valid
- Added favicon
- Added thumbnails to RSS-feed
- Added feature to sort categories
- Added more conditional tags (categories, details,index, member, postcards, register, search, top) for using {if index}...{if index} for homepage, {if details}...{endif details} for details.php page, etc.
- Added META-Tags in header.html template: robots, description, keywords, revisit-after, imagetoolbar.
- Added spanish language pack by default
- Added 2 new templates: 960 pixel width, 100 % width

Neue Dateien / New Files:
---------------------------------------
- Folder: lang/spanish/
- Folder: templates/default_960px/
- Folder: templates/default_full/
- favicon.ico

Geänderte Dateien / Changed Files:
---------------------------------------
global.php
install.php
member.php
top.php
admin/users.php
includes/constants.php
includes/db_mysql.php
includes/image_utils.php
includes/page_header.php
includes/sessions.php
lang/deutsch/admin.php
lang/deutsch/main.php
lang/english/admin.php
lang/english/stop_searchterms.txt renamed to /lang/english/search_stopterms.txt


Geänderte Templates / Changed Templates:
---------------------------------------
- header.html
- category_dropdown_form.html
- postcard_preview.html


Sprache / Language:
---------------------------------------
- admin.php
    geändert/edited: $lang['permissions_edit_success'] (lang/deutsch/admin.php only)
- main.php
    geändert/edited: $lang['activation_success'] (lang/deutsch/main.php only)

=========================================================

The changelog for all versions can be found here:
http://www.4homepages.de/forum/index.php?topic=15186.0
« Last Edit: May 14, 2009, 11:18:18 AM by kai »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.418
    • View Profile
    • 4images - Image Gallery Management System
Re: 4images 1.7.7
« Reply #2 on: May 15, 2009, 05:37:44 PM »
Here is a detailed list of what has been changed in the php files from 4images 1.7.6 -> 1.7.7.
(The best way for yourself to compare the code of files is to use Winmerge.)



admin/images.php

search for...
Code: [Select]
     $error_log[] = "<b>".$lang['image_delete_success']."</b> ".format_text($image_row['image_name'], 2)." (ID: ".$image_row['image_id'].")<br />";

and replace it by...
Code: [Select]
     $error_log[] = "<b>".$lang['image_delete_error']."</b> ".format_text($image_row['image_name'], 2)." (ID: ".$image_row['image_id'].")<br />";


admin/settings.php

search for...
Code: [Select]
function show_template_dir_select($setting_name, $setting_value) {
and insert above (before)...
Code: [Select]
function show_cat_order_select($setting_name, $setting_value) {
  global $cat_order_optionlist;
  echo "<select name=\"setting_item[".$setting_name."]\">";
  foreach ( $cat_order_optionlist as $k => $v ) {
    echo "<option value=\"".$k."\"";
    if ($setting_value == $k) {
      echo " selected=\"selected\"";
    }
    echo ">".$v."</option>\n";  
  }
  echo "</select>\n";
}

function show_cat_sort_select($setting_name, $setting_value) {
  global $cat_sort_optionlist;
  echo "<select name=\"setting_item[".$setting_name."]\">";
  foreach ( $cat_sort_optionlist as $k => $v ) {
    echo "<option value=\"".$k."\"";
    if ($setting_value == $k) {
      echo " selected=\"selected\"";
    }
    echo ">".$v."</option>\n";  
  }
  echo "</select>\n";
}


search for...
Code: [Select]
if ($action == "updatesettings") {
  $setting_item = $HTTP_POST_VARS['setting_item'];
  foreach ($setting_item as $key => $val) {
$val = trim($val);
    $sql = "UPDATE ".SETTINGS_TABLE."
            SET setting_value = '$val'
            WHERE setting_name = '$key'";
    $site_db->query($sql);
  }

and replace it by...
Code: [Select]
if ($action == "updatesettings") {
  $setting_item = $HTTP_POST_VARS['setting_item'];
  foreach ($setting_item as $key => $val) {
    $val = trim($val);
    
    $sql = "SELECT * FROM ".SETTINGS_TABLE." WHERE setting_name = '$key'";
    $res = $site_db->get_numrows($site_db->query($sql));

    if ( !$res > 0 ) {
        $sql = "INSERT INTO ".SETTINGS_TABLE." (setting_value, setting_name)
                VALUES ('$val', '$key');";
    } else {
        $sql = "UPDATE ".SETTINGS_TABLE."
                SET setting_value = '$val'
                WHERE setting_name = '$key'";    
    }
    
    $res = $site_db->query($sql);
  }


search for...
Code: [Select]
 show_table_separator($setting_group[2], 2, "setting_group_2");
  show_setting_row("cat_cells");

and replace it by...
Code: [Select]
 show_table_separator($setting_group[2], 2, "setting_group_2");
  show_setting_row("cat_order", "show_cat_order_select");
  show_setting_row("cat_sort", "show_cat_sort_select");
  show_setting_row("cat_cells");


admin/users.php

search for...
Code: [Select]
if ($delcomments) {
      $sql = "DELETE FROM ".COMMENTS_TABLE."
              WHERE user_id = $user_id";
      if ($site_db->query($sql)) {
        echo "&nbsp;&nbsp;".$lang['comments_delete_success']."<br />\n";
      }
      else {
        $error_log[] = $lang['comments_delete_error'].": ".format_text($user_name, 2);
      }
    }

and replace it by...
Code: [Select]
if ($delcomments) {
      $sql = "SELECT i.image_id, COUNT(c.comment_id) AS count
              FROM " . IMAGES_TABLE . " i
              LEFT JOIN " . COMMENTS_TABLE . " c ON c.image_id = i.image_id
              WHERE c.user_id = " . $user_id . "
              GROUP BY i.image_id";
      $result = $site_db->query($sql);
      while($row = $site_db->fetch_array($result))
      {
        $sql = "UPDATE " . IMAGES_TABLE . "
                SET image_comments = image_comments - " . $row['count'] ."
                WHERE image_id = " . $row['image_id'];
        $site_db->query($sql);
      }
      $sql = "DELETE FROM ".COMMENTS_TABLE."
              WHERE user_id = $user_id";
      if ($site_db->query($sql)) {
        echo "&nbsp;&nbsp;".$lang['comments_delete_success']."<br />\n";
      }
      else {
        $error_log[] = $lang['comments_delete_error'].": ".format_text($user_name, 2);
      }
    }
« Last Edit: June 19, 2009, 08:57:02 AM by V@no »
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.418
    • View Profile
    • 4images - Image Gallery Management System
Re: 4images 1.7.7
« Reply #3 on: May 15, 2009, 06:23:58 PM »
includes/constants.php

search for...
Code: [Select]
define('SCRIPT_VERSION', '1.7.6');

and replace it by...
Code: [Select]
define('SCRIPT_VERSION', '1.7.7');


includes/db_mysql.php

search for ...
Code: [Select]
    if (!$this->connection = $connect_handle($db_host, $db_user, $db_password)) {

and replace it by...
Code: [Select]
    if (!$this->connection = @$connect_handle($db_host, $db_user, $db_password)) {


includes/image_utils.php

search for ...
Code: [Select]
  $command = $convert_options['convert_path']." -quality ".$quality." -antialias -sample $width"."x"."$height \"$src\" \"$dest\"";

and replace it by...
Code: [Select]
  $command = $convert_options['convert_path']." -quality ".$quality." -antialias -geometry $width"."x"."$height -profile '*' -unsharp 0.5x1 \"$src\"  \"$dest\"";


includes/page_header.php

search for...
Code: [Select]
$site_template->register_vars(array(
  "media_url" => MEDIA_PATH,

and replace it by...
Code: [Select]
$file = get_included_files();
$file = get_file_name(basename($file[0]));
$list = array("categories", "details", "index", "member", "postcards", "register", "search", "top");
$array = array();
foreach ($list as $name)
{
  $array[$name] = ($name == $file);
}
$site_template->register_vars($array);

$site_template->register_vars(array(
  "home_url"  => ROOT_PATH,
  "media_url" => MEDIA_PATH,


includes/sessions.php

search for...
Code: [Select]
    global $site_db, $user_table_fields;

and replace it by...
Code: [Select]
    global $site_db, $user_table_fields, $additional_user_fields;


search for...
Code: [Select]
foreach ($user_table_fields as $key => $val) {
      if (isset($user_info[$val])) {
        $user_info[$key] = $user_info[$val];
      }
      elseif (!isset($user_info[$key])) {
        $user_info[$key] = "";
      }
    }
    return $user_info;
  }

and replace it by...
Code: [Select]
foreach ($user_table_fields as $key => $val) {
      if (isset($user_info[$val])) {
        $user_info[$key] = $user_info[$val];
      }
      elseif (!isset($user_info[$key])) {
        $user_info[$key] = "";
      }
    }
    foreach ($additional_user_fields as $key => $val)
    {
      if (!isset($user_info[$key]))
      {
        $user_info[$key] = "";
      }
    }
    return $user_info;
  }
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.418
    • View Profile
    • 4images - Image Gallery Management System
Re: 4images 1.7.7
« Reply #4 on: May 15, 2009, 06:36:25 PM »
in root directory:

categories.php

search for...
Code: [Select]
ob_start();

//-----------------------------------------------------

and insert thereafter...
Code: [Select]
//--- SEO variables -----------------------------------
//-----------------------------------------------------

$site_template->register_vars(array('prepend_head_title' => $cat_cache[$cat_id]['cat_name'] . " - "));


details.php

search for...
Code: [Select]
$image_allow_comments = (check_permission("auth_readcomment", $cat_id)) ? $image_row['image_allow_comments'] : 0;
$image_name = format_text($image_row['image_name'], 2);
show_image($image_row, $mode, 0, 1);

and insert thereafter...
Code: [Select]
    //--- SEO variables -------------------------------
   
    $meta_keywords  = !empty($image_row['image_keywords']) ? implode(", ", explode(" ", $image_row['image_keywords'])) : "";
    $meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " : "";
   
    $site_template->register_vars(array(
            "detail_meta_description"   => $meta_description,
            "detail_meta_keywords"      => $meta_keywords,
            "prepend_head_title"        => $image_name . " - ",
            ));


global.php

search for...
Code: [Select]
  $url = get_basefile(getenv("HTTP_REFERER"));

and replace it by...
Code: [Select]
  $url = get_basename(getenv("HTTP_REFERER"));


search for...
Code: [Select]
  $script_url .= (!empty($HTTP_SERVER_VARS['HTTP_HOST'])) ? $HTTP_SERVER_VARS['HTTP_HOST'] : getenv("SERVER_NAME");
  $script_url .= $port;

and replace it by...
Code: [Select]
  $script_url .= (!empty($HTTP_SERVER_VARS['HTTP_HOST'])) ? $HTTP_SERVER_VARS['HTTP_HOST'] : getenv("SERVER_NAME");
  if ($port) $script_url = str_replace(":".$port, "", $script_url);
  $script_url .= $port;


search for...
Code: [Select]
  if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

and replace it by...
Code: [Select]
if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {


search for...
Code: [Select]
if (defined("GET_CACHES")) {
  $sql = "SELECT cat_id, cat_name, cat_description, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth_download, auth_upload, auth_directupload, auth_vote, auth_sendpostcard, auth_readcomment, auth_postcomment
          FROM ".CATEGORIES_TABLE."
          ORDER BY cat_order, cat_name ASC";
  $result = $site_db->query($sql);

and replace it by...
Code: [Select]
if (defined("GET_CACHES")) {
  $config['cat_order'] = empty($config['cat_order']) ? 'cat_order, cat_name ASC' : $config['cat_order'];
  $sql = "SELECT cat_id, cat_name, cat_description, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth_download, auth_upload, auth_directupload, auth_vote, auth_sendpostcard, auth_readcomment, auth_postcomment
          FROM ".CATEGORIES_TABLE."
          ORDER BY ".$config['cat_order']." " .$config['cat_sort'];
  $result = $site_db->query($sql);


install.php

search for...
Code: [Select]
              SET user_name = '$admin_user', user_password = '$admin_pass_md5', user_lastaction = $current_time, user_lastvisit = $current_time

and replace it by...
Code: [Select]
SET user_name = '$admin_user', user_password = '$admin_pass_md5', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time


search for...
Code: [Select]
      $config_file .= ' *    Scriptversion: 1.7.6                                                *'."\n";

and replace it by...
Code: [Select]
      $config_file .= ' *    Scriptversion: 1.7.7                                                *'."\n";


search for...
Code: [Select]
  Copyright &copy; 2002 <a href="http://www.4homepages.de" target="_blank">4homepages.de</a>

and replace it by...
Code: [Select]
  Copyright &copy; 2002-<?php echo date('Y'); ?> <a href="http://www.4homepages.de" target="_blank">4homepages.de</a>


member.php

search for...
Code: [Select]
    $user_homepage = (isset($user_row['user_homepage'])) ? format_url($user_row['user_homepage']) : REPLACE_EMPTY;

and replace it by...
Code: [Select]
    $user_homepage = (isset($user_row['user_homepage'])) ? format_text(format_url($user_row['user_homepage']), 2) : REPLACE_EMPTY;


search for...
Code: [Select]
if ($action == "lostpassword") {
  $txt_clickstream = $lang['lost_password'];
  $user_email = (isset($HTTP_POST_VARS['user_email'])) ? format_text(stripslashes($HTTP_POST_VARS['user_email'])) : "";
  $site_template->register_vars(array(
    "lang_email" => $lang['email'],
    "lang_lost_password" => $lang['lost_password'],
    "lang_lost_password_msg" => $lang['lost_password_msg'],
    "lang_submit" => $lang['submit'],
    "user_email" => format_text($user_email, 2)
  ));
  $content = $site_template->parse_template("member_lostpassword");
}

and replace it by...
Code: [Select]
if ($action == "lostpassword") {
  $txt_clickstream = $lang['lost_password'];
  $user_email = (isset($HTTP_POST_VARS['user_email'])) ? format_text(stripslashes($HTTP_POST_VARS['user_email']), 2) : "";
  $site_template->register_vars(array(
    "lang_email" => $lang['email'],
    "lang_lost_password" => $lang['lost_password'],
    "lang_lost_password_msg" => $lang['lost_password_msg'],
    "lang_submit" => $lang['submit'],
    "user_email" => $user_email,
  ));
  $content = $site_template->parse_template("member_lostpassword");
}


search for...
Code: [Select]
  $user_password = md5(trim($HTTP_POST_VARS['user_password']));
  $user_password2 = md5(trim($HTTP_POST_VARS['user_password2']));

and replace it by...
Code: [Select]
  $user_password = trim($HTTP_POST_VARS['user_password']);
  $user_password2 = trim($HTTP_POST_VARS['user_password2']);


search for...
Code: [Select]
    $sql = "UPDATE ".USERS_TABLE."
            SET ".get_user_table_field("", "user_password")." = '$user_password'
            WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];

and replace it by...
Code: [Select]
    $sql = "UPDATE ".USERS_TABLE."
            SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
            WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];


register.php

search for...
Code: [Select]
          $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key])) : "";

and replace it by...
Code: [Select]
          $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : "";


top.php

search for...
Code: [Select]
    $register_array['image_rating_'.$i] = (check_permission("auth_viewimage", $top_list[$i]['cat_id'])) ? "<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$top_list[$i]['image_id'])."\">".format_text($top_list[$i]['image_name'])."</a>" : format_text($top_list[$i]['image_name']);

and replace it by...
Code: [Select]
    $register_array['image_rating_'.$i] = (check_permission("auth_viewimage", $top_list[$i]['cat_id'])) ? "<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$top_list[$i]['image_id'])."\">".format_text($top_list[$i]['image_name'], 2)."</a>" : format_text($top_list[$i]['image_name'], 2);
Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search

Offline kai

  • Administrator
  • Addicted member
  • *****
  • Posts: 1.418
    • View Profile
    • 4images - Image Gallery Management System
Re: 4images 1.7.7
« Reply #5 on: May 15, 2009, 07:09:16 PM »
... plus many changes in the /templates/default/ *.html files.

You can use WinMerge to compare the files.

Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search