4images Forum & Community
Welcome, Guest. Please login or register.
Did you miss your activation email?
August 19, 2018, 09:40:22 PM

Login with username, password and session length
Search:     Advanced search
Togle to toolbar
Translate this page with =>
Translate this page >
* Home Help Search Login Register
 
+  4images Forum & Community
|-+  4images Help / Hilfe
| |-+  News & Announcements
| | |-+  4images 1.7.9
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Print
Author Topic: 4images 1.7.9  (Read 74806 times)
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« on: November 11, 2010, 09:21:16 AM »

Deutsch Die neue Version 4images 1.7.9 wurde veröffentlicht. Das Release bringt Detailverbesserungen, behebt einge bugs und zwei sicherheitsrelevante Fehler.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.

English The new version 4images 1.7.9 has been released. This release comes with some improvements, bugfixes, 2 security fixes and minor changes.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".

Download:
http://www.4homepages.de/4images/download.php

Demo:
http://www.4homepages.de/4images/demo.php


Für Feedback zur 4images 1.7.9 Version bitte diesen Thread nutzen.

Please use this thread for feedback about the 4images 1.7.9 version.
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« Reply #1 on: November 11, 2010, 09:25:03 AM »

=========================================================
ChangeLog Version 1.7.9
=========================================================
- Added CSRF protection system (see docs/CSRF.english.txt or docs/CSRF.deutsch.txt)
- Security Fix for XSS issue in admin/admin_functions.php
- Fixed "Support for PHP4" (http://www.4homepages.de/forum/index.php?topic=27939.0)
- Fixed "multi-word search in 1.7.8" (http://www.4homepages.de/forum/index.php?topic=28028.0)
- Fixed "Uploadfehler nach Update von 1.7.7 auf 1.78" (http://www.4homepages.de/forum/index.php?topic=27829.0)
- Fixed "Can't login" (http://www.4homepages.de/forum/index.php?topic=27782.0)
- Fixed "Check new images - thumbnail not saved if already existed." (http://www.4homepages.de/forum/index.php?topic=27739.0)
- Fixed "Database Backup shows only *.sql files (no *.sql.gz)" (http://www.4homepages.de/forum/index.php?topic=27757.0)
- Fixed "Beschreibung nicht in Suche eingeschlossen" (http://www.4homepages.de/forum/index.php?topic=27747.0)

Neue Dateien / New Files:
---------------------------------------
- includes/csrf_utils.php


Geänderte Dateien / Changed Files:
---------------------------------------
global.php
member.php
admin/admin_functions.php
admin/admin_global.php
admin/backup.php
admin/checkimages.php
admin/images.php
admin/validateimages.php
admin/plugins/migrate_keywords.php
includes/constants.php
includes/page_header.php
includes/search_utils.php
includes/sessions.php


Sprache / Language:
---------------------------------------
- admin.php
    - edited: $lang['field_keywords_ext']
    - added: $lang['cni_thumbnail_rename_success']
    - added: $lang['cni_thumbnail_rename_error']
    - added: $lang['cni_copy_success']
    - added: $lang['cni_copy_error']
    - added: $lang['cni_copy_thumb_success']
    - added: $lang['cni_copy_thumb_error']
    - added: $lang['file_not_found']
Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« Reply #2 on: November 20, 2010, 12:59:41 PM »

Here is a detailed list of what has been changed in the php files from 4images 1.7.8 -> 1.7.9.
(The best way for yourself to compare the code of files is to use Winmerge.)



Language files:


lang/deutsch/admin.php

find:
1
2
$lang['field_keywords'] = "Keywords";
$lang['field_keywords_ext'] = "Keywords<br /><span class=\"smalltext\">Keywords durch Leerzeichen getrennt eingeben.</span>";

replace with:
1
2
$lang['field_keywords'] = "Schlüsselwörter";
$lang['field_keywords_ext'] = "Schlüsselwörter<br /><span class=\"smalltext\">Schlüsselwörter durch Komma getrennt eingeben.</span>";

find:
1
$lang['field_keywords_contains'] = "Keywords enthält";

replace with:
1
$lang['field_keywords_contains'] = "Schlüsselwörter enthält";

find:
1
2
3
4
5
6
$lang['cni_media_file_rename'] = "Media Dateiname wurde umbenannt von <b>{from}</b> zu <b>{to}</b>";
$lang['cni_media_file_rename_error'] = "<u>Fehler</u> bei Umbenennen der Media Datei von <b>{from}</b> zu <b>{to}</b>";
$lang['cni_thumb_file_rename'] = "Thumbnail Dateiname wurde umbenannt von <b>{from}</b> zu <b>{to}</b>";
$lang['cni_thumb_file_rename_error'] = "<u>Fehler</u> bei Umbenennen der Thumbnail Datei von <b>{from}</b> zu <b>{to}</b>";
$lang['cni_copy_success'] = "Kopiere Original Datei in <b>{name}</b> Ordner.";
$lang['cni_copy_thumb_success'] = "Kopiere Thumbnail in <b>{name}</b> Ordner.";

replace with:
1
2
3
4
5
6
$lang['cni_thumbnail_rename_success'] = "Thumbnail umbenannt von <b>{from}</b> nach <b>{to}</b>";
$lang['cni_thumbnail_rename_error'] = "<u>Fehler</u> beim Umbenennen des Thumbnails von <b>{from}</b> nach <b>{to}</b>";
$lang['cni_copy_success'] = "Datei wurde in den Ordner <b>{name}</b> kopiert.";
$lang['cni_copy_error'] = "<u>Fehler</u> beim Kopieren der Datei in den Ordner <b>{name}</b>.";
$lang['cni_copy_thumb_success'] = "Thumbnail wurde in den Ordner <b>{name}</b> kopiert.";
$lang['cni_copy_thumb_error'] = "<u>Fehler</u> beim Kopieren des Thumbnails in den Ordner <b>{name}</b>.";

find:
1
$lang['cni_working'] = "Datei <b>{file}</b> wurde Bearbeitet";

replace with:
1
2
$lang['cni_working'] = "Datei <b>{file}</b> wurde bearbeitet";
$lang['file_not_found'] = "Datei nicht gefunden";


lang/english/admin.php

find:
1
$lang['field_keywords_ext'] = "Keywords<br /><span class=\"smalltext\">Keywords must be separated by commas or newlines.</span>";

replace with:
1
$lang['field_keywords_ext'] = "Keywords<br /><span class=\"smalltext\">Keywords must be separated by commas.</span>";


lang/english/main.php

find:
1
$lang['keywords_ext'] = "Keywords:<br /><span class=\"smalltext\">Keywords must be separated by commas or newlines.</span>";

replace with:
1
$lang['keywords_ext'] = "Keywords:<br /><span class=\"smalltext\">Keywords must be separated by commas.</span>";


lang/spanish/admin.php

find:
1
$lang['field_keywords_ext'] = "Palabras clave<br /><span class=\"smalltext\">Las palabras clave deben estar separadas por espacios.</span>";

insert after:
1
$lang['field_keywords_ext'] = "Palabras clave<br /><span class=\"smalltext\">Introducir palabras separadas por comas.</span>";
« Last Edit: November 20, 2010, 01:26:31 PM by kai » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
kai
Administrator
Addicted member
*****
Offline Offline

Posts: 1405

Thank You
-Given: 66
-Receive: 199


View Profile WWW
« Reply #3 on: November 20, 2010, 01:25:30 PM »

Here is a detailed list of what has been changed in the php files from 4images 1.7.8 -> 1.7.9.
(The best way for yourself to compare the code of files is to use Winmerge.)



Root files


global.php

find:
1
function addslashes_array($array) {

insert before:
1
2
3
4
5
if (!function_exists("date_default_timezone_set")) {
  function 
date_default_timezone_set($timezone) {
    return 
true;
  }
}

find:
1
@include(ROOT_PATH.'config.php');

insert before:
1
2
3
4
5
6
7
// Initialize CSRF protection configuration
$csrf_protection_enable      1;
$csrf_protection_frontend    1;
$csrf_protection_backend     1;
$csrf_protection_expires     7200;
$csrf_protection_name        '__csrf';
$csrf_protection_xhtml       1;

find:
1
include_once(ROOT_PATH.'includes/captcha_utils.php');

insert after:
1
2
3
4
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');


member.php

find:
1
2
3
4
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
        }
      }
      
remove_searchwords($image_id);

replace with:
1
2
3
4
5
6
7
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
          if (
$image_column == 'image_keywords') {
            
$search_words[$image_column] = explode(','$search_words[$image_column]);
          }
        }
      }
      
remove_searchwords($image_id);

find:
1
2
3
4
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
            }
          }
          
add_searchwords($image_id$search_words);

replace with:
1
2
3
4
5
6
7
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);
              if (
$image_column == 'image_keywords') {
                
$search_words[$image_column] = explode(','$search_words[$image_column]);
              }
            }
          }
          
add_searchwords($image_id$search_words);


Admin files


admin/admin_functions.php

find:
1
echo "<form action=\"".$site_sess->url($phpscript)."\"".$upload." name=\"".$name."\" method=\"post\">\n";

replace with:
1
echo "<form action=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($phpscript)))."\"".$upload." name=\"".$name."\" method=\"post\">\n";

find:
1
echo "<a href=\"".$site_sess->url($url)."\"".$target.">[".$text."]</a>&nbsp;&nbsp;";

replace with:
1
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\"".$target.">[".$text."]</a>&nbsp;&nbsp;";

find:
1
echo "<a href=\"".$site_sess->url($url)."\" class=\"navlink\">".$title."</a> $extra\n";

replace with:
1
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";

admin/admin_global.php

find:
1
include_once(ROOT_PATH.'admin/admin_functions.php');

insert after:
1
2
3
if ($csrf_protection_enable && $csrf_protection_backend) {
    
csrf_start();
}

admin/backup.php

find:
1
if (is_file(ROOT_PATH.DATABASE_DIR."/".$file) && $file != "." && $file != ".." && preg_match("/\.sql$/i",$file))

replace with:
1
if (is_file(ROOT_PATH.DATABASE_DIR."/".$file) && $file != "." && $file != ".." && preg_match("/\.sql/i",$file))

admin/checkimages.php

find and delete (line 345):
1
$image_thumb_file "";

find:
1
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column.'_'.$i]);

insert after:
1
2
3
if ($image_column == 'image_keywords') {
  
$search_words[$image_column] = explode(','$search_words[$image_column]);
   }

find:
1
echo "<td>Found in: ".(($cat_name == "" && !$key) ? "[root folder]" "$cat_name (ID:$key)")."</td>\n";

replace with:
1
echo "<td>" $lang['cni_foundin'] . ": ".(($cat_name == "" && !$key) ? "[root folder]" "$cat_name (ID:$key)")."</td>\n";

admin/images.php

find:
1
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column]);

insert after:
1
2
3
if ($image_column == 'image_keywords') {
  
$search_words[$image_column] = explode(','$search_words[$image_column]);
}

find:
1
$search_words[$image_column] = stripslashes($HTTP_POST_VARS[$image_column.'_'.$i]);

insert after:
1
2
3
if ($image_column == 'image_keywords') {
  
$search_words[$image_column] = explode(','$search_words[$image_column]);
}

admin/validateimages.php

find:
1
$search_words[$image_column] = $image_cache[$key][$image_column];

insert after:
1
2
3
if ($image_column == 'image_keywords') {
  
$search_words[$image_column] = explode(','$search_words[$image_column]);
}

admin/plugins/migrate_keywords.php

find:
1
"image_keywords" => $image_keywords,

replace with:
1
"image_keywords" => explode(','$image_keywords),


includes files


includes/constants.php

find:
1
define('MAX_SEARCH_KEYWORD_LENGTH'25);

replace with:
1
define('MAX_SEARCH_KEYWORD_LENGTH'60);

find:
1
define('SCRIPT_VERSION''1.7.8');

replace with:
1
define('SCRIPT_VERSION''1.7.9');

includes/page_header.php

find:
1
2
3
$site_template->un_register_vars("user_loginform");
  unset(
$user_box);
}

insert after:
1
2
3
if ($csrf_protection_enable && $csrf_protection_frontend) {
    
csrf_start(true);
}

includes/search_utils.php

find:
1
2
3
4
5
6
7
8
9
10
11
12
13
function prepare_searchwords($val$for_search false)
{
  
$val strip_tags(trim($val));
  
$val convert_special($val);
  
$val strtolower($val);

  
$val preg_replace('/[\n\r]+/'','$val);

  if (
$for_search) {
    
$search_array = array(
        
"/\s+\+/",
        
"/\s+\-/"
	
);

replace with:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
function prepare_searchwords($val$for_search false)
{
  if (!
is_array($val)) {
    
$val strip_tags(trim($val));
    
$val convert_special($val);
    
$val strtolower($val);

    
$val preg_replace('/[\n\r]+/'','$val);

    if (
$for_search) {
      
$search_array = array(
        
"/\s+\+/",
        
"/\s+\-/"
      
);

      
$replace_array = array(
        
" and ",
        
" not "
      
);

      
$val preg_replace($search_array$replace_array$val);
    } else {
      
$val str_replace("*"""$val);
    }

    
$search_array = array(
      
"/&(?!(#[0-9]+|[a-z]+);)/si",
      
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
      
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
      
"#[-_'`´]+#s",
      
"#[\n\t\r^\$\(\)<>\"\|@\?%~\+\.\[\]{}:\/=!§\\\\]+#s"
    
);

find:
1
2
3
4
$replace_array = array(
      
" and ",
      
" not "
    
);

replace with:
1
2
3
4
5
6
7
$replace_array = array(
      
" ",
      
" ",
      
" ",
      
"",
      
" "
    
);

find:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
$val preg_replace($search_array$replace_array$val);
  } else {
    
$val str_replace("*"""$val);
  }

  
$search_array = array(
    
"/&(?!(#[0-9]+|[a-z]+);)/si",
    
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si",
    
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si",
    
"#[-_'`´]+#s",
    
"#[\n\t\r^\$\(\)<>\"\|@\?%~\+\.\[\]{}:\/=!§\\\\]+#s"
  
);

  
$replace_array = array(
    
" ",
    
" ",
    
" ",
    
"",
    
" "
  
);
  
$val preg_replace($search_array$replace_array$val);

  if (empty(
$val)) {
    return array();
  }

replace with:
1
2
3
4
5
6
7
8
9
10
11
12
$val preg_replace($search_array$replace_array$val);

    if (empty(
$val)) {
      return array();
    }

    
$split_words preg_split("/\s+/"$val);
  } else {
      
$split_words $val;
      
array_walk($split_words'trim_value');
      
$split_words array_unique(array_filter($split_words));
  }

find and delete:
1
$split_words preg_split("/,+/"$val);

find:
1
2
3
4
5
	
$len strlen(preg_replace("/&(#[0-9]+|[a-z]+);/siU""_"$word));
	
if (
$len >= MIN_SEARCH_KEYWORD_LENGTH && $len <= MAX_SEARCH_KEYWORD_LENGTH && !in_array($word$stopword_list)) {
	
  
$clean_words[] = $word;
    }
  }

insert after:
1
2
3
4
  if ($for_search) {
    
// Add whole string for image_keyword search
    
$clean_words[] = implode(' '$clean_words);
 }

includes/sessions.php

find:
1
	
if (@
ini_get('register_globals')) {

replace with:
1
2
	
$register_globals strtolower(@ini_get('register_globals'));
	
if (
$register_globals && $register_globals != "off" && $register_globals != "false") {
« Last Edit: November 24, 2010, 07:23:02 PM by kai » Logged


Your first three "must do" before you ask a question:
1. Forum rules
2. FAQ
3. Search
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF | SMF © 2015, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.065 seconds with 19 queries.
Post your comments here