Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - kai

Pages: 1 2 3 [4] 5 6 7 8 ... 48
46
Mods & Plugins (Releases & Support) / Re: [Mod] Automatic Database Backup
« on: September 19, 2012, 08:22:00 AM »
ah, sehr hilfreich!

47
Discussion & Troubleshooting / Re: MySQL Version Query
« on: September 17, 2012, 09:10:49 AM »
Hi,

no, you don't have to do any changes to your 4images tables

48
News & Announcements / Re: 4images 1.7.11
« on: July 25, 2012, 01:28:20 PM »
Here is a detailed list of what has been changed in the php files from 4images 1.7.10 -> 1.7.11.
(The best way for yourself to compare the code of files is to use Winmerge.)



details.php
search for
$meta_keywords  = !empty($image_row['image_keywords']) ? implode(", "explode(","$image_row['image_keywords'])) : "";

replace with
$meta_keywords  = !empty($image_row['image_keywords']) ? strip_tags(implode(", "explode(","$image_row['image_keywords']))) : "";

rss.php
search for
function format_rss_html($text) {
  
$text format_text(trim($text), 101);

  return 
$text;
}


replace with
function format_rss_html($text) {
  
$text format_text(trim($text), 201);

  return 
$text;
}


admin/categories.php
search for
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? $HTTP_GET_VARS['cat_parent_id'] : 0;

replace with
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? intval($HTTP_GET_VARS['cat_parent_id']) : 0;

admin/index.php
search for
if ($redirect != "") {
  
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
  echo 
"<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
  
show_admin_footer();
  exit;
}


replace with
if ($redirect != "") {
  if (
strpos($redirect'://') === false) {
    
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
    echo 
"<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
    
show_admin_footer();
  } else {
      
redirect('home.php');
  }
  exit;
}


search for
if ($action == "frames") {
  if (
$goto != "") {
    
$framesrc $site_sess->url($goto);
  }
  else {
    
$framesrc $site_sess->url("home.php");
  }


replace with
if ($action == "frames") {
  if (
$goto != "" && strpos($goto'://') === false) {
    
$framesrc $site_sess->url($goto);
  }
  else {
    
$framesrc $site_sess->url("home.php");
  }


admin/users.php
search for
else {
    
$activation 0;
  }


replace with
else {
    if (
$config['account_activation'] == && $user_row['user_level'] == USER_AWAITING) {
        
$activation 1;
    } else {
        
$activation 0;
    }
  }


data/database/default/mysql_default.sql
use the mysql_default.sql from 1.7.11 package

includes/db_mysql.php
search for
  function Db($db_host$db_user$db_password ""$db_name ""$db_pconnect 0) {
    
$connect_handle = ($db_pconnect) ? "mysql_pconnect" "mysql_connect";
    if (!
$this->connection = @$connect_handle($db_host$db_user$db_password)) {
      
$this->error("Could not connect to the database server ($db_host$db_user)."1);
    }
    if (
$db_name != "") {
      if (!@
mysql_select_db($db_name)) {
        @
mysql_close($this->connection);
        
$this->error("Could not select database ($db_name)."1);
      }
    }
    return 
$this->connection;
  }


replace with
function Db($db_host$db_user$db_password ""$db_name ""$db_pconnect 0) {
    
$connect_handle = ($db_pconnect) ? "mysql_pconnect" "mysql_connect";
    if (!
$this->connection = @$connect_handle($db_host$db_user$db_password)) {
      
$this->error("Could not connect to the database server ($db_host$db_user)."1);
    }
    if (
$db_name != "") {
      if (!@
mysql_select_db($db_name)) {
        @
mysql_close($this->connection);
        
$this->error("Could not select database ($db_name)."1);
      }
    }
    return 
$this->connection;
  }

  function 
escape($value) {
    return 
mysql_real_escape_string($value$this->connection);
  }


includes/functions.php
search for
function check_email($email) {
  return (
preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,4}$/i'$email)) ? 0;
}


replace with
function check_email($email) {
  return (
preg_match('/^[-!#$%&\'*+\\.\/0-9=?A-Z^_`{|}~]+@([-0-9A-Z]+\.)+([0-9A-Z]){2,}$/i'$email)) ? 0;
}


includes/search_utils.php
search for
$word_cache = array();
    foreach (
$split_words as $word) {
      
$word_cache[$word] = 1;
      
$allwords_sql .= ($allwords_sql != "") ? ", '".$word."'" "'".$word."'";
    }


replace with
$word_cache = array();
    foreach (
$split_words as $word) {
      
$word_cache[$word] = 1;
      
$allwords_sql .= ($allwords_sql != "") ? ", '".addslashes($word)."'" "'".addslashes($word)."'";
    }


search for
$sql "INSERT INTO ".WORDMATCH_TABLE." (image_id, word_id".$match_insert_key_sql.")
              SELECT DISTINCT 
$image_id, word_id".$match_insert_val_sql."
                FROM "
.WORDLIST_TABLE."
                WHERE word_text = '
$key'";
      
$site_db->query($sql);


replace with
      $sql "INSERT INTO ".WORDMATCH_TABLE." (image_id, word_id".$match_insert_key_sql.")
              SELECT DISTINCT 
$image_id, word_id".$match_insert_val_sql."
                FROM "
.WORDLIST_TABLE."
                WHERE word_text = '" 
addslashes($key) . "'";
      
$site_db->query($sql);


includes/sessions.php
search for
if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
        
$this->set_cookie_data("userpass"$this->user_info['user_password']);
      }


replace with
if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
        
$this->set_cookie_data("userpass"md5($this->user_info['user_password']));
      }



If you want to get rid of the update notice in the admin area, edit the value in constants.php.


thanks to Crazymodder!

49
Feedback & Suggestions / Re: 4images 1.7.11 - Feedback
« on: July 20, 2012, 06:15:41 PM »
Jetzt muss die Community sich auch noch selber darum kümmern .,.,.,.  :?

Ja, auch mal geben, nicht nur nehmen. :)

Danke crazymodder!

50
News & Announcements / Re: 4images 1.7.11
« on: July 06, 2012, 03:15:35 PM »
=========================================================
ChangeLog Version 1.7.11
=========================================================
- [1.7 - 1.7.10] Security fix for XSS issue in admin/categories.php
- [1.7 - 1.7.10] Security fix for sql injection in admin/categories.php
- [1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php
- [1.7 - 1.7.10] Security fix for XSS issue
- Fixed auto-login in sessions.php
- Fixed email notification to user after activation by admin (http://www.4homepages.de/forum/index.php?topic=29623.0)
- Fixed sql error if apostrophe in name of image (http://www.4homepages.de/forum/index.php?topic=29950.0)
- Changed DB default settings from TYPE to ENGINE (http://www.4homepages.de/forum/index.php?topic=29627.0)
- template with 960px width used as default


Geänderte Dateien / Changed Files:
---------------------------------------

details.php
rss.php
admin/categories.php
admin/index.php
admin/users.php
data/database/default/mysql_default.sql
includes/db_mysql.php
includes/functions.php
includes/search_utils.php
includes/sessions.php

51
Feedback & Suggestions / 4images 1.7.11 - Feedback
« on: July 06, 2012, 03:06:34 PM »
Bitte nutzt diesen Thread für Feedback, Kommentare und Anregungen zum 4images 1.7.11 Release.
Für Bug Reports und Troubleshooting bitte dieses Forum nutzen.

Please use this thread for feedback and comments about the 4images 1.7.11 release.
For bug reporting and troubleshooting please use this forum.

52
News & Announcements / 4images 1.7.11
« on: July 06, 2012, 03:05:46 PM »
:flag-de: Die neue Version 4images 1.7.11 wurde veröffentlicht. Das Release bringt Detailverbesserungen und behebt bugs und sicherheitsrelevante Fehler.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.

:flag-en: The new version 4images 1.7.11 has been released. This release comes with some improvements, bugfixes and security fixes.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".

Download:
http://www.4homepages.de/4images/download.php

Demo:
http://www.4homepages.de/4images/demo.php


Für Feedback zur 4images 1.7.11 Version bitte diesen Thread nutzen.

Please use this thread for feedback about the 4images 1.7.11 version.

53
Superb!

54
HI chamkani,

great - thank you!

55
Discussion & Troubleshooting / Re: Problem Photos link on Facebook
« on: May 30, 2012, 11:43:33 AM »
You can debug your site for facebook here:
https://developers.facebook.com/tools/debug

56
Chit Chat / Re: einstellungen von diesem forum
« on: May 21, 2012, 09:27:49 AM »
Hallo limits,

hier kannst Du die Infos eintragen:
http://www.4homepages.de/forum/index.php?action=profile;u=40595;sa=forumProfile
Was passiert wenn du auf den Link klickst.

Bez. Spam-Protection haben wir am 8. Mai auf deine E-Mail geantwortet.


57
Chit Chat / Re: 4images Forum, oft sehr langsam im Internet
« on: May 08, 2012, 08:51:47 AM »
;)

4homepages.de now on new server. Enjoy!

58
Chit Chat / Re: 4images Forum, oft sehr langsam im Internet
« on: May 07, 2012, 05:57:38 PM »
Ja, wir suchen mit dem Hoster gerade nach einer Lösung.
Wir hoffen dass morgen wieder alles in gewohnter Geschwindigkeit läuft.

59
Feedback & Suggestions / Re: 4images 1.7.10 - Feedback
« on: April 13, 2012, 11:56:24 AM »
Ja, so wie Andy es sagt.

60
A cross site scripting vulnerability in 4images 1.7 - 1.7.10 has been found.

To fix this:

In details.php

find

$meta_keywords  = !empty($image_row['image_keywords']) ? implode(", "explode(","$image_row['image_keywords'])) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " "";


and replace it with

$meta_keywords  = !empty($image_row['image_keywords']) ? strip_tags(implode(", "explode(","$image_row['image_keywords']))) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " "";



and in rss.php

find 2 x

$text format_text(trim($text), 101);

and replace it both times with

$text format_text(trim($text), 201);

Pages: 1 2 3 [4] 5 6 7 8 ... 48