4images 1.7.7

4images Help / Hilfe > News & Announcements

4images 1.7.7

(1/2) > >>

kai:
:flag-de: Die neue Version 4images 1.7.7 wurde veröffentlicht. Das Release bringt neue Funktionen sowie Detailverbesserungen und behebt einge kleine Fehler, sowie 2 sicherheitsrelativante Fehler.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.

:flag-en: The new version 4images 1.7.7 has been released. This release comes with lots of improvements and new features, bugfixes and minor changes.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".

Download:
http://www.4homepages.de/4images/download.php

Demo:
http://www.4homepages.de/4images/demo.php

Für Feedback zur 4images 1.7.7 Version bitte diesen Thread nutzen.

Please use this thread for feedback about the 4images 1.7.7 version.

kai:
=========================================================
ChangeLog Version 1.7.7
=========================================================
- Security fix for local inclusion vulnerability (http://www.4homepages.de/forum/index.php?topic=24526.0)
- Security Fix for XSS issue in member.php
- Fixed issue for search stop in english language (http://www.4homepages.de/forum/index.php?topic=24453.0)
- Fixed issue for accepting blank new password when changing password (http://www.4homepages.de/forum/index.php?topic=24503.0)
- Fixed incorrect text in additional fields in register.php (http://www.4homepages.de/forum/index.php?topic=19206.0)
- Fix for redirects on sites with non-standard port (http://www.4homepages.de/forum/index.php?topic=23081.0)
- Fix for losing IPTC data if converting images with ImageMagick
- Fixed issue with wrong Administrator joindate after installation of 4images
- Fixed issue Comments count not updated after user was deleted (http://www.4homepages.de/forum/index.php?topic=22606.0)
- Fix for additional user fields not being used for guests (http://www.4homepages.de/forum/index.php?topic=22727.0)
- Fix issue in top.php if the name of an image is an URL
- Fix for wrong message in ACP if image was not deleted from database (http://www.4homepages.de/forum/index.php?topic=23392.0)
- Fix for issue that redirects after login always to index.php (http://www.4homepages.de/forum/index.php?topic=22950)
- Fixed issue if users submits a non existing email address in the password forgotten form
- Fixed width of columns in detailed view (detail, EXIF, IPTC)
- Change of the displayed error information if the MySQL connection does not work
- Change from POST to GET in category dropdown
- Changed <link rel="stylesheet"...> in header.html template for being W3C valid
- Added favicon
- Added thumbnails to RSS-feed
- Added feature to sort categories
- Added more conditional tags (categories, details,index, member, postcards, register, search, top) for using {if index}...{if index} for homepage, {if details}...{endif details} for details.php page, etc.
- Added META-Tags in header.html template: robots, description, keywords, revisit-after, imagetoolbar.
- Added spanish language pack by default
- Added 2 new templates: 960 pixel width, 100 % width

Neue Dateien / New Files:
---------------------------------------
- Folder: lang/spanish/
- Folder: templates/default_960px/
- Folder: templates/default_full/
- favicon.ico

Geänderte Dateien / Changed Files:
---------------------------------------
global.php
install.php
member.php
top.php
admin/users.php
includes/constants.php
includes/db_mysql.php
includes/image_utils.php
includes/page_header.php
includes/sessions.php
lang/deutsch/admin.php
lang/deutsch/main.php
lang/english/admin.php
lang/english/stop_searchterms.txt renamed to /lang/english/search_stopterms.txt

Geänderte Templates / Changed Templates:
---------------------------------------
- header.html
- category_dropdown_form.html
- postcard_preview.html

Sprache / Language:
---------------------------------------
- admin.php
geändert/edited: $lang['permissions_edit_success'] (lang/deutsch/admin.php only)
- main.php
geändert/edited: $lang['activation_success'] (lang/deutsch/main.php only)

=========================================================

The changelog for all versions can be found here:
http://www.4homepages.de/forum/index.php?topic=15186.0

kai:
Here is a detailed list of what has been changed in the php files from 4images 1.7.6 -> 1.7.7.
(The best way for yourself to compare the code of files is to use Winmerge.)

admin/images.php

search for...

--- Code: --- $error_log[] = "<b>".$lang['image_delete_success']."</b> ".format_text($image_row['image_name'], 2)." (ID: ".$image_row['image_id'].")<br />";

--- End code ---

and replace it by...

--- Code: --- $error_log[] = "<b>".$lang['image_delete_error']."</b> ".format_text($image_row['image_name'], 2)." (ID: ".$image_row['image_id'].")<br />";

--- End code ---

admin/settings.php

search for...

--- Code: ---function show_template_dir_select($setting_name, $setting_value) {
--- End code ---

and insert above (before)...

--- Code: ---function show_cat_order_select($setting_name, $setting_value) {
  global $cat_order_optionlist;
  echo "<select name=\"setting_item[".$setting_name."]\">";
  foreach ( $cat_order_optionlist as $k => $v ) {
   echo "<option value=\"".$k."\"";
   if ($setting_value == $k) {
   echo " selected=\"selected\"";
   }
   echo ">".$v."</option>\n";
  }
  echo "</select>\n";
}

function show_cat_sort_select($setting_name, $setting_value) {
  global $cat_sort_optionlist;
  echo "<select name=\"setting_item[".$setting_name."]\">";
  foreach ( $cat_sort_optionlist as $k => $v ) {
   echo "<option value=\"".$k."\"";
   if ($setting_value == $k) {
   echo " selected=\"selected\"";
   }
   echo ">".$v."</option>\n";
  }
  echo "</select>\n";
}

--- End code ---

search for...

--- Code: ---if ($action == "updatesettings") {
  $setting_item = $HTTP_POST_VARS['setting_item'];
  foreach ($setting_item as $key => $val) {
$val = trim($val);
   $sql = "UPDATE ".SETTINGS_TABLE."
   SET setting_value = '$val'
   WHERE setting_name = '$key'";
   $site_db->query($sql);
  }

--- End code ---

and replace it by...

--- Code: ---if ($action == "updatesettings") {
  $setting_item = $HTTP_POST_VARS['setting_item'];
  foreach ($setting_item as $key => $val) {
   $val = trim($val);

   $sql = "SELECT * FROM ".SETTINGS_TABLE." WHERE setting_name = '$key'";
   $res = $site_db->get_numrows($site_db->query($sql));

   if ( !$res > 0 ) {
   $sql = "INSERT INTO ".SETTINGS_TABLE." (setting_value, setting_name)
   VALUES ('$val', '$key');";
   } else {
   $sql = "UPDATE ".SETTINGS_TABLE."
   SET setting_value = '$val'
   WHERE setting_name = '$key'";
   }

   $res = $site_db->query($sql);
  }

--- End code ---

search for...

--- Code: --- show_table_separator($setting_group[2], 2, "setting_group_2");
  show_setting_row("cat_cells");

--- End code ---

and replace it by...

--- Code: --- show_table_separator($setting_group[2], 2, "setting_group_2");
  show_setting_row("cat_order", "show_cat_order_select");
  show_setting_row("cat_sort", "show_cat_sort_select");
  show_setting_row("cat_cells");

--- End code ---

admin/users.php

search for...

--- Code: ---if ($delcomments) {
   $sql = "DELETE FROM ".COMMENTS_TABLE."
   WHERE user_id = $user_id";
   if ($site_db->query($sql)) {
   echo "  ".$lang['comments_delete_success']."<br />\n";
   }
   else {
   $error_log[] = $lang['comments_delete_error'].": ".format_text($user_name, 2);
   }
   }

--- End code ---

and replace it by...

--- Code: ---if ($delcomments) {
   $sql = "SELECT i.image_id, COUNT(c.comment_id) AS count
   FROM " . IMAGES_TABLE . " i
   LEFT JOIN " . COMMENTS_TABLE . " c ON c.image_id = i.image_id
   WHERE c.user_id = " . $user_id . "
   GROUP BY i.image_id";
   $result = $site_db->query($sql);
   while($row = $site_db->fetch_array($result))
   {
   $sql = "UPDATE " . IMAGES_TABLE . "
   SET image_comments = image_comments - " . $row['count'] ."
   WHERE image_id = " . $row['image_id'];
   $site_db->query($sql);
   }
   $sql = "DELETE FROM ".COMMENTS_TABLE."
   WHERE user_id = $user_id";
   if ($site_db->query($sql)) {
   echo "  ".$lang['comments_delete_success']."<br />\n";
   }
   else {
   $error_log[] = $lang['comments_delete_error'].": ".format_text($user_name, 2);
   }
   }

--- End code ---

kai:
includes/constants.php

search for...

--- Code: ---define('SCRIPT_VERSION', '1.7.6');

--- End code ---

and replace it by...

--- Code: ---define('SCRIPT_VERSION', '1.7.7');

--- End code ---

includes/db_mysql.php

search for ...

--- Code: --- if (!$this->connection = $connect_handle($db_host, $db_user, $db_password)) {

--- End code ---

and replace it by...

--- Code: --- if (!$this->connection = @$connect_handle($db_host, $db_user, $db_password)) {

--- End code ---

includes/image_utils.php

search for ...

--- Code: --- $command = $convert_options['convert_path']." -quality ".$quality." -antialias -sample $width"."x"."$height \"$src\" \"$dest\"";

--- End code ---

and replace it by...

--- Code: --- $command = $convert_options['convert_path']." -quality ".$quality." -antialias -geometry $width"."x"."$height -profile '*' -unsharp 0.5x1 \"$src\" \"$dest\"";

--- End code ---

includes/page_header.php

search for...

--- Code: ---$site_template->register_vars(array(
"media_url" => MEDIA_PATH,

--- End code ---

and replace it by...

--- Code: ---$file = get_included_files();
$file = get_file_name(basename($file[0]));
$list = array("categories", "details", "index", "member", "postcards", "register", "search", "top");
$array = array();
foreach ($list as $name)
{
$array[$name] = ($name == $file);
}
$site_template->register_vars($array);

$site_template->register_vars(array(
"home_url" => ROOT_PATH,
"media_url" => MEDIA_PATH,

--- End code ---

includes/sessions.php

search for...

--- Code: --- global $site_db, $user_table_fields;

--- End code ---

and replace it by...

--- Code: --- global $site_db, $user_table_fields, $additional_user_fields;

--- End code ---

search for...

--- Code: ---foreach ($user_table_fields as $key => $val) {
if (isset($user_info[$val])) {
$user_info[$key] = $user_info[$val];
}
elseif (!isset($user_info[$key])) {
$user_info[$key] = "";
}
}
return $user_info;
}

--- End code ---

and replace it by...

--- Code: ---foreach ($user_table_fields as $key => $val) {
if (isset($user_info[$val])) {
$user_info[$key] = $user_info[$val];
}
elseif (!isset($user_info[$key])) {
$user_info[$key] = "";
}
}
foreach ($additional_user_fields as $key => $val)
{
if (!isset($user_info[$key]))
{
$user_info[$key] = "";
}
}
return $user_info;
}

--- End code ---

kai:
in root directory:

categories.php

search for...

--- Code: ---ob_start();

//-----------------------------------------------------

--- End code ---

and insert thereafter...

--- Code: ---//--- SEO variables -----------------------------------
//-----------------------------------------------------

$site_template->register_vars(array('prepend_head_title' => $cat_cache[$cat_id]['cat_name'] . " - "));

--- End code ---

details.php

search for...

--- Code: ---$image_allow_comments = (check_permission("auth_readcomment", $cat_id)) ? $image_row['image_allow_comments'] : 0;
$image_name = format_text($image_row['image_name'], 2);
show_image($image_row, $mode, 0, 1);

--- End code ---

and insert thereafter...

--- Code: --- //--- SEO variables -------------------------------

$meta_keywords = !empty($image_row['image_keywords']) ? implode(", ", explode(" ", $image_row['image_keywords'])) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " : "";

$site_template->register_vars(array(
"detail_meta_description" => $meta_description,
"detail_meta_keywords" => $meta_keywords,
"prepend_head_title" => $image_name . " - ",
));

--- End code ---

global.php

search for...

--- Code: --- $url = get_basefile(getenv("HTTP_REFERER"));

--- End code ---

and replace it by...

--- Code: --- $url = get_basename(getenv("HTTP_REFERER"));

--- End code ---

search for...

--- Code: --- $script_url .= (!empty($HTTP_SERVER_VARS['HTTP_HOST'])) ? $HTTP_SERVER_VARS['HTTP_HOST'] : getenv("SERVER_NAME");
$script_url .= $port;

--- End code ---

and replace it by...

--- Code: --- $script_url .= (!empty($HTTP_SERVER_VARS['HTTP_HOST'])) ? $HTTP_SERVER_VARS['HTTP_HOST'] : getenv("SERVER_NAME");
if ($port) $script_url = str_replace(":".$port, "", $script_url);
$script_url .= $port;

--- End code ---

search for...

--- Code: --- if ($requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

--- End code ---

and replace it by...

--- Code: ---if (!preg_match('#\.\.[\\\/]#', $requested_l) && $requested_l != $config['language_dir'] && file_exists(ROOT_PATH.'lang/'.$requested_l.'/main.php')) {

--- End code ---

search for...

--- Code: ---if (defined("GET_CACHES")) {
$sql = "SELECT cat_id, cat_name, cat_description, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth_download, auth_upload, auth_directupload, auth_vote, auth_sendpostcard, auth_readcomment, auth_postcomment
FROM ".CATEGORIES_TABLE."
ORDER BY cat_order, cat_name ASC";
$result = $site_db->query($sql);

--- End code ---

and replace it by...

--- Code: ---if (defined("GET_CACHES")) {
$config['cat_order'] = empty($config['cat_order']) ? 'cat_order, cat_name ASC' : $config['cat_order'];
$sql = "SELECT cat_id, cat_name, cat_description, cat_parent_id, cat_hits, cat_order, auth_viewcat, auth_viewimage, auth_download, auth_upload, auth_directupload, auth_vote, auth_sendpostcard, auth_readcomment, auth_postcomment
FROM ".CATEGORIES_TABLE."
ORDER BY ".$config['cat_order']." " .$config['cat_sort'];
$result = $site_db->query($sql);

--- End code ---

install.php

search for...

--- Code: --- SET user_name = '$admin_user', user_password = '$admin_pass_md5', user_lastaction = $current_time, user_lastvisit = $current_time

--- End code ---

and replace it by...

--- Code: ---SET user_name = '$admin_user', user_password = '$admin_pass_md5', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time

--- End code ---

search for...

--- Code: --- $config_file .= ' * Scriptversion: 1.7.6 *'."\n";

--- End code ---

and replace it by...

--- Code: --- $config_file .= ' * Scriptversion: 1.7.7 *'."\n";

--- End code ---

search for...

--- Code: --- Copyright © 2002 <a href="http://www.4homepages.de" target="_blank">4homepages.de</a>

--- End code ---

and replace it by...

--- Code: --- Copyright © 2002-<?php echo date('Y'); ?> <a href="http://www.4homepages.de" target="_blank">4homepages.de</a>

--- End code ---

member.php

search for...

--- Code: --- $user_homepage = (isset($user_row['user_homepage'])) ? format_url($user_row['user_homepage']) : REPLACE_EMPTY;

--- End code ---

and replace it by...

--- Code: --- $user_homepage = (isset($user_row['user_homepage'])) ? format_text(format_url($user_row['user_homepage']), 2) : REPLACE_EMPTY;

--- End code ---

search for...

--- Code: ---if ($action == "lostpassword") {
$txt_clickstream = $lang['lost_password'];
$user_email = (isset($HTTP_POST_VARS['user_email'])) ? format_text(stripslashes($HTTP_POST_VARS['user_email'])) : "";
$site_template->register_vars(array(
"lang_email" => $lang['email'],
"lang_lost_password" => $lang['lost_password'],
"lang_lost_password_msg" => $lang['lost_password_msg'],
"lang_submit" => $lang['submit'],
"user_email" => format_text($user_email, 2)
));
$content = $site_template->parse_template("member_lostpassword");
}

--- End code ---

and replace it by...

--- Code: ---if ($action == "lostpassword") {
$txt_clickstream = $lang['lost_password'];
$user_email = (isset($HTTP_POST_VARS['user_email'])) ? format_text(stripslashes($HTTP_POST_VARS['user_email']), 2) : "";
$site_template->register_vars(array(
"lang_email" => $lang['email'],
"lang_lost_password" => $lang['lost_password'],
"lang_lost_password_msg" => $lang['lost_password_msg'],
"lang_submit" => $lang['submit'],
"user_email" => $user_email,
));
$content = $site_template->parse_template("member_lostpassword");
}

--- End code ---

search for...

--- Code: --- $user_password = md5(trim($HTTP_POST_VARS['user_password']));
$user_password2 = md5(trim($HTTP_POST_VARS['user_password2']));

--- End code ---

and replace it by...

--- Code: --- $user_password = trim($HTTP_POST_VARS['user_password']);
$user_password2 = trim($HTTP_POST_VARS['user_password2']);

--- End code ---

search for...

--- Code: --- $sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_password")." = '$user_password'
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];

--- End code ---

and replace it by...

--- Code: --- $sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];

--- End code ---

register.php

search for...

--- Code: --- $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key])) : "";

--- End code ---

and replace it by...

--- Code: --- $value = (isset($HTTP_POST_VARS[$key])) ? format_text(trim($HTTP_POST_VARS[$key]), 2) : "";

--- End code ---

top.php

search for...

--- Code: --- $register_array['image_rating_'.$i] = (check_permission("auth_viewimage", $top_list[$i]['cat_id'])) ? "<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$top_list[$i]['image_id'])."\">".format_text($top_list[$i]['image_name'])."</a>" : format_text($top_list[$i]['image_name']);

--- End code ---

and replace it by...

--- Code: --- $register_array['image_rating_'.$i] = (check_permission("auth_viewimage", $top_list[$i]['cat_id'])) ? "<a href=\"".$site_sess->url(ROOT_PATH."details.php?".URL_IMAGE_ID."=".$top_list[$i]['image_id'])."\">".format_text($top_list[$i]['image_name'], 2)."</a>" : format_text($top_list[$i]['image_name'], 2);

--- End code ---

Navigation

[0] Message Index

[#] Next page

Go to full version