Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Jan

Pages: 1 [2] 3 4 5 6 ... 287
16
Feedback & Suggestions / Re: 4images 1.7.6 - Feedback
« on: February 05, 2008, 02:14:42 PM »
Hast Du die Datei auch hochgeladen?

Code: [Select]
(output started at /www/htdocs/v149818/4images/config.php:6)Das ist die relevante Zeile...

17
Feedback & Suggestions / Re: 4images 1.7.6 - Feedback
« on: February 05, 2008, 01:32:30 PM »
Kopiere config.new.php, benenne sie in config.php um und übertrage die Daten für $db_host , $db_name , $db_user, $db_password aus Deiner alten config.php.

18
Feedback & Suggestions / Re: 4images 1.7.6 - Feedback
« on: February 05, 2008, 01:27:51 PM »
Deine config.php ist korrupt. Nimm am besten config.new.php als Vorlage und versuche sie zu rekonstruieren.

19
News & Announcements / Re: 4images 1.7.6
« on: February 05, 2008, 12:18:57 PM »
=========================================================
ChangeLog Version 1.7.6
=========================================================
- Fixed bugs reported at http://www.4homepages.de/forum/index.php?topic=20352.0
- Added success message after posting a comment
- Disabled download button in lightbox if there are no download permissions for all images in the lightbox
- "Delete lightbox" link is now hidden if the lightbox is empty
- Added possibility to sort by filenames in CP image search form
- Added onchange javascript for "per page" dropdown

Geänderte Dateien / Changed Files:
---------------------------------------
- admin/admin_global.php
- admin/images.php
- includes/constants.php
- includes/functions.php
- includes/page_header.php
- detail.php
- download.php
- lightbox.php
- postcard.php

Geänderte Templates / Changed Templates:
---------------------------------------
- postcard_preview.html
- lightbox.html
- setperpage_dropdown_form.html

Sprache / Language:
---------------------------------------
- main.php
    translated iptc_* strings to german (lang/deutsch/main.php only)
    new: $lang['comment_success']

=========================================================

The changelog for all versions can be found here:
http://www.4homepages.de/forum/index.php?topic=15186.0

20
Feedback & Suggestions / Re: 4images 1.7.5 - Feedback
« on: February 05, 2008, 12:13:29 PM »
Aufgrund der Bugs die hier im Thread gepostet wurden, haben wir uns entschlossen die Version 1.7.6 hinterherzuschieben welche diese fixt und außerdem noch einige kleine Verbesserungen enthält.
http://www.4homepages.de/forum/index.php?topic=20414.0

---

Due to the bugs reported in this thread, we've decided to release version 1.7.6 which fixes these bugs and additionally has some small improvements.
http://www.4homepages.de/forum/index.php?topic=20414.0

21
News & Announcements / 4images 1.7.6
« on: February 05, 2008, 12:09:44 PM »
Die neue Version 1.7.6 wurde soeben veröffentlicht. Dies Release bietet neuen Funktionen sowie Detailverbesserungen und behebt kleinerere Fehler.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.

The new version 1.7.6 has just been released. This release comes with lots of improvements, bugfixes and minor changes.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".

Download:
http://www.4homepages.de/4images/download.php

Demo:
http://www.4homepages.de/4images/demo.php


Für Feedback zur 4images 1.7.6 Version bitte diesen Thread nutzen.

Please use this thread for feedback about the 4images 1.7.6 version.

22
This is weird, the chinese characters seem to include the { character.
Fix:

Replace in functions.php

Code: [Select]
$text = str_replace('{', '{', $text);
with

Code: [Select]
  global $site_template;
  $text = preg_replace(
    '='.preg_quote($site_template->start).'([A-Z0-9_]+)'.preg_quote($site_template->end).'=Usi',
    '{\1}',
    $text
  );

23
As far as i can see, nothing changed in functions.php which could cause that error. Can you be more specific, maybe post a link to your gallery.

24
News & Announcements / Re: 4images 1.7.5
« on: January 30, 2008, 01:40:09 PM »
=========================================================
ChangeLog Version 1.7.5
=========================================================
- Fixed issue with paging tags (http://www.4homepages.de/forum/index.php?topic=15220.0)
- Fixed missing image name escaping in alt tags of thumbnails
- Fixed redirect bug in admin/admin_global.php
- Fixed problem with brackets in template vars
- Updated URL for ICQ status image
- Fixed sql query in download.php
- Fixed logout problem where guests can delete other guests sessions
- Fixed displaying non-active images on details.php
- Bugfix: [1.7.4] BUG in userqroups.php & solution (http://www.4homepages.de/forum/index.php?topic=15550.0)
- Bugfix: Bug im APC gefunden: "Bilder bearbeiten" in Vers. 1.7.4 (http://www.4homepages.de/forum/index.php?topic=17813.0)
- Bugfix: 1.7.4 mit Umlauten in Kommentaren-/Suche - Comments-/Search (http://www.4homepages.de/forum/index.php?topic=18256.0)
- Bugfix: [BUG] 1.7.4 Postcard Vorschau | Postcard Preview (http://www.4homepages.de/forum/index.php?topic=19925.0)
- Bugfix: Cache Problem 1.7.4 | Index Seite Error 404 (http://www.4homepages.de/forum/index.php?topic=16886.0)

Geänderte Dateien / Changed Files:
---------------------------------------
- admin/admin_global.php
- admin/images.php
- admin/usergroups.php
- includes/cache_utils.php
- includes/functions.php
- includes/page_header.php
- details.php
- download.php
- global.php
- logout.php
- member.php
- postcard.php

25
News & Announcements / 4images 1.7.5
« on: January 30, 2008, 01:39:00 PM »
Die neue Version 1.7.5 wurde soeben veröffentlicht. Dies ist ein Bugfix-Release und schließt alle bekannten Sicherheitslücken und Bugs.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.

The new version 1.7.5 has just been released. This is a bugfix-release and fixes all known security issues and bugs.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".

Download:
http://www.4homepages.de/4images/download.php

Demo:
http://www.4homepages.de/4images/demo.php


Für Feedback zur 4images 1.7.5 Version bitte diesen Thread nutzen.

Please use this thread for feedback about the 4images 1.7.5 version.

26
Ja, das ist ein Bug.
Fix (in includes/functions.php):

Code: [Select]
"image_name" => $image_name,
ersetzen durch

Code: [Select]
"image_name" => format_text($image_name, 2),
und (kommt 3x vor)

Code: [Select]
alt=\"".$image_name."\"
ersetzen durch

Code: [Select]
alt=\"".format_text($image_name, 2)."\"



27
global.php

 :flag-de: das ist der Fix /  :flag-en: here the fix:

 :flag-de: Die komplette Funktion /  :flag-en: complete function

Code: [Select]
function clean_array($array) {
  $search = array(
    // Remove any attribute starting with "on" or xmlns
    '#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',
    // Remove javascript: and vbscript: protocol
    '#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu',
    '#([a-z]*)[\x00-\x20]*=([\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu',
    //<span style="width: expression(alert('Ping!'));"></span>
    // Only works in ie...
    '#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',
    '#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',
    '#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu'
  );

  $replace = array(
    "$1>",
    '$1=$2nojavascript...',
    '$1=$2novbscript...',
    "$1>",
    "$1>",
    "$1>"
  );

  // Remove all control (i.e. with ASCII value lower than 0x20 (space),
  // except of 0x0A (line feed) and 0x09 (tabulator)
  $search2 =
      "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
  $replace2 = //str_repeat("\r", strlen($search2));
      "\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";

  foreach ($array as $key => $val) {
    if (is_array($val)) {
      $val = clean_array($val);
    } else {
      $val = preg_replace($search, $replace, $val);

      $val = str_replace("\r\n", "\n", $val);
      $val = str_replace("\r",   "\n", $val);
      $val = strtr($val, $search2, $replace2);
      $val = str_replace("\r", '', $val);  // \r === \x0D

      do {
        $oldval = $val;
        $val = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i', "", $val);
      } while ($oldval != $val);
    }

    $array[$key] = $val;
  }

  return $array;
}

 :flag-de: durch /  :flag-en: replace with

Code: [Select]
function clean_string($string) {
  $canCheckUTF8Error = defined('PREG_BAD_UTF8_ERROR') && function_exists('preg_last_error');

  // Remove any attribute starting with "on" or xmlns
  $tmp = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iUu',"$1>",$string);
  if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
      $tmp = preg_replace('#(<[^>]+[\x00-\x20\"\'])(on|xmlns)[^>]*>#iU',"$1>",$string);
  }
  $string = $tmp;

  // Remove javascript: and vbscript: protocol
  $tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2nojavascript...',$string);
  if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
      $tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU','$1=$2nojavascript...',$string);
  }
  $string = $tmp;
  $tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iUu','$1=$2novbscript...',$string);
  if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
      $tmp = preg_replace('#([a-z]*)[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:#iU','$1=$2novbscript...',$string);
  }
  $string = $tmp;

  // <span style="width: expression(alert('Ping!'));"></span>
  // only works in ie...
  $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*expression[\x00-\x20]*\([^>]*>#iU',"$1>",$string);
  $string = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*behaviour[\x00-\x20]*\([^>]*>#iU',"$1>",$string);
  $tmp = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu',"$1>",$string);
  if ($canCheckUTF8Error && (PREG_BAD_UTF8_ERROR == preg_last_error())) {
      $tmp = preg_replace('#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iU',"$1>",$string);
  }
  $string = $tmp;

  // Remove namespaced elements (we do not need them...)
  $string = preg_replace('#</*\w+:\w[^>]*>#i',"",$string);

  // Remove all control (i.e. with ASCII value lower than 0x20 (space),
  // except of 0x0A (line feed) and 0x09 (tabulator)
  $search =
    "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x0B\x0C\x0E\x0F\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F";
  $replace = //str_repeat("\r", strlen($search2));
    "\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D\x0D";

  $string = str_replace("\r\n", "\n", $string);
  $string = str_replace("\r",   "\n", $string);
  $string = strtr($string, $search, $replace);
  $string = str_replace("\r", '', $string);  // \r === \x0D

  // Remove really unwanted tags
  do {
    $oldstring = $string;
    $string = preg_replace('#</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>#i',"",$string);
  } while ($oldstring != $string);

  return $string;
}

function clean_array($array) {
  foreach ($array as $key => $val) {
    $key = clean_string($key);

    if (is_array($val)) {
      $val = clean_array($val);
    } else {
      $val = clean_string($val);
    }

    $array[$key] = $val;
  }

  return $array;
}

 :flag-de: ersetzen.

28
Ok, der "Fehler" liegt in der Funktion clean_array() in global.php. Ein Workaround ist, folgende Zeile

Code: [Select]
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iUu'
in

Code: [Select]
'#(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([\`\'\"]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>#iU'
zu ändern. Also das kleine u am Ende zu entfernen.

29
Hi,

ich hab leider momentan nicht viel Zeit, ich kann den Fehler bei mir nicht nachvollziehen. Hier klappt alles ohne Probleme mit den Umlauten. Hast Du ne URL zu einer Installation bei der es nicht funktioniert?

Gruß Jan

30
Mit register_globals hat das nichts zu tun. 4images war noch nie auf register_globals on angewiesen. Auch die neuen Superglobals können nicht das Problem sein weil wie gesagt schon lange ein Workaround besteht. Ich werde mir das mal in Ruhe anschauen...

Jan

Pages: 1 [2] 3 4 5 6 ... 287
Post your comments here