76
Bug Fixes & Patches / Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« on: November 02, 2006, 10:41:04 AM »
Are you sure that the global.php on your server is the same as the one on your harddisk?
4images Forum & Community
The forum for all 4images gallery administrators
News:
You're looking for some 4images templates and styles? Then visit this thread to show websites with 4images templates to download.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
77
Chit Chat / Re: 4images Licence & other questions
« on: November 02, 2006, 10:39:59 AM »
It depends on the owner of the site. If its a company, they must have a licence, no matter whats the usage of the site.
If the owner of the site is a private person, theres no licence required. Having some banners on your site doenst makes you being a company. So, no licence is required.
Selling something as a private person makes you (in most cases) being seen as a company and a licence is required.
There are a lot of cases wheres its not very clear what you are. In this case, just write an email to us and we'll check the individual situation.
Jan
If the owner of the site is a private person, theres no licence required. Having some banners on your site doenst makes you being a company. So, no licence is required.
Selling something as a private person makes you (in most cases) being seen as a company and a licence is required.
There are a lot of cases wheres its not very clear what you are. In this case, just write an email to us and we'll check the individual situation.
Jan
78
Bug Fixes & Patches / Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« on: November 02, 2006, 10:15:42 AM »
The line that causes this error is in global.php, line 450.
Can you post whats in (or better in and around) this line.
Jan
Quote
output started at /homepages/blablabla/publik/global.php:450
Can you post whats in (or better in and around) this line.
Jan
79
Discussion & Troubleshooting / Re: IF ENDIF broken/funktioniert nicht in 1.7.4 > search.html
« on: November 02, 2006, 10:10:57 AM »
Ja, wird in der neuen Version gefixt. Beim Update auf 1.7.1 wurde etwas am Template-Parser geändert.
Gruß Jan
Gruß Jan
80
Discussion & Troubleshooting / Re: IF ENDIF broken/funktioniert nicht in 1.7.4 > search.html
« on: October 30, 2006, 09:36:56 AM »81
Feedback & Suggestions / Re: 4images 1.7.4 - Feedback
« on: October 23, 2006, 04:11:32 PM »
Ja, war aus Versehen ca. 5 Minuten in der Download-Version drin. Du bist aber auch schnell... 
82
News & Announcements / Re: 4images 1.7.4
« on: October 23, 2006, 03:35:46 PM »
Heres a detailed list of what changed in templates.
search_form.html
is replaced by
search_form.html
Code: [Select]
<input type="radio" name="search_terms" value="all" checked="checked" />
{lang_and}
<input type="radio" name="search_terms" value="any" />
{lang_or}is replaced by
Code: [Select]
<input type="radio" name="search_terms" value="any" checked="checked" />
{lang_or}
<input type="radio" name="search_terms" value="all" />
{lang_and}
83
News & Announcements / Re: 4images 1.7.4
« on: October 23, 2006, 03:30:54 PM »
=========================================================
ChangeLog Version 1.7.4
=========================================================
- Fixed bug with in settings
- Fixed bug with wildcard search
- Removed phpinfo() from page_footer.php
- Switched radio buttons in search_form.html to set search_terms to OR by default
- Changed "Control Panel" to "Admin Control Panel" to avoid confusions with user control panel
- Removed browser detection for Opera in download.php
- Added "checkall"-checkbox to assign permissions to all categories at once
- Bugfix: [1.7 - 1.7.3] Security fix for SQL injection in global.php (http://www.4homepages.de/forum/index.php?topic=14604.0)
- Bugfix: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability (http://www.4homepages.de/forum/index.php?topic=15042.0)
- Bugfix: [1.7.3] RSS feed not valid (http://www.4homepages.de/forum/index.php?topic=13960.0)
- Bugfix: [1.7 - 1.7.3] Wrong postcard ID shows a random image. (http://www.4homepages.de/forum/index.php?topic=13958.0)
- Bugfix: [1.7 - 1.7.3] Thumbnailer in ACP doesnt work with single quote ( ' ) in filenames (http://www.4homepages.de/forum/index.php?topic=14417.0)
- Bugfix [1.7.3] Kleiner Fehler in 1.7.3 (http://www.4homepages.de/forum/index.php?topic=14912.0)
Geänderte Dateien / Changed Files:
---------------------------------------
- details.php
- download.php
- global.php
- postcards.php
- rss.php
- search.php
- includes/constants.php
- includes/functions.php
- includes/page_footer.php
- includes/page_header.php
- includes/search_utils.php
- admin/settings.php
- admin/thumbnailer.php
- admin/usergroups.php
Geänderte Templates / Changed Templates:
---------------------------------------
- search_form.html
ChangeLog Version 1.7.4
=========================================================
- Fixed bug with in settings
- Fixed bug with wildcard search
- Removed phpinfo() from page_footer.php
- Switched radio buttons in search_form.html to set search_terms to OR by default
- Changed "Control Panel" to "Admin Control Panel" to avoid confusions with user control panel
- Removed browser detection for Opera in download.php
- Added "checkall"-checkbox to assign permissions to all categories at once
- Bugfix: [1.7 - 1.7.3] Security fix for SQL injection in global.php (http://www.4homepages.de/forum/index.php?topic=14604.0)
- Bugfix: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability (http://www.4homepages.de/forum/index.php?topic=15042.0)
- Bugfix: [1.7.3] RSS feed not valid (http://www.4homepages.de/forum/index.php?topic=13960.0)
- Bugfix: [1.7 - 1.7.3] Wrong postcard ID shows a random image. (http://www.4homepages.de/forum/index.php?topic=13958.0)
- Bugfix: [1.7 - 1.7.3] Thumbnailer in ACP doesnt work with single quote ( ' ) in filenames (http://www.4homepages.de/forum/index.php?topic=14417.0)
- Bugfix [1.7.3] Kleiner Fehler in 1.7.3 (http://www.4homepages.de/forum/index.php?topic=14912.0)
Geänderte Dateien / Changed Files:
---------------------------------------
- details.php
- download.php
- global.php
- postcards.php
- rss.php
- search.php
- includes/constants.php
- includes/functions.php
- includes/page_footer.php
- includes/page_header.php
- includes/search_utils.php
- admin/settings.php
- admin/thumbnailer.php
- admin/usergroups.php
Geänderte Templates / Changed Templates:
---------------------------------------
- search_form.html
84
News & Announcements / 4images 1.7.4
« on: October 23, 2006, 03:30:23 PM »
Die neue Version 1.7.4 wurde soeben veröffentlicht. Dies ist ein Bugfix-Release und schließt alle bekannten Sicherheitslücken und Bugs.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.
The new version 1.7.4 has just been released. This is a bugfix-release and fixes all known security issues and bugs.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".
Download:
http://www.4homepages.de/4images/download.php
Demo:
http://www.4homepages.de/4images/demo.php
Für Feedback zur 4images 1.7.4 Version bitte diesen Thread nutzen.
Please use this thread for feedback about the 4images 1.7.4 version.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.
The new version 1.7.4 has just been released. This is a bugfix-release and fixes all known security issues and bugs.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".
Download:
http://www.4homepages.de/4images/download.php
Demo:
http://www.4homepages.de/4images/demo.php
Für Feedback zur 4images 1.7.4 Version bitte diesen Thread nutzen.
Please use this thread for feedback about the 4images 1.7.4 version.
85
Installation, Update & Configuration / Re: search.php
« on: October 20, 2006, 06:10:05 PM »
Kleiner Fehler, so gehts:
Code: [Select]
if (isset($HTTP_GET_VARS['search_userid'])) {
$search_id['user_ids'] .= ((!empty($search_id['user_ids'])) ? ", " : "").intval($HTTP_GET_VARS['search_userid']);
$show_result = 1;
}
86
Bug Fixes & Patches / Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« on: October 19, 2006, 01:35:12 PM »
Nein, die Fixes werden nur in neue Versionen eingearbeitet. Du musst den Patch also manuell einfügen. Eine neue Bugfix-Version ist schon in Arbeit.
88
Bug Fixes & Patches / Re: [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« on: October 17, 2006, 09:51:44 AM »ist das in Version 1.7.1 die Zeile??Ja, ich hab den ersten Post entsprechend aktualisiert.Code: [Select]$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));
die ZeileCode: [Select]$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
find oder hab ich gar nicht
89
Bug Fixes & Patches / [1.7 - 1.7.3] Security fix for Cross-Site Scripting Vulnerability
« on: October 16, 2006, 10:25:09 AM »
Security fix for Cross-Site Scripting Vulnerability
Open global.php and search for
Add the following line below
Open global.php and search for
Code: [Select]
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));in Version 1.7.2 and 1.7.3 orCode: [Select]
$mode = (isset($HTTP_GET_VARS['mode'])) ? stripslashes(trim($HTTP_GET_VARS['mode'])) : stripslashes(trim($HTTP_POST_VARS['mode']));in Version 1.7.1 and 1.7.Add the following line below
Code: [Select]
$mode = preg_replace("/[^a-z0-9]+/i", "", $mode);
90
Feedback & Suggestions / Re: 4images 1.7.3 - Feedback
« on: October 12, 2006, 09:38:33 AM »
Danke für den Hinweis. Ist in die Todo-Liste für die nächste Version aufgenommen.