4images Forum & Community
The forum for all 4images gallery administrators
Welcome,
Guest
. Please
login
or
register
.
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
[2023-01-23] 4images 1.10 released
Home
Help
Search
Login
Register
4images Forum & Community
»
4images Help / Hilfe
»
News & Announcements
»
4images 1.7.9
« previous
next »
Print
Pages: [
1
]
Author
Topic: 4images 1.7.9 (Read 87599 times)
0 Members and 1 Guest are viewing this topic.
kai
Administrator
Addicted member
Posts: 1.423
4images 1.7.9
«
on:
November 11, 2010, 09:21:16 AM »
Die neue Version
4images 1.7.9
wurde veröffentlicht. Das Release bringt Detailverbesserungen, behebt einge bugs und zwei sicherheitsrelevante Fehler.
Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.
The new version
4images 1.7.9
has been released. This release comes with some improvements, bugfixes, 2 security fixes and minor changes.
We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".
Download:
http://www.4homepages.de/4images/download.php
Demo:
http://www.4homepages.de/4images/demo.php
Für Feedback zur 4images 1.7.9 Version bitte
diesen Thread
nutzen.
Please use
this thread
for feedback about the 4images 1.7.9 version.
«
Last Edit: April 18, 2024, 01:54:21 PM by kai
»
Logged
Your first three "must do" before you ask a question:
1.
Forum rules
2.
FAQ
Error messages
Bug fixes
3.
Search
kai
Administrator
Addicted member
Posts: 1.423
4images 1.7.9 Changelog
«
Reply #1 on:
November 11, 2010, 09:25:03 AM »
=========================================================
ChangeLog Version 1.7.9
=========================================================
- Added CSRF protection system (see docs/CSRF.english.txt or docs/CSRF.deutsch.txt)
- Security Fix for XSS issue in admin/admin_functions.php
- Fixed "Support for PHP4" (
http://www.4homepages.de/forum/index.php?topic=27939.0
)
- Fixed "multi-word search in 1.7.8" (
http://www.4homepages.de/forum/index.php?topic=28028.0
)
- Fixed "Uploadfehler nach Update von 1.7.7 auf 1.78" (
http://www.4homepages.de/forum/index.php?topic=27829.0
)
- Fixed "Can't login" (
http://www.4homepages.de/forum/index.php?topic=27782.0
)
- Fixed "Check new images - thumbnail not saved if already existed." (
http://www.4homepages.de/forum/index.php?topic=27739.0
)
- Fixed "Database Backup shows only *.sql files (no *.sql.gz)" (
http://www.4homepages.de/forum/index.php?topic=27757.0
)
- Fixed "Beschreibung nicht in Suche eingeschlossen" (
http://www.4homepages.de/forum/index.php?topic=27747.0
)
Neue Dateien / New Files:
---------------------------------------
- includes/csrf_utils.php
Geänderte Dateien / Changed Files:
---------------------------------------
global.php
member.php
admin/admin_functions.php
admin/admin_global.php
admin/backup.php
admin/checkimages.php
admin/images.php
admin/validateimages.php
admin/plugins/migrate_keywords.php
includes/constants.php
includes/page_header.php
includes/search_utils.php
includes/sessions.php
Sprache / Language:
---------------------------------------
- admin.php
- edited: $lang['field_keywords_ext']
- added: $lang['cni_thumbnail_rename_success']
- added: $lang['cni_thumbnail_rename_error']
- added: $lang['cni_copy_success']
- added: $lang['cni_copy_error']
- added: $lang['cni_copy_thumb_success']
- added: $lang['cni_copy_thumb_error']
- added: $lang['file_not_found']
Logged
Your first three "must do" before you ask a question:
1.
Forum rules
2.
FAQ
Error messages
Bug fixes
3.
Search
kai
Administrator
Addicted member
Posts: 1.423
Re: 4images 1.7.9
«
Reply #2 on:
November 20, 2010, 12:59:41 PM »
Here is a detailed list of what has been changed in the php files
from 4images 1.7.8 -> 1.7.9
.
(The best way for yourself to compare the code of files is to use
Winmerge
.)
Language files:
lang/deutsch/admin.php
find:
$lang
[
'field_keywords'
] =
"Keywords"
;
$lang
[
'field_keywords_ext'
] =
"Keywords<br /><span class=\"smalltext\">Keywords durch Leerzeichen getrennt eingeben.</span>"
;
replace with:
$lang
[
'field_keywords'
] =
"Schlüsselwörter"
;
$lang
[
'field_keywords_ext'
] =
"Schlüsselwörter<br /><span class=\"smalltext\">Schlüsselwörter durch Komma getrennt eingeben.</span>"
;
find:
$lang
[
'field_keywords_contains'
] =
"Keywords enthält"
;
replace with:
$lang
[
'field_keywords_contains'
] =
"Schlüsselwörter enthält"
;
find:
$lang
[
'cni_media_file_rename'
] =
"Media Dateiname wurde umbenannt von <b>{from}</b> zu <b>{to}</b>"
;
$lang
[
'cni_media_file_rename_error'
] =
"<u>Fehler</u> bei Umbenennen der Media Datei von <b>{from}</b> zu <b>{to}</b>"
;
$lang
[
'cni_thumb_file_rename'
] =
"Thumbnail Dateiname wurde umbenannt von <b>{from}</b> zu <b>{to}</b>"
;
$lang
[
'cni_thumb_file_rename_error'
] =
"<u>Fehler</u> bei Umbenennen der Thumbnail Datei von <b>{from}</b> zu <b>{to}</b>"
;
$lang
[
'cni_copy_success'
] =
"Kopiere Original Datei in <b>{name}</b> Ordner."
;
$lang
[
'cni_copy_thumb_success'
] =
"Kopiere Thumbnail in <b>{name}</b> Ordner."
;
replace with:
$lang
[
'cni_thumbnail_rename_success'
] =
"Thumbnail umbenannt von <b>{from}</b> nach <b>{to}</b>"
;
$lang
[
'cni_thumbnail_rename_error'
] =
"<u>Fehler</u> beim Umbenennen des Thumbnails von <b>{from}</b> nach <b>{to}</b>"
;
$lang
[
'cni_copy_success'
] =
"Datei wurde in den Ordner <b>{name}</b> kopiert."
;
$lang
[
'cni_copy_error'
] =
"<u>Fehler</u> beim Kopieren der Datei in den Ordner <b>{name}</b>."
;
$lang
[
'cni_copy_thumb_success'
] =
"Thumbnail wurde in den Ordner <b>{name}</b> kopiert."
;
$lang
[
'cni_copy_thumb_error'
] =
"<u>Fehler</u> beim Kopieren des Thumbnails in den Ordner <b>{name}</b>."
;
find:
$lang
[
'cni_working'
] =
"Datei <b>{file}</b> wurde Bearbeitet"
;
replace with:
$lang
[
'cni_working'
] =
"Datei <b>{file}</b> wurde bearbeitet"
;
$lang
[
'file_not_found'
] =
"Datei nicht gefunden"
;
lang/english/admin.php
find:
$lang
[
'field_keywords_ext'
] =
"Keywords<br /><span class=\"smalltext\">Keywords must be separated by commas or newlines.</span>"
;
replace with:
$lang
[
'field_keywords_ext'
] =
"Keywords<br /><span class=\"smalltext\">Keywords must be separated by commas.</span>"
;
lang/english/main.php
find:
$lang
[
'keywords_ext'
] =
"Keywords:<br /><span class=\"smalltext\">Keywords must be separated by commas or newlines.</span>"
;
replace with:
$lang
[
'keywords_ext'
] =
"Keywords:<br /><span class=\"smalltext\">Keywords must be separated by commas.</span>"
;
lang/spanish/admin.php
find:
$lang
[
'field_keywords_ext'
] =
"Palabras clave<br /><span class=\"smalltext\">Las palabras clave deben estar separadas por espacios.</span>"
;
insert after:
$lang
[
'field_keywords_ext'
] =
"Palabras clave<br /><span class=\"smalltext\">Introducir palabras separadas por comas.</span>"
;
«
Last Edit: November 20, 2010, 01:26:31 PM by kai
»
Logged
Your first three "must do" before you ask a question:
1.
Forum rules
2.
FAQ
Error messages
Bug fixes
3.
Search
kai
Administrator
Addicted member
Posts: 1.423
Re: 4images 1.7.9
«
Reply #3 on:
November 20, 2010, 01:25:30 PM »
Here is a detailed list of what has been changed in the php files
from 4images 1.7.8 -> 1.7.9
.
(The best way for yourself to compare the code of files is to use
Winmerge
.)
Root files
global.php
find:
function
addslashes_array
(
$array
) {
insert before:
if (!
function_exists
(
"date_default_timezone_set"
)) {
function
date_default_timezone_set
(
$timezone
) {
return
true
;
}
}
find:
@include(
ROOT_PATH
.
'config.php'
);
insert before:
// Initialize CSRF protection configuration
$csrf_protection_enable
=
1
;
$csrf_protection_frontend
=
1
;
$csrf_protection_backend
=
1
;
$csrf_protection_expires
=
7200
;
$csrf_protection_name
=
'__csrf'
;
$csrf_protection_xhtml
=
1
;
find:
include_once(
ROOT_PATH
.
'includes/captcha_utils.php'
);
insert after:
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(
ROOT_PATH
.
'includes/csrf_utils.php'
);
member.php
find:
$search_words
[
$image_column
] =
stripslashes
(
$HTTP_POST_VARS
[
$image_column
]);
}
}
remove_searchwords
(
$image_id
);
replace with:
$search_words
[
$image_column
] =
stripslashes
(
$HTTP_POST_VARS
[
$image_column
]);
if (
$image_column
==
'image_keywords'
) {
$search_words
[
$image_column
] =
explode
(
','
,
$search_words
[
$image_column
]);
}
}
}
remove_searchwords
(
$image_id
);
find:
$search_words
[
$image_column
] =
stripslashes
(
$HTTP_POST_VARS
[
$image_column
]);
}
}
add_searchwords
(
$image_id
,
$search_words
);
replace with:
$search_words
[
$image_column
] =
stripslashes
(
$HTTP_POST_VARS
[
$image_column
]);
if (
$image_column
==
'image_keywords'
) {
$search_words
[
$image_column
] =
explode
(
','
,
$search_words
[
$image_column
]);
}
}
}
add_searchwords
(
$image_id
,
$search_words
);
Admin files
admin/admin_functions.php
find:
echo
"<form action=\""
.
$site_sess
->
url
(
$phpscript
).
"\""
.
$upload
.
" name=\""
.
$name
.
"\" method=\"post\">\n"
;
replace with:
echo
"<form action=\""
.
$site_sess
->
url
(
safe_htmlspecialchars
(
strip_tags
(
$phpscript
))).
"\""
.
$upload
.
" name=\""
.
$name
.
"\" method=\"post\">\n"
;
find:
echo
"<a href=\""
.
$site_sess
->
url
(
$url
).
"\""
.
$target
.
">["
.
$text
.
"]</a> "
;
replace with:
echo
"<a href=\""
.
$site_sess
->
url
(
safe_htmlspecialchars
(
strip_tags
(
$url
))).
"\""
.
$target
.
">["
.
$text
.
"]</a> "
;
find:
echo
"<a href=\""
.
$site_sess
->
url
(
$url
).
"\" class=\"navlink\">"
.
$title
.
"</a>
$extra
\n"
;
replace with:
echo
"<a href=\""
.
$site_sess
->
url
(
safe_htmlspecialchars
(
strip_tags
(
$url
))).
"\" class=\"navlink\">"
.
$title
.
"</a>
$extra
\n"
;
admin/admin_global.php
find:
include_once(
ROOT_PATH
.
'admin/admin_functions.php'
);
insert after:
if (
$csrf_protection_enable
&&
$csrf_protection_backend
) {
csrf_start
();
}
admin/backup.php
find:
if (
is_file
(
ROOT_PATH
.
DATABASE_DIR
.
"/"
.
$file
) &&
$file
!=
"."
&&
$file
!=
".."
&&
preg_match
(
"/\.sql$/i"
,
$file
))
replace with:
if (
is_file
(
ROOT_PATH
.
DATABASE_DIR
.
"/"
.
$file
) &&
$file
!=
"."
&&
$file
!=
".."
&&
preg_match
(
"/\.sql/i"
,
$file
))
admin/checkimages.php
find and delete (line 345):
$image_thumb_file
=
""
;
find:
$search_words
[
$image_column
] =
stripslashes
(
$HTTP_POST_VARS
[
$image_column
.
'_'
.
$i
]);
insert after:
if (
$image_column
==
'image_keywords'
) {
$search_words
[
$image_column
] =
explode
(
','
,
$search_words
[
$image_column
]);
}
find:
echo
"<td>Found in: "
.((
$cat_name
==
""
&& !
$key
) ?
"[root folder]"
:
"
$cat_name
(ID:
$key
)"
).
"</td>\n"
;
replace with:
echo
"<td>"
.
$lang
[
'cni_foundin'
] .
": "
.((
$cat_name
==
""
&& !
$key
) ?
"[root folder]"
:
"
$cat_name
(ID:
$key
)"
).
"</td>\n"
;
admin/images.php
find:
$search_words
[
$image_column
] =
stripslashes
(
$HTTP_POST_VARS
[
$image_column
]);
insert after:
if (
$image_column
==
'image_keywords'
) {
$search_words
[
$image_column
] =
explode
(
','
,
$search_words
[
$image_column
]);
}
find:
$search_words
[
$image_column
] =
stripslashes
(
$HTTP_POST_VARS
[
$image_column
.
'_'
.
$i
]);
insert after:
if (
$image_column
==
'image_keywords'
) {
$search_words
[
$image_column
] =
explode
(
','
,
$search_words
[
$image_column
]);
}
admin/validateimages.php
find:
$search_words
[
$image_column
] =
$image_cache
[
$key
][
$image_column
];
insert after:
if (
$image_column
==
'image_keywords'
) {
$search_words
[
$image_column
] =
explode
(
','
,
$search_words
[
$image_column
]);
}
admin/plugins/migrate_keywords.php
find:
"image_keywords"
=>
$image_keywords
,
replace with:
"image_keywords"
=>
explode
(
','
,
$image_keywords
),
includes files
includes/constants.php
find:
define
(
'MAX_SEARCH_KEYWORD_LENGTH'
,
25
);
replace with:
define
(
'MAX_SEARCH_KEYWORD_LENGTH'
,
60
);
find:
define
(
'SCRIPT_VERSION'
,
'1.7.8'
);
replace with:
define
(
'SCRIPT_VERSION'
,
'1.7.9'
);
includes/page_header.php
find:
$site_template
->
un_register_vars
(
"user_loginform"
);
unset(
$user_box
);
}
insert after:
if (
$csrf_protection_enable
&&
$csrf_protection_frontend
) {
csrf_start
(
true
);
}
includes/search_utils.php
find:
function
prepare_searchwords
(
$val
,
$for_search
=
false
)
{
$val
=
strip_tags
(
trim
(
$val
));
$val
=
convert_special
(
$val
);
$val
=
strtolower
(
$val
);
$val
=
preg_replace
(
'/[\n\r]+/'
,
','
,
$val
);
if (
$for_search
) {
$search_array
= array(
"/\s+\+/"
,
"/\s+\-/"
);
replace with:
function
prepare_searchwords
(
$val
,
$for_search
=
false
)
{
if (!
is_array
(
$val
)) {
$val
=
strip_tags
(
trim
(
$val
));
$val
=
convert_special
(
$val
);
$val
=
strtolower
(
$val
);
$val
=
preg_replace
(
'/[\n\r]+/'
,
','
,
$val
);
if (
$for_search
) {
$search_array
= array(
"/\s+\+/"
,
"/\s+\-/"
);
$replace_array
= array(
" and "
,
" not "
);
$val
=
preg_replace
(
$search_array
,
$replace_array
,
$val
);
} else {
$val
=
str_replace
(
"*"
,
""
,
$val
);
}
$search_array
= array(
"/&(?!(#[0-9]+|[a-z]+);)/si"
,
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si"
,
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si"
,
"#[-_'`´]+#s"
,
"#[\n\t\r^\$\(\)<>\"\|@\?%~\+\.\[\]{}:\/=!§\\\\]+#s"
);
find:
$replace_array
= array(
" and "
,
" not "
);
replace with:
$replace_array
= array(
" "
,
" "
,
" "
,
""
,
" "
);
find:
$val
=
preg_replace
(
$search_array
,
$replace_array
,
$val
);
} else {
$val
=
str_replace
(
"*"
,
""
,
$val
);
}
$search_array
= array(
"/&(?!(#[0-9]+|[a-z]+);)/si"
,
"#([^]_a-z0-9-=\"'\/])([a-z]+?)://([^, \(\)<>\n\r]+)#si"
,
"#([^]_a-z0-9-=\"'\/])www\.([a-z0-9\-]+)\.([a-z0-9\-.\~]+)((?:/[^, \(\)<>\n\r]*)?)#si"
,
"#[-_'`´]+#s"
,
"#[\n\t\r^\$\(\)<>\"\|@\?%~\+\.\[\]{}:\/=!§\\\\]+#s"
);
$replace_array
= array(
" "
,
" "
,
" "
,
""
,
" "
);
$val
=
preg_replace
(
$search_array
,
$replace_array
,
$val
);
if (empty(
$val
)) {
return array();
}
replace with:
$val
=
preg_replace
(
$search_array
,
$replace_array
,
$val
);
if (empty(
$val
)) {
return array();
}
$split_words
=
preg_split
(
"/\s+/"
,
$val
);
} else {
$split_words
=
$val
;
array_walk
(
$split_words
,
'trim_value'
);
$split_words
=
array_unique
(
array_filter
(
$split_words
));
}
find and delete:
$split_words
=
preg_split
(
"/,+/"
,
$val
);
find:
$len
=
strlen
(
preg_replace
(
"/&(#[0-9]+|[a-z]+);/siU"
,
"_"
,
$word
));
if (
$len
>=
MIN_SEARCH_KEYWORD_LENGTH
&&
$len
<=
MAX_SEARCH_KEYWORD_LENGTH
&& !
in_array
(
$word
,
$stopword_list
)) {
$clean_words
[] =
$word
;
}
}
insert after:
if (
$for_search
) {
// Add whole string for image_keyword search
$clean_words
[] =
implode
(
' '
,
$clean_words
);
}
includes/sessions.php
find:
if (@
ini_get
(
'register_globals'
)) {
replace with:
$register_globals
=
strtolower
(@
ini_get
(
'register_globals'
));
if (
$register_globals
&&
$register_globals
!=
"off"
&&
$register_globals
!=
"false"
) {
«
Last Edit: November 24, 2010, 07:23:02 PM by kai
»
Logged
Your first three "must do" before you ask a question:
1.
Forum rules
2.
FAQ
Error messages
Bug fixes
3.
Search
Print
Pages: [
1
]
« previous
next »
4images Forum & Community
»
4images Help / Hilfe
»
News & Announcements
»
4images 1.7.9