106
Language Packs / Re: [Language] Italian language files 1.7.9 Full
« on: November 20, 2010, 12:49:09 PM »
Grazie!!!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
107
Discussion & Troubleshooting / Re: Probleme mit Version 1.7.9
« on: November 18, 2010, 10:30:37 AM »
@ x23piracy:
Ich kann den Fehler nicht nachvollziehen. Löschen von Bildern aus Lightbox oder Löschen der gesamten Lightbox klappt ohne Probleme.
Hier gibts einen Extra-Thread für Dich:
http://www.4homepages.de/forum/index.php?topic=28295.0
Ich kann den Fehler nicht nachvollziehen. Löschen von Bildern aus Lightbox oder Löschen der gesamten Lightbox klappt ohne Probleme.
Hier gibts einen Extra-Thread für Dich:
http://www.4homepages.de/forum/index.php?topic=28295.0
108
Discussion & Troubleshooting / Re: Probleme mit Version 1.7.9
« on: November 18, 2010, 09:23:06 AM »
Schlüsselwörter sollten per Komma getrennt eingegeben werden. Das "," ist das Trennzeichen.
Wir werden den Hilfetext entsprechend ändern.
@ mawenzi:
Upload des Bildes mit den gleichen Keywords, Titel, etc. funktioniert problemlos:
http://demo.4homepages.de/details.php?image_id=76
Eine SQL-Fehlermeldung tritt nicht auf.
Wir werden den Hilfetext entsprechend ändern.
@ mawenzi:
Upload des Bildes mit den gleichen Keywords, Titel, etc. funktioniert problemlos:
http://demo.4homepages.de/details.php?image_id=76
Eine SQL-Fehlermeldung tritt nicht auf.
109
Installation, Update & Configuration / Re: 1.7.8 to 1.7.9 files updates
« on: November 17, 2010, 04:24:00 PM »
Yes, we will post the changes asap.
Additionally you can use http://winmerge.org/ to compare the changed files.
Additionally you can use http://winmerge.org/ to compare the changed files.
110
Discussion & Troubleshooting / Re: Probleme mit Version 1.7.9
« on: November 17, 2010, 09:45:17 AM »@andi ...
... ja richtig, mit der Bearbeitung von "Uhuru Peak" ... und der oben gezeigten Fehlermeldung ... werden wieder alle drei Bilder gefunden ...
... aber ich werde dir heut Abend nochmal ein solches Beispiel aufzeigen ...
... und wie gibst du deine Keywords ein ? ... mit Komma oder neuer Zeile ? ...
Hi mawenzi,
kannst du wie geschrieben nochmal ein eindeutiges Beispiel bei deiner Galerie zeigen?
thx
111
News & Announcements / 4images 1.7.9 Changelog
« on: November 11, 2010, 09:25:03 AM »
=========================================================
ChangeLog Version 1.7.9
=========================================================
- Added CSRF protection system (see docs/CSRF.english.txt or docs/CSRF.deutsch.txt)
- Security Fix for XSS issue in admin/admin_functions.php
- Fixed "Support for PHP4" (http://www.4homepages.de/forum/index.php?topic=27939.0)
- Fixed "multi-word search in 1.7.8" (http://www.4homepages.de/forum/index.php?topic=28028.0)
- Fixed "Uploadfehler nach Update von 1.7.7 auf 1.78" (http://www.4homepages.de/forum/index.php?topic=27829.0)
- Fixed "Can't login" (http://www.4homepages.de/forum/index.php?topic=27782.0)
- Fixed "Check new images - thumbnail not saved if already existed." (http://www.4homepages.de/forum/index.php?topic=27739.0)
- Fixed "Database Backup shows only *.sql files (no *.sql.gz)" (http://www.4homepages.de/forum/index.php?topic=27757.0)
- Fixed "Beschreibung nicht in Suche eingeschlossen" (http://www.4homepages.de/forum/index.php?topic=27747.0)
Neue Dateien / New Files:
---------------------------------------
- includes/csrf_utils.php
Geänderte Dateien / Changed Files:
---------------------------------------
global.php
member.php
admin/admin_functions.php
admin/admin_global.php
admin/backup.php
admin/checkimages.php
admin/images.php
admin/validateimages.php
admin/plugins/migrate_keywords.php
includes/constants.php
includes/page_header.php
includes/search_utils.php
includes/sessions.php
Sprache / Language:
---------------------------------------
- admin.php
- edited: $lang['field_keywords_ext']
- added: $lang['cni_thumbnail_rename_success']
- added: $lang['cni_thumbnail_rename_error']
- added: $lang['cni_copy_success']
- added: $lang['cni_copy_error']
- added: $lang['cni_copy_thumb_success']
- added: $lang['cni_copy_thumb_error']
- added: $lang['file_not_found']
ChangeLog Version 1.7.9
=========================================================
- Added CSRF protection system (see docs/CSRF.english.txt or docs/CSRF.deutsch.txt)
- Security Fix for XSS issue in admin/admin_functions.php
- Fixed "Support for PHP4" (http://www.4homepages.de/forum/index.php?topic=27939.0)
- Fixed "multi-word search in 1.7.8" (http://www.4homepages.de/forum/index.php?topic=28028.0)
- Fixed "Uploadfehler nach Update von 1.7.7 auf 1.78" (http://www.4homepages.de/forum/index.php?topic=27829.0)
- Fixed "Can't login" (http://www.4homepages.de/forum/index.php?topic=27782.0)
- Fixed "Check new images - thumbnail not saved if already existed." (http://www.4homepages.de/forum/index.php?topic=27739.0)
- Fixed "Database Backup shows only *.sql files (no *.sql.gz)" (http://www.4homepages.de/forum/index.php?topic=27757.0)
- Fixed "Beschreibung nicht in Suche eingeschlossen" (http://www.4homepages.de/forum/index.php?topic=27747.0)
Neue Dateien / New Files:
---------------------------------------
- includes/csrf_utils.php
Geänderte Dateien / Changed Files:
---------------------------------------
global.php
member.php
admin/admin_functions.php
admin/admin_global.php
admin/backup.php
admin/checkimages.php
admin/images.php
admin/validateimages.php
admin/plugins/migrate_keywords.php
includes/constants.php
includes/page_header.php
includes/search_utils.php
includes/sessions.php
Sprache / Language:
---------------------------------------
- admin.php
- edited: $lang['field_keywords_ext']
- added: $lang['cni_thumbnail_rename_success']
- added: $lang['cni_thumbnail_rename_error']
- added: $lang['cni_copy_success']
- added: $lang['cni_copy_error']
- added: $lang['cni_copy_thumb_success']
- added: $lang['cni_copy_thumb_error']
- added: $lang['file_not_found']
112
Feedback & Suggestions / 4images 1.7.9 - Feedback
« on: November 11, 2010, 09:22:03 AM »
Bitte nutzt diesen Thread für Feedback, Kommentare und Anregungen zum 4images 1.7.9 Release.
Für Bug Reports und Troubleshooting bitte dieses Forum nutzen.
Please use this thread for feedback and comments about the 4images 1.7.9 release.
For bug reporting and troubleshooting please use this forum.
Für Bug Reports und Troubleshooting bitte dieses Forum nutzen.
Please use this thread for feedback and comments about the 4images 1.7.9 release.
For bug reporting and troubleshooting please use this forum.
113
News & Announcements / 4images 1.7.9
« on: November 11, 2010, 09:21:16 AM »
Die neue Version 4images 1.7.9 wurde veröffentlicht. Das Release bringt Detailverbesserungen, behebt einge bugs und zwei sicherheitsrelevante Fehler.Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.
The new version 4images 1.7.9 has been released. This release comes with some improvements, bugfixes, 2 security fixes and minor changes.We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".
Download:
http://www.4homepages.de/4images/download.php
Demo:
http://www.4homepages.de/4images/demo.php
Für Feedback zur 4images 1.7.9 Version bitte diesen Thread nutzen.
Please use this thread for feedback about the 4images 1.7.9 version.
114
Mods & Plugins (Releases & Support) / Re: PHPTHumb for Smaller detail image preview (to save traffic)
« on: November 10, 2010, 05:16:51 PM »
Attention:
We recommend NOT to use PHPTHumb until they released a fixed version!
The current version 1.7.9-200805132119 (released May 28, 2008) has a big security leak.
Attackers can compromise your server.
Secunia rated this vulnerability as "highly critical".
http://secunia.com/advisories/39556/
We recommend NOT to use PHPTHumb until they released a fixed version!
The current version 1.7.9-200805132119 (released May 28, 2008) has a big security leak.
Attackers can compromise your server.
Secunia rated this vulnerability as "highly critical".
http://secunia.com/advisories/39556/
115
Mods & Plugins (Releases & Support) / Re: [Mod] Chaptcha can mathematics
« on: November 02, 2010, 07:42:54 PM »
rated 5 stars
116
Discussion & Troubleshooting / Re: How Google does not index img5796.search.htm?sessionid
« on: November 02, 2010, 07:12:24 PM »
Plz read the text in the link I posted.
You can also use Google Webmaster tools.
You can also use Google Webmaster tools.
118
Discussion & Troubleshooting / Re: How Google does not index img5796.search.htm?sessionid
« on: October 30, 2010, 02:02:20 PM »
You can use a pattern matching filter in robots.txt
http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=156449&from=40360&rd=1
http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=156449&from=40360&rd=1
119
Bug Fixes & Patches / [1.7 - 1.7.8] Security fix for CSRF vulnerability
« on: October 27, 2010, 12:10:43 PM »
A cross-site request forgery vulnerability in 4images 1.7 - 1.7.8 has been found.
To fix this please follow these 4 steps:
1.
Download the attached file csrf_utils.php file and copy it into includes/ folder of your 4images installation.
2.
Open global.php and search for the following line:
@include(ROOT_PATH.'config.php');
and insert the following code ABOVE this line:
// Initialize CSRF protection configuration
$csrf_protection_enable = 1;
$csrf_protection_frontend = 1;
$csrf_protection_backend = 1;
$csrf_protection_expires = 7200;
$csrf_protection_name = '__csrf';
$csrf_protection_xhtml = 1;
In the same file, search for the line:
include_once(ROOT_PATH.'includes/captcha_utils.php');
and insert the following code BELOW this line:
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');
3.
Open includes/page_header.php and search for the following line (at the end for the file):
?>
and insert the following code ABOVE this line:
if ($csrf_protection_enable && $csrf_protection_frontend) {
csrf_start(true);
}
4.
Open admin/admin_global.php and search for the following line:
include_once(ROOT_PATH.'admin/admin_functions.php');
and insert the following code BELOW this line:
if ($csrf_protection_enable && $csrf_protection_backend) {
csrf_start();
}
Thanks to Russ McRee for finding and reporting this vulnerability!
To fix this please follow these 4 steps:
1.
Download the attached file csrf_utils.php file and copy it into includes/ folder of your 4images installation.
2.
Open global.php and search for the following line:
@include(ROOT_PATH.'config.php');
and insert the following code ABOVE this line:
// Initialize CSRF protection configuration
$csrf_protection_enable = 1;
$csrf_protection_frontend = 1;
$csrf_protection_backend = 1;
$csrf_protection_expires = 7200;
$csrf_protection_name = '__csrf';
$csrf_protection_xhtml = 1;
In the same file, search for the line:
include_once(ROOT_PATH.'includes/captcha_utils.php');
and insert the following code BELOW this line:
//-----------------------------------------------------
//--- CSRF protection ---------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/csrf_utils.php');
3.
Open includes/page_header.php and search for the following line (at the end for the file):
?>
and insert the following code ABOVE this line:
if ($csrf_protection_enable && $csrf_protection_frontend) {
csrf_start(true);
}
4.
Open admin/admin_global.php and search for the following line:
include_once(ROOT_PATH.'admin/admin_functions.php');
and insert the following code BELOW this line:
if ($csrf_protection_enable && $csrf_protection_backend) {
csrf_start();
}
Thanks to Russ McRee for finding and reporting this vulnerability!
120
Bug Fixes & Patches / [1.7 - 1.7.8] Security fix for XSS vulnerability in admin/admin_functions.php
« on: October 27, 2010, 11:39:09 AM »
A cross site scripting vulnerability in 4images 1.7 - 1.7.8 has been found.
To fix this:
In admin/admin_functions.php
find
echo "<form action=\"".$site_sess->url($phpscript)."\"".$upload." name=\"".$name."\" method=\"post\">\n";
and replace it with
echo "<form action=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($phpscript)))."\"".$upload." name=\"".$name."\" method=\"post\">\n";
find
echo "<a href=\"".$site_sess->url($url)."\"".$target.">[".$text."]</a> ";
and replace it with
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\"".$target.">[".$text."]</a> ";
find
echo "<a href=\"".$site_sess->url($url)."\" class=\"navlink\">".$title."</a> $extra\n";
and replace it with
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";
If you are using 4images v1.7 also add in includes/functions.php above ?>
function safe_htmlspecialchars($chars) {
// Translate all non-unicode entities
$chars = preg_replace(
'/&(?!(#[0-9]+|[a-z]+);)/si',
'&',
$chars
);
$chars = str_replace(">", ">", $chars);
$chars = str_replace("<", "<", $chars);
$chars = str_replace('"', """, $chars);
return $chars;
}
Thanks to Secunia Research for finding and reporting this vulnerability!
To fix this:
In admin/admin_functions.php
find
echo "<form action=\"".$site_sess->url($phpscript)."\"".$upload." name=\"".$name."\" method=\"post\">\n";
and replace it with
echo "<form action=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($phpscript)))."\"".$upload." name=\"".$name."\" method=\"post\">\n";
find
echo "<a href=\"".$site_sess->url($url)."\"".$target.">[".$text."]</a> ";
and replace it with
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\"".$target.">[".$text."]</a> ";
find
echo "<a href=\"".$site_sess->url($url)."\" class=\"navlink\">".$title."</a> $extra\n";
and replace it with
echo "<a href=\"".$site_sess->url(safe_htmlspecialchars(strip_tags($url)))."\" class=\"navlink\">".$title."</a> $extra\n";
If you are using 4images v1.7 also add in includes/functions.php above ?>
function safe_htmlspecialchars($chars) {
// Translate all non-unicode entities
$chars = preg_replace(
'/&(?!(#[0-9]+|[a-z]+);)/si',
'&',
$chars
);
$chars = str_replace(">", ">", $chars);
$chars = str_replace("<", "<", $chars);
$chars = str_replace('"', """, $chars);
return $chars;
}
Thanks to Secunia Research for finding and reporting this vulnerability!