76
Templates & Styles (Requests & Discussions) / Re: Color Schemes ( For Template/Theme Developers )
« on: May 23, 2011, 02:55:04 PM »
yes, both very good ressources!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
77
Discussion & Troubleshooting / Re: Suche klappt nicht nach Update 1.7.10
« on: May 20, 2011, 12:18:06 PM »
Hallo Harald,
die Änderung wurde im Zuge der neue Möglichkeit gemacht, dass nun keywords bestehend aus mehreren Wörtern möglich sind.
die Änderung wurde im Zuge der neue Möglichkeit gemacht, dass nun keywords bestehend aus mehreren Wörtern möglich sind.
78
News & Announcements / Re: 4images 1.7.10
« on: May 06, 2011, 03:39:41 PM »
Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)
16.) search in lang/admin.php (deutsch)
$lang['cni_iptc_description'] = "Verwenden Beschreibung aus IPTC Daten:";
$lang['cni_iptc_keywords'] = "Verwenden Schlüsselwörter aus IPTC Daten:";
replace:
$lang['cni_iptc_description'] = "Verwende Beschreibung aus IPTC Daten:";
$lang['cni_iptc_keywords'] = "Verwende Schlüsselwörter aus IPTC Daten:";
16.1) search:
$lang['cni_big_folder'] = "Ordnername in welchen das Originalbild gespeicher werden soll:";
replace:
$lang['cni_big_folder'] = "Ordnername in denen das Originalbild gespeichert werden soll:";
17.) search in root/download.php
$file = array();
insert below:
$file_path = null;
$file_name = null;
17.1) search:
while ($image_row = $site_db->fetch_array($result)) {
insert below:
$file_path = null;
$file_name = null;
18.) search in root/global:
$cat_cache = array();
insert above:
$search_match_fields = null;
$search_index_types = null;
18.1) search:
$captcha_chars = "abcdefghijklmnopqrstuvwxyz1234567890";
$captcha_length = 5;
replace:
$captcha_chars = "abcdefghijklmnopqrstuvwxyz123456789";
$captcha_length = 6;
18.2) search:
$captcha_text_size = 25;
$captcha_text_transparency = 60;
replace:
$captcha_text_size = 20;
$captcha_text_transparency = 50;
18.3) search:
$action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim($HTTP_POST_VARS['action'])) : stripslashes(trim($HTTP_GET_VARS['action']));
replace:
$action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim((string)$HTTP_POST_VARS['action'])) : stripslashes(trim((string)$HTTP_GET_VARS['action']));
18.4) search:
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
replace:
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim((string)$HTTP_POST_VARS['mode'])) : stripslashes(trim((string)$HTTP_GET_VARS['mode']));
18.5) search:
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);
replace:
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim((string)$HTTP_POST_VARS['search_keywords']) : trim((string)$HTTP_GET_VARS['search_keywords']);
18.6) search:
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
replace:
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim((string)$HTTP_POST_VARS['search_user']) : trim((string)$HTTP_GET_VARS['search_user']);
18.7) search:
//-----------------------------------------------------
//--- Cache -------------------------------------------
insert above:
//-----------------------------------------------------
//--- Security ----------------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/security_utils.php');
19.) search in root/install.php
$admin_pass_md5 = md5($admin_password);
$current_time = time();
$sql = "UPDATE ".$table_prefix."users
SET user_name = '$admin_user', user_password = '$admin_pass_md5', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time
WHERE user_name = 'admin'";
replace:
include(ROOT_PATH.'includes/security_utils.php');
$admin_pass_hashed = salted_hash($admin_password);
$current_time = time();
$sql = "UPDATE ".$table_prefix."users
SET user_name = '$admin_user', user_password = '$admin_pass_hashed', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time
WHERE user_name = 'admin'";
20.) search in root/lightbox.php
define('ROOT_PATH', './');
insert below:
define('MAIN_SCRIPT', __FILE__);
21.) search and remove in root/member.php 2x:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
21.1) search:
elseif ($config['auto_thumbnail'] == 1 && !empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none" && !$uploaderror) {
if ($direct_upload) {
$src = MEDIA_PATH."/".$cat_id."/".$new_name;
$dest = THUMB_PATH."/".$cat_id."/".$new_name;
}
else {
$src = MEDIA_TEMP_PATH."/".$new_name;
$dest = THUMB_TEMP_PATH."/".$new_name;
replace:
elseif ($config['auto_thumbnail'] == 1 && !empty($new_name) && !$uploaderror && ((!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") || is_remote($new_name))) {
if ($direct_upload) {
if (is_remote($new_name)) {
$src = $new_name;
$thumb = create_unique_filename(THUMB_PATH."/".$cat_id, filterFileName($new_name));
} else {
$src = MEDIA_PATH."/".$cat_id."/".$new_name;
$thumb = $new_name;
}
$dest = THUMB_PATH."/".$cat_id."/".$thumb;
}
else {
if (is_remote($new_name)) {
$src = $new_name;
$thumb = create_unique_filename(THUMB_TEMP_PATH, filterFileName($new_name));
} else {
$src = MEDIA_TEMP_PATH."/".$new_name;
$thumb = $new_name;
}
$dest = THUMB_TEMP_PATH."/".$thumb;
21.2) search:
$new_thumb_name = $new_name;
replace:
$new_thumb_name = $thumb;
21.3) search:
mt_srand((double) microtime() * 1000000);
$puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$user_password = "";
for ($i = 0; $i < 8; $i++) {
$user_password .= substr($puddle, (mt_rand()%(strlen($puddle))), 1);
}
replace:
$user_password = random_string(8);
$user_password_hashed = salted_hash($user_password);
21.4) search:
SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];
replace:
SET ".get_user_table_field("", "user_password")." = '".$user_password_hashed."'
WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];
21.5) search:
$current_user_password = md5(trim($HTTP_POST_VARS['current_user_password']));
replace:
$current_user_password = trim($HTTP_POST_VARS['current_user_password']);
21.6) search:
if ($current_user_password != $user_info['user_password']) {
replace:
if (!compare_passwords($current_user_password, $user_info['user_password'])) {
21.7) search:
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
replace:
$user_password_hashed = salted_hash($user_password);
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_password")." = '".$user_password_hashed."'
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
22.) search in root/register.php
$sql = "INSERT INTO ".USERS_TABLE."
(".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
VALUES
($user_id, $user_level, '$user_name', '".md5($user_password)."', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
replace:
$user_password_hashed = salted_hash($user_password);
$sql = "INSERT INTO ".USERS_TABLE."
(".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
VALUES
($user_id, $user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
23.) search in root/search.php:
$split_words = prepare_searchwords($search_keywords, true);
replace:
$split_words = prepare_searchwords_for_search($search_keywords);
23.1) search:
$sql = "SELECT m.image_id
FROM (".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m)
WHERE w.word_text LIKE '".addslashes(str_replace("*", "%", $split_words[$i]))."'
replace:
$curr_words = $split_words[$i];
if (!is_array($curr_words)) {
$curr_words = array($curr_words);
}
$where = array();
foreach ($curr_words as $curr_word) {
$where[] = "w.word_text LIKE '".addslashes(str_replace("*", "%", $curr_word))."'";
}
$sql = "SELECT m.image_id
FROM (".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m)
WHERE (" . implode(' OR ', $where) . ")
(The best way for yourself to compare the code of files is to use Winmerge.)
16.) search in lang/admin.php (deutsch)
$lang['cni_iptc_description'] = "Verwenden Beschreibung aus IPTC Daten:";
$lang['cni_iptc_keywords'] = "Verwenden Schlüsselwörter aus IPTC Daten:";
replace:
$lang['cni_iptc_description'] = "Verwende Beschreibung aus IPTC Daten:";
$lang['cni_iptc_keywords'] = "Verwende Schlüsselwörter aus IPTC Daten:";
16.1) search:
$lang['cni_big_folder'] = "Ordnername in welchen das Originalbild gespeicher werden soll:";
replace:
$lang['cni_big_folder'] = "Ordnername in denen das Originalbild gespeichert werden soll:";
17.) search in root/download.php
$file = array();
insert below:
$file_path = null;
$file_name = null;
17.1) search:
while ($image_row = $site_db->fetch_array($result)) {
insert below:
$file_path = null;
$file_name = null;
18.) search in root/global:
$cat_cache = array();
insert above:
$search_match_fields = null;
$search_index_types = null;
18.1) search:
$captcha_chars = "abcdefghijklmnopqrstuvwxyz1234567890";
$captcha_length = 5;
replace:
$captcha_chars = "abcdefghijklmnopqrstuvwxyz123456789";
$captcha_length = 6;
18.2) search:
$captcha_text_size = 25;
$captcha_text_transparency = 60;
replace:
$captcha_text_size = 20;
$captcha_text_transparency = 50;
18.3) search:
$action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim($HTTP_POST_VARS['action'])) : stripslashes(trim($HTTP_GET_VARS['action']));
replace:
$action = (isset($HTTP_POST_VARS['action'])) ? stripslashes(trim((string)$HTTP_POST_VARS['action'])) : stripslashes(trim((string)$HTTP_GET_VARS['action']));
18.4) search:
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim($HTTP_POST_VARS['mode'])) : stripslashes(trim($HTTP_GET_VARS['mode']));
replace:
$mode = (isset($HTTP_POST_VARS['mode'])) ? stripslashes(trim((string)$HTTP_POST_VARS['mode'])) : stripslashes(trim((string)$HTTP_GET_VARS['mode']));
18.5) search:
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);
replace:
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ? trim((string)$HTTP_POST_VARS['search_keywords']) : trim((string)$HTTP_GET_VARS['search_keywords']);
18.6) search:
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
replace:
$search_user = (isset($HTTP_POST_VARS['search_user'])) ? trim((string)$HTTP_POST_VARS['search_user']) : trim((string)$HTTP_GET_VARS['search_user']);
18.7) search:
//-----------------------------------------------------
//--- Cache -------------------------------------------
insert above:
//-----------------------------------------------------
//--- Security ----------------------------------------
//-----------------------------------------------------
include_once(ROOT_PATH.'includes/security_utils.php');
19.) search in root/install.php
$admin_pass_md5 = md5($admin_password);
$current_time = time();
$sql = "UPDATE ".$table_prefix."users
SET user_name = '$admin_user', user_password = '$admin_pass_md5', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time
WHERE user_name = 'admin'";
replace:
include(ROOT_PATH.'includes/security_utils.php');
$admin_pass_hashed = salted_hash($admin_password);
$current_time = time();
$sql = "UPDATE ".$table_prefix."users
SET user_name = '$admin_user', user_password = '$admin_pass_hashed', user_joindate = $current_time, user_lastaction = $current_time, user_lastvisit = $current_time
WHERE user_name = 'admin'";
20.) search in root/lightbox.php
define('ROOT_PATH', './');
insert below:
define('MAIN_SCRIPT', __FILE__);
21.) search and remove in root/member.php 2x:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
21.1) search:
elseif ($config['auto_thumbnail'] == 1 && !empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none" && !$uploaderror) {
if ($direct_upload) {
$src = MEDIA_PATH."/".$cat_id."/".$new_name;
$dest = THUMB_PATH."/".$cat_id."/".$new_name;
}
else {
$src = MEDIA_TEMP_PATH."/".$new_name;
$dest = THUMB_TEMP_PATH."/".$new_name;
replace:
elseif ($config['auto_thumbnail'] == 1 && !empty($new_name) && !$uploaderror && ((!empty($HTTP_POST_FILES['media_file']['tmp_name']) && $HTTP_POST_FILES['media_file']['tmp_name'] != "none") || is_remote($new_name))) {
if ($direct_upload) {
if (is_remote($new_name)) {
$src = $new_name;
$thumb = create_unique_filename(THUMB_PATH."/".$cat_id, filterFileName($new_name));
} else {
$src = MEDIA_PATH."/".$cat_id."/".$new_name;
$thumb = $new_name;
}
$dest = THUMB_PATH."/".$cat_id."/".$thumb;
}
else {
if (is_remote($new_name)) {
$src = $new_name;
$thumb = create_unique_filename(THUMB_TEMP_PATH, filterFileName($new_name));
} else {
$src = MEDIA_TEMP_PATH."/".$new_name;
$thumb = $new_name;
}
$dest = THUMB_TEMP_PATH."/".$thumb;
21.2) search:
$new_thumb_name = $new_name;
replace:
$new_thumb_name = $thumb;
21.3) search:
mt_srand((double) microtime() * 1000000);
$puddle = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$user_password = "";
for ($i = 0; $i < 8; $i++) {
$user_password .= substr($puddle, (mt_rand()%(strlen($puddle))), 1);
}
replace:
$user_password = random_string(8);
$user_password_hashed = salted_hash($user_password);
21.4) search:
SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];
replace:
SET ".get_user_table_field("", "user_password")." = '".$user_password_hashed."'
WHERE ".get_user_table_field("", "user_id")." = ".$checkuser[$user_table_fields['user_id']];
21.5) search:
$current_user_password = md5(trim($HTTP_POST_VARS['current_user_password']));
replace:
$current_user_password = trim($HTTP_POST_VARS['current_user_password']);
21.6) search:
if ($current_user_password != $user_info['user_password']) {
replace:
if (!compare_passwords($current_user_password, $user_info['user_password'])) {
21.7) search:
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_password")." = '".md5($user_password)."'
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
replace:
$user_password_hashed = salted_hash($user_password);
$sql = "UPDATE ".USERS_TABLE."
SET ".get_user_table_field("", "user_password")." = '".$user_password_hashed."'
WHERE ".get_user_table_field("", "user_id")." = ".$user_info['user_id'];
22.) search in root/register.php
$sql = "INSERT INTO ".USERS_TABLE."
(".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
VALUES
($user_id, $user_level, '$user_name', '".md5($user_password)."', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
replace:
$user_password_hashed = salted_hash($user_password);
$sql = "INSERT INTO ".USERS_TABLE."
(".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
VALUES
($user_id, $user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
23.) search in root/search.php:
$split_words = prepare_searchwords($search_keywords, true);
replace:
$split_words = prepare_searchwords_for_search($search_keywords);
23.1) search:
$sql = "SELECT m.image_id
FROM (".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m)
WHERE w.word_text LIKE '".addslashes(str_replace("*", "%", $split_words[$i]))."'
replace:
$curr_words = $split_words[$i];
if (!is_array($curr_words)) {
$curr_words = array($curr_words);
}
$where = array();
foreach ($curr_words as $curr_word) {
$where[] = "w.word_text LIKE '".addslashes(str_replace("*", "%", $curr_word))."'";
}
$sql = "SELECT m.image_id
FROM (".WORDLIST_TABLE." w, ".WORDMATCH_TABLE." m)
WHERE (" . implode(' OR ', $where) . ")
79
News & Announcements / Re: 4images 1.7.10
« on: May 06, 2011, 03:39:03 PM »
Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)
8.) search in includes/constants.php:
define('GROUPTYPE_SINGLE', 2);
insert below:
// Password
define('PASSWORD_HASH_ALGO', 'md5');
define('PASSWORD_SALT_LENGTH', 9);
8.1) search:
define('SCRIPT_VERSION', '1.7.9');
replace:
define('SCRIPT_VERSION', '1.7.10');
9.) search in includes/csrf_utils.php:
if ($token !== (string) $HTTP_POST_VARS[$csrf_protection_name]) {
replace:
if (!secure_compare($token, (string) $HTTP_POST_VARS[$csrf_protection_name])) {
10.) search in includes/functions.php:
elseif ( $key == "ExposureTime" ) {
$ExposureTime = explode("/", $exif_info);
if ( $ExposureTime[0] == 1 && $ExposureTime[1] == 1 ){
$exif_array[$exif_match[$key]] = $ExposureTime[1]." sec(s)";
} elseif ( $ExposureTime[0] == 1 ) {
$exif_array[$exif_match[$key]] = "1/".($ExposureTime[1] * $ExposureTime[0])." sec(s)";
} elseif ( $ExposureTime[1] > 1 ) {
$exif_array[$exif_match[$key]] = ($ExposureTime[0]/$ExposureTime[1])." sec(s)";
} elseif( $ExposureTime[1] == 1 ) {
$exif_array[$exif_match[$key]] = ($ExposureTime[0] * $ExposureTime[1])." sec(s)";
}
replace:
elseif ($key == "ExposureTime") {
$ExposureTime = explode("/", $exif_info);
if ((float)$ExposureTime[1] == 0) {
$exif_array[$exif_match[$key]] = "0 sec(s)";
}
elseif (($ExposureTime[0]/$ExposureTime[1]) >= 0.3) {
$exif_array[$exif_match[$key]] = round(($ExposureTime[0]/$ExposureTime[1]),1)." sec(s)";
}
else {
$exif_array[$exif_match[$key]] = "1/".round((1/($ExposureTime[0]/$ExposureTime[1])),0)." sec(s)";
}
}
10.1) search:
$keywords .= (($keywords != "" ) ? ", " : "")."<a href=\"".$site_sess->url(ROOT_PATH."search.php?search_keywords=".urlencode($val))."\">".format_text($val, 2)."</a>";
replace:
$url_val = $val;
if (preg_match('/[^a-z0-9]+/i', $url_val)) {
$url_val = '"' . $url_val . '"';
}
$keywords .= (($keywords != "" ) ? ", " : "")."<a href=\"".$site_sess->url(ROOT_PATH."search.php?search_keywords=".urlencode($url_val))."\">".format_text($val, 2)."</a>";
10.2) search:
?>
insert above:
function create_unique_filename($base, $file)
{
$ext = get_file_extension($file);
$name = get_file_name($file);
$n = 2;
$copy = "";
while (file_exists($base."/".$name.$copy.".".$ext)) {
$copy = "_".$n;
$n++;
}
return $name.$copy.".".$ext;
}
11.) search in includes/page_header.php:
$file = get_file_name(basename(MAIN_SCRIPT));
$array = array(
insert below:
"page_categories" => false,
"page_details" => false,
"page_index" => false,
"page_lightbox" => false,
"page_member" => false,
"page_postcards" => false,
"page_register" => false,
"page_search" => false,
"page_top" => false,
// Backwards compatibility
11.1) search:
$array[$file] = true;
insert below:
}
if (isset($array["page_" . $file])) {
$array["page_" . $file] = true;
11.2) search:
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
replace:
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" ", stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
11.3) search:
setcookie($cookie_name.'rated', serialize($cookie_rated), $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
replace:
setcookie($cookie_name.'rated', implode(" ", $cookie_rated), $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
12.) search in includes/paging.php
$this->page = $page;
$this->perpage = $perpage;
$this->num_rows_all = $num_rows_all;
if (!isset($this->page) || !intval($this->page)) {
$this->page = 1;
}
if (!$this->num_rows_all) {
replace:
$this->page = intval($page);
$this->perpage = intval($perpage);
$this->num_rows_all = intval($num_rows_all);
if ($this->page <= 0) {
$this->page = 1;
}
if ($this->perpage <= 0) {
$this->perpage = 1;
}
if ($this->num_rows_all <= 0) {
13.) copy the "search_utils.php" from the attachment in your "includes" folder:
14.) copy the "security_utils.php" from the attachment in your "includes" folder.
15.) search in includes/session.php:
if ($this->read_cookie_data("userpass") == $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", $this->user_info['user_password']);
replace:
if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", md5($this->user_info['user_password']));
15.1) search and remove:
$user_password = md5($user_password);
15.2) search:
if ($row[$user_table_fields['user_password']] == $user_password) {
replace:
if (compare_passwords($user_password, $row[$user_table_fields['user_password']])) {
15.3) search:
$this->set_cookie_data("userpass", ($auto_login) ? $user_password : "");
replace:
$this->set_cookie_data("userpass", ($auto_login) ? md5($row[$user_table_fields['user_password']]) : "");
(The best way for yourself to compare the code of files is to use Winmerge.)
8.) search in includes/constants.php:
define('GROUPTYPE_SINGLE', 2);
insert below:
// Password
define('PASSWORD_HASH_ALGO', 'md5');
define('PASSWORD_SALT_LENGTH', 9);
8.1) search:
define('SCRIPT_VERSION', '1.7.9');
replace:
define('SCRIPT_VERSION', '1.7.10');
9.) search in includes/csrf_utils.php:
if ($token !== (string) $HTTP_POST_VARS[$csrf_protection_name]) {
replace:
if (!secure_compare($token, (string) $HTTP_POST_VARS[$csrf_protection_name])) {
10.) search in includes/functions.php:
elseif ( $key == "ExposureTime" ) {
$ExposureTime = explode("/", $exif_info);
if ( $ExposureTime[0] == 1 && $ExposureTime[1] == 1 ){
$exif_array[$exif_match[$key]] = $ExposureTime[1]." sec(s)";
} elseif ( $ExposureTime[0] == 1 ) {
$exif_array[$exif_match[$key]] = "1/".($ExposureTime[1] * $ExposureTime[0])." sec(s)";
} elseif ( $ExposureTime[1] > 1 ) {
$exif_array[$exif_match[$key]] = ($ExposureTime[0]/$ExposureTime[1])." sec(s)";
} elseif( $ExposureTime[1] == 1 ) {
$exif_array[$exif_match[$key]] = ($ExposureTime[0] * $ExposureTime[1])." sec(s)";
}
replace:
elseif ($key == "ExposureTime") {
$ExposureTime = explode("/", $exif_info);
if ((float)$ExposureTime[1] == 0) {
$exif_array[$exif_match[$key]] = "0 sec(s)";
}
elseif (($ExposureTime[0]/$ExposureTime[1]) >= 0.3) {
$exif_array[$exif_match[$key]] = round(($ExposureTime[0]/$ExposureTime[1]),1)." sec(s)";
}
else {
$exif_array[$exif_match[$key]] = "1/".round((1/($ExposureTime[0]/$ExposureTime[1])),0)." sec(s)";
}
}
10.1) search:
$keywords .= (($keywords != "" ) ? ", " : "")."<a href=\"".$site_sess->url(ROOT_PATH."search.php?search_keywords=".urlencode($val))."\">".format_text($val, 2)."</a>";
replace:
$url_val = $val;
if (preg_match('/[^a-z0-9]+/i', $url_val)) {
$url_val = '"' . $url_val . '"';
}
$keywords .= (($keywords != "" ) ? ", " : "")."<a href=\"".$site_sess->url(ROOT_PATH."search.php?search_keywords=".urlencode($url_val))."\">".format_text($val, 2)."</a>";
10.2) search:
?>
insert above:
function create_unique_filename($base, $file)
{
$ext = get_file_extension($file);
$name = get_file_name($file);
$n = 2;
$copy = "";
while (file_exists($base."/".$name.$copy.".".$ext)) {
$copy = "_".$n;
$n++;
}
return $name.$copy.".".$ext;
}
11.) search in includes/page_header.php:
$file = get_file_name(basename(MAIN_SCRIPT));
$array = array(
insert below:
"page_categories" => false,
"page_details" => false,
"page_index" => false,
"page_lightbox" => false,
"page_member" => false,
"page_postcards" => false,
"page_register" => false,
"page_search" => false,
"page_top" => false,
// Backwards compatibility
11.1) search:
$array[$file] = true;
insert below:
}
if (isset($array["page_" . $file])) {
$array["page_" . $file] = true;
11.2) search:
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
replace:
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" ", stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
11.3) search:
setcookie($cookie_name.'rated', serialize($cookie_rated), $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
replace:
setcookie($cookie_name.'rated', implode(" ", $cookie_rated), $cookie_expire, COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
12.) search in includes/paging.php
$this->page = $page;
$this->perpage = $perpage;
$this->num_rows_all = $num_rows_all;
if (!isset($this->page) || !intval($this->page)) {
$this->page = 1;
}
if (!$this->num_rows_all) {
replace:
$this->page = intval($page);
$this->perpage = intval($perpage);
$this->num_rows_all = intval($num_rows_all);
if ($this->page <= 0) {
$this->page = 1;
}
if ($this->perpage <= 0) {
$this->perpage = 1;
}
if ($this->num_rows_all <= 0) {
13.) copy the "search_utils.php" from the attachment in your "includes" folder:
14.) copy the "security_utils.php" from the attachment in your "includes" folder.
15.) search in includes/session.php:
if ($this->read_cookie_data("userpass") == $this->user_info['user_password'] && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", $this->user_info['user_password']);
replace:
if (secure_compare($this->read_cookie_data("userpass"), md5($this->user_info['user_password'])) && $this->user_info['user_level'] > USER_AWAITING) {
$this->set_cookie_data("userpass", md5($this->user_info['user_password']));
15.1) search and remove:
$user_password = md5($user_password);
15.2) search:
if ($row[$user_table_fields['user_password']] == $user_password) {
replace:
if (compare_passwords($user_password, $row[$user_table_fields['user_password']])) {
15.3) search:
$this->set_cookie_data("userpass", ($auto_login) ? $user_password : "");
replace:
$this->set_cookie_data("userpass", ($auto_login) ? md5($row[$user_table_fields['user_password']]) : "");
80
News & Announcements / Re: 4images 1.7.10
« on: May 06, 2011, 03:37:02 PM »
Here is a detailed list of what has been changed in the php files from 4images 1.7.9 -> 1.7.10.
(The best way for yourself to compare the code of files is to use Winmerge.)
1.) copy the "rebuild_searchindex.php from the attachment in "admin/plugin" folder"
2.) search in admin/categories.php 2x:
$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
$auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
$auth_download = $HTTP_POST_VARS['auth_download'];
$auth_upload = $HTTP_POST_VARS['auth_upload'];
$auth_directupload = $HTTP_POST_VARS['auth_directupload'];
$auth_vote = $HTTP_POST_VARS['auth_vote'];
$auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
$auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
$auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];
and replace 2x:
$auth_viewcat = intval($HTTP_POST_VARS['auth_viewcat']);
$auth_viewimage = intval($HTTP_POST_VARS['auth_viewimage']);
$auth_download = intval($HTTP_POST_VARS['auth_download']);
$auth_upload = intval($HTTP_POST_VARS['auth_upload']);
$auth_directupload = intval($HTTP_POST_VARS['auth_directupload']);
$auth_vote = intval($HTTP_POST_VARS['auth_vote']);
$auth_sendpostcard = intval($HTTP_POST_VARS['auth_sendpostcard']);
$auth_readcomment = intval($HTTP_POST_VARS['auth_readcomment']);
$auth_postcomment = intval($HTTP_POST_VARS['auth_postcomment']);
3.) search and remove in admin/checkimages.php:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
4.) search and remove in admin/images.php:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
5.) search in admin/thumbnailer.php:
if (create_thumbnail(MEDIA_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'], THUMB_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'], $quality, $dimension, $resize_type)) {
$sql = "UPDATE ".IMAGES_TABLE."
SET image_thumb_file = '".addslashes($image_cache[$key]['image_media_file'])."'
WHERE image_id = $key";
$site_db->query($sql);
and replace:
if (is_remote($image_cache[$key]['image_media_file'])) {
$src = $image_cache[$key]['image_media_file'];
$dest = create_unique_filename(THUMB_PATH."/".$image_cache[$key]['cat_id'], filterFileName($image_cache[$key]['image_media_file']));
} else {
$src = MEDIA_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'];
$dest = $image_cache[$key]['image_media_file'];
}
if (create_thumbnail($src, THUMB_PATH."/".$image_cache[$key]['cat_id']."/".$dest, $quality, $dimension, $resize_type)) {
$sql = "UPDATE ".IMAGES_TABLE."
SET image_thumb_file = '".addslashes($dest)."'
WHERE image_id = $key";
$site_db->query($sql);
5.1) search:
if ((!file_exists(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']) || $image_row['image_thumb_file'] == "") && file_exists(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'])) {
$image_info = getimagesize(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);
and replace:
if ($image_row['image_thumb_file'] == "") {
$exists = false;
} else {
if (is_remote($image_row['image_thumb_file'])) {
$exists = true;
} else {
$exists = file_exists(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']);
}
}
if (!$exists && (file_exists(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']) || is_remote($image_row['image_media_file']))) {
$src = is_remote($image_row['image_media_file']) ? $image_row['image_media_file'] : MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'];
$image_info = getimagesize($src);
6.) search in admin/users.php:
$passinsert = ($user_password != "") ? " ".get_user_table_field("", "user_password")." = '".md5($user_password)."'," : "";
replace:
$passinsert = ($user_password != "") ? " ".get_user_table_field("", "user_password")." = '".salted_hash($user_password)."'," : "";
6.1) search:
$user_password = md5(trim($HTTP_POST_VARS['user_password_'.$i]));
replace:
$user_password = trim($HTTP_POST_VARS['user_password_'.$i]);
6.2) search:
//(user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_homepage, user_icq".$additional_field_sql.")
$sql = "INSERT INTO ".USERS_TABLE."
(".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
VALUES
($user_id, $user_level, '$user_name', '$user_password', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
replace:
$user_password_hashed = salted_hash($user_password);
//(user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_homepage, user_icq".$additional_field_sql.")
$sql = "INSERT INTO ".USERS_TABLE."
(".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
VALUES
($user_id, $user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
7.) search and remove in admin/validateimages.php:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
(The best way for yourself to compare the code of files is to use Winmerge.)
1.) copy the "rebuild_searchindex.php from the attachment in "admin/plugin" folder"
2.) search in admin/categories.php 2x:
$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
$auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
$auth_download = $HTTP_POST_VARS['auth_download'];
$auth_upload = $HTTP_POST_VARS['auth_upload'];
$auth_directupload = $HTTP_POST_VARS['auth_directupload'];
$auth_vote = $HTTP_POST_VARS['auth_vote'];
$auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
$auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
$auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];
and replace 2x:
$auth_viewcat = intval($HTTP_POST_VARS['auth_viewcat']);
$auth_viewimage = intval($HTTP_POST_VARS['auth_viewimage']);
$auth_download = intval($HTTP_POST_VARS['auth_download']);
$auth_upload = intval($HTTP_POST_VARS['auth_upload']);
$auth_directupload = intval($HTTP_POST_VARS['auth_directupload']);
$auth_vote = intval($HTTP_POST_VARS['auth_vote']);
$auth_sendpostcard = intval($HTTP_POST_VARS['auth_sendpostcard']);
$auth_readcomment = intval($HTTP_POST_VARS['auth_readcomment']);
$auth_postcomment = intval($HTTP_POST_VARS['auth_postcomment']);
3.) search and remove in admin/checkimages.php:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
4.) search and remove in admin/images.php:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
5.) search in admin/thumbnailer.php:
if (create_thumbnail(MEDIA_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'], THUMB_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'], $quality, $dimension, $resize_type)) {
$sql = "UPDATE ".IMAGES_TABLE."
SET image_thumb_file = '".addslashes($image_cache[$key]['image_media_file'])."'
WHERE image_id = $key";
$site_db->query($sql);
and replace:
if (is_remote($image_cache[$key]['image_media_file'])) {
$src = $image_cache[$key]['image_media_file'];
$dest = create_unique_filename(THUMB_PATH."/".$image_cache[$key]['cat_id'], filterFileName($image_cache[$key]['image_media_file']));
} else {
$src = MEDIA_PATH."/".$image_cache[$key]['cat_id']."/".$image_cache[$key]['image_media_file'];
$dest = $image_cache[$key]['image_media_file'];
}
if (create_thumbnail($src, THUMB_PATH."/".$image_cache[$key]['cat_id']."/".$dest, $quality, $dimension, $resize_type)) {
$sql = "UPDATE ".IMAGES_TABLE."
SET image_thumb_file = '".addslashes($dest)."'
WHERE image_id = $key";
$site_db->query($sql);
5.1) search:
if ((!file_exists(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']) || $image_row['image_thumb_file'] == "") && file_exists(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'])) {
$image_info = getimagesize(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']);
and replace:
if ($image_row['image_thumb_file'] == "") {
$exists = false;
} else {
if (is_remote($image_row['image_thumb_file'])) {
$exists = true;
} else {
$exists = file_exists(THUMB_PATH."/".$image_row['cat_id']."/".$image_row['image_thumb_file']);
}
}
if (!$exists && (file_exists(MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file']) || is_remote($image_row['image_media_file']))) {
$src = is_remote($image_row['image_media_file']) ? $image_row['image_media_file'] : MEDIA_PATH."/".$image_row['cat_id']."/".$image_row['image_media_file'];
$image_info = getimagesize($src);
6.) search in admin/users.php:
$passinsert = ($user_password != "") ? " ".get_user_table_field("", "user_password")." = '".md5($user_password)."'," : "";
replace:
$passinsert = ($user_password != "") ? " ".get_user_table_field("", "user_password")." = '".salted_hash($user_password)."'," : "";
6.1) search:
$user_password = md5(trim($HTTP_POST_VARS['user_password_'.$i]));
replace:
$user_password = trim($HTTP_POST_VARS['user_password_'.$i]);
6.2) search:
//(user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_homepage, user_icq".$additional_field_sql.")
$sql = "INSERT INTO ".USERS_TABLE."
(".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
VALUES
($user_id, $user_level, '$user_name', '$user_password', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
replace:
$user_password_hashed = salted_hash($user_password);
//(user_id, user_level, user_name, user_password, user_email, user_showemail, user_allowemails, user_invisible, user_joindate, user_activationkey, user_lastaction, user_lastvisit, user_homepage, user_icq".$additional_field_sql.")
$sql = "INSERT INTO ".USERS_TABLE."
(".get_user_table_field("", "user_id").get_user_table_field(", ", "user_level").get_user_table_field(", ", "user_name").get_user_table_field(", ", "user_password").get_user_table_field(", ", "user_email").get_user_table_field(", ", "user_showemail").get_user_table_field(", ", "user_allowemails").get_user_table_field(", ", "user_invisible").get_user_table_field(", ", "user_joindate").get_user_table_field(", ", "user_activationkey").get_user_table_field(", ", "user_lastaction").get_user_table_field(", ", "user_lastvisit").get_user_table_field(", ", "user_comments").get_user_table_field(", ", "user_homepage").get_user_table_field(", ", "user_icq").$additional_field_sql.")
VALUES
($user_id, $user_level, '$user_name', '$user_password_hashed', '$user_email', $user_showemail, $user_allowemails, $user_invisible, $current_time, '$activationkey', $current_time, $current_time, 0, '$user_homepage', '$user_icq'".$additional_value_sql.")";
7.) search and remove in admin/validateimages.php:
if ($image_column == 'image_keywords') {
$search_words[$image_column] = explode(',', $search_words[$image_column]);
}
81
Mods & Plugins (Releases & Support) / Re: [PROGRAM] 4images Mobile Server v1.2 [4images 1.7.10]
« on: May 05, 2011, 11:40:24 AM »
Thank you ivan!
82
Discussion & Troubleshooting / Re: Malware notification von Google
« on: May 02, 2011, 07:34:29 PM »
Du verwendest eine sehr alte Version 1.7.4.
Stelle sicher dass Du alle Security fixes installierst hast:
http://www.4homepages.de/forum/index.php?board=17.0
Oder installiere direkt die aktuelle Version 1.7.10:
http://www.4homepages.de/forum/index.php?topic=29541.0
Stelle sicher dass Du alle Security fixes installierst hast:
http://www.4homepages.de/forum/index.php?board=17.0
Oder installiere direkt die aktuelle Version 1.7.10:
http://www.4homepages.de/forum/index.php?topic=29541.0
83
News & Announcements / Re: 4images 1.7.10
« on: May 01, 2011, 11:22:15 PM »
=========================================================
ChangeLog Version 1.7.10
=========================================================
- [1.7 - 1.7.9] Security fix for Multiple Path disclousure (http://www.4homepages.de/forum/index.php?topic=29470.0)
- [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php (http://www.4homepages.de/forum/index.php?topic=29469.0)
- [1.7 - 1.7.9] Security fix for path disclosure in paging.php (http://www.4homepages.de/forum/index.php?topic=28481.0)
- [1.7 - 1.7.9] Security fix for input validation error (http://www.4homepages.de/forum/index.php?topic=29504.0)
- [1.7.7 - 1.7.9] Fixed {categories},{details},{index},{lightbox},etc tags don't work (http://www.4homepages.de/forum/index.php?topic=28321.0)
- [1.7.9] Fixed DB Error: Bad SQL Query: INSERT INTO 4images_wordmatch (image_id, ... (http://www.4homepages.de/forum/index.php?topic=28430.0)
- Improved password encryption using salted hashes (new file includes/security_utils.php)
- New Version of Rebuild Search Index Plugin (http://www.4homepages.de/forum/index.php?topic=6718.0)
- Added settings to define type of indexing of fields (fulltext, keywords, phrase)
- Fixed search in additional fields
- Fixed wrong width in error.html template
- Fixed issue calculating ExposureTime in EXIF data
- Fixed orphan search words are not deleted correctly if multiple image ids are passed to remove_searchwords()
- Minor fixes in text fixes in lang/deutsch/admin.php
- Changed default settings for CAPTCHA
Neue Dateien / New Files:
---------------------------------------
admin/plugins/rebuild_searchindex.php
includes/security_utils.php
Geänderte Dateien / Changed Files:
---------------------------------------
global.php
download.php
install.php
lightbox.php
member.php
register.php
search.php
admin/categories.php
admin/checkimages.php
admin/images.php
admin/thumbnailer.php
admin/users.php
admin/validateimages.php
includes/constants.php
includes/csrf_utils.php
includes/functions.php
includes/page_header.php
includes/paging.php
includes/session.php
Sprache / Language:
---------------------------------------
admin.php
ChangeLog Version 1.7.10
=========================================================
- [1.7 - 1.7.9] Security fix for Multiple Path disclousure (http://www.4homepages.de/forum/index.php?topic=29470.0)
- [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php (http://www.4homepages.de/forum/index.php?topic=29469.0)
- [1.7 - 1.7.9] Security fix for path disclosure in paging.php (http://www.4homepages.de/forum/index.php?topic=28481.0)
- [1.7 - 1.7.9] Security fix for input validation error (http://www.4homepages.de/forum/index.php?topic=29504.0)
- [1.7.7 - 1.7.9] Fixed {categories},{details},{index},{lightbox},etc tags don't work (http://www.4homepages.de/forum/index.php?topic=28321.0)
- [1.7.9] Fixed DB Error: Bad SQL Query: INSERT INTO 4images_wordmatch (image_id, ... (http://www.4homepages.de/forum/index.php?topic=28430.0)
- Improved password encryption using salted hashes (new file includes/security_utils.php)
- New Version of Rebuild Search Index Plugin (http://www.4homepages.de/forum/index.php?topic=6718.0)
- Added settings to define type of indexing of fields (fulltext, keywords, phrase)
- Fixed search in additional fields
- Fixed wrong width in error.html template
- Fixed issue calculating ExposureTime in EXIF data
- Fixed orphan search words are not deleted correctly if multiple image ids are passed to remove_searchwords()
- Minor fixes in text fixes in lang/deutsch/admin.php
- Changed default settings for CAPTCHA
Neue Dateien / New Files:
---------------------------------------
admin/plugins/rebuild_searchindex.php
includes/security_utils.php
Geänderte Dateien / Changed Files:
---------------------------------------
global.php
download.php
install.php
lightbox.php
member.php
register.php
search.php
admin/categories.php
admin/checkimages.php
admin/images.php
admin/thumbnailer.php
admin/users.php
admin/validateimages.php
includes/constants.php
includes/csrf_utils.php
includes/functions.php
includes/page_header.php
includes/paging.php
includes/session.php
Sprache / Language:
---------------------------------------
admin.php
84
Feedback & Suggestions / 4images 1.7.10 - Feedback
« on: May 01, 2011, 11:20:12 PM »
Bitte nutzt diesen Thread für Feedback, Kommentare und Anregungen zum 4images 1.7.10 Release.
Für Bug Reports und Troubleshooting bitte dieses Forum nutzen.
Please use this thread for feedback and comments about the 4images 1.7.10 release.
For bug reporting and troubleshooting please use this forum.
Für Bug Reports und Troubleshooting bitte dieses Forum nutzen.
Please use this thread for feedback and comments about the 4images 1.7.10 release.
For bug reporting and troubleshooting please use this forum.
85
News & Announcements / 4images 1.7.10
« on: May 01, 2011, 11:12:19 PM »
Die neue Version 4images 1.7.10 wurde veröffentlicht. Das Release bringt neue Funktionen, Detailverbesserungen, behebt bugs und sicherheitsrelevante Fehler.Wir empfehlen allen Nutzern ein Update auf die aktuelle Version. Alle Änderungen und Features sind in der Datei "docs/Changelog.txt" aufgelistet.
The new version 4images 1.7.10 has been released. This release comes with some improvements, bugfixes, security fixes and minor changes.We recommend all users to update to the current version. All changes and features are listed in "docs/Changelog.txt".
Download:
http://www.4homepages.de/4images/download.php
Demo:
http://www.4homepages.de/4images/demo.php
Für Feedback zur 4images 1.7.10 Version bitte diesen Thread nutzen.
Please use this thread for feedback about the 4images 1.7.10 version.
86
Bug Fixes & Patches / [1.7 - 1.7.9] Security fix for input validation error
« on: April 19, 2011, 10:09:58 AM »
A input validation error vulnerability in 4images 1.7 - 1.7.9 has been found.
To fix this:
in download.php
find
$file = array();
and replace with
$file = array();
$file_path = null;
$file_name = null;
and find
while ($image_row = $site_db->fetch_array($result)) {
and replace with
while ($image_row = $site_db->fetch_array($result)) {
$file_path = null;
$file_name = null;
To fix this:
in download.php
find
$file = array();
and replace with
$file = array();
$file_path = null;
$file_name = null;
and find
while ($image_row = $site_db->fetch_array($result)) {
and replace with
while ($image_row = $site_db->fetch_array($result)) {
$file_path = null;
$file_name = null;
87
Bug Fixes & Patches / [1.7 - 1.7.9] Security fix for Multiple Path disclousure
« on: April 11, 2011, 10:47:42 AM »
A multiple path disclousure vulnerability in 4images 1.7 - 1.7.9 has been found.
To fix this:
In global.php
find
$action = (isset($HTTP_POST_VARS['action'])) ?
stripslashes(trim($HTTP_POST_VARS['action'])) :
stripslashes(trim($HTTP_GET_VARS['action']));
and replace with
$action = (isset($HTTP_POST_VARS['action'])) ?
stripslashes(trim((string)$HTTP_POST_VARS['action'])) :
stripslashes(trim((string)$HTTP_GET_VARS['action']));
find
$mode = (isset($HTTP_POST_VARS['mode'])) ?
stripslashes(trim($HTTP_POST_VARS['mode'])) :
stripslashes(trim($HTTP_GET_VARS['mode']));
and replace with
$mode = (isset($HTTP_POST_VARS['mode'])) ?
stripslashes(trim((string)$HTTP_POST_VARS['mode'])) :
stripslashes(trim((string)$HTTP_GET_VARS['mode']));
find
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ?
trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);
and replace with
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ?
trim((string)$HTTP_POST_VARS['search_keywords']) :
trim((string)$HTTP_GET_VARS['search_keywords']);
find
$search_user = (isset($HTTP_POST_VARS['search_user'])) ?
trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
and replace with
$search_user = (isset($HTTP_POST_VARS['search_user'])) ?
trim((string)$HTTP_POST_VARS['search_user']) :
trim((string)$HTTP_GET_VARS['search_user']);
and in includes/page_header.php
find
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ?
unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
and replace with
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" ",
stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
find
setcookie($cookie_name.'rated', serialize($cookie_rated), $cookie_expire,
COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
and replace with
setcookie($cookie_name.'rated', implode(" ", $cookie_rated), $cookie_expire,
COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
To fix this:
In global.php
find
$action = (isset($HTTP_POST_VARS['action'])) ?
stripslashes(trim($HTTP_POST_VARS['action'])) :
stripslashes(trim($HTTP_GET_VARS['action']));
and replace with
$action = (isset($HTTP_POST_VARS['action'])) ?
stripslashes(trim((string)$HTTP_POST_VARS['action'])) :
stripslashes(trim((string)$HTTP_GET_VARS['action']));
find
$mode = (isset($HTTP_POST_VARS['mode'])) ?
stripslashes(trim($HTTP_POST_VARS['mode'])) :
stripslashes(trim($HTTP_GET_VARS['mode']));
and replace with
$mode = (isset($HTTP_POST_VARS['mode'])) ?
stripslashes(trim((string)$HTTP_POST_VARS['mode'])) :
stripslashes(trim((string)$HTTP_GET_VARS['mode']));
find
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ?
trim($HTTP_POST_VARS['search_keywords']) : trim($HTTP_GET_VARS['search_keywords']);
and replace with
$search_keywords = (isset($HTTP_POST_VARS['search_keywords'])) ?
trim((string)$HTTP_POST_VARS['search_keywords']) :
trim((string)$HTTP_GET_VARS['search_keywords']);
find
$search_user = (isset($HTTP_POST_VARS['search_user'])) ?
trim($HTTP_POST_VARS['search_user']) : trim($HTTP_GET_VARS['search_user']);
and replace with
$search_user = (isset($HTTP_POST_VARS['search_user'])) ?
trim((string)$HTTP_POST_VARS['search_user']) :
trim((string)$HTTP_GET_VARS['search_user']);
and in includes/page_header.php
find
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ?
unserialize(stripslashes($HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
and replace with
$cookie_rated = isset($HTTP_COOKIE_VARS[$cookie_name.'rated']) ? explode(" ",
stripslashes((string)$HTTP_COOKIE_VARS[$cookie_name.'rated'])) : array();
find
setcookie($cookie_name.'rated', serialize($cookie_rated), $cookie_expire,
COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
and replace with
setcookie($cookie_name.'rated', implode(" ", $cookie_rated), $cookie_expire,
COOKIE_PATH, COOKIE_DOMAIN, COOKIE_SECURE);
88
Bug Fixes & Patches / [1.7 - 1.7.9] Security fix for sql injection in admin/categories.php
« on: April 11, 2011, 10:23:17 AM »
A possible sql injection vulnerability in 4images 1.7 - 1.7.9 has been found.
With this logged in admin users could alter queries to the application SQL database.
To fix this:
In admin/categories.php
find 2 x
$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
$auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
$auth_download = $HTTP_POST_VARS['auth_download'];
$auth_upload = $HTTP_POST_VARS['auth_upload'];
$auth_directupload = $HTTP_POST_VARS['auth_directupload'];
$auth_vote = $HTTP_POST_VARS['auth_vote'];
$auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
$auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
$auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];
and replace with
$auth_viewcat = intval($HTTP_POST_VARS['auth_viewcat']);
$auth_viewimage = intval($HTTP_POST_VARS['auth_viewimage']);
$auth_download = intval($HTTP_POST_VARS['auth_download']);
$auth_upload = intval($HTTP_POST_VARS['auth_upload']);
$auth_directupload = intval($HTTP_POST_VARS['auth_directupload']);
$auth_vote = intval($HTTP_POST_VARS['auth_vote']);
$auth_sendpostcard = intval($HTTP_POST_VARS['auth_sendpostcard']);
$auth_readcomment = intval($HTTP_POST_VARS['auth_readcomment']);
$auth_postcomment = intval($HTTP_POST_VARS['auth_postcomment']);
With this logged in admin users could alter queries to the application SQL database.
To fix this:
In admin/categories.php
find 2 x
$auth_viewcat = $HTTP_POST_VARS['auth_viewcat'];
$auth_viewimage = $HTTP_POST_VARS['auth_viewimage'];
$auth_download = $HTTP_POST_VARS['auth_download'];
$auth_upload = $HTTP_POST_VARS['auth_upload'];
$auth_directupload = $HTTP_POST_VARS['auth_directupload'];
$auth_vote = $HTTP_POST_VARS['auth_vote'];
$auth_sendpostcard = $HTTP_POST_VARS['auth_sendpostcard'];
$auth_readcomment = $HTTP_POST_VARS['auth_readcomment'];
$auth_postcomment = $HTTP_POST_VARS['auth_postcomment'];
and replace with
$auth_viewcat = intval($HTTP_POST_VARS['auth_viewcat']);
$auth_viewimage = intval($HTTP_POST_VARS['auth_viewimage']);
$auth_download = intval($HTTP_POST_VARS['auth_download']);
$auth_upload = intval($HTTP_POST_VARS['auth_upload']);
$auth_directupload = intval($HTTP_POST_VARS['auth_directupload']);
$auth_vote = intval($HTTP_POST_VARS['auth_vote']);
$auth_sendpostcard = intval($HTTP_POST_VARS['auth_sendpostcard']);
$auth_readcomment = intval($HTTP_POST_VARS['auth_readcomment']);
$auth_postcomment = intval($HTTP_POST_VARS['auth_postcomment']);
89
Chit Chat / Re: http://www.4homepages.de/version/version.php
« on: March 25, 2011, 05:54:49 PM »
Das siehst du wenn Du drauf klickst. Da steht der Text mit Link drin.
90
Language Packs / Re: [Language] Catalan / Traducció al Català 4images 1.7.9
« on: March 24, 2011, 06:18:14 PM »
Gracias!