61
Feedback & Suggestions / Re: 4images 1.7.10 - Feedback
« on: April 13, 2012, 11:56:24 AM »
Ja, so wie Andy es sagt.
4images Forum & Community
The forum for all 4images gallery administrators
News:
4images code on GitHub Click here to visit GitHub.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
62
Bug Fixes & Patches / [1.7 - 1.7.10] Security fix for XSS issue in details.php
« on: March 19, 2012, 05:46:51 PM »
A cross site scripting vulnerability in 4images 1.7 - 1.7.10 has been found.
To fix this:
In details.php
find
$meta_keywords = !empty($image_row['image_keywords']) ? implode(", ", explode(",", $image_row['image_keywords'])) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " : "";
and replace it with
$meta_keywords = !empty($image_row['image_keywords']) ? strip_tags(implode(", ", explode(",", $image_row['image_keywords']))) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " : "";
and in rss.php
find 2 x
$text = format_text(trim($text), 1, 0, 1);
and replace it both times with
$text = format_text(trim($text), 2, 0, 1);
To fix this:
In details.php
find
$meta_keywords = !empty($image_row['image_keywords']) ? implode(", ", explode(",", $image_row['image_keywords'])) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " : "";
and replace it with
$meta_keywords = !empty($image_row['image_keywords']) ? strip_tags(implode(", ", explode(",", $image_row['image_keywords']))) : "";
$meta_description = !empty($image_row['image_description']) ? strip_tags($image_row['image_description']) . ". " : "";
and in rss.php
find 2 x
$text = format_text(trim($text), 1, 0, 1);
and replace it both times with
$text = format_text(trim($text), 2, 0, 1);
63
Bug Fixes & Patches / [1.7 - 1.7.10] Security fix for open redirect vulnerability in admin/index.php
« on: March 19, 2012, 02:50:08 PM »
A open redirect vulnerability in the 4images admin panel 1.7 - 1.7.10 has been found.
To fix this:
In admin/index.php
find
if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;
and replace it with
if ($redirect != "") {
if (strpos($redirect, '://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;
To fix this:
In admin/index.php
find
if ($redirect != "") {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
exit;
and replace it with
if ($redirect != "") {
if (strpos($redirect, '://') === false) {
show_admin_header("<meta http-equiv=\"Refresh\" content=\"0; URL=".$site_sess->url($redirect)."\">");
echo "<p><a href=\"".$site_sess->url($redirect)."\">".$lang['admin_login_redirect']."</a></p>";
show_admin_footer();
} else {
redirect('home.php');
}
exit;
64
Bug Fixes & Patches / [1.7 - 1.7.10] Security fix for XSS and sql injection in admin/categories.php
« on: March 19, 2012, 02:40:19 PM »
A cross site scripting vulnerability and possible sql injection in the 4images admin panel 1.7 - 1.7.10 has been found.
To fix this:
In admin/categories.php
find
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? $HTTP_GET_VARS['cat_parent_id'] : 0;
and replace it with
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? intval($HTTP_GET_VARS['cat_parent_id']) : 0;
To fix this:
In admin/categories.php
find
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? $HTTP_GET_VARS['cat_parent_id'] : 0;
and replace it with
$cat_parent_id = (isset($HTTP_GET_VARS['cat_parent_id'])) ? intval($HTTP_GET_VARS['cat_parent_id']) : 0;
66
Mods & Plugins (Releases & Support) / Re: iPhone / iPad App: GalleryControl
« on: December 07, 2011, 11:21:56 AM »
You can contact him here:
http://apps.webwupp.com/
http://apps.webwupp.com/
67
Templates & Styles (Requests & Discussions) / Re: [developing] - web 2.0 custom template
« on: November 08, 2011, 08:58:19 AM »
great work trez! 
69
Mods & Plugins (Releases & Support) / Re: iPhone / iPad App: GalleryControl
« on: September 08, 2011, 08:57:13 AM »
Yes, like Rembrandt said, get in contact with Uwe Lammer.
He'll be happye to have support.
He'll be happye to have support.
70
Mods & Plugins (Releases & Support) / iPhone / iPad App: GalleryControl
« on: August 23, 2011, 08:11:33 PM »
"Gallery Control" is an administrative iPhone and iPad App to control up to 2 4images galleries your are running.
You can monitor live what's happening in your gallery...
"Gallery Control" on iTunes:
http://itunes.apple.com/de/app/gallerycontrol/id450482295?l=de&ls=1&mt=8
The App has been developed by Uwe Lammer
iPhone:
iPad:
You can monitor live what's happening in your gallery...
"Gallery Control" on iTunes:
http://itunes.apple.com/de/app/gallerycontrol/id450482295?l=de&ls=1&mt=8
The App has been developed by Uwe Lammer
iPhone:
iPad:
71
Chit Chat / Re: Stealing Site
« on: August 11, 2011, 04:30:23 PM »
How do you want to prevent that someone saves images from your site?
72
Installation, Update & Configuration / Re: 4images unter PHP 5.3
« on: July 08, 2011, 02:26:25 PM »
Ja, ist problemlos lauffähig.
73
Bug Fixes & Patches / [1.7.10] Fix for Auto-Login
« on: June 15, 2011, 05:11:29 PM »
If the auto-login is not working on your 1.7.10 installation of 4images please use this fix:
in includes/session.php
find
$this->set_cookie_data("userpass", $this->user_info['user_password']);
and replace with
$this->set_cookie_data("userpass", md5($this->user_info['user_password']));
in includes/session.php
find
$this->set_cookie_data("userpass", $this->user_info['user_password']);
and replace with
$this->set_cookie_data("userpass", md5($this->user_info['user_password']));
74
Language Packs / Re: i need th [Language] Arabic for V1.7.10
« on: June 07, 2011, 08:33:34 AM »
Please use the forum search.
There are some language packs for version < 1.7.10
But you can extend them easily.
There are some language packs for version < 1.7.10
But you can extend them easily.
75
Installation, Update & Configuration / Re: Fatal error after upgrade from 1.7.9 to 1.8.0
« on: May 23, 2011, 08:09:01 PM »
There is no version 4images 1.8.0.
Do you mean 1.7.10?
Do you mean 1.7.10?