Author Topic: non-ascii chars in image name or file name or comments - $HTTP_POST_VARS['image_  (Read 33393 times)

0 Members and 1 Guest are viewing this topic.

Offline webmaster73

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
hello.

After a lot of painful research and trial and error, I found out that when the Image Name field is in non-ascii chars, the upload fails (captcha deactivated in global.php)

After additional painful research, found out that this problem could be avoided by replacing the 4 occurences of $HTTP_POST_VARS['image_name'] in member.php by $_POST['image_name']

Now I also found out that users are not able to use non-ascii chars in comment title..... grrrh.

I searched details.php for any occurences of $HTTP_POST_VARS['image_name'], but there were none.

Any solution?


Linux server RedHat 9 PHP 5 mysql 4 Cpanel 11 4images1.7.4 latest.

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Intrst ... which line in member.php for $HTTP_POST_VARS['image_name'] ? May be bug for pre-define.
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Ok, found it.

In member.php file,

find (2 time):

Quote
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
$image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));

replace:

Quote
$image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['image_name'])) : "";
$image_description = (isset($HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['image_description'])) : "";
$image_keywords = (isset($HTTP_POST_VARS['image_keywords'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords'])) : "";

Should work. ;)
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline webmaster73

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
Intrst ... which line in member.php for $HTTP_POST_VARS['image_name'] ? May be bug for pre-define.

4 occurences.

line 343    $image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));

twice on line 430   $image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(stripslashes(trim($HTTP_POST_VARS['image_name']))) :

line 495    $image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));


am attaching both files.

Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
No get .. I only two ...  :|

Use my diagnostic:

http://www.4homepages.de/forum/index.php?topic=18308.0

Set:

Quote
// Assistance
... image_name line
// End of assistance

in member.php file for all 4 and send attach file. Will look. ;)
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline webmaster73

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
Ok, found it.

In member.php file,

find (2 time):

Quote
$image_name = un_htmlspecialchars(trim($HTTP_POST_VARS['image_name']));
$image_description = un_htmlspecialchars(trim($HTTP_POST_VARS['image_description']));
$image_keywords = un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords']));

replace:

Quote
$image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['image_name'])) : "";
$image_description = (isset($HTTP_POST_VARS['image_description'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['image_description'])) : "";
$image_keywords = (isset($HTTP_POST_VARS['image_keywords'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['image_keywords'])) : "";

Should work. ;)


No friend, sorry. it does not work.

when I enter non-ascii (arabic) chars into the image name field, I get this error:

Please fill out the Image Name field

which of course I did.....


any help would be appreciated.


Offline webmaster73

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
No get .. I only two ...  :|

Use my diagnostic:

http://www.4homepages.de/forum/index.php?topic=18308.0

Set:

Quote
// Assistance
... image_name line
// End of assistance

in member.php file for all 4 and send attach file. Will look. ;)

 :D :D :D :D I was faster than you .....   I attached before you requested..  :mrgreen: :mrgreen:

Offline webmaster73

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
AND ......

to confirm to you that it is an absolutely Image Name problem, with the same user, same time, same system, same browser, I upload the same image, only difference being that I would use ascii/ansi chars for file name, and upload is successful....


Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Still find some line of this:

Quote
$image_name = un_htmlspecialchars(trim($_POST['image_name']));

No pre-define. ;)
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline webmaster73

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
oooooooooooh. disappointing.

even members with non-ascii chars in their names are not able to log-in and they receive no error message whatsoever...


Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Do final change from my post top of your ?
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline webmaster73

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
Still find some line of this:

Quote
$image_name = un_htmlspecialchars(trim($_POST['image_name']));

No pre-define. ;)

forgive me, but I don't understand what you mean.


Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
this:

Quote
$image_name = un_htmlspecialchars(trim($_POST['image_name']));

to:

Quote
$image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(trim((string)$HTTP_POST_VARS['image_name'])) : "";

;)
« Last Edit: August 27, 2011, 02:30:30 PM by thunderstrike »
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?

Offline webmaster73

  • Jr. Member
  • **
  • Posts: 75
    • View Profile
this:

Quote
$image_name = un_htmlspecialchars(trim($_POST['image_name']));

to:

Quote
$image_name = (isset($HTTP_POST_VARS['image_name'])) ? un_htmlspecialchars(trim($HTTP_POST_VARS['image_name'])) : "";

;)


I could not find this string anywhere in the whole script.
Quote
$image_name = un_htmlspecialchars(trim($_POST['image_name']));

so in which file we are talking about here, member.php or details.php or what ?



Offline thunderstrike

  • 4images Guru
  • *******
  • Posts: 2.327
    • View Profile
Quote
member.php

If no find, download ZIP package this site and compare. Reason for problem.
8 steps need when ask question -

- PHP version (ACP - > phpinfo())
- mySQL version (ACP - > phpinfo())
- 4images version
- Post screenshot / URL
- Post code in BB Code (no need full file for code) or post attach file
- It doesn't work. What is say - what is do for no work
- Install MOD ? If so - please say (troubleshooting)
- Read FAQ ? Install Bug fixes ?