Gallery 1.5.2-RC2 discussion thread

Tim_j

Joined: 2002-08-15
Posts: 6715

Posted: Mon, 2006-01-09 23:37

This topic is a for users who have installed Gallery 1.5.2-RC2 and have specific bugs to report.
General troubleshooting questions do NOT go in this thread, and will be moved or deleted.

Once reported bugs have been acknowledged and fixed, the bug will be noted here, and responses will be deleted to keep the thread readable.

The known list of bugs in 1.5.2-RC2, and their statuses:

Fixed:

1.5.2-RC3-cvs-b8
- Security-Fix: Fullname for users was not sanitized.
Thus an unnince user could do a XSS injection
as the fullname is displayed when owner is displayed.

- 'fitToWindow' was broken for Internet Explorer.

1.5.2-RC3-cvs-b7
- Gallery Remote Java Applet upload didnt work in Joomla! 1.0.4/1.0.5

1.5.2-RC3-cvs-b5
Warning: stat failed for .....gallery_download_150417946443c48ad8bfc93/././././././././././././././././././././././././././
- This error occurs with zipdownload on System with PHP before 4.3.0

1.5.2-RC3-cvs-b4
- Upload with netPBM was broken in 1.5.2-RC2-cvs-b16.
"Error: Unknown file type: ........"

1.5.2-RC3-cvs-b3
- When fitToResize is on, then this broke display of movie-thumb in IE in view_photo

1.5.2-RC3-cvs-b1
* use of old galleryImage() in setup/check_versions.php ; should be gImage()

- check_imagemagick.php and setup/check_netpbm.php just checked for existence of config.php, instead of doing proper test.

Investigation in progress:

Rejected:
- with Dynamic Microthumbs, the previous microthumbs have an invalid link to http://mygallery.com/$ppUrl%22. Doesnt happen with Fixed MicroThumbs

Login or register to post comments

mattdm

Joined: 2005-07-22
Posts: 96

Posted: Tue, 2006-01-10 21:04

As discussed in http://gallery.menalto.com/node/26781, here's a patch to add a pref to keep exif data in intermediate images.

Since you mentioned that the consensus of the devs is that stripping exif data is good, I made it default to off, even though I disagree.

(Patch is against current CVS.)

Login or register to post comments

igorkolker

Joined: 2003-01-02
Posts: 1

Posted: Wed, 2006-01-11 04:53

I've just upgraded my test gallery from 1.5.1 to 1.5.2-RC2 and tried the new download as zip function. I get a pop up window that goes into a loop:

Warning: stat failed for /export/home3/.galtemp/gallery_download_150417946443c48ad8bfc93/./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ in /export/home1/apache/htdocs/testg/util.php on line 1860

Warning: Unlink failed (File name too long) in /export/home1/apache/htdocs/testg/util.php on line 1860

This repeates till I stop it.

checking the dir get:

# ls -la /export/home3/.galtemp/
total 12
drwxrwx--- 6 nobody nogroup 512 Jan 10 23:34 .
drwxr-xr-x 12 root root 512 Jan 9 12:26 ..
drwx------ 2 nobody nogroup 512 Jan 10 23:34 131249524743c48ad908ab0
drwx------ 2 nobody nogroup 512 Jan 10 23:21 134965018743c487dd4f774
drwx------ 2 nobody nogroup 512 Jan 10 23:34 gallery_download_150417946443c48ad8bfc93
drwx------ 2 nobody nogroup 512 Jan 10 23:22 gallery_download_36639359043c487dd14e31
# ls -la /export/home3/.galtemp/gallery_download_150417946443c48ad8bfc93/
total 1604
drwx------ 2 nobody nogroup 512 Jan 10 23:34 .
drwxrwx--- 6 nobody nogroup 512 Jan 10 23:34 ..
-rw-r--r-- 1 nobody nogroup 157929 Jan 10 23:34 Dsc00116.sized.jpg
-rw-r--r-- 1 nobody nogroup 149959 Jan 10 23:34 Dsc00117.sized.jpg
-rw-r--r-- 1 nobody nogroup 168375 Jan 10 23:34 Dsc00124.sized.jpg
-rw-r--r-- 1 nobody nogroup 161705 Jan 10 23:34 Dsc00125.sized.jpg
-rw-r--r-- 1 nobody nogroup 119386 Jan 10 23:34 Dsc00126.sized.jpg

the code at that point is:

function rmdirRecursive($dir) {
if($objs = glob($dir."/*")){
foreach($objs as $obj) {
is_dir($obj)? rmdirRecursive($obj) : unlink($obj);
}
}
rmdir($dir);
}

sounds like it's geting the . & ..

Login or register to post comments

lwclam

Joined: 2004-08-01
Posts: 19

Posted: Wed, 2006-01-11 08:29

After updated to RC2, I can't build thumbs and can't upload files...

I use debug mode and get the following msg:
******Adding dsc_0159.jpg*****
Album.php::1161 -> Doing the naming
Album.php::1194 -> Image Preprocessing
Album.php::1199 -> Resizing/compressing original image
imageManipulation.php::36 -> Resizing Image: /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.jpg
imageManipulation.php::67 -> No resizing required
imageManipulation.php::573 -> File /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.jpg type 2.
AlbumItem.php::619 -> Generating thumbnail.
AlbumItem.php::686 -> Generating normal thumbs
imageManipulation.php::36 -> Resizing Image: /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.jpg
fs_unix.php::131 -> fs_import_filename
fs_unix.php::131 -> fs_import_filename
Error: Unknown file type: /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.jpg
fs_unix.php::131 -> fs_import_filename
Error: Unknown file type: /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.thumb.jpg
util.php::154 -> Executing: | '/home/louis/domains/chuenhk.com/public_html/drivers/pnmscale' -xysize 150 150 |

Results:

none

Debug messages:

Status: 2 (expected 0)
Error: Unable to make thumbnail (0)

Login or register to post comments

snarf

Joined: 2004-03-11
Posts: 5

Posted: Wed, 2006-01-11 21:07

After upgrading 1.5 to 1.52 RC2 everything worked well, uploading with gallery remote no problem and now after approx 4 hours I get the next error message
Error: Server contacted, but Gallery not found at this URL ( http://my url to the gallery/gallery_remote2.php ). I cannot use the internal applets ether, the same error message.

I cannot find anything wrong, the file exists at the named place so whats wrong?

Kind regards
Frans

Login or register to post comments

Logge

Joined: 2006-01-12
Posts: 1

Posted: Thu, 2006-01-12 09:53

Hidiho!

DOnt know if that was already reported. I try gallery the first time, I use 1.52 RC2.
I create a new Gallery, rename that to something better than album01, then I create a subalbum,
also renaming that one. Now I add some (many) Photos. I then goup one level and create a second
subalbum, renaming it and adding some Pictures. Now I go up one level and one of the subalbums
just disappeared. In the header it states there are 2 subalbums, but I just see
one. This can also happen to new main albums, empty one etc. I think this is definitely annoying, isnt it?

Any ideas?
Falanka

Login or register to post comments

snarf

Joined: 2004-03-11
Posts: 5

Posted: Thu, 2006-01-12 11:49

snarf wrote:

After upgrading 1.5 to 1.52 RC2 everything worked well, uploading with gallery remote no problem and now after approx 4 hours I get the next error message
Error: Server contacted, but Gallery not found at this URL ( http://my url to the gallery/gallery_remote2.php ). I cannot use the internal applets ether, the same error message.

I cannot find anything wrong, the file exists at the named place so whats wrong?

Kind regards
Frans

I've re-installed gallery RC2 and rerunned the configuration wizard. Now I am abble to run gallery remote again. The only problem that occured that a new made sub-album only showed thumbnails. When I made it in the root of the gallery also the big pictures showed. So I moved that one to the place where it should be as a sub-album and everything works again as it should be.

There are stil some minor bugs but I can cope with it.

Nice job this release!

kind regards
Frans de Vries

Login or register to post comments

--Peter

Joined: 2005-08-30
Posts: 88

Posted: Tue, 2006-01-17 11:40

register.php does a strip_tags() of $uname, but not of $fullname.

$fullname is later displayed for logged in users on all album and photo pages, a security issue?

cheers,
-- Peter

Login or register to post comments

--Peter

Joined: 2005-08-30
Posts: 88

Posted: Tue, 2006-01-17 15:51

I did some tests after the above finding:

it's definitely a XSS vulnerability and not only related to register.php but also to user_preferences.php:

the $fullname entry is not sanitized and later displayed on every album and photo page...

... and most notably also in comments to pictures!

this is specfic also to earlier releases of G1, so somebody might want to move this posting to another thread as well, thanks.

cheers,
-- Peter
http://www.schumacher.ch/foto/

Login or register to post comments

mrf00rk

Joined: 2005-06-02
Posts: 49

Posted: Wed, 2006-01-18 00:21

Tim_j wrote:

Hello,

these messages can only appear when util.php is outdated.
So i guess your files were protected and coulnd overwritten, or the extraction went wrong in an other way.

As this is no bug report, but general troubleshooting, i will remove our both post in ~8 hours.

Jens
--
Last Gallery v1 developer and translation manager.

So how will this help me? I still dont know how to fix it. And yeah, the gallery was in conf-mode.

Login or register to post comments

petorian

Joined: 2006-01-18
Posts: 4

Posted: Wed, 2006-01-18 10:40

Gallery URL: http://www.calldorado.nl/gallery/
Gallery version: v1.5.2-RC2
Apache version: Apache/1.3.34
PHP version: PHP/4.4.0
Graphics Toolkit: netPBM (latest from gallery)
Operating system: Linux
Web browser/version: IE 6.0

After I upgraded the gallery to version 1.5.2, the main pictures are not showing. See links:

The album is showing all the pictures: http://www.calldorado.nl/gallery/Lentefeest-2004
But when I click on a picture I get this: http://www.calldorado.nl/gallery/Lentefeest-2004/P1010001

The picture is not showing although in the source code of the page I find this:

Quote:

<tr>
<td bgcolor="black" width="1"><img src="http://www.calldorado.nl/gallery/images/pixel_trans.gif" width="1" alt=""></td>
<td align="center"><a onclick="sizeChange.toggle()"><img src="http://www.calldorado.nl/albums/Lentefeest-2004/P1010001.jpg" width="640" height="480" id="galleryImage" border="0" alt="P1010001.JPG" title="P1010001.JPG" name="photo_j"></a></td>
<td bgcolor="black" width="1"><img src="http://www.calldorado.nl/gallery/images/pixel_trans.gif" width="1" height="1" alt=""></td>
</tr>

There you see the img src: http://www.calldorado.nl/albums/Lentefeest-2004/P1010001.jpg

If you go to that link the image is showing perfectly...

Does anyone know how to deal with this problem?

Grtz, Dennis

Login or register to post comments

Tim_j

Joined: 2002-08-15
Posts: 6715

Posted: Wed, 2006-01-18 18:15

Hello Peter,

Thanks for catching and reporting this. This is indeed a security risc, especially on bigger installations where the admin does not look for every users.
Fixed in RC3-cvs-b8
I thougt we wont need a RC3, but due to this we will make one.

Hello petorian,
The "fitToWindow" feature was broken in IE. Also fixed, thanks !

Jens
--
Last Gallery v1 developer and translation manager.

Login or register to post comments

--Peter

Joined: 2005-08-30
Posts: 88

Posted: Wed, 2006-01-18 23:29

thanks, Jens!

I did a CVS update of my RC2 installation: the fix is working

a small comment, though, regarding your changes:
register.php and user_preferences.php are handling erroneous input of $fullname the same way, new_password.php, however, does not complain when scripting is added to $fullname...

not a real issue, as the tags are removed somewhere before $fullname gets displayed again...

-- Peter

Login or register to post comments

Tim_j

Joined: 2002-08-15
Posts: 6715

Posted: Thu, 2006-01-19 09:34

Yes, i do a double strip_tags() ;)

But you are right, i forgot new_password.php. I will fix it also. thanks !
(done in b9)

Jens
--
Last Gallery v1 developer and translation manager.

Login or register to post comments

Tim_j Joined: 2002-08-15 Posts: 6715	Posted: Mon, 2006-01-09 23:37
	This topic is a for users who have installed Gallery 1.5.2-RC2 and have specific bugs to report. General troubleshooting questions do NOT go in this thread, and will be moved or deleted. Once reported bugs have been acknowledged and fixed, the bug will be noted here, and responses will be deleted to keep the thread readable. The known list of bugs in 1.5.2-RC2, and their statuses: Fixed: 1.5.2-RC3-cvs-b8 - Security-Fix: Fullname for users was not sanitized. Thus an unnince user could do a XSS injection as the fullname is displayed when owner is displayed. - 'fitToWindow' was broken for Internet Explorer. 1.5.2-RC3-cvs-b7 - Gallery Remote Java Applet upload didnt work in Joomla! 1.0.4/1.0.5 1.5.2-RC3-cvs-b5 Warning: stat failed for .....gallery_download_150417946443c48ad8bfc93/././././././././././././././././././././././././././ - This error occurs with zipdownload on System with PHP before 4.3.0 1.5.2-RC3-cvs-b4 - Upload with netPBM was broken in 1.5.2-RC2-cvs-b16. "Error: Unknown file type: ........" 1.5.2-RC3-cvs-b3 - When fitToResize is on, then this broke display of movie-thumb in IE in view_photo 1.5.2-RC3-cvs-b1 * use of old galleryImage() in setup/check_versions.php ; should be gImage() - check_imagemagick.php and setup/check_netpbm.php just checked for existence of config.php, instead of doing proper test. Investigation in progress: Rejected: - with Dynamic Microthumbs, the previous microthumbs have an invalid link to http://mygallery.com/$ppUrl%22. Doesnt happen with Fixed MicroThumbs
	Login or register to post comments XUser login Username: * Password: * Create new account Request new password
mattdm Joined: 2005-07-22 Posts: 96	Posted: Tue, 2006-01-10 21:04
	As discussed in http://gallery.menalto.com/node/26781, here's a patch to add a pref to keep exif data in intermediate images. Since you mentioned that the consensus of the devs is that stripping exif data is good, I made it default to off, even though I disagree. (Patch is against current CVS.)
	Login or register to post comments
igorkolker Joined: 2003-01-02 Posts: 1	Posted: Wed, 2006-01-11 04:53
	I've just upgraded my test gallery from 1.5.1 to 1.5.2-RC2 and tried the new download as zip function. I get a pop up window that goes into a loop: Warning: stat failed for /export/home3/.galtemp/gallery_download_150417946443c48ad8bfc93/./././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././././ in /export/home1/apache/htdocs/testg/util.php on line 1860 Warning: Unlink failed (File name too long) in /export/home1/apache/htdocs/testg/util.php on line 1860 This repeates till I stop it. checking the dir get: # ls -la /export/home3/.galtemp/ total 12 drwxrwx--- 6 nobody nogroup 512 Jan 10 23:34 . drwxr-xr-x 12 root root 512 Jan 9 12:26 .. drwx------ 2 nobody nogroup 512 Jan 10 23:34 131249524743c48ad908ab0 drwx------ 2 nobody nogroup 512 Jan 10 23:21 134965018743c487dd4f774 drwx------ 2 nobody nogroup 512 Jan 10 23:34 gallery_download_150417946443c48ad8bfc93 drwx------ 2 nobody nogroup 512 Jan 10 23:22 gallery_download_36639359043c487dd14e31 # ls -la /export/home3/.galtemp/gallery_download_150417946443c48ad8bfc93/ total 1604 drwx------ 2 nobody nogroup 512 Jan 10 23:34 . drwxrwx--- 6 nobody nogroup 512 Jan 10 23:34 .. -rw-r--r-- 1 nobody nogroup 157929 Jan 10 23:34 Dsc00116.sized.jpg -rw-r--r-- 1 nobody nogroup 149959 Jan 10 23:34 Dsc00117.sized.jpg -rw-r--r-- 1 nobody nogroup 168375 Jan 10 23:34 Dsc00124.sized.jpg -rw-r--r-- 1 nobody nogroup 161705 Jan 10 23:34 Dsc00125.sized.jpg -rw-r--r-- 1 nobody nogroup 119386 Jan 10 23:34 Dsc00126.sized.jpg the code at that point is: function rmdirRecursive($dir) { if($objs = glob($dir."/*")){ foreach($objs as $obj) { is_dir($obj)? rmdirRecursive($obj) : unlink($obj); } } rmdir($dir); } sounds like it's geting the . & ..
	Login or register to post comments
lwclam Joined: 2004-08-01 Posts: 19	Posted: Wed, 2006-01-11 08:29
	After updated to RC2, I can't build thumbs and can't upload files... I use debug mode and get the following msg: ****Adding dsc_0159.jpg*** Album.php::1161 -> Doing the naming Album.php::1194 -> Image Preprocessing Album.php::1199 -> Resizing/compressing original image imageManipulation.php::36 -> Resizing Image: /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.jpg imageManipulation.php::67 -> No resizing required imageManipulation.php::573 -> File /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.jpg type 2. AlbumItem.php::619 -> Generating thumbnail. AlbumItem.php::686 -> Generating normal thumbs imageManipulation.php::36 -> Resizing Image: /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.jpg fs_unix.php::131 -> fs_import_filename fs_unix.php::131 -> fs_import_filename Error: Unknown file type: /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.jpg fs_unix.php::131 -> fs_import_filename Error: Unknown file type: /home/louis/domains/chuenhk.com/public_html/chuenalbums/photofriends/dsc_0159.thumb.jpg util.php::154 -> Executing: \| '/home/louis/domains/chuenhk.com/public_html/drivers/pnmscale' -xysize 150 150 \| Results: none Debug messages: Status: 2 (expected 0) Error: Unable to make thumbnail (0)
	Login or register to post comments
snarf Joined: 2004-03-11 Posts: 5	Posted: Wed, 2006-01-11 21:07
	After upgrading 1.5 to 1.52 RC2 everything worked well, uploading with gallery remote no problem and now after approx 4 hours I get the next error message Error: Server contacted, but Gallery not found at this URL ( http://my url to the gallery/gallery_remote2.php ). I cannot use the internal applets ether, the same error message. I cannot find anything wrong, the file exists at the named place so whats wrong? Kind regards Frans
	Login or register to post comments
Logge Joined: 2006-01-12 Posts: 1	Posted: Thu, 2006-01-12 09:53
	Hidiho! DOnt know if that was already reported. I try gallery the first time, I use 1.52 RC2. I create a new Gallery, rename that to something better than album01, then I create a subalbum, also renaming that one. Now I add some (many) Photos. I then goup one level and create a second subalbum, renaming it and adding some Pictures. Now I go up one level and one of the subalbums just disappeared. In the header it states there are 2 subalbums, but I just see one. This can also happen to new main albums, empty one etc. I think this is definitely annoying, isnt it? Any ideas? Falanka
	Login or register to post comments
snarf Joined: 2004-03-11 Posts: 5	Posted: Thu, 2006-01-12 11:49
	snarf wrote: After upgrading 1.5 to 1.52 RC2 everything worked well, uploading with gallery remote no problem and now after approx 4 hours I get the next error message Error: Server contacted, but Gallery not found at this URL ( http://my url to the gallery/gallery_remote2.php ). I cannot use the internal applets ether, the same error message. I cannot find anything wrong, the file exists at the named place so whats wrong? Kind regards Frans I've re-installed gallery RC2 and rerunned the configuration wizard. Now I am abble to run gallery remote again. The only problem that occured that a new made sub-album only showed thumbnails. When I made it in the root of the gallery also the big pictures showed. So I moved that one to the place where it should be as a sub-album and everything works again as it should be. There are stil some minor bugs but I can cope with it. Nice job this release! kind regards Frans de Vries
	Login or register to post comments
--Peter Joined: 2005-08-30 Posts: 88	Posted: Tue, 2006-01-17 11:40
	register.php does a strip_tags() of $uname, but not of $fullname. $fullname is later displayed for logged in users on all album and photo pages, a security issue? cheers, -- Peter
	Login or register to post comments
--Peter Joined: 2005-08-30 Posts: 88	Posted: Tue, 2006-01-17 15:51
	I did some tests after the above finding: it's definitely a XSS vulnerability and not only related to register.php but also to user_preferences.php: the $fullname entry is not sanitized and later displayed on every album and photo page... ... and most notably also in comments to pictures! this is specfic also to earlier releases of G1, so somebody might want to move this posting to another thread as well, thanks. cheers, -- Peter http://www.schumacher.ch/foto/
	Login or register to post comments
mrf00rk Joined: 2005-06-02 Posts: 49	Posted: Wed, 2006-01-18 00:21
	Tim_j wrote: Hello, these messages can only appear when util.php is outdated. So i guess your files were protected and coulnd overwritten, or the extraction went wrong in an other way. As this is no bug report, but general troubleshooting, i will remove our both post in ~8 hours. Jens -- Last Gallery v1 developer and translation manager. So how will this help me? I still dont know how to fix it. And yeah, the gallery was in conf-mode.
	Login or register to post comments
petorian Joined: 2006-01-18 Posts: 4	Posted: Wed, 2006-01-18 10:40
	Gallery URL: http://www.calldorado.nl/gallery/ Gallery version: v1.5.2-RC2 Apache version: Apache/1.3.34 PHP version: PHP/4.4.0 Graphics Toolkit: netPBM (latest from gallery) Operating system: Linux Web browser/version: IE 6.0 After I upgraded the gallery to version 1.5.2, the main pictures are not showing. See links: The album is showing all the pictures: http://www.calldorado.nl/gallery/Lentefeest-2004 But when I click on a picture I get this: http://www.calldorado.nl/gallery/Lentefeest-2004/P1010001 The picture is not showing although in the source code of the page I find this: Quote: <tr> <td bgcolor="black" width="1"><img src="http://www.calldorado.nl/gallery/images/pixel_trans.gif" width="1" alt=""></td> <td align="center"><a onclick="sizeChange.toggle()"><img src="http://www.calldorado.nl/albums/Lentefeest-2004/P1010001.jpg" width="640" height="480" id="galleryImage" border="0" alt="P1010001.JPG" title="P1010001.JPG" name="photo_j"></a></td> <td bgcolor="black" width="1"><img src="http://www.calldorado.nl/gallery/images/pixel_trans.gif" width="1" height="1" alt=""></td> </tr> There you see the img src: http://www.calldorado.nl/albums/Lentefeest-2004/P1010001.jpg If you go to that link the image is showing perfectly... Does anyone know how to deal with this problem? Grtz, Dennis
	Login or register to post comments
Tim_j Joined: 2002-08-15 Posts: 6715	Posted: Wed, 2006-01-18 18:15
	Hello Peter, Thanks for catching and reporting this. This is indeed a security risc, especially on bigger installations where the admin does not look for every users. Fixed in RC3-cvs-b8 I thougt we wont need a RC3, but due to this we will make one. Hello petorian, The "fitToWindow" feature was broken in IE. Also fixed, thanks ! Jens -- Last Gallery v1 developer and translation manager.
	Login or register to post comments
--Peter Joined: 2005-08-30 Posts: 88	Posted: Wed, 2006-01-18 23:29
	thanks, Jens! I did a CVS update of my RC2 installation: the fix is working a small comment, though, regarding your changes: register.php and user_preferences.php are handling erroneous input of $fullname the same way, new_password.php, however, does not complain when scripting is added to $fullname... not a real issue, as the tags are removed somewhere before $fullname gets displayed again... -- Peter
	Login or register to post comments
Tim_j Joined: 2002-08-15 Posts: 6715	Posted: Thu, 2006-01-19 09:34
	Yes, i do a double strip_tags() ;) But you are right, i forgot new_password.php. I will fix it also. thanks ! (done in b9) Jens -- Last Gallery v1 developer and translation manager.
	Login or register to post comments

Gallery 1.5.2-RC2 discussion thread

XUser login