Bug in publish_xp.php?

GearJamminHero Joined: 2006-07-13 Posts: 1	Posted: Thu, 2006-07-13 06:40
	I found that publish_xp.php does not appear to correctly check for an authenticated user in Gallery 1.5.3. The remainder of “select-album” code is executed with anonymous user session. This is illustrated below: [img]http://trojanedbinaries.com/security/gallery-1.5.3~publish_xp.php-bug.gif[/img] Line 205 of publish_xp.php should be updated from: `205 - if (empty($gallery->album) \|\| empty($set_albumName))` To: `205 - elseif (empty($gallery->album) \|\| empty($set_albumName)) {` Once updated, the anonymous user will get the intended error message displayed. [img]http://trojanedbinaries.com/security/gallery-1.5.3~publish_xp.php-patch.gif[/img] Is there another preferred channel for security or bug related issues? I think I may poke around some more to see what I can find.
	XUser login Username: * Password: * Create new account Request new password
Tim_j Joined: 2002-08-15 Posts: 6818	Posted: Thu, 2006-07-13 13:57
	Hello, thanks for reporting ! If you found a security issue write a mail to For normal issues, just use the forum. Thanks, Jens -- Last Gallery v1 Developer and v1 translation manager.

XUser login