Can no longer login as admin with newest PHP version

Lights

Joined: 2003-06-03
Posts: 35
Posted: Tue, 2003-06-03 09:45

Hi, my ISP upgraded to the newest Suse Security Updates with the newest PHP Version. Now I can no longer login as admin.

----
Give us your Gallery/webserver information to get a faster answer.
Get this information from the PHP diagnostic (in the configuration wizard).
Gallery URL (optional but very useful): http://www.getrocknete-tomaten.de/gallery/albums.php
Gallery version: v.1.3.3
Apache version/PHP version (don't just say PHP 4, please): Apache/1.3.26 (Linux/SuSE) mod_ssl/2.8.10 OpenSSL/0.9.6g PHP/4.2.2 mod_gzip/1.3.26.1a

Operating system: Suse Linux
Web browser/version (if applicable): IE 6

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Tue, 2003-06-03 10:05

Hi. What error do you get?

If certain functions have been disabled, it's possible you will not be able to run Gallery on this server any more. :(

-Beckett (

)

 
Lights

Joined: 2003-06-03
Posts: 35
Posted: Tue, 2003-06-03 10:29

The error is that the page just reloads. I read the FAQ relating this problem, yesterday it worked fine with the same settings, then the admin uploaded the newest PHP-Version with the newest security concept of Suse, now it's no longer running. Is it planned to upgrade Gallery to the newest PHP-Version? As it is our own server, maybe I can ask him to downgrade PHP until you upgraded gallery.

This is the update:
http://www.suse.de/de/private/download/updates/81_i386.html

 
joan
joan's picture

Joined: 2002-10-21
Posts: 3473
Posted: Tue, 2003-06-03 10:41

That's not the latest version of PHP, and gallery runs well under 4.3.2.

Two things to try:
Session test in the setup directory.

Are you using the same URL to visit your gallery as you set up in the config wizard. Eg if it says http://www.mydomain.com/gallery in the config wizard, then you can't log in via http://mydomain.com/gallery

 
Lights

Joined: 2003-06-03
Posts: 35
Posted: Tue, 2003-06-03 11:21

As I said before, I read the FAQ relating this problem and it is the same URL.
Session test does not increase when I reload the page. What could be wrong in the PHP installation?

 
joan
joan's picture

Joined: 2002-10-21
Posts: 3473
Posted: Tue, 2003-06-03 11:48

Looks like all the information you need is in the second paragraph of FAQ C.11

[I've never dealt with this, so that's all I can say]

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Tue, 2003-06-03 12:24

Yes... Gallery runs with the latest PHP version, but I'm not familiar with the restrictions the Suse security update places on PHP.

If the session test doesn't work, the first thing to try is FAQ C.9. It's very possible that these values got changed when your host moved to the new version. Can you please post your gallery/setup/phpinfo.php page somewhere for us to see?

-Beckett (

)

 
Lights

Joined: 2003-06-03
Posts: 35
Posted: Tue, 2003-06-03 12:33
 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Tue, 2003-06-03 12:57

Okay... your session information all *looks* okay.

I'm confused by one of your Config. Wizard settings though. In Step 2 you have the "expected status" set to 126, but you ought to have this set to 0. (This shouldn't be related to the login problem, however)

Anyone else know what this security patch changes in PHP's session management?

 
Lights

Joined: 2003-06-03
Posts: 35
Posted: Tue, 2003-06-03 13:13

This is what the suse homepage says about its session update:

Security Update!
Zwei Bugs wurden beseitigt:
(1) Ein Segfault in session_decode()
(2) Vermischung globaler Variablen mit Elementen von $_SESSION in
session_encode(), wenn ein Element in $_SESSION entfernt wurde
(es wurden dabei unregistrierte globale Variablen in das Session
File geschrieben).

I will try to translate it into something similar like English:

Two bugs have been removed:
(1) A Segfault (?) in session_decode()
(2) Mix of global variables with elements from $_Session in session_encode(), if a element of $_Session has been removed.
(There have unregistered global variables been written into the Session file)

I hope my translation was understandable.

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Tue, 2003-06-03 14:49

Actually... here's the English from the SuSE website:

SuSE wrote:
Two bugs have been fixed:
(1) a segfault in session_decode()
(2) mixing up globals with $_SESSION elements in session_encode() when the element in $_SESSION has been unset (hence writing unregistered globals into the session file)

I'm concerned about item (2), as Gallery does something akin to this, for purposes of compatibility with older versions of PHP. I'm going to get the opinion of some of the other Gallery developers, and we'll try and get back to you soon.

-Beckett (

)

 
Lights

Joined: 2003-06-03
Posts: 35
Posted: Tue, 2003-06-03 14:54

Well, my translation was not far away ;-)

Thank you very much in advance for your help!

 
Lights

Joined: 2003-06-03
Posts: 35
Posted: Tue, 2003-06-03 23:16

Toni, the admin of our server, mailed an issue to the security mailing list of Suse, and this is the answer relating Gallery and the new fix:

On Jun 3, Toni Zeitler <zeitler@informatik.uni-muenchen.de> wrote:
> The new security-fixed PHP version 4.2.2-215 seems not to work properly any
> more.
I have also seen this behaviour with gallery. It worked before and was
'suddenly' broken. Unfortunately, fou4s wasn't writing logfiles about
updates at that time so I could narrow it down more precisely.
I think you are talking about SuSE 8.1, aren't you?
The session test of gallery uses other constructs though. It makes
references to variables in the HTTP_SESSION_VARS array (or whatever it
is called). If I update HTTP_SESSION_VARS directly (no references),
sessions work. Nevertheless it is strange, because I know that this worked.

Markus
--
__________________ /"\
Markus Gaugusch \ / ASCII Ribbon Campaign

X Against HTML Mail
/ \

Regards, Phil.

 
Lights

Joined: 2003-06-03
Posts: 35
Posted: Wed, 2003-06-04 00:07

Not even the simpliest session script is running under this security-fix:

<?php
session_start();
print($counter);
$counter++;
session_register("counter");
?>

So it is in all probability a bug of Suse. Meanwhile, the admin Toni has downgraded PHP, so Gallery is running again.

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Wed, 2003-06-04 01:41

Here's a question for you. In a week or two, we're going to apply a rather large patch from Bob Vincent which might very well eliminate this problem, but I'm not positive. Would one of you be willing to try applying it to help us sort this out?

The patch is available on this SourceForge page. The patch file is the topmost of the three files.

-Beckett (

)

 
Lights

Joined: 2003-06-03
Posts: 35
Posted: Wed, 2003-06-04 09:10

I would like to, but we uninstalled this update already, because I really had to add pictures. And it was necessary that the admin compeletely reinstalls PHP to get rid of this buggy update, so it was a little complicated and a lot of work. I don't want to ask him to do that again to do an experiment, expecially because it is most likely a bug in the update, not in your gallery. As I wrote above, no sessions are working any more. Sorry that I can't help you with it.
Why don't you just install the update on your private linux machine or on your own webserver and try it out?

Best regards,
Phil.

 
joan
joan's picture

Joined: 2002-10-21
Posts: 3473
Posted: Wed, 2003-06-04 12:24

Phil,

Sounds like you are not a position to set up a test environment for us. Thanks for a heads-up on the problem.

Whether we can test it depends on one of us having a SuSE installation. I'd guess most home users have Redhat. Any SuSE users want to help with testing?

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Wed, 2003-06-04 16:24

I'm running SUSE 8.1 and the PHP patch screwed up my PostNuke and Gallery functioning. I have fixed PN problems and was getting ready to either downgrade or upgrade php but will be happy to test before doing so.

My issues are a little different. When I try to move, upload, add or otherwise change any photos or albums I get errors similar to:

Quote:
Fatal error: Call to a member function on a non-object in /srv/www/htdocs/modules/gallery/edit_caption.php on line 42

you can just change the ..../edit_caption.php and on line 42 to whatever function I'm trying to perform.

I'm running Suse 8.1, Apache 1.3.26, PHP 4.2.2. and Gallery v1.3.4-RC1. I'm not sure my issues qualify for your test, but I'll be willing to try. Just let me know what to do, in the meantime I'll backup my gallery install.

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Wed, 2003-06-04 18:35

Hi malthazor.

Basically, what we'd love to see for this specific test is for you to patch your gallery with the patch I mentioned on Page 1 of this thread. That patch was generated against Gallery v1.3.4-cvs-b27 (set the date to May 16, 2003 to get the correct version), which is a little older, but would still tell us whether it will solve the problem.

All we want to know is whether the session problems disappear... but since you weren't reporting login problems, perhaps you weren't affected by this. If you're not able to grab that older version of Gallery from CVS, I will make a Gallery tarball and apply the patch later this evening for you to test.

Thanks,
-Beckett (

)
Gallery v.1.x Team Lead

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Wed, 2003-06-04 18:43

I'll give it a shot. I'm not too familar with cvs, I've used it to play with G2, but just type in exactly what the download page told me too :-)

I tested my gallery (bypassing postnuke) and have the very same login problems originally described. It's funny that it will log me in OK with going through pn.

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Wed, 2003-06-04 20:24

Ok managed to get the cvs by setting the date and am in the process of applying the patch. Forgive my ignorance, but is there an easier way to apply patches other than cut and paste to each file?

 
joan
joan's picture

Joined: 2002-10-21
Posts: 3473
Posted: Wed, 2003-06-04 23:29
malthazor wrote:
Ok managed to get the cvs by setting the date and am in the process of applying the patch. Forgive my ignorance, but is there an easier way to apply patches other than cut and paste to each file?

Yes! Have a look at the instructions (first draft) in the user guide.

ask more questions if you need to.

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Thu, 2003-06-05 16:52

I managed to get the patch applied (thanks joan). I think the cvs version from 5-16-2003 is a hair different than what the patch expected. I had to edit the "login.php" patch by hand. I also did block #4 of "init.php" and block #6 of "util.php" by hand. Otherwise the patch command saved me a lot of time. :)

Results
Accessing gallery directly (bypassing postnuke) all login issues are gone. I could also move, delete and etc. Appears to be working like a charm.

Accessing gallery inside postnuke the following error is displayed at the top of the page under "Gallery" and below every nested album and photo:

Quote:
Warning: REG_BADRPT in /srv/www/htdocs/modules/gallery/util.php on line 759

When I try to move, delete and etc I get an error stating: "Sorry you can't access that file directly".

Lines 756-791 of my util.php file reads:

Quote:
function makeFormIntro($target, $attrList=array()) {
$url = makeGalleryUrl($target);
if (strstr($url,'?')) {
list($target, $tmp) = split('?', $url);
} else {
$target = $url;
$tmp = '';
}

$attrs = '';
foreach ($attrList as $key => $value) {
$attrs .= " $key=\"$value\"";
}

$form = "<form action=\"$target\" $attrs>\n";

if (strstr($tmp,'&')) {
$args = split('&', $tmp);
} else {
if (empty($tmp)) {
$args = array();
} else {
$args[0] = $tmp;
}
}
foreach ($args as $arg) {
if (strstr($arg,'=')) {
list($key, $val) = split('=', $arg);
} else {
$key = $arg;
$val = '';
}
$form .= "<input type=hidden name=\"$key\" value=\"$val\">\n";
}
return $form;
}

The patch for that area says:

Quote:
@@ -755,7 +755,12 @@
*/
function makeFormIntro($target, $attrList=array()) {
$url = makeGalleryUrl($target);
- list($target, $tmp) = split("\?", $url);
+ if (strstr($url,'?')) {
+ list($target, $tmp) = split('?', $url);
+ } else {
+ $target = $url;
+ $tmp = '';
+ }

$attrs = '';
foreach ($attrList as $key => $value) {

Any help with that error would be greatly appreciated.

 
joan
joan's picture

Joined: 2002-10-21
Posts: 3473
Posted: Thu, 2003-06-05 18:55

I don't know much about PN/Nuke. It might be worth trying in that forum first.

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Thu, 2003-06-05 20:34

I searched their forums and didn't find much help. I'll try to research a litlle later. In the mean time I just commented out that portion of the patch to util.php and put the pre-patch line back in. Gallery is happy and PN is happy.

Basically the result of my test = patch fixes session issues related to SUSE's PHP 4.2.2 update.

Thanks guys. Hope this helps you a little.

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Fri, 2003-06-06 08:31

*GREAT*
This is exactly what I wanted to hear.
I'm going to try and get this all into Gallery this weekend if possible.

Thanks for the test, malthazor!!
-Beckett (

)

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Sat, 2003-06-21 02:31

Hi folks. I've posted an initial version of Gallery patched to work (*hopefully*) with the SuSE security patch in PHP, as well as with register_globals off.

This is a "quick and dirty" patch, against 1.3.5-cvs-b22, and seems to run fine, but you might encounter some problems.

Seems the "exec status" value in the Config. Wizard needs to be manually entered. I haven't had time to work out what's wrong with that yet. Also, since warnings are turned all the way up, you might encounter the occasional PHP notice or warning. I'd appreciate if you can test this out and report any problems you find. Thanks!

Visit this page for the download:

    http://www.beckettmw.com/downloads

Grab this file:

    gallery-1.3.5-cvs-b22-session_patch.tar.gz

-Beckett (

)

 
Patrick2

Joined: 2003-06-17
Posts: 7
Posted: Sun, 2003-06-22 10:48

good news and bad news:

The good news is: The session test does work correct now, i.e. it increments when reloading the test page.

The bad news: the gallery does not work anymore, it throws out lots of errors+warnings, like:

Notice: Undefined property: albumListPage in /srv/www/htdocs/postnuke/html/modules/gallery/albums.php on line 47

Notice: Undefined index: themeOverrideCategory in /srv/www/htdocs/postnuke/html/modules/gallery/html_wrap/wrapper.header.default(55) : eval()'d code on line 201

Notice: Undefined index: themeOverrideStory in /srv/www/htdocs/postnuke/html/modules/gallery/html_wrap/wrapper.header.default(55) : eval()'d code on line 202

Notice: Undefined variable: themeOverrideCategory in /srv/www/htdocs/postnuke/html/modules/gallery/html_wrap/wrapper.header.default(55) : eval()'d code on line 203

Notice: Undefined variable: themeOverrideStory in /srv/www/htdocs/postnuke/html/modules/gallery/html_wrap/wrapper.header.default(55) : eval()'d code on line 203

and many more :-?

e.g. this happens when I try to delete an album:

                                                              
Notice: Undefined variable: confirm in                                          
/srv/www/htdocs/postnuke/html/modules/gallery/delete_album.php on line 40       
Delete Album                                                                    
                                                                                
Do you really want to delete this album?                                        
Untitled                                                                        
                                                                                
                                                                                
Warning: REG_BADRPT in /srv/www/htdocs/postnuke/html/modules/gallery/util.php   
on line 790                                                                     
 
MauiAC

Joined: 2003-06-22
Posts: 1
Posted: Sun, 2003-06-22 21:41

I would prefer a quick & dirty patch for the currentlc stable release 1.3.4 isntead of the cvs version I think no one except the developers is using :wink:

 
iamnafets

Joined: 2003-06-23
Posts: 4
Posted: Mon, 2003-06-23 04:36

I have a comment on the PostNuke/PHPNuke thing. The deal there is that no session variables or cookies are created. PHPNuke passes the login straight to the script, without any variables. But you will probably notice that you cannot do anything from there because of the fact that you have no login session. I don't really know even why it would pass a login and password to a script. Seems kind of holish to me... But I'm just a PHP newb who's using someone elses script instead of making his own (actually I did but it wasn't nearly as good and I lost it).

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Tue, 2003-06-24 07:31
Patrick2 wrote:
The bad news: the gallery does not work anymore, it throws out lots of errors+warnings

D'oh! My fault. Edit init.php and change this line (line 38 in the version I posted, I believe) from:
   error_reporting(E_ALL);
to:
   error_reporting(E_ALL & ~E_NOTICE);

MauiAC wrote:
I would prefer a quick & dirty patch for the currentlc stable release 1.3.4 isntead of the cvs version

The version I patched against (1.3.5-cvs-b22) is pretty rock solid, IMHO. If you're really in need of a patch against 1.3.4 final release, e-mail me and I'll see what I can do.

iamnafets: I'm not sure I understand your comment. Examples? How does this relate to the SuSE security patch issue? :)

-Beckett (

)

 
Patrick2

Joined: 2003-06-17
Posts: 7
Posted: Tue, 2003-06-24 07:47

Ok, the warnings are gone, but nevertheless it doesn't work correctly:

e.g. trying to delete an album results in:

Do you really want to delete this album?
Untitled

Warning: REG_BADRPT in /srv/www/htdocs/postnuke/html/modules/gallery/util.php on line 790

and then
Sorry, you can't access this file directly...

Furthermore, all images are broken.
And if I want to upload pictures, the window "Uploading pic, please wait" pops up and then nothing happens (I waited 5 minutes for one 5k gif to finish).

:cry:

PS: The REG_BADRPT-Warning is thrown on nearly every page...

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Wed, 2003-06-25 07:37

Hmm. The "REG_BADRPT" error comes up from the split() function in the form generating code.

I've tested this all on my computer (not running SuSE) and had no issues. Any chance I can ssh into your box and poke around? I'd want to create a test gallery, I suppose. If that's okay, send me an email with the details and I'll get on it soon. I'm also busy trying to get the patch into the Gallery codebase...

-Beckett (

)

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Fri, 2003-06-27 04:19

Hi Patrick2.

Sorry... I couldn't get around to your site until this evening.

Patrick2 wrote:
Warning: REG_BADRPT in /srv/www/htdocs/postnuke/html/modules/gallery/util.php on line 790

Hrm. This is actually just a silly error. That line is correct in current Gallery code, but for some reason there was an error in the version I posted. I just changed the following line (util.php, line 790) from:

    list($target, $tmp) = split('?', $url);

to:

    list($target, $tmp) = split('\?', $url);

(Actually we should be using explode() there instead of split(), but that's a separate issue!)

Patrick2 wrote:
Furthermore, all images are broken.

Well, I took a look at your Albums URL in your config.php and it's incorrect. You should change it from:

    http://www.metzelkueche.de/albums

to

    http://www.metzelkueche.de/graphics/albums

So try both of those, and we'll see how we're doing. I'm going to add that first change into the version I've posted right now. If you're still having errors, let me know. I successfully installed (then removed) a new test gallery on your site with no problems, so hopefully it will work for you too.

-Beckett (

)

 
Skudder

Joined: 2003-06-26
Posts: 7
Posted: Fri, 2003-06-27 05:22

I am running Suse 8.1 with the new security patch installed and I experience the same problem of logging in as admin with no neffect. I am using the latest cvs version of gallery and read through this thre, but I am not sure that I can fix the problem now. Did You solve the Suse security fix sessions issues now? What changes will all the Suse users have to apply to get the gallery running? I appreciate Your support, as I am delighted by the gallery script, but do not want to roll back the sexcurity fix. Please help me on that one,

thanks a lot!

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Fri, 2003-06-27 06:58

Hi Skudder.

Right now, even the latest CVS version of Gallery (as of when I'm writing this) does not have the fixes that will make Gallery work with the security patch. We expect to have it committed to CVS by Saturday morning. Given that SourceForge's CVS server is currently lagging behind by about a day :(, it will probably not be available to the public until Sunday. (We're ironing out some small last minute issues).

However, the version I mentioned up above does have this fix, and should work for now (it's patched against 1.3.5-cvs-b22). When we commit to CVS, you can then upgrade again:

beckett wrote:
Visit this page for the download:

      http://www.beckettmw.com/downloads

Grab this file:

      gallery-1.3.5-cvs-b22-session_patch.tar.gz

-Beckett (

)

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Fri, 2003-06-27 10:14

Sometimes I speak too soon.

While this is now working on SuSE in standalone mode, we're having major issues writing to the session when embedded in PostNuke. I'm imagining PHP-Nuke effects are similar. We're trying to resolve these at the moment... but it will push back the time we commit to CVS. If it drags out for a long time, I will be sure to make available some patches that work in standalone that are more up-to-date with the current CVS.

We're working hard on this, but have yet to work out a solution. If any of you have thoughts, or are willing to investigate alongside, any assistance or input would be appreciated! :)

-Beckett (

)

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Fri, 2003-06-27 23:12

Beckett,

I had many problems with PN after applying the original test patch. I haven't had time to review this latest. However, I had to restore several of the original (unpatched) lines in the util.php and everything worked great. Could it be the same issue?

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Fri, 2003-06-27 23:31

Really? Cool... you might be able to save me hours of headscratching. Can you tell me, rather specifically, what you had to restore? (And maybe the thought process that got you to that point as well?) :)

-Beckett (

)

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Fri, 2003-06-27 23:40

The thought process only came from the error messages. I got errors telling me a line number in util.php. I compared the unpatched to the patch version and decided what the heck, let's restore that section back to normal and see what happens :-) it worked for me.

I grabbed your new util.php just to see the code. I see where you applied the patch as I did and everyones getting similar errors. So in your util.php lines 787-796 it says:

Quote:
function makeFormIntro($target, $attrList=array()) {
$url = makeGalleryUrl($target);
if (strstr($url,'?')) {
list($target, $tmp) = split('\?', $url);
} else {
$target = $url;
$tmp = '';
}

$attrs = '';

Here is my version with the commented out portion still showing.

Quote:
function makeFormIntro($target, $attrList=array()) {
$url = makeGalleryUrl($target);
list($target, $tmp) = split("\?", $url);

/* if (strstr($url,'?')) {
list($target, $tmp) = split('?', $url);
} else {
$target = $url;
$tmp = '';
} */

$attrs = '';

Maybe someone could test by commenting out and replacing basically 1 line. I just got back from a trip and will try this weekend, but not sure if I will have time.

Hope this helps.

PS - I just looked and am wondering where the line reading

Quote:
$tmp = '';

It look like a double quote when posted here, but actually it's two single quotes. I don't see the open/close for that extra ' . Could it be that simple?

 
beckett
beckett's picture

Joined: 2002-08-16
Posts: 3474
Posted: Fri, 2003-06-27 23:49

Ahh right. That's that fix. I thought maybe you had some insight on getting it running embedded inside PostNuke. Is your patched gallery running in PostNuke with the SuSE security patch?? If so, I'd be very very interested in taking a close look.

-Beckett (

)

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Fri, 2003-06-27 23:57

Yea I'm running through postnuke and all seems to be fine (remember I'm not using your latest code, just the downloaded cvs +patch I commented on earlier in the thread).

You're welcome to take a look. What do you want to see? Just a url with an account to access gallery (non registered users can't see the links) or temp ssh access?

BTW -- did you see my PS on the post above?

 
alohachris

Joined: 2003-06-28
Posts: 1
Posted: Sat, 2003-06-28 11:51

Hi,
I'm glad I found this topic. Cuz I just installed Gallery 1.3.4 (as a module for postnuke) and noticed, that I also can't login to the gallery. When I click on "Login", the login windows pops-up, but when I insert my datas, the main gallery window only reloads, without letting me log-in. The pageviews in the Gallery Session Test doesn't increase when reloading the page. Like most of the other users here, I'm using SuSE 8.1 with PHP 4.2.2 and (I guess) with the latest security updates.

I'm a littlebit confused what to do right now, since a couple of problems where discussed parallel here (IMHO). Is the best way to do right now to just wait until some working patches are released?

Thanks in advance.

 
joan
joan's picture

Joined: 2002-10-21
Posts: 3473
Posted: Sat, 2003-06-28 12:01
alohachris wrote:
I'm a littlebit confused what to do right now, since a couple of problems where discussed parallel here (IMHO). Is the best way to do right now to just wait until some working patches are released?

That's the only answer. Beckett is working hard on the gallery/PN/SuSE problem, and is confidant of finding an answer, but I believe there is no solution yet.

Hold tight.

 
liga

Joined: 2003-06-28
Posts: 1
Posted: Sat, 2003-06-28 15:46

Hello all,
I got a similar problem during these weeks,
the sympton is I can't login sometimes and
succeed finally after several trials.
Another one is it will "automatically" logout
after I do any kind of instruction(such as
[add photos], [move albums], etc.).

Any advice would be appreciated.

My environment running Gallery:

OS: FreeBSD 4.8-Stable
PHP: 4.3.3RC1
Apache:1.3.27
Web browser: Konqueror 3.1.2
Gallery:1.3.4
my galley page: http://www.liga.idv.tw/gallery

Liga

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Sat, 2003-07-05 21:36

For all the SUSE users I caught this only today on YAST update:

Quote:
27 Jun 2003 RPM mod_php4 4.2.2 (i586) 809 kB Source-RPM mod_php4-4.2.2-235.src.rpm

Security Update!
(1) The update also includes a fix that prevents the PHP
interpreter from crashing when invoking a session
function (e.g. session_decode()) without calling
session_start() first.
(2) The second fix concerns session_encode. In some cases,
session variables unset trough "unset $_SESSION['some_var']"
were saved to the session file nevertheless.
With this fix, sessions behave the same as they behave in PHP
4.3.1 when setting session.bug_compat_warn = 1 in php.ini.

Has anyone installed this update? Did it fix your gallery problems?

 
alindeman
alindeman's picture

Joined: 2002-10-06
Posts: 8194
Posted: Sat, 2003-07-05 21:41

Sounds interesting. I'd like to know if it fixed the issues...

 
malthazor

Joined: 2003-04-03
Posts: 33
Posted: Sat, 2003-07-05 21:53

I would too. My gallery was patched and is working fine. In order to see if the fix works, I'd have to apply the SUSE PHP update and download the latest version of gallery.

I may adventure to do that tomorrow, but was hoping someone who's gallery was still broken could just try the PHP update first :-)

 
mage

Joined: 2003-07-08
Posts: 1
Posted: Tue, 2003-07-08 17:56

SuSE 8.1 user here... After updated PHP weeks ago, gallery seemed to be broken so I rolled back on the security patch for PHP to keep gallery happy. I just updated PHP after seeing malthazor post and as far as I can tell, gallery is still happy. And I am happy.

 
Patrick2

Joined: 2003-06-17
Posts: 7
Posted: Fri, 2003-07-11 09:54

Yes!
It does work!

Just installed the above mentioned Suse mod_php updates dated 27 Jun 2003 and Gallery 1.3.4 works again!!!

Beckett's patched 1.3.5-Version didn't work though.

But finally my gallery is working again!

8)