displayimage.php?&fullsize - access only for admins !? :( displayimage.php?&fullsize - access only for admins !? :(
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

displayimage.php?&fullsize - access only for admins !? :(

Started by Duracel, September 03, 2005, 05:29:27 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Duracel

the following link does work if im loogged in as admin, but it doesnt work for registered users(even if i give them same rights in the "groupmgr.php") and same problem with unregistered users.
But i would like to make it work for everyone.

http://www.duracel.de/gallery/displayimage.php?&fullsize=1&picfile=paintings%2F05-searchdestroy.jpg


Thx for help :)
Duracel

Joachim Müller

1) You're running the outdated version cpg1.3.2 - upgrade to the most recent stable version cpg1.3.4 asap
2) Did you apply any mods? Upload a fresh copy of displayimge.php.
3) Actually, this was never meant to work - the link to a fullsize pic is meant to contain the pid only, not the file name. I guess it's a custom mod that you have applied that is "misbehaving"

Duracel

1)  Well, i've downloaded the version some months ago, it works very well and i don't know if it is necessary to update it and how easy or time-consuming it is to upgrade.

2) Now, i only have installed the standard-version and there is no modification installed.

3) In the "batch add file" window (searchnew.php), where you can click on thumbnails you get a link just in the above style. So i guess it was meant to work this way.
But it works only with admin-access and thats very sad. And i guess this Problem is not solved by the new version!? Correct me if im wrong, but it seems to be set to work only for admins and you have to set it free.

Anyway its not a huge Problem - would be just fine if i could get it work for all users.

Joachim Müller

Quote from: Duracel on September 05, 2005, 12:30:26 AM
1)  Well, i've downloaded the version some months ago, it works very well and i don't know if it is necessary to update it and how easy or time-consuming it is to upgrade.
I wouldn't have advised to update if it wasn't necessary. Read cpg1.3.3 released - upgrade strongly recommended and Security fix for coppermine: EXIF XSS vulnerability *MUST READ*

Quote from: Duracel on September 05, 2005, 12:30:26 AM3) In the "batch add file" window (searchnew.php), where you can click on thumbnails you get a link just in the above style. So i guess it was meant to work this way.
But it works only with admin-access and thats very sad. And i guess this Problem is not solved by the new version!? Correct me if im wrong, but it seems to be set to work only for admins and you have to set it free.
searchnew.php is admin-only, so the link it opens for the thumbnails are admin-only as well. That's expected behaviour, the thumbnail target links are meant for trouble-shooting the batch-add process, not for permanent use. As I already said in my previous posting: links to full-size pics are suppossed to contain the PID. The way you're proposing to use coppermine simply is not meant to be used - if you need it, you'll have to code it. Marking this thread as "invalid".