some MiniThumbs not displaying in Avatar Manage some MiniThumbs not displaying in Avatar Manage
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

some MiniThumbs not displaying in Avatar Manage

Started by bitcloud, March 29, 2007, 10:11:48 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

bitcloud

March 29, 2007, 10:11:48 PM
Hi,

This problem becomes apparent because some of the minithumbs don't display in Avatar Manage, but it's perhaps a bigger problem than that...

The nondisplaying images are ones which contain non alphanumeric characters (such as "]" which in the address bar should be displayed as "%5D") and were uploaded via URL.

Whats happening is the avatar manage is looking for the minithumb at its (should be correct) address of filename%5D.jpg and it's not finding it because all the other files (thumb_ and the full image) are actually named %255D for some strange reason - Perhaps this is a bug in the main "upload via URL" coppermine code? (i'll post a question out there also)

So basically avatarmanage.php is looking for what should be the correct name in the minithumbs list, but it's not finding it because of the "nonalphanumeric + URLupload" bug changing the name, on upload, of characters like "[" (%5D) to %255D (it seems to be adding 25 in between the % and the rest of the characters)

So I guess the core issue is the coppermine bug, but it brings to light that you may be getting the filenames for the minithumbs in a different manner to how it works out the URL for the thumb_ and normal_ versions of the file...

I haven't been able to test this on your site because it won't let me upload anything via URL

Cheers
Lachlan

Stramm

#1
March 31, 2007, 09:02:15 AM
have to look into it... seems I have forgotten to resanitize the URLs in the avatar manage script

bitcloud

#2
April 01, 2007, 07:21:08 AM
After a bit more testing, this is definitely a problem with the main code, but i guess the way the modpack handles the URL must also be different... (a similar problem is evident in the coppermine wordpress plugin for the minithumbs)

if it helps, I believe whats happening is the main code is sanitizing the filename from the URL thusly:
it reads %5D from the URL upload as a straight up filename, rather than trying to reinterpret the already URLsanitized filename as characters...  so it "sanitises" the text and converts the % into a URL friendly "%25" (which is the URLfriendly version of %) rather than correctly interpreting %5D as "]"

I don't know if i explained it very well, but i'm sure you understand what i mean...

Stramm

#3
April 01, 2007, 08:04:02 AM
yes, I named it in my above post 'resanitize'
Print
Go Up Pages1
User actions