cpg1.4 Testing/Bugs: themes.inc.php cpg1.4 Testing/Bugs: themes.inc.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

cpg1.4 Testing/Bugs: themes.inc.php

Started by m@rk, January 21, 2007, 12:22:23 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

m@rk

January 21, 2007, 12:22:23 AM Last Edit: July 02, 2007, 03:50:29 PM by GauGau
There's obviously a bug in CPG 1.4.10 include\themes.inc.php:

You have to change line 864 from

Code Select
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value="{USER_NAME}" />

to

Code Select
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value={USER_NAME} />

to display the (cookie stored?) guests name in the guest name field (remove the [Anführungszeichen] from value="{USER_NAME}" ...).

with kind regards

Nibbler

#1
January 21, 2007, 12:21:01 PM
I don't understand, how does your change help?

m@rk

#2
January 21, 2007, 02:53:06 PM
The original code produces the following html:

Code Select
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value=""MarcyMarc"" />

The modified code produces:

Code Select
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value="MarcyMarc" />

In html source code around line 349, the text value is the point...

Nibbler

#3
January 21, 2007, 03:09:06 PM
A better fix is to remove the duplicate quotes being added here:

Code Select
$user_name = isset($USER['name']) ? '"' . strtr($USER['name'], $HTML_SUBST) . '"' : $lang_display_comments['your_name'] . '" onclick="javascript:this.value=\'\';';

Moving to bugs board, thanks for the report.

m@rk

#4
January 21, 2007, 03:23:57 PM
Hey Nibbler -

that's exactly what I detected during the last minutes and wanted to post right now  :D

great community!

with kind regards

Joachim Müller

#5
July 02, 2007, 03:49:32 PM
Changed
Code Select
$user_name = isset($USER['name']) ? '"' . strtr($USER['name'], $HTML_SUBST) . '"' : $lang_display_comments['your_name'] . '" onclick="javascript:this.value=\'\';';to
Code Select
            if (isset($USER['name'])) {
              $user_name = strtr($USER['name'], $HTML_SUBST);
            } else {
              $lang_display_comments['your_name'];
            }in include/themes.inc.php and themes/sample/theme.php of svn repositories "cpg1.4.x" and "cpg1.5.x". Will go into cpg1.4.12 and cpg1.5.0. Marking as "fixed".

Nibbler

#6
July 02, 2007, 04:30:44 PM
Why? Your code makes no sense.

Joachim Müller

#7
July 04, 2007, 07:47:14 AM
Could you elaborate please?

Nibbler

#8
July 04, 2007, 05:37:37 PM
Code Select
$lang_display_comments['your_name'];

Should be

Code Select
$user_name = $lang_display_comments['your_name'];

Otherwise the line does nothing.

Joachim Müller

#9
July 05, 2007, 10:50:32 AM
oops, you're of course right :-[. Committed to both branches of the SVN. Will go into cpg1.4.13 and cpg1.5.0.
Print
Go Up Pages1
User actions