Caught a bug in v1.4.13 (search)? Caught a bug in v1.4.13 (search)?
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Caught a bug in v1.4.13 (search)?

Started by danicotra, October 27, 2007, 02:18:32 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

danicotra

October 27, 2007, 02:18:32 PM Last Edit: November 05, 2007, 08:20:02 AM by GauGau
Hello there.
I "hat in hand" write to you.
I don't know if I'm right but I think I found a bug within coppermine v1.4.13:
when I search for a photo I got an empty search string as thumbnail's title ("")
I noticed the problem is that in line 1255 of include/functions.inc.php , in function get_pic_data:
Code Select

                        $album_name = $lang_meta_album_names['search'].' - "'. strtr($search_string, $HTML_SUBST) . '"';

as a result of the strtr() function I got an empty string because the $HTML_SUBST variable was empty despite it was globally referenced in line 897:
Code Select

        global $USER, $CONFIG, $ALBUM_SET, $META_ALBUM_SET, $CURRENT_CAT_NAME, $CURRENT_ALBUM_KEYWORD, $HTML_SUBST, $THEME_DIR, $FAVPICS, $FORBIDDEN_SET_DATA;

Is that a bug?
To solve it I add the following line (which I took from init.inc.php):
Code Select

$HTML_SUBST = array('&' => '&amp;', '"' => '&quot;', '<' => '&lt;', '>' => '&gt;', '%26' => '&amp;', '%22' => '&quot;', '%3C' => '&lt;', '%3E' => '&gt;','%27' => '&#39;', "'" => '&#39;');

just after the global references and now I finally see the correct search string upside the thumbnails of the found photos.

Is that a bug? Or it happens just to me? Or is there a better way to get things work?

Please let me know...
Thank you.

danicotra

#1
November 02, 2007, 09:33:52 PM
Excuse me sirs, nobody else noticed this problem? Was I the only one facing this (let's call it so) "bug"?
Please answer. Thank you.

danicotra

#3
November 04, 2007, 10:59:59 PM
No Sir, the demo works good...
Then maybe the problem for me was due to web server (apache) or, most likely, php settings (maybe register globals turned off)?
Thank you anyway for your answer!

Joachim Müller

#4
November 05, 2007, 08:19:46 AM
Coppermine doesn't need the naughty register_globals. On our server (where the demo resides), register_globals is off.
If this issue doesn't exist on the demo, it is very likely that this is not a bug within coppermine, but something on your end. Marking thread as "invalid". If you have new insight, you're welcome to update this thread by reporting your results.

danicotra

#5
November 05, 2007, 02:22:47 PM
I noticed the same problem in every (I suppose) script that uses the $HTML_SUBST variable in conjunction with the strtr() functions (eg. delete.php in function parse_select_option when filling the array 'album_nm')... I must manually define the variable $HTML_SUBST every time to get over this (it's not a pleasure) !!!
Well, let's off php configuration, what I didn't say was I'm using Coppermine 1.4.13 bridged (bridge v1.02) inside e107 0.78... I think you can't give support for this but... I can't understand how a bridge can destroy the global referencing to variables (which I think it's the origin of my problems)? Probably the problem is somehow connected to this, I suppose... any Idea?
Thank you guys.
Print
Go Up Pages1
User actions