After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more

Makc666 · February 01, 2008, 02:17:10 PM

After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more...

Quote from: Nibbler on January 31, 2008, 09:28:24 PM
That's exploitable by people who can rotate an image, ie. registered users with upload rights. Only affects galleries using ImageMagick. Can be mitigated by restricting upload rights/membership to trusted individuals (or using GD2).

Doesn't work on two hosts/servers.
Doesn't work on "clean" 1.4.15 files.

The problem is for the code you added "everywhere" in 1.4.15:

Code Select

$cmd = escapeshellarg($cmd);

I really can't understand for what you have added this one if the code already has:

Code Select

$src_file = escapeshellarg($src_file);                                                                              
$im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));

http://ru2.php.net/escapeshellarg

May be you have to use escapeshellcmd() and not escapeshellarg?

http://ru2.php.net/manual/ru/function.escapeshellcmd.php

Makc666 · February 01, 2008, 02:28:51 PM

For example to see thumbnail during upload of files you have to comment second line
$cmd = escapeshellarg($cmd);

in file:
picmgmt.inc.php

in code:

Code Select

    // Method for thumbnails creation                                                                                               
    switch ($method) {                                                                                                              
        case "im" :                                                                                                                 
            if (preg_match("#[A-Z]:|\\\\#Ai", __FILE__)) {                                                                          
                // get the basedir, remove '/include'                                                                               
                $cur_dir = substr(dirname(__FILE__), 0, -8);                                                                        
                $src_file = '"' . $cur_dir . '\\' . strtr($src_file, '/', '\\') . '"';                                              
                $im_dest_file = str_replace('%', '%%', ('"' . $cur_dir . '\\' . strtr($dest_file, '/', '\\') . '"'));               
            } else {                                                                                                                
                $src_file = escapeshellarg($src_file);                                                                              
                $im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));                                                 
            }                                                                                                                       
                                                                                                                                    
            $output = array();                                                                                                      
            /*                                                                                                                      
             * Hack for working with ImageMagick on WIndows even if IM is installed in C:\Program Files.                            
             * By Aditya Mooley <aditya@sanisoft.com>                                                                               
             */                                                                                                                     
            if (eregi("win",$_ENV['OS'])) {                                                                                         
                $cmd = "\"".str_replace("\\","/", $CONFIG['impath'])."convert\" -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options
                $cmd = escapeshellarg($cmd);                                                                                      
                exec ("\"$cmd\"", $output, $retval);                                                                                
            } else {                                                                                                                
                $cmd = "{$CONFIG['impath']}convert -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options']} -geometry {$destWidth}x{$
                $cmd = escapeshellarg($cmd);                                                                                      
                exec ($cmd, $output, $retval);                                                                                      
            }

Nibbler · February 01, 2008, 02:31:52 PM

Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release.

Makc666 · February 01, 2008, 02:36:38 PM

Quote from: Nibbler on February 01, 2008, 02:31:52 PM
Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release.

All functions where code

Code Select

$cmd = escapeshellarg($cmd);
has been added doesn't work any more :-\

Nibbler · February 01, 2008, 11:20:47 PM

Fixed in svn (reverted the added escapeshellarg() lines, left the security fix in).

Nibbler · February 01, 2008, 11:41:14 PM

Release announcement ready at http://forum.coppermine-gallery.net/index.php?topic=50194.0 with steps for manual fix.

Makc666 · February 02, 2008, 12:51:29 AM

Quote from: Nibbler on February 01, 2008, 11:41:14 PM
Release announcement ready at http://forum.coppermine-gallery.net/index.php?topic=50194.0 with steps for manual fix.

Thanks, Nibbler!
I can't see this one (topic), but I hope it will be available soon

coppermine-gallery.com/forum

News:

After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more

Makc666

Makc666

Nibbler

Makc666

Nibbler

Nibbler

Makc666