After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more

Started by Makc666, February 01, 2008, 02:17:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Makc666

After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more...
Quote from: Nibbler on January 31, 2008, 09:28:24 PM
That's exploitable by people who can rotate an image, ie. registered users with upload rights. Only affects galleries using ImageMagick. Can be mitigated by restricting upload rights/membership to trusted individuals (or using GD2).
Doesn't work on two hosts/servers.
Doesn't work on "clean" 1.4.15 files.

The problem is for the code you added "everywhere" in 1.4.15:
$cmd = escapeshellarg($cmd);

I really can't understand for what you have added this one if the code already has:

$src_file = escapeshellarg($src_file);                                                                             
$im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));


http://ru2.php.net/escapeshellarg

May be you have to use escapeshellcmd() and not escapeshellarg?

http://ru2.php.net/manual/ru/function.escapeshellcmd.php



Makc666

For example to see thumbnail during upload of files you have to comment second line
$cmd = escapeshellarg($cmd);

in file:
picmgmt.inc.php

in code:
    // Method for thumbnails creation                                                                                               
    switch ($method) {                                                                                                             
        case "im" :                                                                                                                 
            if (preg_match("#[A-Z]:|\\\\#Ai", __FILE__)) {                                                                         
                // get the basedir, remove '/include'                                                                               
                $cur_dir = substr(dirname(__FILE__), 0, -8);                                                                       
                $src_file = '"' . $cur_dir . '\\' . strtr($src_file, '/', '\\') . '"';                                             
                $im_dest_file = str_replace('%', '%%', ('"' . $cur_dir . '\\' . strtr($dest_file, '/', '\\') . '"'));               
            } else {                                                                                                               
                $src_file = escapeshellarg($src_file);                                                                             
                $im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));                                                 
            }                                                                                                                       
                                                                                                                                   
            $output = array();                                                                                                     
            /*                                                                                                                     
             * Hack for working with ImageMagick on WIndows even if IM is installed in C:\Program Files.                           
             * By Aditya Mooley <aditya@sanisoft.com>                                                                               
             */                                                                                                                     
            if (eregi("win",$_ENV['OS'])) {                                                                                         
                $cmd = "\"".str_replace("\\","/", $CONFIG['impath'])."convert\" -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options
                $cmd = escapeshellarg($cmd);                                                                                     
                exec ("\"$cmd\"", $output, $retval);                                                                               
            } else {                                                                                                               
                $cmd = "{$CONFIG['impath']}convert -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options']} -geometry {$destWidth}x{$
                $cmd = escapeshellarg($cmd);                                                                                     
                exec ($cmd, $output, $retval);                                                                                     
            }

Nibbler

Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release. ::)

Makc666

Quote from: Nibbler on February 01, 2008, 02:31:52 PM
Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release. ::)
All functions where code
$cmd = escapeshellarg($cmd);
has been added doesn't work any more :-\

Nibbler

Fixed in svn (reverted the added escapeshellarg() lines, left the security fix in).


Makc666