[Bug]: JUpload and XFeed plugin (1.5.x version, maybe 1.4.x, too) [Bug]: JUpload and XFeed plugin (1.5.x version, maybe 1.4.x, too)
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[Bug]: JUpload and XFeed plugin (1.5.x version, maybe 1.4.x, too)

Started by Αndré, December 23, 2009, 05:54:20 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Αndré

Hi etienne,

I just tested JUpload with cpg1.5.x. As far I can say it works fine, but if you have the plugin 'xfeed' installed, your whole gallery immediately stops to work.

It's because xfeed checks for the global var $album
if ((int)$album)

In codebase.php you set
$album = getSuperCageInt('album', -1);
and later check that value:
$album>0

This maybe happens on cpg1.4.x with the appropriate xfeed version, but I haven't tested that.


Suggestion:
change
$album = getSuperCageInt('album', -1);
to
$album = getSuperCageInt('album', false);

and everything works fine.


If this error occurs in cpg1.4.x, too, change that line accordingly
$album = isset($_GET['album']) ? (int)$_GET['album'] : -1;

etienne_sf

Hi thanks for this very clear suggestion,

 I commited it on my SVN. It works under Coppermine 1.4.

  I can't test it under Coppermine 1.5, as I have some strange error each time I update the configuration. I guess I'll have to erase my CPG 1.5 installation and re-install it. Standard upload works nice, and it's ok to test JUpload ... for the moment.

Etienne

Joachim Müller

Actually there is no need to find another name for the SuperCage variable: in Coppermine's core you will find $superCage = Inspekt::makeSuperCage();. It doesn't hurt to re-define that array, so you should use exactly the same array name in your custom code as well.
I have noticed only recently the similar thing in other user contributed plugins: instead of using$superCage = Inspekt::makeSuperCage();plugin authors apparently think that they mustn't use that variable and come up with new array names like$foobar = Inspekt::makeSuperCage();
That's not a good idea - always use $superCage.

From the docs (important part highlighted):
Quote from: http://documentation.coppermine-gallery.net/en/dev_superglobals.htm#superglobals_sanitization_howto_inspekt_in_coppermineInspekt in Coppermine
Inspekt has been used in CPG by including it in init.inc.php file at the very beginning and creating a supercage immediately after its inclusion.set_include_path(get_include_path().PATH_SEPARATOR.dirname(__FILE__).PATH_SEPARATOR.'Inspekt');
echo dirname(__FILE__);
require_once "Inspekt.php";

$superCage = Inspekt::makeSuperCage();
Supercage is an aggregation of all the cages, i.e EGPCS (the order of variable parsing). Once the supercage is created none of the EGPCS variables are available.

To access a variable within a supercage we have to use the following format:$qs = $superCage->server->getDigits('QUERY_STRING');
$album = $superCage->get->getInt('album');
$title = $superCage->post->getAlpha('title');
To get an instance of $superCage inside a function use $superCage = Inspekt::makeSuperCage(); again. Do not use the global directive. It may be noted here that makeSuperCage() creates a singleton pattern object. So calling it multiple times does not have any overheads and you can be assured of getting the very same object every time.

Every dev is encouraged to download the latest tarball of Inspekt and checkout the API documentation for the list of available methods for accessing data from cages. In addition to this, there is a bunch of test functions which will test a value of a given key against a pre-determined datatype or format.
I will edit the documentation and add a clarification.

etienne_sf

Hi,

  I'm not sure if this reply is actually about this thread.


BTW, I learned that I should not make global $superCage; statements.

I removed them almost everywhere.


  I just have a problem now: my plugin is compatible with both CPG1.4 and CPG1.5, by including the relevant include for specific parts.

How can I simply detect that I'm in CPG1.4 or CPG1.5, if I can't just check if $superCage is set ?

Should I also duplicate code in codebase ? 

Etienne

Αndré


Joachim Müller

Quote from: etienne_sf on January 12, 2010, 11:46:08 PM
I'm not sure if this reply is actually about this thread.
it is.


Quote from: etienne_sf on January 12, 2010, 11:46:08 PMBTW, I learned that I should not make global $superCage; statements.
Correct. And you should not name the cage differently. It doesn't hurt to call the object several times with the same name. That's what I tried to say.

Quote from: etienne_sf on January 12, 2010, 11:46:08 PMI just have a problem now: my plugin is compatible with both CPG1.4 and CPG1.5, by including the relevant include for specific parts.

How can I simply detect that I'm in CPG1.4 or CPG1.5
That's dead simple: the constant COPPERMINE_VERSION contains the exact coppermine version (see "Developer documentation -> Variables & Constants"). Do a version comparison like this$versionCompare = version_compare($version_number_to_compare_against,COPPERMINE_VERSION);
           if ($versionCompare == 0) {
               $better = 'YES';
           } else {
               $better = 'NO';
           }

There have been complaints in the past that previous versions of coppermine (up to cpg1.4.x) came without dev docs - that's what has changed for cpg1.5.x: a lot of time and effort has gone into the developer documentation of cpg1.5.x - please use it, we really worked hard on it, so we expect long time contributors to read up what we have written down there! Suggestions how to improve it are welcome.
However, your issues with version comparison should not be discussed on this thread. Αndré reported an issue in your code. If you need to discuss coding for cpg1.5.x, you should not use this thread, but the board dedicated to such issues both for your own benefit as well as for the benefit of others. Keeps this thread less cluttered as well and avoids thread drift.

etienne_sf

Quote from: Joachim Müller on January 13, 2010, 08:32:36 AM
There have been complaints in the past that previous versions of coppermine (up to cpg1.4.x) came without dev docs - that's what has changed for cpg1.5.x: a lot of time and effort has gone into the developer documentation of cpg1.5.x - please use it, we really worked hard on it, so we expect long time contributors to read up what we have written down there! Suggestions how to improve it are welcome.

Yep, thanks for that !

I have to say that I moved forward, without looking for this kind of doc. Sorry for that, I'll read them.

Quote from: Joachim Müller on January 13, 2010, 08:32:36 AM
However, your issues with version comparison should not be discussed on this thread. Αndré reported an issue in your code. If you need to discuss coding for cpg1.5.x, you should not use this thread, but the board dedicated to such issues both for your own benefit as well as for the benefit of others. Keeps this thread less cluttered as well and avoids thread drift.

Yep, I stop here.

Thanks for you quote here (Andre and you).

Etienne