Edit Files option available to unlogged users- meant to be admin only?

[angie03]

First off, I upgraded my gallery yesterday from 1.4.27 to 1.5.6 -- thereby missing out 1.5.4 altogether -- and ran into problems, but managed to fix them using this thread (http://forum.coppermine-gallery.net/index.php/topic,65521.0.html) but now I've discovered a new error altogether and it's one I've never come across before: unlogged users have the 'edit files' option available to them (my gallery is open & doesn't require registration) but I'm anxious about this error since having this admin option open for all to access could mean my gallery being hacked, for want of a better word.

Example - http://www.amy-acker.org/gallery/index.php?cat=120

I'd appreciate any assistance in this, I've asked around & it seems to be a completely new error so I haven't had much luck trying to fix it. I've looked at config & even phpMyAdmin since I thought it may be a database error since I had database problems with the upgrade yesterday, but I can't find anything. In other news, I also switched off 'count album views' in config but it's still showing in the gallery for some reason... I'm stumped!

[Joe Carver]

http://forum.coppermine-gallery.net/index.php/topic,66179.msg329113.html#msg329113

[Αndré]

I'm not sure if it's the same issue as Joe referred to. Please do an upgrade to the latest svn revision if you can and report back if the issue still exists. We've fixed many things since the release of cpg1.5.6 and have to package the next release asap.

[angie03]

I'm not sure if it's the same issue as Joe referred to. Please do an upgrade to the latest svn revision if you can and report back if the issue still exists. We've fixed many things since the release of cpg1.5.6 and have to package the next release asap.

Thanks for your reply. Did you mean download the latest files (edit_one_pic.php & editpics.php) via the version check page? If so, the 'edit files' error is still showing up for me when unlogged.

[Αndré]

Please see here and update all files. Don't forget to run update.php after you have replaced all files.

[Αndré]

Seems that you haven't updated with the latest svn revision. I wasn't able to reproduce the button for guests in my testbed, but committed another fix for editpics.php in r7796. Can you give me the login details of your phpMyAdmin or create a dump with the tables albums, categories, config and usergroups?

[angie03]

Seems that you haven't updated with the latest svn revision. I wasn't able to reproduce the button for guests in my testbed, but committed another fix for editpics.php in r7796. Can you give me the login details of your phpMyAdmin or create a dump with the tables albums, categories, config and usergroups?

No, I haven't had the chance to do so- been in hospital with my little girl who's 7 weeks old. Can you email me at fansitemail

• gmail.com to get the login details, please? Don't feel safe giving out the password in public & can't quite remember what a dump means (sleep deprived.) Thanks again.

[Αndré]

I've sent you my contact details via PM.

[Αndré]

Already fixed in svn. Please run

Code Select Expand

UPDATE `cpg1410_albums` SET moderator_group = 0;
in your database management tool to fix your issue.