IMG URL Tag in Kategorien funktionieren nicht IMG URL Tag in Kategorien funktionieren nicht
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

IMG URL Tag in Kategorien funktionieren nicht

Started by tc-one, August 05, 2011, 10:51:18 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

tc-one

Hallo,
ich habe Probleme festgestellt, beim Einfügen von IMG oder URL Tags in Kategorien.
Bekomme beim Einfügen von (http://url_zum_bild) nur die /images/thumbnails.gif Datei angezeigt, aber nicht das eigentliche Bild.
Beim Einfügen einer Url über irgendeine url nur /images/descending.gif aber keine Möglichkeit hier draufzuklicken, damit sich die Url auch öffnet. Was habe ich hier falsch gemacht?

Αndré

Quote from: Joachim Müller on March 02, 2009, 09:08:40 AM
Why was cpg1.4.21 released?
The release covers a recently discovered vulnerability that allows (if unpatched) a user to launch a CSRF attack (definition) against your website (milw0rm exploit 8114 and 8115).  The vulnerability is due to the processing of the bbcode tags [ i m g ] and [ u r l ].  The attack that can be launched through these tags can be wide-reaching and all gallery administrators must take this seriously.  Since cpg1.4.x is a stable release package, the Coppermine development team could not address this vulnerability without a large change in the way forms are handled.  So the solution is to remove the correct processing of the two bbcode tags, [ i m g ] and [ u r l ].  This is not a final solution but it is necessary to address this serious vulnerability.  The Coppermine dev team is working on a way to handle these bbcode tags and will post here with more information.  You can read information about how these tags are now processed and how to hack in your own solution in the bbcode section of the documentation.
Quote from: Joachim Müller on March 04, 2009, 10:01:40 AM
Upgrading to cpg1.4.21 will result in two features getting disabled: you as admin as well as your registered users and your visitors (guests) will no longer be able to use the bbcode tags [ i m g ] and [ u r l ] in comments or upload descriptions. If you have never used those features, then fine - you won't miss anything. Those who actually have used those bbcode tags need to understand that it's not an option not to upgrade just because you're afraid to lose a feature.

D.h. du solltest ein Upgrade auf cpg1.5.x durchführen, da die besagten BBCode-Tag dort funktionieren und es außerdem keinen Support mehr für cpg1.4.x gibt.