Register_globals off - gallery behaviour changed Register_globals off - gallery behaviour changed
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Register_globals off - gallery behaviour changed

Started by roaftech, February 02, 2012, 09:01:06 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

roaftech

Today my website host turned off the register_globals switch, and there has been a change in the behaviour of the gallery. Apologies if this is dealt with elsewhere but a search of the forum did not produce anything.

Site: www.roaf.org/gallery
I have a home page set up with "breadcrumb/anycontent/random,1/catlist/alblist/lastup,2/onlinestats" as the standard set up. This works fine and is as I intend. The "anycontent" file contains a series of links to the 7 categories - again all works fine.

Before:
One of the Categories (nr 6) opened as if random,1 and lastup,2 were activated for this category. I don't know how I achieved that, but I quite liked it. The other categories opened, showing the album details and thumbnails but without random and lastup displays.
Now:
All the categories open with random,1 and lastup,2 but these sections are empty ("no images to display"), except for category 6 which behaves as before. Drilling down into the albums in these categories shows that there are files that could be displayed.

Can this be attributable to register_globals? I don't really want to go back to the host and ask for it to be put back on. I quite like the random and lastup displays at category level (as well as on the home page) but not empty ones! Alternatively, how are the random and lastup selections made, and how could this behaviour be coded deliberately?
.
Steve Humphreys,
Help, Hope and Co-operation,
Asociatia Neemia, Dorohoi, Romania.
www.roaf.org/gallery

Αndré

The main difference between your category 6 and the other ones is their content. Category 6 contains albums which contain "real" files, the other one have just albums with linked files. I think that's the reason why the meta albums are empty (currently not sure how it is supposed to work). I don't think it is related to the register_globals switch, but I never tested it. Coppermine doesn't require that setting anywhere. Do you have updated your gallery, installed any plugin or switched/edited your theme?

roaftech

Thanks Andre - that makes sense about the "empty" categories, but doesn't explain why the random and lastup are being triggered there now. My idea was to put all the real files in their chronological albums and link to subjects - a process that was working fine.  I suppose that if I put a few photos into the other categories as well then we will at least avoid the blank panels.

I did add some more photos to category 6 yesterday and changed the colour of the links in 'anycontent' via its theme css, but nothing that should have changed anything else. I have another site with the same host but on a different server, and the behaviour there has changed too although I made no changes at all there.

My host (Online Institute) has come back this morning to say that other clients have complained about odd behaviour after they turned off the globals so they have had to reinstate it (but they put in a work-around for my sites to stay off.  I'll ask them to reinstate it, if only to eliminate it from our inquiries.

Many thanks,
.
Steve Humphreys,
Help, Hope and Co-operation,
Asociatia Neemia, Dorohoi, Romania.
www.roaf.org/gallery

Αndré

Please report if the empty meta albums disappear when they switch the register_globals setting back to the old value. AFAIK it shouldn't have an impact, but maybe I'm wrong.

roaftech

Quote from: Αndré on February 03, 2012, 03:22:14 PM
Please report if the empty meta albums disappear when they switch the register_globals setting back to the old value. AFAIK it shouldn't have an impact, but maybe I'm wrong.

Certainly will.
They have given me the code to make the changes myself (but they didn't give me the permissions!). I'll let you know what, if anything, happens, but I think that your comment about empty categories may well have resolved my underlying question. I'll try again with the globals setting and then mark this as solved in due course.
.
Steve Humphreys,
Help, Hope and Co-operation,
Asociatia Neemia, Dorohoi, Romania.
www.roaf.org/gallery

roaftech

Andre - I have been granted access to the register_globals switch and have been able to turn it on or off at will. I have found that it does make a difference, and that it is related to the change of behaviour that I described initially.
Here are my two sites in basically parallel configurations:
http://roaf.org/gallery/index.php?cat=2 with globals off
http://roafan.org/Photos/index.php?cat=3 with globals on.

Hopefully, if I put some files into the phantom categories, as per your suggestion, it will solve the problem of the blank random and lastup panels.

However, I found another problem
I thought it might be useful to check the versions of each installation, so I logged in to each and used the version check under the Information menu. I found that the experimental site (roafan) is version 1.5.8 (naughty I know, but think of it as part of the research) whilst the site with globals off produced the following message:

Template error
Failed to find block 'file_line' (#<!-- BEGIN file_line -->(.*?)<!-- END file_line -->#s) in :

                    <div class="{CSS_CLASS}">
                        <h2>{HEADER_TXT}</h2>
                        <span class="cpg_user_message">{MESSAGE}</span>


                        <br /><br />
                    </div>


I found this link about Register_Globals http://php.net/manual/en/security.globals.php
Perhaps it isn't as innocent as we thought!
.
Steve Humphreys,
Help, Hope and Co-operation,
Asociatia Neemia, Dorohoi, Romania.
www.roaf.org/gallery

roaftech

Since writing the above I have noticed that you have met this before ...
http://forum.coppermine-gallery.net/index.php/topic,74209.0.html

I don't know whether the register_globals applies there too. Perhaps Lurkalot can advise.
.
Steve Humphreys,
Help, Hope and Co-operation,
Asociatia Neemia, Dorohoi, Romania.
www.roaf.org/gallery

Αndré

#7
In include/functions.inc.php in function display_thumbnails the array $valid_meta_albums is empty when register_globals is enabled. This happens as the following function resets all variables in include/init.inc.php:
// Remove any variables introduced by register_globals, if enabled
$keysToSkip = array('keysToSkip', 'register_globals_flag', 'superCage', 'cpg_time_start', 'key');

if ($register_globals_flag && is_array($GLOBALS)) {
    foreach ($GLOBALS as $key => $value) {
        if (!in_array($key, $keysToSkip) && isset($$key)) {
            unset($$key);
        }
    }
}


If we extend the array to
$keysToSkip = array('keysToSkip', 'register_globals_flag', 'superCage', 'cpg_time_start', 'key', 'valid_meta_albums');
the result is the same behavior regardless of the register_globals setting. Another option would be to move the $valid_meta_albums array after that function.


This will of course do the opposite of what you want to do. So if you don't want to display empty meta albums, open include/functions.inc.php, find
} elseif (is_numeric($album) || in_array($album, $valid_meta_albums)) {
and replace with
} elseif (is_numeric($album)) {

roaftech

Andre - thanks for the extra research and advice.
I think that the topic is now clarified, although it may be necessary to amend the documentation a bit - where it said that Register_Globals doesn't have any effect.

Best wishes,
.
Steve Humphreys,
Help, Hope and Co-operation,
Asociatia Neemia, Dorohoi, Romania.
www.roaf.org/gallery

Αndré

As there will be no new documentation before the next version release (which will contain a fix for that issue), there's no need to amend the documentation ;)

Αndré