Registration, critical error - Page 2 Registration, critical error - Page 2
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Registration, critical error

Started by cyberdyne2, March 19, 2013, 05:37:19 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

cyberdyne2

I had no luck with the server host unfortunately André. Their reply was as follows:
QuoteI am not aware of any server changes that would have affected this function, and we have not had any similar reports of problems with this function from other users on that shared server. If it does not affect site functionality or security in anyway, I would suggest you stick with the alternate approach that was show to work in the support thread while you are establishing if there is a cause in the application for this.
Reading the link referenced at http://stackoverflow.com/questions/7803522/mysql-real-escape-string-works-in-localhost-but-not-on-webserver I am wondering if you would need to make sure you are opening the database connection prior to calling the 'mysql_real_escape_string'. You might want to check if you
are connecting via localhost or by the external IP. If you are using the external IP, maybe switching to localhost might make a difference?

Any idea where I can get help to fix this please?
v.1.5.22

Αndré

Coppermine is already connected to the database at this point, so I don't think it will solve your issue. But you could try to add $CONFIG['LINK_ID'] as link_identifier to the mysql_real_escape_string function in include/inspekt.php. This means, find
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));
and replace with
            global $CONFIG;
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);

(untested).

cyberdyne2

Quote from: Αndré on March 20, 2013, 07:34:52 PM
Coppermine is already connected to the database at this point, so I don't think it will solve your issue. But you could try to add $CONFIG['LINK_ID'] as link_identifier to the mysql_real_escape_string function in include/inspekt.php. This means, find
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));
and replace with
            global $CONFIG;
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);

(untested).

Αndré, thank you so much, this did in fact solve the problem and all seems well now.
Again, thank you very much for your time.
v.1.5.22

Αndré

It seems that you're the first problem facing this issue. However, as I don't think it will harm anything, this change will probably be a part of the next release of cpg1.5.x.

cyberdyne2

Quote from: Αndré on March 20, 2013, 07:57:23 PM
It seems that you're the first problem facing this issue. However, as I don't think it will harm anything, this change will probably be a part of the next release of cpg1.5.x.

I'm glad to hear that if nothing else I manage to uncover a possible bug :)

If possible, would you be able to remove my directory name (between /home/ and public_html/) from my previous post please?
http://forum.coppermine-gallery.net/index.php/topic,76112.msg367364.html#msg367364

Thank you
v.1.5.22

Αndré


cyberdyne2

v.1.5.22

Αndré

Committed fix in SVN revision 8550.

Αndré

As the above change breaks the installer for me, I replaced the code with
            global $CONFIG;
            if ($CONFIG['LINK_ID']) {
                return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);
            } else {
                return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));
            }

in SVN revision 8573.