Problem resizing or creating thumbnails - Page 3 Problem resizing or creating thumbnails - Page 3
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Problem resizing or creating thumbnails

Started by flapane, June 08, 2012, 12:34:55 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

flapane

So I guess they lied for whatever reason. I understand their security concerns, but the fact that it's always been disabled is clearly a lie.
I guess I have to stick to GD as soon as I find another hosting. That's annoying, I'm not satisfied at all with the sharpness of the images produced by GD.

Out of curiosity, do we have any other ways for passing arguments to the shell via PHP? It seems that quite a few hostings around the world disabled escapeshellarg() in the last years.

Andre, thanks for your support.
Flapane
www.flapane.com

Gallery
www.gallery.flapane.com

Αndré

Quote from: flapane on June 26, 2012, 11:41:22 AM
do we have any other ways for passing arguments to the shell via PHP?
It's not a matter of how to pass arguments, but how to escape specific characters in arguments. In that particular case it should be save to escape some characters like the single quote and put the whole argument in single quotes (at least that's what I understand what escapeshellarg does) if you're the only person who has permissions to upload pictures to your gallery. Regarding the security issue I found this article, which says that the security flaw has been fixed in PHP 4.3.7.

flapane

Who knows, maybe they don't trust of the customers themselves, I guess (customers could launch heavy load processes or whatever).
Flapane
www.flapane.com

Gallery
www.gallery.flapane.com

Αndré

Then they have to disable the exec function. escapeshellarg seems to be the number one choice for shell arguments what mysql_real_escape_string is for whole MySQL query strings.

flapane

Bingo. In fact I had to use mysql_real_escape_string in the guestbook I recently wrote for my website in order to avoid injections. I'm gonna tell them, but I suspect that things won't change.
Flapane
www.flapane.com

Gallery
www.gallery.flapane.com