No News?

sah62 · February 05, 2016, 03:08:50 AM

I'm not seeing any Coppermine project news in my gallery's news header. Is the source feed not working, or is something broken with my installation?

Αndré · February 05, 2016, 08:57:33 AM

Works as expected in my gallery.

sah62 · February 05, 2016, 11:53:04 AM

So you're currently not seeing any news either?

Αndré · February 05, 2016, 11:57:45 AM

I can see the news in my gallery. What's displayed for you if you open that page: http://coppermine-gallery.net/cpg15x_news.htm ? It should display:

Quote2015-11-18: cpg1.5.40 has been released. It's a maintenance release which fixes various issues.
2015-08-13: cpg1.5.38 has been released. It's a maintenance release which fixes various issues.
2015-05-07: cpg1.5.36 has been released. It's a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.34 or older update to this latest version as soon as possible.

sah62 · February 05, 2016, 04:47:56 PM

Yes, I can see that when retrieving the HTMl file directly. Looking at the source code, though, I see this:

Code Select


        // Try to retrieve the news directly
        //$result = cpgGetRemoteFileByURL('http://coppermine-gallery.net/cpg15x_news.htm', 'GET', '', '200'); // disabled, see http://forum.coppermine-gallery.net/index.php/topic,65424.msg325573.html#msg325573

        if (strlen($result['body']) < 200) { // retrieving the file failed - let's display it in an iframe then
            print <<< EOT
                      <iframe src="http://coppermine-gallery.net/cpg15x_news.htm" align="left" frameborder="0" scrolling="auto" marginheight="0" marginwidth="0" width="100%" height="100" name="coppermine_news" id="coppermine_news" class="textinput">
                        {$lang_version_alert['no_iframe']}
                      </iframe>
EOT;
        } else { // we have been able to retrieve the remote URL, let's chop the unneeded data and then display it
            unset($result['headers']);
            unset($result['error']);
            // drop everything before the starting body-tag
            //$result['body'] = substr($result['body'], strpos($result['body'], '<body>'));
            $result['body'] = strstr($result['body'], '<body>');
            // drop the starting body tag itself
            $result['body'] = str_replace('<body>', '', $result['body']);
            // drop the ending body tag and everything after it
            $result['body'] = str_replace(strstr($result['body'], '</body>'), '', $result['body']);
            // The result should now contain everything between the body tags - let's print it
            print $result['body'];
        }

Notice that "$result = cpgGetRemoteFileByURL" is commented out. I uncommented that line and now the news appears as it should.

Αndré · February 05, 2016, 05:42:07 PM

Please note the additional comment:

Quote// disabled, see http://forum.coppermine-gallery.net/index.php/topic,65424.msg325573.html#msg325573

sah62 · February 05, 2016, 06:10:29 PM

I saw that. How does the value of $result and $result['body'] get set without the call to cpgGetRemoteFileByURL() being made? There are no other assignments to that variable in function cpg_alert_dev_version() prior to the line that was commented out.

sah62 · February 05, 2016, 06:26:57 PM

I think I see what's going on here. I commented out that line again and loaded my gallery into the latest versions of Chrome and Firefox. In each case the news was missing, and in each case I see this in the HTML source:

QuoteYour browser cannot display inline frames

It seems to work just fine with IE 11. Anyway, it looks like an issue with the way some browsers display iframes.

sah62 · February 05, 2016, 08:15:19 PM

Even more info: I use TLS and https for my gallery. The URL in the source code (http://coppermine-gallery.net/cpg15x_news.htm) uses http, not https, and some browsers will block "insecure" or mixed content if the site uses TLS.

Possible fixes (probably not a complete list):

Remove the code comment as I noted above. This might not be optimal for reasons noted in the thread described above, but it causes the code to parse the news information and render it without using an iframe.

Add support for TLS/https to coppermine-gallery.net and modify the code to recognize when the source for the iframe should also use TLS/https.

Use a browser that doesn't omit mixed content. This has security implications, though.

Anyway, I hope this helps anyone who runs into the same issue.

Αndré · February 08, 2016, 11:39:00 AM

Thanks for your effort. IMHO the only option is:

Quote from: sah62 on February 05, 2016, 08:15:19 PM
Add support for TLS/https to coppermine-gallery.net and modify the code to recognize when the source for the iframe should also use TLS/https.

I'll see what we can do.

coppermine-gallery.com/forum

News:

No News?

sah62

Αndré

sah62

Αndré

sah62

Αndré

sah62

sah62

sah62

Αndré