Problem with Russian keywords in editpics.php Problem with Russian keywords in editpics.php
 

News:

CPG Release 1.6.28
added submissions from {406man}
cleaned up a few PHP (8.4) deprecations
fixed PHP deprecation in calendar
removed security vulnerability
(please upgrade when possible)

Main Menu

Problem with Russian keywords in editpics.php

Started by croft79, August 10, 2017, 04:03:41 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

croft79

August 10, 2017, 04:03:41 PM
Good day
When I'm uploading file with Russian keywords they are disappearing in editpics.php step and I have only (2016, C,M,Pоза ,,,,,,).  :-\

Samples in attachment

Αndré

#1
August 18, 2017, 02:39:29 PM
Please attach a sample file which contain such keywords. I assume this are IPTC keywords?

croft79

#2
August 18, 2017, 04:26:25 PM
here it is

Αndré

#3
August 22, 2017, 02:53:51 PM
The function strip_IPTC in include/iptc.inc.php is responsible for that (mal)function:
Code Select
$data=htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:

This may be reviewed, but it needs to be done carefully to not open any security vulnerabilities.

Αndré

#4
August 23, 2017, 10:28:37 AM
This will fix the issue:
Code (include/iptc.inc.php) Select
$data=htmlentities(strip_tags(trim($data,"\x7f\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim ASCII control characters

I assume it won't have a security impact, but I haven't checked that in detail.
Print
Go Up Pages1
User actions