Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Installation & Setup => Topic started by: haghorst on March 21, 2006, 10:35:26 PM

Title: Comments
Post by: haghorst on March 21, 2006, 10:35:26 PM
Hi,

I have Coppermine Version 1.3.1
And i have also installed version 1.4.4

I saw by version 1.4.4 that you can give comment by the photo's without loggin in.
There is a box with Guest in the bottom.
I want this also on my 1.3.1 version without the risk I lose my photo hits and the comments that are now at the photo's.

Must is make a change in the index.php or something?
I don't know what to do  ???

If you can help me,
Thanks
Title: Re: Comments
Post by: Joachim Müller on March 21, 2006, 11:35:05 PM
you mustn't use cpg1.3.1, it contains security flaws. Update at least to cpg1.3.5.
Enable anonymous comments on coppermine's groups page.
Title: Re: Comments
Post by: haghorst on March 22, 2006, 08:13:21 AM
Sow this is what i must do:

Instructions for manual fix:
In init.inc.php:

Replace
Code:
$HTML_SUBST = array('"' => '&quot;', '<' => '&lt;', '>' => '&gt;');

With
Code:
$HTML_SUBST = array('&' => '&amp;', '"' => '&quot;', '<' => '&lt;', '>' => '&gt;', '%26' => '&amp;', '%22' => '&quot;', '%3C' => '&lt;', '%3E' => '&gt;');

Replace
Code:
if (is_array($HTTP_GET_VARS)) {
        foreach ($HTTP_GET_VARS as $key => $value) {
            $HTTP_GET_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

with
Code:
if (is_array($HTTP_GET_VARS)) {
        foreach ($HTTP_GET_VARS as $key => $value) {
            unset($HTTP_GET_VARS[$key]);
            $HTTP_GET_VARS[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

Add
Code:
/**
     * Sanitize $_GET also, as we have used it in many places
     */
    if (is_array($_GET)) {
        foreach ($_GET as $key => $value) {
            unset($_GET[$key]);
            $_GET[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

after
Code:
if (is_array($HTTP_GET_VARS)) {
        foreach ($HTTP_GET_VARS as $key => $value) {
            unset($HTTP_GET_VARS[$key]);
            $HTTP_GET_VARS[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
            if (isset($$key)) unset($$key);
        }
    }

Title: Re: Comments
Post by: Joachim Müller on March 22, 2006, 09:25:53 AM
who said so? How is this related to your issue? We have a "one issue per thread" policy you agreed to respect when signing up.
Title: Re: Comments
Post by: haghorst on March 22, 2006, 10:12:31 AM
OKay,

My problem is only the comments.
I want a box in the bottom with: Guest.
So you don't have to log in.

But i don't know how I must do that.
So you said I must upgrade it to version 1.3.5.
And I don't know how I have to do that.

Maybe this is clearer?

Greats,
Ruud ;) :)

Title: Re: Comments
Post by: haghorst on March 23, 2006, 08:19:31 AM
Nobody...
I realy don't know how to do it  ???
Title: Re: Comments
Post by: Joachim Müller on March 24, 2006, 06:51:13 AM
http://prdownloads.sourceforge.net/coppermine/cpg1.3.5.zip?download
http://coppermine-gallery.net/demo/cpg13x/docs/index.htm#13
Title: Re: Comments
Post by: haghorst on March 24, 2006, 07:18:31 AM
You are my hero  :-* ghehe
Tnx I think I can make it  ;)
Text only | Text with Images