Text only | Text with Images

coppermine-gallery.com/forum

Support => cpg1.4.x Support => Older/other versions => cpg1.4 upgrading => Topic started by: fotografi on August 06, 2008, 01:01:04 PM

Title: [Solved]: About the new security release
Post by: fotografi on August 06, 2008, 01:01:04 PM
First I want to thank the team for the great job.
The problem for me is that I can not for the moment upgrade the whole functions.inc.php file because I did a lot of changes there.
Is possible to have only the lines of code to change in this file? I mean something step by step, like replace this with these.

Regards.
Title: Re: About the new security release
Post by: Abbas Ali on August 06, 2008, 01:29:40 PM
In functions.inc.php [function user_get_profile]

Replace

Code Select

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
                $USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
        }


with

Code Select

        if (isset($_COOKIE[$CONFIG['cookie_name'].'_data'])) {
                $USER = @unserialize(@base64_decode($_COOKIE[$CONFIG['cookie_name'].'_data']));
                $USER['lang'] = strtr($USER['lang'], '$/\\:*?"\'<>|`', '____________');
        }


That is the only security related change in that file.
Title: Re: About the new security release
Post by: fotografi on August 06, 2008, 02:38:42 PM
Thank you Sir.

Regards
Title: Re: [Solved]: About the new security release
Post by: Joachim Müller on August 06, 2008, 07:57:02 PM
For reference: the subject "About the new security release" is a bit vague. It should read "About the security release cpg1.4.19".

You could have used a diff viewer like WinMerge (http://forum.coppermine-gallery.net/index.php/topic,31423.msg229891.html#msg229891) to figure out the changes
Text only | Text with Images