After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more

Started by Makc666, February 01, 2008, 02:17:10 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Makc666

After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more...
Quote from: Nibbler on January 31, 2008, 09:28:24 PM
That's exploitable by people who can rotate an image, ie. registered users with upload rights. Only affects galleries using ImageMagick. Can be mitigated by restricting upload rights/membership to trusted individuals (or using GD2).
Doesn't work on two hosts/servers.
Doesn't work on "clean" 1.4.15 files.

The problem is for the code you added "everywhere" in 1.4.15:
$cmd = escapeshellarg($cmd);

I really can't understand for what you have added this one if the code already has:

$src_file = escapeshellarg($src_file);                                                                             
$im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));


http://ru2.php.net/escapeshellarg

May be you have to use escapeshellcmd() and not escapeshellarg?

http://ru2.php.net/manual/ru/function.escapeshellcmd.php



Makc666

For example to see thumbnail during upload of files you have to comment second line
$cmd = escapeshellarg($cmd);

in file:
picmgmt.inc.php

in code:
    // Method for thumbnails creation                                                                                               
    switch ($method) {                                                                                                             
        case "im" :                                                                                                                 
            if (preg_match("#[A-Z]:|\\\\#Ai", __FILE__)) {                                                                         
                // get the basedir, remove '/include'                                                                               
                $cur_dir = substr(dirname(__FILE__), 0, -8);                                                                       
                $src_file = '"' . $cur_dir . '\\' . strtr($src_file, '/', '\\') . '"';                                             
                $im_dest_file = str_replace('%', '%%', ('"' . $cur_dir . '\\' . strtr($dest_file, '/', '\\') . '"'));               
            } else {                                                                                                               
                $src_file = escapeshellarg($src_file);                                                                             
                $im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));                                                 
            }                                                                                                                       
                                                                                                                                   
            $output = array();                                                                                                     
            /*                                                                                                                     
             * Hack for working with ImageMagick on WIndows even if IM is installed in C:\Program Files.                           
             * By Aditya Mooley <aditya@sanisoft.com>                                                                               
             */                                                                                                                     
            if (eregi("win",$_ENV['OS'])) {                                                                                         
                $cmd = "\"".str_replace("\\","/", $CONFIG['impath'])."convert\" -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options
                $cmd = escapeshellarg($cmd);                                                                                     
                exec ("\"$cmd\"", $output, $retval);                                                                               
            } else {                                                                                                               
                $cmd = "{$CONFIG['impath']}convert -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options']} -geometry {$destWidth}x{$
                $cmd = escapeshellarg($cmd);                                                                                     
                exec ($cmd, $output, $retval);                                                                                     
            }

Nibbler

Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release. ::)

Makc666

Quote from: Nibbler on February 01, 2008, 02:31:52 PM
Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release. ::)
All functions where code
$cmd = escapeshellarg($cmd);
has been added doesn't work any more :-\

Nibbler

Fixed in svn (reverted the added escapeshellarg() lines, left the security fix in).


Makc666