Security Eror (Error #2049) Security Eror (Error #2049)
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Security Eror (Error #2049)

Started by kfeger, September 30, 2010, 04:17:28 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

kfeger

Greetings from Germany!
I have a problem with Flash-Uploads. My gallery works otherwise just fine and (at least I believe) I have read the documentation.
When I try any number of uploads, I get a security error, which translates to Error #2049 in the debug output. I have know idea how to proceed.

Here's the data:
http://otto-dialin.dyndns.org
user: tester
password: tester

Following the debung output:
***********************************************
USER:
------------------
Array
(
   [ID] => 4b882f193dd16d0035e8a20a9b61f472
   [lang] => german
   [liv_a] => Array
       (
           [0] => 1
           [1] => 3
           [2] => 2
       )

   [upload_method] => swfupload
   [liv] => Array
       (
           [0] => 7
       )

   [am] => 1
)

==========================
USER DATA:
------------------
Array
(
   [user_id] => 2
   [user_name] => tester
   [groups] => Array
       (
           [0] => 2
       )

   [disk_max] => 1024
   [disk_min] => 1024
   [can_rate_pictures] => 1
   [can_send_ecards] => 1
   [can_post_comments] => 1
   [can_upload_pictures] => 1
   [can_create_albums] => 1
   [has_admin_access] => 0
   [access_level] => 3
   [pub_upl_need_approval] => 1
   [priv_upl_need_approval] => 0
   [group_name] => Registered
   [group_quota] => 1024
   [can_see_all_albums] => 0
   [group_id] => 2
   [allowed_albums] => Array
       (
       )

)

==========================
Queries:
------------------
Array
(
   [0] => SELECT name, value FROM cpgconfig [include/init.inc.php:181] (7 ms)
   [1] => SELECT * FROM cpgplugins ORDER BY priority [include/plugin_api.inc.php:54] (1 ms)
   [2] => SELECT user_id, time FROM `cpg`.cpgsessions WHERE session_id = '35006bf93af0fcf694f0d52eeba948ec' [bridge/coppermine.inc.php:264] (2 ms)
   [3] => SELECT user_id, user_password FROM `cpg`.cpgusers WHERE user_id = 2 [bridge/coppermine.inc.php:276] (2 ms)
   [4] => SELECT u.user_id AS id, u.user_name AS username, user_password AS password, u.user_group AS group_id FROM `cpg`.cpgusers AS u LEFT JOIN `cpg`.cpgusergroups AS g ON u.user_group=g.group_id WHERE u.user_id='2' [bridge/udb_base.inc.php:70] (2 ms)
   [5] => SELECT user_group_list FROM `cpg`.cpgusers AS u WHERE user_id='2' AND user_group_list <> '' [bridge/coppermine.inc.php:202] (2 ms)
   [6] => SELECT MAX(group_quota) AS disk_max, MIN(group_quota) AS disk_min, MAX(can_rate_pictures) AS can_rate_pictures, MAX(can_send_ecards) AS can_send_ecards, MAX(can_post_comments) AS can_post_comments, MAX(can_upload_pictures) AS can_upload_pictures, MAX(can_create_albums) AS can_create_albums, MAX(has_admin_access) AS has_admin_access, MAX(access_level) AS access_level, MIN(pub_upl_need_approval) AS pub_upl_need_approval, MIN( priv_upl_need_approval) AS  priv_upl_need_approval FROM cpgusergroups WHERE group_id in (2) [bridge/udb_base.inc.php:321] (3 ms)
   [7] => SELECT group_name FROM  cpgusergroups WHERE group_id= 2 [bridge/udb_base.inc.php:325] (2 ms)
   [8] => SELECT aid FROM cpgalbums WHERE moderator_group IN (2) [include/init.inc.php:271] (2 ms)
   [9] => SELECT lang_id FROM cpglanguages WHERE enabled='YES' [include/init.inc.php:329] (3 ms)
   [10] => SELECT user_favpics FROM cpgfavpics WHERE user_id = 2 [include/init.inc.php:387] (1 ms)
   [11] => DELETE FROM cpgbanned WHERE expiry < '2010-09-30 16:04:27' [include/init.inc.php:443] (2 ms)
   [12] => SELECT null FROM cpgbanned WHERE (user_id=2 OR '79.241.219.94' LIKE ip_addr ) AND brute_force=0 LIMIT 1 [include/init.inc.php:459] (2 ms)
   [13] => SELECT aid FROM cpgalbums WHERE (1  AND visibility != 0 AND visibility != 10002 AND visibility NOT IN (2)) [include/functions.inc.php:967] (2 ms)
   [14] => SELECT aid, title, cid, name FROM cpgalbums INNER JOIN cpgcategories ON cid = category WHERE category < 10000 AND ((uploads='YES' AND (visibility = '0' OR visibility IN (2) OR alb_password != '')) OR (owner=2)) [upload.php:575] (3 ms)
   [15] => SELECT aid, title FROM cpgalbums WHERE category = 0 AND ((uploads='YES' AND (visibility = '0' OR visibility IN (2) OR alb_password != '')) OR (owner=2)) [upload.php:577] (3 ms)
   [16] => SELECT aid, title FROM cpgalbums WHERE category='10002' ORDER BY title [upload.php:599] (2 ms)
   [17] => SELECT user_id AS user_id, user_password AS pass_hash FROM `cpg`.cpgusers WHERE user_id = '2' [bridge/udb_base.inc.php:730] (2 ms)
   [18] => SELECT cid, parent, name FROM cpgcategories WHERE 1 [upload.php:247] (2 ms)
)

==========================
GET :
------------------
Array
(
)

==========================
POST :
------------------
Array
(
)

==========================
COOKIE :
------------------
Array
(
   [b1c71d983f5a46013ac2aa29d72c2610] => 0b77e801d239d922e686a9f8e534e93c
   [PHPSESSID] => likqvquboq6ccsad6eltrobo03
   [cpg15x_data] => YTo2OntzOjI6IklEIjtzOjMyOiI0Yjg4MmYxOTNkZDE2ZDAwMzVlOGEyMGE5YjYxZjQ3MiI7czo0OiJsYW5nIjtzOjY6Imdlcm1hbiI7czo1OiJsaXZfYSI7YTozOntpOjA7aToxO2k6MTtpOjM7aToyO2k6Mjt9czoxMzoidXBsb2FkX21ldGhvZCI7czo5OiJzd2Z1cGxvYWQiO3M6MzoibGl2IjthOjE6e2k6MDtzOjE6IjciO31zOjI6ImFtIjtpOjE7fQ==
   [7ac4eaaf1c320cf45461be7b16dea2b7] => ebe33566d135581361978896476bb780
)

==========================
SESSION :
------------------
Array
(
   [php_captcha] => 4422ee706c56c3cec25f0b3a2e73d46e
)

==========================
               ---SWFUpload Instance Info--- Version: 2.2.0 2009-03-25 Movie Name: SWFUpload_0 Settings: upload_url: //cpg/upload.php flash_url: js/swfupload/swfupload.swf?preventswfcaching=1285855474921 use_query_string: false requeue_on_error: false http_success: assume_success_timeout: 0 file_post_name: Filedata post_params: [object Object] file_types: *.* file_types_description: Alle Dateien file_size_limit: 8000 KB file_upload_limit: 0 file_queue_limit: 0 debug: true prevent_swf_caching: true button_placeholder_id: browse_button_place_holder button_placeholder: Not Set button_image_url: //cpg/images/browse_swf.png button_width: 130 button_height: 20 button_text: Durchsuchen... button_text_style: color: #000000; font-size: 16pt; button_text_top_padding: 0 button_text_left_padding: 30 button_action: -110 button_disabled: true custom_settings: [object Object] Event Handlers: swfupload_loaded_handler assigned: true file_dialog_start_handler assigned: false file_queued_handler assigned: true file_queue_error_handler assigned: true upload_start_handler assigned: true upload_progress_handler assigned: true upload_error_handler assigned: true upload_success_handler assigned: true upload_complete_handler assigned: true debug_handler assigned: true SWFUpload.SWFObject Plugin settings: minimum_flash_version: 9.0.28 swfupload_load_failed_handler assigned: true SWF DEBUG: SWFUpload Init Complete SWF DEBUG: SWF DEBUG: ----- SWF DEBUG OUTPUT ---- SWF DEBUG: Build Number: SWFUPLOAD 2.2.0 SWF DEBUG: movieName: SWFUpload_0 SWF DEBUG: Upload URL: //cpg/upload.php SWF DEBUG: File Types String: *.* SWF DEBUG: Parsed File Types: SWF DEBUG: HTTP Success: 0 SWF DEBUG: File Types Description: Alle Dateien (*.*) SWF DEBUG: File Size Limit: 8192000 bytes SWF DEBUG: File Upload Limit: 0 SWF DEBUG: File Queue Limit: 0 SWF DEBUG: Post Params: SWF DEBUG: process=1 SWF DEBUG: user=YToyOntzOjc6InVzZXJfaWQiO3M6MToiMiI7czo5OiJwYXNzX2hhc2giO3M6MzI6ImY1ZDEyNzhlODEwOWVkZDk0ZTFlNDE5N2UwNDg3M2I5Ijt9 SWF DEBUG: ----- END SWF DEBUG OUTPUT ---- SWF DEBUG: Removing Flash functions hooks (this should only run in IE and should prevent memory leaks) SWF DEBUG: Event: fileDialogStart : Browsing files. Multi Select. Allowed file types: *.* SWF DEBUG: Select Handler: Received the files selected from the dialog. Processing the file list... SWF DEBUG: Event: fileQueued : File ID: SWFUpload_0_0 SWF DEBUG: Event: fileDialogComplete : Finished processing selected files. Files selected: 1. Files Queued: 1 SWF DEBUG: StartUpload: First file in queue SWF DEBUG: Event: uploadStart : File ID: SWFUpload_0_0 SWF DEBUG: Global Post Item: album=1 SWF DEBUG: Global Post Item: process=1 SWF DEBUG: Global Post Item: user=YToyOntzOjc6InVzZXJfaWQiO3M6MToiMiI7czo5OiJwYXNzX2hhc2giO3M6MzI6ImY1ZDEyNzhlODEwOWVkZDk0ZTFlNDE5N2UwNDg3M2I5Ijt9 SWF DEBUG: ReturnUploadStart(): File accepted by startUpload event and readied for upload. Starting upload to //cpg/upload.php for File ID: SWFUpload_0_0 SWF DEBUG: Event: uploadError : Security Error : File Number: SWFUpload_0_0. Error text: Error #2049 SWF DEBUG: Event: uploadComplete : Upload cycle complete. Error Code: Security Error, File name: IMG_0044.JPG, Message: Error #2049

Jeff Bailey

Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford

Αndré

Works for me, too: http://otto-dialin.dyndns.org/cpg/displayimage.php?pid=48

OT: every time I see Hatschepsut's temple I have to think of Serious Sam - The First Encounter :)

kfeger

Could it be, that there is a problem when I'm in the same network as the gallery?
otto-dialin.dyndns.org is a dyndns-domain with a changing IP-adress and the server runs in my local network.
BTW: When I put the files on the server into my /albums/uploads dir, there is no problem.

Αndré

Quote from: kfeger on September 30, 2010, 07:56:04 PM
Could it be, that there is a problem when I'm in the same network as the gallery?
I don't think so. It works on my testbed, where server & client is the same machine. I assume your browser or/and your flash player causes the issue. Please try to use another browser and/or update your flash player.