problem in search.inc.php problem in search.inc.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

problem in search.inc.php

Started by Andi, December 12, 2004, 02:46:00 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Andi

December 12, 2004, 02:46:00 PM Last Edit: December 14, 2004, 07:45:06 AM by GauGau
Hi :)

search.inc.php,v 1.12 2004/12/08 19:19:03 nibbler999 Exp

By clicking in the keywordmanager on one of the keywords in keywordlist, the following error occurs:
QuoteFatal error: Cannot use string offset as an array in D:\Localhost\dev-Coppermine\vkpmx\vkpmx\html\modules\Gallery\include\search.inc.php on line 47

I've change this code from:
Code Select
............
$type = " {$_POST['type']} ";

$_POST['params']['pic_hdr_ip']  = $_POST['params']['pic_raw_ip'];

if ($search_string && isset($_POST['params'])) {
$sql = "SELECT * FROM {$CONFIG['TABLE_PICTURES']} WHERE ";
$split_search = explode(' ', $search_string);
..........

to this:
Code Select
.....
$type = " {$_POST['type']} ";

if ($search_string && isset($_POST['params'])) {
$_POST['params']['pic_hdr_ip']  = $_POST['params']['pic_raw_ip'];
$sql = "SELECT * FROM {$CONFIG['TABLE_PICTURES']} WHERE ";
$split_search = explode(' ', $search_string);
......

and it's ok.... ;)
hope, I could help you... :)

Nibbler

#1
December 13, 2004, 02:29:14 PM Last Edit: December 13, 2004, 02:51:57 PM by Nibbler
The keywords system is not compatible with the new search yet.

Edit: should now work as of thumbnails.php v1.23

Joachim Müller

#2
December 14, 2004, 07:44:54 AM
fix confirmed.

Joachim

Joachim Müller

#3
December 17, 2004, 08:57:17 AM
@Nibbler: is there any particular reason (possible security related) to change the search form method from get to post in your advanced search form for cpg1.4.x? I used to post links on my board to URLs that contained a search query (e.g. http://www.mydomain.tld/coppermine/thumbnails.php?album=search&type=full&search=foo+bar) quite often - I find this very helpfull, as I use the keywords to describe who is on the pics. Could the form method be switched back to "get" if there are no security related issues?

Joachim

Nibbler

#4
December 17, 2004, 11:05:08 AM
It should still work with get requests, I just find posts are neater, especially with the increased amount of options being used. The url you posted works on my test gallery, do you get an error with that ?

Joachim Müller

#5
December 17, 2004, 06:19:48 PM
No, the url works fine for me as well - it's just that others won't know how to create such an URL, that's why I'm suggesting to use "GET" instead of post - it's part of search form success stories, e.g. google's.

Joachim
Print
Go Up Pages1
User actions