"Invalid action" in admin.php "Invalid action" in admin.php
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

"Invalid action" in admin.php

Started by Tranz, February 19, 2005, 08:42:32 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Tranz

The latest version of admin.php results in:
QuoteInvalid action
instead of the configuration table. Ran cvs update and the update script. When I rolled back admin.php to the previous version, the error went away.

Joachim Müller

make sure you have v1.260 or better of english.php and you should be fine. The reason for the error: Omni has introduced another form creation option for the password encryption option to make it only show up when you're not using bridging, which I removed, as there already is a way to disable options from the config that don't apply for bridged installs. I just have forgotten to commit english.php as well that reflected the change - sorry for that.

Joachim

omniscientdeveloper

#2
The changes you made actually broke the md5 login. The extra statement didn't necessarily pertain to bridging but to whether or not the value was true. If so, it disabled the block. Right now, with your changes, you can actually set the config setting to NO/FALSE which breaks the login, since the value in the database is md5'ed.

Line 708 should also be:


if (UDB_INTEGRATION != 'coppermine' AND in_array($element[1],$options_to_disable) AND $CONFIG['bridge_enable']) $element[2] = 15;


I missed that in the previous version.

[edit]
....You could redo it so it works with the one case statement though, you'll just have to add a check for the config value being parsed, so it doesn't accidentally disable something else.
[/edit]

Tranz

The new english.php file fixed it. However, as omni pointed out, the options for MD5 are there for the user to change after already setting MD5.

omniscientdeveloper

I added the changes that I stated above, without adding the new case statement.