[SEARCHED SOLVED?]]Edit File Information vs Edit Files permissions problem [SEARCHED SOLVED?]]Edit File Information vs Edit Files permissions problem
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

[SEARCHED SOLVED?]]Edit File Information vs Edit Files permissions problem

Started by stardotstar, May 22, 2006, 04:31:07 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

stardotstar

Hi Guys,

I suppose this is a manifestation of a common permission problem - but I have searched and come up blank so far...

I have upgraded a cpg133 bridged to phpBB2.0.17 to cpg145 bridged to 2.0.20 and migrated the groups including the personal galleries.

Interestingly although I was warned that the personal galleries would be lost they were not (and this may be connected with my problem since I always thought this happened whenever upgrades necessitated a fresh bridge sync...  Anyway...

Everything seemd fine for me as admin and registered users and my privledged group (with personal galleries) could all upload from the browser and now with the XP Web Publisher.

Then I got a support request saying that a privledged member could not edit the file information of a file that had previously been uploaded in a batch using the Upload Publisher.

I immedately went in as my privledged test user and was able to confirm the following:

1)  Upload a file OK
2)  Browse gallery to file and select "Edit File Information" --> Edit File Information Page displays correctly.
3)  Edit any of the information of the file...
4)  Select "Apply Modifications" and get the following error message:

Quote
Error
You don't have permission to access this page.

5)  Go to My Gallery
6)  Select Edit Files
7)  Modify details on a file
8)  Apply Modifications - and modifications are saved and applied

Repeating the above process with debug turned on for all users:

Attempting to modify the freshly uploaded file:


Error
You don't have permission to access this page.

File: /var/www/gallery/editOnePic.php - Line: 61


USER:
------------------
Array
(
    [ID] => fd2624af9935a9ddffd6d8ee80d9a96a
    [am] => 1
    [liv] => Array
        (
            [0] => 1395
            [1] => 1396
        )

)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 3
    [user_name] => alltorque
    [groups] => Array
        (
            [0] => 2
            [1] => 1385
            [2] => 899
        )

    [disk_max] => 200000
    [disk_min] => 0
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [ufc_max] => 3
    [ufc_min] => 3
    [custom_user_upload] => 1
    [num_file_upload] => 8
    [num_URI_upload] => 3
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [has_admin_access] => 0
    [pub_upl_need_approval] => 1
    [priv_upl_need_approval] => 0
    [group_name] => Registered
    [upload_form_config] => 3
    [group_quota] => 0
    [can_see_all_albums] => 0
    [group_id] => 2
)

==========================
Queries:
------------------
Array
(
    [0] => SELECT extension, mime, content, player FROM cpg133_filetypes; (0s)
    [1] => select * from cpg133_plugins order by priority asc; (0s)
    [2] => SELECT * FROM cpg133_bridge (0s)
    [3] => SELECT u.user_id AS user_id, u.user_password AS password, u.user_level FROM `archeli_mysql`.phpbb_users AS u, `archeli_mysql`.phpbb_sessions AS s WHERE u.user_id=s.session_user_id AND s.session_id = 'fda55591bf2807cc61ab5dbc6cf4f031' AND u.user_id > 0 (0.001s)
    [4] => SELECT u.user_id AS id, u.username AS username, u.user_password AS password, ug.group_id AS group_id FROM `archeli_mysql`.phpbb_users AS u, `archeli_mysql`.phpbb_user_group AS ug WHERE u.user_id=ug.user_id AND u.user_id='3' (0s)
    [5] => SELECT ug.group_id+100 AS group_id FROM `archeli_mysql`.phpbb_users AS u, `archeli_mysql`.phpbb_user_group AS ug, `archeli_mysql`.phpbb_groups as g WHERE u.user_id=ug.user_id AND u.user_id='3' AND g.group_id = ug.group_id AND  group_single_user = 0 (0s)
    [6] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg133_usergroups WHERE group_id in (2,1385,899) (0s)
    [7] => SELECT group_name FROM  cpg133_usergroups WHERE group_id= 2 (0s)
    [8] => SELECT user_favpics FROM cpg133_favpics WHERE user_id = 3 (0s)
    [9] => DELETE FROM cpg133_banned WHERE expiry < '2006-05-22 11:31:14' (0s)
    [10] => SELECT * FROM cpg133_banned WHERE (ip_addr='60.231.17.255' OR ip_addr='60.231.17.255' OR user_id=3) AND brute_force=0 (0s)
    [11] => SELECT aid FROM cpg133_albums WHERE visibility != '0' AND visibility !='10003' AND visibility NOT IN (2,1385,899) (0s)
    [12] => SELECT p.* FROM cpg133_pictures AS p, cpg133_albums AS a WHERE a.aid = p.aid AND pid = '1396' (0.001s)
)

==========================
GET :
------------------
Array
(
)

==========================
POST :
------------------
Array
(
    [id] => 1396
    [aid] => 116
    [title] => Folding Space
    [filename] => 242_1024.jpg
    [caption] =>
    [keywords] =>
    [user1] =>
    [user2] =>
    [user3] =>
    [user4] =>
    [submitDescription] => Apply modifications
)

==========================
Page generated in 0.078 seconds - 13 queries in 0.002 seconds - Album set : AND aid NOT IN (68,80) ; Meta set: ;



/include/media.functions.inc.php

    * Notice line 56: Undefined index:

/include/functions.inc.php

    * Notice line 1922: Undefined index: url_prefix
    * Notice line 1922: Undefined index:
    * Notice line 1922: Undefined index: filepath
    * Notice line 1923: Undefined index: filename

/editOnePic.php

    * Notice line 37: Undefined index: pwidth
    * Notice line 38: Undefined index: pheight
    * Notice line 47: Undefined index: galleryicon
    * Notice line 54: Undefined variable: delete
    * Notice line 61: Undefined index: category


Again when I change the file properties from the Edit Files button at the gallery level all is well.

What is happening here?

TIA, Will

BTW I have a couple of minor mods, one that provides a download fullsize link at the thumbnail view and the tags plugin for cut and pasting bbcode.

I suspect it is some problem in my directory structure permissions.


UPDATE I found a thread that may solve this for me - I'll report back if so.  Thanks - sorry for the spurious post...
http://forum.coppermine-gallery.net/index.php?topic=29672.0
\x\\\\_

stardotstar

I tried the fix in that thread replacing the category selection from p.* to * and it did not resolve the problem.

I will look at performing the upgrade to 146 tonight but if anyone can identify this problem I would appreciate the feedback.

Will
\x\\\\_

stardotstar

\x\\\\_