albums uploaded w/ xp publishing wizard not accessible by that user albums uploaded w/ xp publishing wizard not accessible by that user
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

albums uploaded w/ xp publishing wizard not accessible by that user

Started by black_bart, November 16, 2010, 02:00:23 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

black_bart

1. read documentation first

no special parameters apply to using the xp publishing wizard.
this is not a known issue listed in documentation.
errors not listed in documentation.
generic uploading troubleshooting procedures were given, followed. see below.

2. read the faq

nothing found.

3. search the board

nearest thing found was an unrelated login issue with xp_publish.php, http://forum.coppermine-gallery.net/index.php/topic,67070.0.html
updated file linked to in topic, http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.5.x/xp_publish.php?revision=7981
used that to update. did not fix problem.
however the last posting on that topic seems to describe the exact issue I am having. that post remains ignored.

nothing found for modifyalb.php or relevant error in debug mode. see below for explanation

4. read the stickies

this subforum has no stickies.

5. choose the proper board for your posting

the files are uploaded successfully, so it's not an upload issue. see description below for how it is some kind of permission or access issue.

6. use a meaningfull subject line.

you forgot to add use a spellchecker.

7. be detailed

you asked for it...

8. post links

check!

9. add attachments

none

10. one question per thread

check!

11. post publicly

check!

==========
DESCRIPTION
==========

user A creates an account, creates an albums X, Y and Z, uploads pictures with multi-uploader. no problem.

user A uses XP Publishing Wizard to upload pictures to albums X, Y or Z. no problem.

user A uses XP publishing wizard to create an album XPWIZ and uploads pictures to it. this is were the problems begin.

when user A is logged in, his albums X, Y and Z now say 0 pictures, although there are pictures in them. album thumbnails gone. he can access X, Y and Z and view the pictures.

however album XPWIZ is not present. user A does see his files from XPWIZ in 'latest uploads', can click on one to successfully view it, and sees the others from XPWIZ on the filmstrip too.

user A goes to 'modify albums', (user A)XPWIZ is present with the rest in the selection list. select (user A)XPWIZ to modify, next page says "you don't have permission to access this page".

when user A is logged out, or any guest user views the albums, or any user admin/B/C/D/E/etc. is logged in, user A's XPWIZ album is shown, and all albums X/Y/Z/XPWIZ say the correct number of files. all is normal.

==============
TROUBLESHOOTING
==============

fresh install of cpg 1.5.8. no plugins. plugin API=yes (default). theme=curve (default). all users were registered as normal with email validation process. none created by admin. emails on test accounts removed because it's a test account.

using a different browser doesn't make a difference.

user A goes to 'modify albums', (user A)XPWIZ is present in the selection list. select (user A)XPWIZ to modify, next page says "you don't have permission to access this page" no, the address doesn't begin with www as is your program's default. that was changed to http://(domain)....

when (user A)XPWIZ is viewed by admin in "modify albums", same as every other album. is in the correct category. album set to viewed by everybody. go to "edit files", all are marked as approved. in admin/groups, no uploads are set to wait for approval, all groups have "public albums upload"=yes. no extra groups were created beyond the default Administrators, Registered, and Guests. quota set to 51200kb.

file permissions of user images on the server, including from userA's albums A/B/C/XPWIZ, are found to be all the same, so it doesn't matter what the actual value is. folder permissions of /albums, /albums/edit, /albums/userpics/(user#) set to 777, no change.

docs/en/uploading_xp-publisher.htm says " the wizard creates folders named "wpw-YYYYMMDD" (e.g. "wpw-20081026") and uploads the files into that folder". it does not, they are uploaded into /albums/userpics/(user#) and registered in the db as with every other picture. db data has not been examined for discrepancies.

admin/config EnableDebugMode set to "all", induce "modify albums" access error with logged in user A, security log says "Denied privileged access to modifyalb.php by user ...." no such error when going to modify albums X, Y or Z. notice X Y and Z also contain pictures uploaded with XP Publishing Wizard.


roman-forums ddott c0m / photos

userA A123
userB B123

black_bart

scratch that. wording not quite right. your preview feature is broke, resulting in the need for a do-over. your forum does not allow editing. so you get a double post. fix it and this won't happen.

=============================================================================
=============================================================================

1. read documentation first

no special parameters apply to using the xp publishing wizard. this is not a known issue. generic uploading troubleshooting procedures were given, followed. see below.

2. read the faq

nothing found.

3. search the board

nearest thing found was an unrelated login issue with xp_publish.php, http://forum.coppermine-gallery.net/index.php/topic,67070.0.html
updated file linked to in topic, http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.5.x/xp_publish.php?revision=7981
used that to update. did not fix problem.
however the last posting on that topic seems to describe the exact issue I am having. that post remains ignored.

nothing found for amodifyalb.php or relevant error in debug mode. see below for explanation

4. read the stickies

this subforum has no stickies.

5. choose the proper board for your posting

the files are uploaded successfully, so it's not an upload issue. see description below for how it is some kind of permission or access issue.

6. use a meaningfull subject line.

you forgot to add use a spellchecker.

7. be detailed

you asked for it...

8. post links

check!

9. add attachments

none

10. one question per thread

check!

11. post publicly

check!

==========
DESCRIPTION
==========

user A creates an account, creates an albums X, Y and Z, uploads pictures with multi-uploader. no problem.

user A uses XP publishing wizard to create an album XPWIZ and uploads pictures to it. this is were the problems begin.

when user A is logged in, his albums X, Y and Z now say 0 pictures, although there are pictures in them. album thumbnails gone. he can access X, Y and Z and view the pictures.

however album XPWIZ is not present. user A does see his files from XPWIZ in 'latest uploads', can click on one to successfully view it, and sees the others from XPWIZ on the filmstrip too.

user A uses XP Publishing Wizard to upload pictures to albums X, Y or Z. no problem. "# files" of albums X Y and Z are correct again, last uploaded image (uploaded with XP web publisher) is the thumbnail. album XPWIZ still not shown.

user A goes to 'modify albums', (user A)XPWIZ is present with the rest in the selection list. select (user A)XPWIZ to modify, next page says "you don't have permission to access this page".

when user A is logged out, or any guest user views the albums, or any user admin/B/C/D/E/etc. is logged in, user A's XPWIZ album is shown, and all albums X/Y/Z/XPWIZ say the correct number of files. all is normal.

==============
TROUBLESHOOTING
==============

fresh install of cpg 1.5.8. no plugins. plugin API=yes (default). theme=curve (default). all users were registered as normal with email validation process. none created by admin. emails on test accounts removed because it's a test account.

using a different browser doesn't make a difference.

user A goes to 'modify albums', (user A)XPWIZ is present in the selection list. select (user A)XPWIZ to modify, next page says "you don't have permission to access this page" no, the address doesn't begin with www as is your program's default. that was changed to http://(domain)....

when (user A)XPWIZ is viewed by admin in "modify albums", same as every other album. is in the correct category. album set to viewed by everybody. go to "edit files", all are marked as approved. in admin/groups, no uploads are set to wait for approval, all groups have "public albums upload"=yes. no extra groups were created beyond the default Administrators, Registered, and Guests. quota set to 51200kb.

file permissions of user images on the server, including from userA's albums A/B/C/XPWIZ, are found to be all the same, so it doesn't matter what the actual value is. folder permissions of /albums, /albums/edit, /albums/userpics/(user#) set to 777, no change.

docs/en/uploading_xp-publisher.htm says " the wizard creates folders named "wpw-YYYYMMDD" (e.g. "wpw-20081026") and uploads the files into that folder". it does not, they are uploaded into /albums/userpics/(user#) and registered in the db as with every other picture. db data has not been examined for discrepancies.

admin/config EnableDebugMode set to "all", induce "modify albums" access error with user A, security log says "Denied privileged access to modifyalb.php by user ...." no such error when going to modify albums X, Y or Z. notice X Y and Z also contain pictures uploaded with XP Publishing Wizard.

roman-forums ddott c0m / photos

userA A123
userB B123

black_bart

I do notice something of the sort is mentioned in the changelog.txt of the version 1.5.8 I have. it says

2009-08-25 Fixed issue with creating albums in xp publisher with MySQL's strict mode enabled {Nibbler}
2008-02-07 Fixed users not able to go to modifyalb.php when no album is set in super globals {SaWey}

perhaps those are some clues. they were implemented at least as early as 1.5.3. I don't have all the changelogs to look at.
http://blighwood.co.uk/gallery/CHANGELOG.txt

does the updated xp_publish.php from 1.5.9 bring back earlier issues? I can't tell if the xp_publish.php that came with 1.5.8 works because it doesn't log in, known issue. see above.



black_bart

it works. issue resolved.

the files and folders created with xp_publish.php v.7981 remain afflicted. I suppose the only way to remedy those is to delete those folders and redo the uploads, since changing ownership "after the fact" didn't work before it probably won't work now either.

ΑndrĂ©

Quote from: black_bart on November 17, 2010, 01:35:38 AM
I suppose the only way to remedy those is to delete those folders and redo the uploads, since changing ownership "after the fact" didn't work before it probably won't work now either.
You can update the owner manually in the database.