Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2]   Go Down

Author Topic: Movie download link  (Read 76276 times)

0 Members and 1 Guest are viewing this topic.

mariahxxx

  • Coppermine regular visitor
  • **
  • Offline Offline
  • Posts: 63
Re: Movie download link
« Reply #20 on: February 17, 2008, 03:41:22 pm »

sweet! it works! :)

thank u so much!

xoxo
Mariah
Logged

rassilon

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
Re: Movie download link
« Reply #21 on: May 14, 2008, 05:09:19 am »

I see how to add the "download ..." link for Video and Document but what is a GIF, JPG, PPT or PPTX (MS Office 2007) files and MP3's considered?
Logged

Nibbler

  • Guest
Re: Movie download link
« Reply #22 on: September 02, 2008, 02:31:18 pm »

This plugin is insecure; there is no check on the file that is being requested for download. Anyone using this should disable it.
Logged

Niecher

  • Guest
Re: Movie download link
« Reply #23 on: November 10, 2009, 01:14:00 pm »

Hi Stramm, thanks for this plugin.

is there some method to check the session of users in the file down.php?

If the users are not registered then to redirect them to the page of login and thus to avoid hotlinking.

Thanks.
Logged

Stramm

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 6006
Re: Movie download link
« Reply #24 on: November 10, 2009, 02:16:20 pm »

you shouldn't use this plugin as it is unsecure as Nibbler already pointed out.
I've another version here but not yet prepared it for public use.

It wouldn't be a problem to check for the user being logged in. But that wouldn't protect from hotlinking at all.
Logged
my CPG sandbox: Version 1.4.18 with modpack running my Tentacle theme:
http://stramm.st.funpic.org/

Niecher

  • Guest
Re: Movie download link
« Reply #25 on: November 10, 2009, 03:17:37 pm »

Thanks for your input, Stramm

Excuse me, but i dont know programming in PHP. I was reading about use session_start(), if(isset($_SESSION["variable_session"])){ and I dont understand nothing about this  ;D

Nibbler pointed out that this plugin is insecure to direct download... it means should I remove the plugin?  :o

What is the diferent between direct download:

mydomain.com/gallery/index.php?file=file_download/down&link=albums/uploads/mymusic.mp3

and

mydomain.com/gallery/albums/uploads/mymusic.mp3 <<< (Save as)

With this: index.php?file=file_download/down&link= in htaccess I need rewrite rule for files .php and redirect in hotlinking. But this does not interest to me to do.

I like this plugin, help me please  ::)
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47844
  • aka "GauGau"
    • gaugau.de
Re: Movie download link
« Reply #26 on: November 10, 2009, 04:02:13 pm »

Nibbler pointed out that this plugin is insecure to direct download... it means should I remove the plugin?  :o
Yes, that's what he said:
This plugin is insecure; there is no check on the file that is being requested for download. Anyone using this should disable it.
If you're not a programmer that's fine, but you should take our word then that this plugin is insecure. Malevolent visitors of your site could use the plugin to obtain configuration files on your server that would give them admin access to your server. Anything could happen if you don't heed the advice to get rid of this plugin. That's what we consider "insecure". We're not ready to explain why exactly that is the case if you can't understand what the code does anyway.
Logged

Niecher

  • Guest
Re: Movie download link
« Reply #27 on: November 10, 2009, 04:38:23 pm »

Thanks, Joachim Müller

I take you word and I remove the plugin.

 :'(
Logged

Niecher

  • Guest
Re: Movie download link
« Reply #28 on: November 10, 2009, 04:55:44 pm »

Thanks, Joachim Müller

I take you word and I remove the plugin.

 :'(

Ohhhh, I just understand why is insecure !!!

Then I remove file down.php and index.php?file=file_download/down&link= but I use the rest of plugin for save file as
Logged
Pages: 1 [2]   Go Up
 

Page created in 0.018 seconds with 21 queries.