The Coppermine development team is releasing an update for Coppermine in order to fix an issue with the http upload feature. The fix is not security critical, so if your gallery is running fine with cpg1.4.24 you don't need to upgrade. If you are running an older version than cpg1.4.23, you must update to this latest version as soon as possible because of the security impact (the past few releases before cpg1.4.23 all were security related).
How to update:
Users running versions prior to 1.4.25 should update by
downloading the latest version from the
download page and following
the upgrade steps in the documentation.
Manual patch:
For those who want to apply the fix manually to their Coppermine 1.4.24 installation, edit
include/init.inc.php with a plain text editor (notepad.exe is fine), find:
$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger', 'key');
and replace with:
$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', '_FILES', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger', 'key');
Support:
If you have problems with this update, please use the
Update support board. Do not post your issues to this announcement thread - your post will be deleted without notice.
Why was cpg1.4.25 released?The release covers a bug that crept in when fixing the vulnerability that lead to
the release of cpg1.4.23.
Additionally, cpg1.4.25 includes fixes for the following non-security related issues:
- Additional PHP 5.3 compat fix
- Updated Danish language file
- Updated Turkish language file
Thanks to
Nibbler for coming up with the fix.
Thanks,
The Coppermine Team