Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: IMG URL Tag in Kategorien funktionieren nicht  (Read 3723 times)

0 Members and 1 Guest are viewing this topic.

tc-one

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
IMG URL Tag in Kategorien funktionieren nicht
« on: August 05, 2011, 10:51:18 pm »

Hallo,
ich habe Probleme festgestellt, beim Einfügen von IMG oder URL Tags in Kategorien.
Bekomme beim Einfügen von (http://url_zum_bild) nur die /images/thumbnails.gif Datei angezeigt, aber nicht das eigentliche Bild.
Beim Einfügen einer Url über irgendeine url nur /images/descending.gif aber keine Möglichkeit hier draufzuklicken, damit sich die Url auch öffnet. Was habe ich hier falsch gemacht?
Logged

Αndré

  • Administrator
  • Coppermine addict
  • ****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15429
Re: IMG URL Tag in Kategorien funktionieren nicht
« Reply #1 on: August 09, 2011, 04:02:36 pm »

Why was cpg1.4.21 released?
The release covers a recently discovered vulnerability that allows (if unpatched) a user to launch a CSRF attack (definition) against your website (milw0rm exploit 8114 and 8115).  The vulnerability is due to the processing of the bbcode tags [ i m g ] and [ u r l ].  The attack that can be launched through these tags can be wide-reaching and all gallery administrators must take this seriously.  Since cpg1.4.x is a stable release package, the Coppermine development team could not address this vulnerability without a large change in the way forms are handled.  So the solution is to remove the correct processing of the two bbcode tags, [ i m g ] and [ u r l ].  This is not a final solution but it is necessary to address this serious vulnerability.  The Coppermine dev team is working on a way to handle these bbcode tags and will post here with more information.  You can read information about how these tags are now processed and how to hack in your own solution in the bbcode section of the documentation.
Upgrading to cpg1.4.21 will result in two features getting disabled: you as admin as well as your registered users and your visitors (guests) will no longer be able to use the bbcode tags [ i m g ] and [ u r l ] in comments or upload descriptions. If you have never used those features, then fine - you won't miss anything. Those who actually have used those bbcode tags need to understand that it's not an option not to upgrade just because you're afraid to lose a feature.

D.h. du solltest ein Upgrade auf cpg1.5.x durchführen, da die besagten BBCode-Tag dort funktionieren und es außerdem keinen Support mehr für cpg1.4.x gibt.
Logged
Pages: [1]   Go Up
 

Page created in 0.015 seconds with 20 queries.