Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: 1 [2]   Go Down

Author Topic: Registration, critical error  (Read 13537 times)

0 Members and 1 Guest are viewing this topic.

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Registration, critical error
« Reply #20 on: March 20, 2013, 05:53:01 pm »

I had no luck with the server host unfortunately André. Their reply was as follows:
Quote
I am not aware of any server changes that would have affected this function, and we have not had any similar reports of problems with this function from other users on that shared server. If it does not affect site functionality or security in anyway, I would suggest you stick with the alternate approach that was show to work in the support thread while you are establishing if there is a cause in the application for this.
Reading the link referenced at http://stackoverflow.com/questions/7803522/mysql-real-escape-string-works-in-localhost-but-not-on-webserver I am wondering if you would need to make sure you are opening the database connection prior to calling the 'mysql_real_escape_string'. You might want to check if you
are connecting via localhost or by the external IP. If you are using the external IP, maybe switching to localhost might make a difference?

Any idea where I can get help to fix this please?
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Registration, critical error
« Reply #21 on: March 20, 2013, 07:34:52 pm »

Coppermine is already connected to the database at this point, so I don't think it will solve your issue. But you could try to add $CONFIG['LINK_ID'] as link_identifier to the mysql_real_escape_string function in include/inspekt.php. This means, find
Code: [Select]
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));and replace with
Code: [Select]
            global $CONFIG;
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);
(untested).
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Re: Registration, critical error
« Reply #22 on: March 20, 2013, 07:51:04 pm »

Coppermine is already connected to the database at this point, so I don't think it will solve your issue. But you could try to add $CONFIG['LINK_ID'] as link_identifier to the mysql_real_escape_string function in include/inspekt.php. This means, find
Code: [Select]
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));and replace with
Code: [Select]
            global $CONFIG;
            return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);
(untested).

Αndré, thank you so much, this did in fact solve the problem and all seems well now.
Again, thank you very much for your time.
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Registration, critical error
« Reply #23 on: March 20, 2013, 07:57:23 pm »

It seems that you're the first problem facing this issue. However, as I don't think it will harm anything, this change will probably be a part of the next release of cpg1.5.x.
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Re: Registration, critical error
« Reply #24 on: March 20, 2013, 07:59:31 pm »

It seems that you're the first problem facing this issue. However, as I don't think it will harm anything, this change will probably be a part of the next release of cpg1.5.x.

I'm glad to hear that if nothing else I manage to uncover a possible bug :)

If possible, would you be able to remove my directory name (between /home/ and public_html/) from my previous post please?
http://forum.coppermine-gallery.net/index.php/topic,76112.msg367364.html#msg367364

Thank you
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Registration, critical error
« Reply #25 on: March 20, 2013, 08:02:40 pm »

Path removed.
Logged

cyberdyne2

  • Coppermine regular visitor
  • **
  • Country: gb
  • Offline Offline
  • Posts: 75
Re: Re: Registration, critical error
« Reply #26 on: March 20, 2013, 08:03:55 pm »

Path removed.

Thank you André, have a good reast of the week ;)
Logged
v.1.5.22

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Registration, critical error
« Reply #27 on: April 10, 2013, 01:37:07 pm »

Committed fix in SVN revision 8550.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Registration, critical error
« Reply #28 on: May 22, 2013, 01:23:32 pm »

As the above change breaks the installer for me, I replaced the code with
Code: [Select]
            global $CONFIG;
            if ($CONFIG['LINK_ID']) {
                return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']);
            } else {
                return mysql_real_escape_string(htmlspecialchars($value, ENT_QUOTES));
            }
in SVN revision 8573.
Logged
Pages: 1 [2]   Go Up
 

Page created in 0.019 seconds with 20 queries.