Advanced search  

News:

cpg1.5.46 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter recently discovered vulnerabilities. It is important that all users who run version cpg1.5.44 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Problem with Russian keywords in editpics.php  (Read 404 times)

0 Members and 1 Guest are viewing this topic.

croft79

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Problem with Russian keywords in editpics.php
« on: August 10, 2017, 04:03:41 pm »

Good day
When I'm uploading file with Russian keywords they are disappearing in editpics.php step and I have only (2016, C,M,Pоза ,,,,,,).  :-\

Samples in attachment
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Problem with Russian keywords in editpics.php
« Reply #1 on: August 18, 2017, 02:39:29 pm »

Please attach a sample file which contain such keywords. I assume this are IPTC keywords?
Logged

croft79

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Problem with Russian keywords in editpics.php
« Reply #2 on: August 18, 2017, 04:26:25 pm »

here it is
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Problem with Russian keywords in editpics.php
« Reply #3 on: August 22, 2017, 02:53:51 pm »

The function strip_IPTC in include/iptc.inc.php is responsible for that (mal)function:
Code: [Select]
$data=htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
This may be reviewed, but it needs to be done carefully to not open any security vulnerabilities.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15369
Re: Problem with Russian keywords in editpics.php
« Reply #4 on: August 23, 2017, 10:28:37 am »

This will fix the issue:
Code: (include/iptc.inc.php) [Select]
$data=htmlentities(strip_tags(trim($data,"\x7f\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim ASCII control characters
I assume it won't have a security impact, but I haven't checked that in detail.
Logged
Pages: [1]   Go Up
 

Page created in 0.014 seconds with 20 queries.