forum.coppermine-gallery.net
No Support => Announcements => Topic started by: Joachim Müller on August 19, 2005, 08:37:27 am
-
A XSS vulnerability has been found in EXIF data. As Coppermine is capable of displaying EXIF data, everybody who runs coppermine (any version) will have to apply this security fix as soon as possible:
- users running cpg1.3.3 should download the file attached, rename it from "displayimage.txt" to "displayimage.php" and upload it to their webserver into the coppermine root folder, replacing the existing file on the server.
- users running any previous version should upgrade to cpg1.3.4, as there are several other things that have been fixed. If you can't do this now, make sure to fix the vulnerability: Edit displayimage.php with a text editor, find
if (isset($exif) && is_array($exif)) {and replace with if (isset($exif) && is_array($exif)) {
//Sanitize the data - to fix the XSS vulnerability - Aditya
foreach ($exif as $key=>$data) {
$exif[$key] = htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
}Next, find
if (isset($iptc) && is_array($iptc)) {
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (!empty($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (!empty($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
} and replace with
if (isset($iptc) && is_array($iptc)) {
//Sanitize the data - to fix the XSS vulnerability - Aditya
foreach ($iptc as $key=>$data) {
$iptc[$key] = htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
}
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (!empty($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (!empty($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
}
.
Save your edits, then upload the edited file to your webserver, overwriting the exiting one.
- users running the devel version cpg1.4.x: make sure to update all your files from the cvs as suggested in the sticky thread on the cpg1.4 testing/bugs board.
- users running unsupported ports (especially those who run the deprecated nuke ports): we have no idea if the vulnerability exists in your code as well, but you should take a look at it and use the fix if applicable
I will package up a new stable release (cpg1.3.4) that will be available soon. It will contain the fix discussed in this thread.
[edit GauGau]
New package released: a brand new package cpg1.3.4 has been released that contains the above mentioned fix. - Download cpg1.3.4 (http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip?download)
[/edit]
Joachim
[edit]
Fixed the bug described below, uploaded new file and changed the instructions above accordingly. - Aditya
[/edit]
-
Hi,
I replaced displayimage.php with the attached version. Now I get the following error messages:
Warning: implode(): Bad arguments. in /var/www/cpg133/displayimage.php on line 334
Warning: implode(): Bad arguments. in /var/www/cpg133/displayimage.php on line 336
Ralf
-
Had you enabled IPTC info before applying the above file - the line numbers you are saying are not the ones that were changed
[edit]
Yes - you are right bug is a side effect of the security fix :(
[/]edit]
-
Hi,
the new displayimage.php fixed the problem. Thank you!
Ralf
-
Just wanted to check you mean the yellow band that kept coming up with pic info on it? I did wonder and was going to ask, but now this seem to have cured it thanks.
Stock
-
Hi,
First off thanks for the work in releasing a security fix!
Second, how does it affect the beta 1.4?
Thanks
Vuud
-
Grab the latest files from the CVS and you'll be good to go.
-
Grab the latest files from the CVS and you'll be good to go.
Okay!
Thanks
-
If someone does not allow other people to upload files, would this keep the gallery from being vulnerable to this?
-
I'm running XP and am used to 2000 prof. XP doesn't seem to allow extension changes, so how would I change the file from .txt to .php ? Thanks. :)
-
Tools - folder options - view - hide extensions for known file types. Rename away.
-
I have just released the new package cpg1.3.4 that contains above mentioned fix - see the very first posting in this thread.
-
[edit GauGau]
New package released: a brand new package cpg1.3.4 has been released that contains the above mentioned fix. - Download cpg1.3.4 (http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip?download)
[/edit]
Everytime I visit my coppermine gallery a Microsoft Outlook Installer takes place and i cannot understand the reason why, but it really seems some kind of malware.
I tested on several machines and since this thing started this morning (italian time) i suppose it's related to this bug, but even if i upload the new coppermine version (1.3.4) the problem still remains.
I have to say the problem appears ONLY in Coppermine's pages and you can find it here (if you dare...) www.maolu.it/gallery
Could this be related to the XSS vulnerability?
A kind thanks for your work
-
OK solved...
i wasn't able to see the changings 'cause of my workingplace's proxy.
Excuseme everybody
:-[
-
Everytime I visit my coppermine gallery a Microsoft Outlook Installer takes place and i cannot understand the reason why, but it really seems some kind of malware
I'm visiting your gallery and no strange action take place. You are not using exiff data in your picture. so your problems are not related with tihs bug. Check your PC, clear the bowser cache, and try again
claudio
-
maolu has already resolved the issues he/she experienced: it wasn't coppermine acting up, but improper proxy settings. The whole issue is not related to the XSS vulnerability nor the fix, so I'm marking the postings that deal with it as "invalid".
@all: please do only reply to announcement threads like this one if you have something to say that everyone could benefit from (e.g. a broken link or similar). Individual issues you might consider to be related to XSS vulnerabilities should not go into this thread - start a new thread instead on the support board. Help us to keep announcement threads clean and focused on the issues they deal with. If announcement threads drift to much or contain irrelevant information, other users might miss important stuff because of the "background noise". We had to lock most announcement threads soon after they were started because people replied with irrelevant issues. Try not to mess with this thread as well, it'd be a pity if we had to lock it as we had to in the past.
-
Question:
This file [displayimage.php] makes a Coppermine install 1.3.3 into 1.3.4? Or should 1.3.3 users download 1.3.4 release and upgrade? I hope this reply is okay in this thread, if not sorry.
-
- users running cpg1.3.3 should download the file attached, rename it from "displayimage.txt" to "displayimage.php" and upload it to their webserver into the coppermine root folder, replacing the existing file on the server.
-
Yes I read that but I guess what I really wanted to know if I should update my Coppermine to version 1.3.4 [which I assume is stored in the DB].
-
You don't need to do anything with your database. The version number is stored in include/init.inc.php
-
- users running cpg1.3.3 should download the file attached, rename it from "displayimage.txt" to "displayimage.php" and upload it to their webserver into the coppermine root folder, replacing the existing file on the server.
Some of us have heavilu modified the viewimage.php file to meet our needs. If we just make the changes you mentioned (find/replace), would that be ok to fix the problem?
-
viewimage.php: there's no such file in the coppermine distribution afaik, but if you're refering to displayimage.php: yes, it's safe to just do the suggested changes in the code - that's why we posted them.
-
1. Difference between 1.3.3 and 1.3.4 is only that fix??
2. I checked displayimage.php from 1.3.3 archive donwloaded from this site and there is no such block of code as:
if (isset($iptc) && is_array($iptc)) {
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (!empty($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (!empty($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
}
There is block of code:
if (isset($iptc) && is_array($iptc)) {
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (isset($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (isset($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
}
I think that you made a mistake in your first post...
-
1. Difference between 1.3.3 and 1.3.4 is only that fix??
No, minor changes and fixes are made all the time in the cvs. When a new package gets released, those fixes go into the package as well. None of the other fixes are security-related, so I didn't post them. The security fix is not the only difference between cpg1.3.3 and cpg1.3.4
I think that you made a mistake in your first post...
I won't comment this, maybe the dev who took care of the fix wants to. In fact, the lines do the same, there is only a cosmetical issue.
Joachim
-
He He!
@Makc666 - I wouldn't bother about the change between the two code blocks ;)
-
Some error, when replacing those two 'pices' of code (first post)
Parse error: parse error, unexpected T_STRING in /home/XXXXXX/public_html/galleria/displayimage.php on line 310
310 is that Aditya-line
regards
Matti
-
You must have missed a / from that line. Make sure that there are two forward slashes (//) at the begining of the line.
-
Aditya,
I had both '/' but it was something to do with 'spaces'. I copy/pasted the code snippet from forum. And then it gave those string errors.
After tabulating it once more (taking off the 'white space' + adding it by tab)) line after line the string error moved line by line also (310,311..) ... and corrected.
(problem was only in the first snippet). Funny, cause when looking, you can't see any difference. But so it went.
Thank You for Your time Aditya
Matti
-
In this block of code:
if (isset($iptc) && is_array($iptc)) {
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (isset($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (isset($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
}
Find the lines that reference "implode", change the "isset" to "!empty" at the beginning to fix the error you are seeing. I did that for mine and it resolved that error message.
-
Is there an announcement mailing list that is available so that I can be warned that there are problems like this rather than finding it out because I happened to see a post on another website? Either an email list or a rss feed would be great. The Rss feed on sourceforge for announcements doesn't mention this security hole.
-
You can subscribe to the announcments thread if you go to here (http://forum.coppermine-gallery.net/index.php?board=58.0) and then click 'notify'.
-
Hi ! You should probably mention the version change to 1.3.4 in the Changelog. Would have saved me 20 min diffing 1.3.3 and 1.3.4...
edit:
that sounded a bit harsh maybe. i realize you have better things to do than work on 1.3 . Thanks for the great work and all the info on the forum!
-
In this block of code:
if (isset($iptc) && is_array($iptc)) {
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (isset($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (isset($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
}
Find the lines that reference "implode", change the "isset" to "!empty" at the beginning to fix the error you are seeing. I did that for mine and it resolved that error message.
Thanks, this fix worked. Can someone from the dev team confirm that this fix is safe to use? I am not a programmer and don't know what this actually does to the code. Thank you.
-
To fix the issues with arrays use
if (isset($iptc) && is_array($iptc)) {
if (isset($iptc['Title'])) $info[IPTCTITLE] = strip_tags(trim($iptc['Title'],"\x0..\x1f"));
if (isset($iptc['Copyright'])) $info[IPTCCOPYRIGHT] = strip_tags(trim($iptc['Copyright'],"\x0..\x1f"));
if (!empty($iptc['Keywords'])) $info[IPTCKEYWORDS] = strip_tags(trim(implode(' ',$iptc['Keywords']),"\x0..\x1f"));
if (isset($iptc['Category'])) $info[IPTCCATEGORY] = strip_tags(trim($iptc['Category'],"\x0..\x1f"));
if (!empty($iptc['SubCategories'])) $info[IPTCSUBCATEGORIES] = strip_tags(trim(implode(' ',$iptc['SubCategories']),"\x0..\x1f"));
}
This way you don't run the 'one level' foreach() on the array
-
I have version 1.3.3 from Fantastico. Fantastico was provided by my webhost (Voda Host). I upgraded coppermine using the txt file you provided and renamed it.
Since the upgrade I can no longer go into my website for coppermine. It says MySQL too many connection error. What is wrong?
Judy
-
judy,
That error messae has nothing to do with Coppermine and everything to do with your server. These are usually temporary problems that will go away, it's just the number of connections to your host/server's MySQL server is greater than the number allowed. If it happens too frequently, ask your hosting service about it.
Dennis
-
i huv a problm, i just upgrade the cpg but the vulnerability still working, or maybe is another.. dont know, well u can see the web http://www.canalgogo.com/ and the XSS http://www.canalgogo.com/displayimage.php?album=5%20&pos=3%22%3Eblablabla%3C/h1%3E
i have really update? or its another bug?
Thx for answering
-
Yes at first glance, language selector has a potential for XSS atleast in 1.3.x version of CPG.
The problem seems to have been solved in 1.4.x
Immediate recommendation is, do not use language selectors.
We will investigate furthur and post the fix if necessory.
-
Hello, I upgraded my original CPG 1.33 to the CPG 1.34 version available "with the fix" written into it. performed the update.php etc
Initially
Warning: implode(): Bad arguments. in /var/www/cpg133/displayimage.php on line 334
Warning: implode(): Bad arguments. in /var/www/cpg133/displayimage.php on line 336
So I then renamed and replaced the displayimage.php in hopes it would help,this changed the error to:
Warning: implode(): Bad arguments. in /var/www/cpg133/displayimage.php on line 338
Thus, your suggestions are welcome.
-
If it helps, here is the current related code I am using:
if (isset($iptc) && is_array($iptc)) {
//Sanitize the data - to fix the XSS vulnerability - Aditya
foreach ($iptc as $key=>$data) {
$iptc[$key] = htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
}
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (!empty($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (!empty($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
}
-
please use the code from the cvs, stable branch
-
As of 2nite 9/19/05 the ver. 1.3.4 that is up for download DOES NOT contain the fix.
I had to get it from this file....
A XSS vulnerability has been found in EXIF data. As Coppermine is capable of displaying EXIF data, everybody who runs coppermine (any version) will have to apply this security fix as soon as possible:
- users running cpg1.3.3 should download the file attached, rename it from "displayimage.txt" to "displayimage.php" and upload it to their webserver into the coppermine root folder, replacing the existing file on the server.
- users running any previous version should upgrade to cpg1.3.4, as there are several other things that have been fixed. If you can't do this now, make sure to fix the vulnerability: Edit displayimage.php with a text editor, find
if (isset($exif) && is_array($exif)) {and replace with if (isset($exif) && is_array($exif)) {
//Sanitize the data - to fix the XSS vulnerability - Aditya
foreach ($exif as $key=>$data) {
$exif[$key] = htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
}Next, find
if (isset($iptc) && is_array($iptc)) {
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (!empty($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (!empty($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
} and replace with
if (isset($iptc) && is_array($iptc)) {
//Sanitize the data - to fix the XSS vulnerability - Aditya
foreach ($iptc as $key=>$data) {
$iptc[$key] = htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
}
if (isset($iptc['Title'])) $info[$lang_picinfo['iptcTitle']] = trim($iptc['Title']);
if (isset($iptc['Copyright'])) $info[$lang_picinfo['iptcCopyright']] = trim($iptc['Copyright']);
if (!empty($iptc['Keywords'])) $info[$lang_picinfo['iptcKeywords']] = trim(implode(" ",$iptc['Keywords']));
if (isset($iptc['Category'])) $info[$lang_picinfo['iptcCategory']] = trim($iptc['Category']);
if (!empty($iptc['SubCategories'])) $info[$lang_picinfo['iptcSubCategories']] = trim(implode(" ",$iptc['SubCategories']));
}
.
Save your edits, then upload the edited file to your webserver, overwriting the exiting one.
- users running the devel version cpg1.4.x: make sure to update all your files from the cvs as suggested in the sticky thread on the cpg1.4 testing/bugs board.
- users running unsupported ports (especially those who run the deprecated nuke ports): we have no idea if the vulnerability exists in your code as well, but you should take a look at it and use the fix if applicable
I will package up a new stable release (cpg1.3.4) that will be available soon. It will contain the fix discussed in this thread.
[edit GauGau]
New package released: a brand new package cpg1.3.4 has been released that contains the above mentioned fix. - Download cpg1.3.4 (http://prdownloads.sourceforge.net/coppermine/cpg1.3.4.zip?download)
[/edit]
Joachim
[edit]
Fixed the bug described below, uploaded new file and changed the instructions above accordingly. - Aditya
[/edit]
-
it contains another syntax of the fix that does the same, but is cleaner, code-wise. Both versions are safe.
-
No they are not...that's what I'm trying to say. Or maybe it's a problem with your mirrors....
The point is, I upgrade from 1.3.2 to 1.3.4 and I got this error tonight. This is how I ended up in this forum.
it contains another syntax of the fix that does the same, but is cleaner, code-wise. Both versions are safe.
-
Which mirror did you used to download the package?
I downloaded it from http://easynews.dl.sourceforge.net/sourceforge/coppermine/cpg1.3.4.zip and it has the fixes.
Though the fix in the latest stable version is a bit different than what is given in the first post, as GauGau said, both the versions are safe.
-
That link didin't work for me. I used a couple differnet mirrors, this one for instance:
http://internap.dl.sourceforge.net/sourceforge/coppermine/cpg1.3.4.zip
Hey, I'm not trying to accuse anyone of anything, I'm just saying that it ain't working for me. Maybe the "fixes" are a bit different in truth, but the only thing that worked for me is the fix on this page...
Once again like I said, I never knew bout this problem before upgrading to the stable version I downloaded tonight. Or maybe it's my configuration or something, who knows. I'm just trying to help other people not go through the hours I spent trying to fix this. Cuz when I read that the downloaded version was fixed, I was pulling my hair out wondering why it doesn't work.
Maybe you should just stick the fix here in the stable version instead of the "other" fix. Just out of curiousity, what was the "other" fix?
Which mirror did you used to download the package?
I downloaded it from http://easynews.dl.sourceforge.net/sourceforge/coppermine/cpg1.3.4.zip and it has the fixes.
Though the fix in the latest stable version is a bit different than what is given in the first post, as GauGau said, both the versions are safe.
-
I had to manually make the change on lines 334 and 336 and change the isset to isempty....That's the ONLY thing that worked for me.
No they are not...that's what I'm trying to say. Or maybe it's a problem with your mirrors....
The point is, I upgrade from 1.3.2 to 1.3.4 and I got this error tonight. This is how I ended up in this forum.
it contains another syntax of the fix that does the same, but is cleaner, code-wise. Both versions are safe.
-
I had to manually make the change on lines 334 and 336 and change the isset to isempty....That's the ONLY thing that worked for me.
The code which you changed is a part of a fix just to avoid the warning messages which were getting displayed after fixing the XSS vulnerability. The actual fix line 328 to 331 is present in the stable package.
-
Well I'm sorry to say that it's not working. Maybe you need to check it again, but it's not working for me. Maybe it's due to my particular images, who knows. One thing is that I didn't get this error on all my images. I don't know why. And of course I don't get it at all if I turn the IPTC on Jpegs off completely.
Just trying to help here guys....
I had to manually make the change on lines 334 and 336 and change the isset to isempty....That's the ONLY thing that worked for me.
The code which you changed is a part of a fix just to avoid the warning messages which were getting displayed after fixing the XSS vulnerability. The actual fix line 328 to 331 is present in the stable package.
-
Probably fixed the issue check revision 1.15 (should be available within 3 hours)
http://cvs.sourceforge.net/viewcvs.py/coppermine/stable/displayimage.php
-
I've started thread /var/www/cpg134/displayimage.php on line 334 and if I understand this thread right, the problem should be fixed with newest downloads, but I used a download of yesterday. Maybe I had an old version in my cache. It would be good, if there is a md5sum at the website.
With this version I got the error:
b1b10229422583bdad5ca4ff44281ac5 cpg1.3.4.zip
I would like to add, that some exif and IPTC-fields are empty, although the info is in the image. Every Comment contains at the beginning ASCII
-
A few minutes ago I downloaded cpg1.3.4.zip from 3 different locations and md5sum still is b1b10229422583bdad5ca4ff44281ac5, which produces errors here. Does this version work for others or do we have to be patient for a new version? It is not a problem for me if it takes days, if the problem is solved, I want to know only, if I have to wait.
-
I think that you made a mistake in your first post...
I won't comment this, maybe the dev who took care of the fix wants to. In fact, the lines do the same, there is only a cosmetical issue.
Joachim
I think I may have been the dev that changed those two lines to !empty because in working with a specific image I uncovered the fact that isset will return true if its passed a null array. !empty will return false which is the reaction I felt was most appropriate.
-
Hello,
I have fixed displayimage.php but ı have an error when ı clik on photos..
Parse error: parse error, unexpected ......../modules/coppermine/displayimage.php on line 577
Can you Help me???
-
Means that you haven't applied the fix as suggested. You should perform the actual upgrade instead of trying to fix only parts, especially if you don't understand what a parse error is. Don't clutter this thread with individual support requests.