forum.coppermine-gallery.net

Support => cpg1.5.x Support => cpg1.5 miscellaneous => Topic started by: croft79 on August 10, 2017, 04:03:41 pm

Title: Problem with Russian keywords in editpics.php
Post by: croft79 on August 10, 2017, 04:03:41 pm

Good day
When I'm uploading file with Russian keywords they are disappearing in editpics.php step and I have only (2016, C,M,Pоза ,,,,,,).  :-\

Samples in attachment

Title: Re: Problem with Russian keywords in editpics.php
Post by: Αndré on August 18, 2017, 02:39:29 pm

Please attach a sample file which contain such keywords. I assume this are IPTC keywords?

Title: Re: Problem with Russian keywords in editpics.php
Post by: croft79 on August 18, 2017, 04:26:25 pm

here it is

Title: Re: Problem with Russian keywords in editpics.php
Post by: Αndré on August 22, 2017, 02:53:51 pm

The function strip_IPTC in include/iptc.inc.php is responsible for that (mal)function:

Code: [Select]

$data=htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
This may be reviewed, but it needs to be done carefully to not open any security vulnerabilities.

Title: Re: Problem with Russian keywords in editpics.php
Post by: Αndré on August 23, 2017, 10:28:37 am

This will fix the issue:

Code: (include/iptc.inc.php) [Select]

$data=htmlentities(strip_tags(trim($data,"\x7f\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim ASCII control characters
I assume it won't have a security impact, but I haven't checked that in detail.