Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Edit Files option available to unlogged users- meant to be admin only?  (Read 5433 times)

0 Members and 1 Guest are viewing this topic.

angie03

  • Coppermine newbie
  • Offline Offline
  • Gender: Female
  • Posts: 5

First off, I upgraded my gallery yesterday from 1.4.27 to 1.5.6 -- thereby missing out 1.5.4 altogether -- and ran into problems, but managed to fix them using this thread (http://forum.coppermine-gallery.net/index.php/topic,65521.0.html) but now I've discovered a new error altogether and it's one I've never come across before: unlogged users have the 'edit files' option available to them (my gallery is open & doesn't require registration) but I'm anxious about this error since having this admin option open for all to access could mean my gallery being hacked, for want of a better word.

Example - http://www.amy-acker.org/gallery/index.php?cat=120

I'd appreciate any assistance in this, I've asked around & it seems to be a completely new error so I haven't had much luck trying to fix it. I've looked at config & even phpMyAdmin since I thought it may be a database error since I had database problems with the upgrade yesterday, but I can't find anything. In other news, I also switched off 'count album views' in config but it's still showing in the gallery for some reason... I'm stumped!
Logged

Joe Carver

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1545
  • aka 'i-imagine'
    • Home Page

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764

I'm not sure if it's the same issue as Joe referred to. Please do an upgrade to the latest svn revision if you can and report back if the issue still exists. We've fixed many things since the release of cpg1.5.6 and have to package the next release asap.
Logged

angie03

  • Coppermine newbie
  • Offline Offline
  • Gender: Female
  • Posts: 5

I'm not sure if it's the same issue as Joe referred to. Please do an upgrade to the latest svn revision if you can and report back if the issue still exists. We've fixed many things since the release of cpg1.5.6 and have to package the next release asap.

Thanks for your reply. Did you mean download the latest files (edit_one_pic.php & editpics.php) via the version check page? If so, the 'edit files' error is still showing up for me when unlogged.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764

Please see here and update all files. Don't forget to run update.php after you have replaced all files.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764

Seems that you haven't updated with the latest svn revision. I wasn't able to reproduce the button for guests in my testbed, but committed another fix for editpics.php in r7796. Can you give me the login details of your phpMyAdmin or create a dump with the tables albums, categories, config and usergroups?
Logged

angie03

  • Coppermine newbie
  • Offline Offline
  • Gender: Female
  • Posts: 5

Seems that you haven't updated with the latest svn revision. I wasn't able to reproduce the button for guests in my testbed, but committed another fix for editpics.php in r7796. Can you give me the login details of your phpMyAdmin or create a dump with the tables albums, categories, config and usergroups?

No, I haven't had the chance to do so- been in hospital with my little girl who's 7 weeks old. Can you email me at fansitemail
  • gmail.com to get the login details, please? Don't feel safe giving out the password in public & can't quite remember what a dump means (sleep deprived.) Thanks again.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764

I've sent you my contact details via PM.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Edit Files option available to unlogged users- meant to be admin only?
« Reply #8 on: August 03, 2010, 05:25:43 pm »

Already fixed in svn. Please run
Code: [Select]
UPDATE `cpg1410_albums` SET moderator_group = 0;in your database management tool to fix your issue.
Logged
Pages: [1]   Go Up
 

Page created in 0.038 seconds with 19 queries.