Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Problem with Russian keywords in editpics.php  (Read 1406 times)

0 Members and 1 Guest are viewing this topic.

croft79

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Problem with Russian keywords in editpics.php
« on: August 10, 2017, 04:03:41 pm »

Good day
When I'm uploading file with Russian keywords they are disappearing in editpics.php step and I have only (2016, C,M,Pоза ,,,,,,).  :-\

Samples in attachment
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15639
Re: Problem with Russian keywords in editpics.php
« Reply #1 on: August 18, 2017, 02:39:29 pm »

Please attach a sample file which contain such keywords. I assume this are IPTC keywords?
Logged

croft79

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Problem with Russian keywords in editpics.php
« Reply #2 on: August 18, 2017, 04:26:25 pm »

here it is
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15639
Re: Problem with Russian keywords in editpics.php
« Reply #3 on: August 22, 2017, 02:53:51 pm »

The function strip_IPTC in include/iptc.inc.php is responsible for that (mal)function:
Code: [Select]
$data=htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
This may be reviewed, but it needs to be done carefully to not open any security vulnerabilities.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15639
Re: Problem with Russian keywords in editpics.php
« Reply #4 on: August 23, 2017, 10:28:37 am »

This will fix the issue:
Code: (include/iptc.inc.php) [Select]
$data=htmlentities(strip_tags(trim($data,"\x7f\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim ASCII control characters
I assume it won't have a security impact, but I haven't checked that in detail.
Logged
Pages: [1]   Go Up
 

Page created in 0.014 seconds with 21 queries.