Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Problem with Russian keywords in editpics.php  (Read 4092 times)

0 Members and 1 Guest are viewing this topic.

croft79

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Problem with Russian keywords in editpics.php
« on: August 10, 2017, 04:03:41 pm »

Good day
When I'm uploading file with Russian keywords they are disappearing in editpics.php step and I have only (2016, C,M,Pоза ,,,,,,).  :-\

Samples in attachment
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Problem with Russian keywords in editpics.php
« Reply #1 on: August 18, 2017, 02:39:29 pm »

Please attach a sample file which contain such keywords. I assume this are IPTC keywords?
Logged

croft79

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Problem with Russian keywords in editpics.php
« Reply #2 on: August 18, 2017, 04:26:25 pm »

here it is
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Problem with Russian keywords in editpics.php
« Reply #3 on: August 22, 2017, 02:53:51 pm »

The function strip_IPTC in include/iptc.inc.php is responsible for that (mal)function:
Code: [Select]
$data=htmlentities(strip_tags(trim($data,"\x7f..\xff\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim any nongraphical non-ASCII character:
This may be reviewed, but it needs to be done carefully to not open any security vulnerabilities.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Problem with Russian keywords in editpics.php
« Reply #4 on: August 23, 2017, 10:28:37 am »

This will fix the issue:
Code: (include/iptc.inc.php) [Select]
$data=htmlentities(strip_tags(trim($data,"\x7f\x0..\x1f")),ENT_QUOTES); //sanitize data against sql/html injection; trim ASCII control characters
I assume it won't have a security impact, but I haven't checked that in detail.
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 19 queries.