Topic: Comments (Read 4742 times)

haghorst · « **on:** March 21, 2006, 10:35:26 pm »

Hi,

I have Coppermine Version 1.3.1
And i have also installed version 1.4.4

I saw by version 1.4.4 that you can give comment by the photo's without loggin in.
There is a box with Guest in the bottom.
I want this also on my 1.3.1 version without the risk I lose my photo hits and the comments that are now at the photo's.

Must is make a change in the index.php or something?
I don't know what to do

If you can help me,
Thanks

Joachim Müller · « **Reply #1 on:** March 21, 2006, 11:35:05 pm »

you mustn't use cpg1.3.1, it contains security flaws. Update at least to cpg1.3.5.
Enable anonymous comments on coppermine's groups page.

haghorst · « **Reply #2 on:** March 22, 2006, 08:13:21 am »

Sow this is what i must do:

Instructions for manual fix:
In init.inc.php:

Replace
Code:
$HTML_SUBST = array('"' => '"', '<' => '<', '>' => '>');

With
Code:
$HTML_SUBST = array('&' => '&', '"' => '"', '<' => '<', '>' => '>', '%26' => '&', '%22' => '"', '%3C' => '<', '%3E' => '>');

Replace
Code:
if (is_array($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $key => $value) {
$HTTP_GET_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}

with
Code:
if (is_array($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $key => $value) {
unset($HTTP_GET_VARS[$key]);
$HTTP_GET_VARS[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}

Add
Code:
/**
* Sanitize $_GET also, as we have used it in many places
*/
if (is_array($_GET)) {
foreach ($_GET as $key => $value) {
unset($_GET[$key]);
$_GET[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}

after
Code:
if (is_array($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $key => $value) {
unset($HTTP_GET_VARS[$key]);
$HTTP_GET_VARS[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}

Joachim Müller · « **Reply #3 on:** March 22, 2006, 09:25:53 am »

who said so? How is this related to your issue? We have a "one issue per thread" policy you agreed to respect when signing up.

haghorst · « **Reply #4 on:** March 22, 2006, 10:12:31 am »

OKay,

My problem is only the comments.
I want a box in the bottom with: Guest.
So you don't have to log in.

But i don't know how I must do that.
So you said I must upgrade it to version 1.3.5.
And I don't know how I have to do that.

Maybe this is clearer?

Greats,
Ruud

haghorst · « **Reply #5 on:** March 23, 2006, 08:19:31 am »

Nobody...
I realy don't know how to do it

Joachim Müller · « **Reply #6 on:** March 24, 2006, 06:51:13 am »

http://prdownloads.sourceforge.net/coppermine/cpg1.3.5.zip?download
http://coppermine-gallery.net/demo/cpg13x/docs/index.htm#13

haghorst · « **Reply #7 on:** March 24, 2006, 07:18:31 am »

You are my hero

ghehe
Tnx I think I can make it

News:

Author Topic: Comments (Read 4742 times)

haghorst

Comments

Joachim Müller

Re: Comments

haghorst

Re: Comments

Joachim Müller

Re: Comments

haghorst

Re: Comments

haghorst

Re: Comments

Joachim Müller

Re: Comments

haghorst

Re: Comments