forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Installation & Setup => Topic started by: haghorst on March 21, 2006, 10:35:26 pm

Title: Comments
Post by: haghorst on March 21, 2006, 10:35:26 pm: Hi,

I have Coppermine Version 1.3.1
And i have also installed version 1.4.4

I saw by version 1.4.4 that you can give comment by the photo's without loggin in.
There is a box with Guest in the bottom.
I want this also on my 1.3.1 version without the risk I lose my photo hits and the comments that are now at the photo's.

Must is make a change in the index.php or something?
I don't know what to do ???

If you can help me,
Thanks
Title: Re: Comments
Post by: Joachim Müller on March 21, 2006, 11:35:05 pm: you mustn't use cpg1.3.1, it contains security flaws. Update at least to cpg1.3.5.
Enable anonymous comments on coppermine's groups page.
Title: Re: Comments
Post by: haghorst on March 22, 2006, 08:13:21 am: Sow this is what i must do:

Instructions for manual fix:
In init.inc.php:

Replace
Code:
$HTML_SUBST = array('"' => '"', '<' => '<', '>' => '>');

With
Code:
$HTML_SUBST = array('&' => '&', '"' => '"', '<' => '<', '>' => '>', '%26' => '&', '%22' => '"', '%3C' => '<', '%3E' => '>');

Replace
Code:
if (is_array($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $key => $value) {
$HTTP_GET_VARS[$key] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}

with
Code:
if (is_array($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $key => $value) {
unset($HTTP_GET_VARS[$key]);
$HTTP_GET_VARS[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}

Add
Code:
/**
* Sanitize $_GET also, as we have used it in many places
*/
if (is_array($_GET)) {
foreach ($_GET as $key => $value) {
unset($_GET[$key]);
$_GET[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}

after
Code:
if (is_array($HTTP_GET_VARS)) {
foreach ($HTTP_GET_VARS as $key => $value) {
unset($HTTP_GET_VARS[$key]);
$HTTP_GET_VARS[strtr(stripslashes($key), $HTML_SUBST)] = strtr(stripslashes($value), $HTML_SUBST);
if (isset($$key)) unset($$key);
}
}
Title: Re: Comments
Post by: Joachim Müller on March 22, 2006, 09:25:53 am: who said so? How is this related to your issue? We have a "one issue per thread" policy you agreed to respect when signing up.
Title: Re: Comments
Post by: haghorst on March 22, 2006, 10:12:31 am: OKay,

My problem is only the comments.
I want a box in the bottom with: Guest.
So you don't have to log in.

But i don't know how I must do that.
So you said I must upgrade it to version 1.3.5.
And I don't know how I have to do that.

Maybe this is clearer?

Greats,
Ruud ;) :)
Title: Re: Comments
Post by: haghorst on March 23, 2006, 08:19:31 am: Nobody...
I realy don't know how to do it ???
Title: Re: Comments
Post by: Joachim Müller on March 24, 2006, 06:51:13 am: http://prdownloads.sourceforge.net/coppermine/cpg1.3.5.zip?download
http://coppermine-gallery.net/demo/cpg13x/docs/index.htm#13
Title: Re: Comments
Post by: haghorst on March 24, 2006, 07:18:31 am: You are my hero :-* ghehe
Tnx I think I can make it ;)