forum.coppermine-gallery.net
Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: Makc666 on February 01, 2008, 02:17:10 pm
-
After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more...
That's exploitable by people who can rotate an image, ie. registered users with upload rights. Only affects galleries using ImageMagick. Can be mitigated by restricting upload rights/membership to trusted individuals (or using GD2).
Doesn't work on two hosts/servers.
Doesn't work on "clean" 1.4.15 files.
The problem is for the code you added "everywhere" in 1.4.15:
$cmd = escapeshellarg($cmd);
I really can't understand for what you have added this one if the code already has:
$src_file = escapeshellarg($src_file);
$im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));
http://ru2.php.net/escapeshellarg
May be you have to use escapeshellcmd() and not escapeshellarg?
http://ru2.php.net/manual/ru/function.escapeshellcmd.php
-
For example to see thumbnail during upload of files you have to comment second line
$cmd = escapeshellarg($cmd);
in file:
picmgmt.inc.php
in code:
// Method for thumbnails creation
switch ($method) {
case "im" :
if (preg_match("#[A-Z]:|\\\\#Ai", __FILE__)) {
// get the basedir, remove '/include'
$cur_dir = substr(dirname(__FILE__), 0, -8);
$src_file = '"' . $cur_dir . '\\' . strtr($src_file, '/', '\\') . '"';
$im_dest_file = str_replace('%', '%%', ('"' . $cur_dir . '\\' . strtr($dest_file, '/', '\\') . '"'));
} else {
$src_file = escapeshellarg($src_file);
$im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));
}
$output = array();
/*
* Hack for working with ImageMagick on WIndows even if IM is installed in C:\Program Files.
* By Aditya Mooley <aditya@sanisoft.com>
*/
if (eregi("win",$_ENV['OS'])) {
$cmd = "\"".str_replace("\\","/", $CONFIG['impath'])."convert\" -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options
$cmd = escapeshellarg($cmd);
exec ("\"$cmd\"", $output, $retval);
} else {
$cmd = "{$CONFIG['impath']}convert -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options']} -geometry {$destWidth}x{$
$cmd = escapeshellarg($cmd);
exec ($cmd, $output, $retval);
}
-
Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release. ::)
-
Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release. ::)
All functions where code
$cmd = escapeshellarg($cmd);has been added doesn't work any more :-\
-
Fixed in svn (reverted the added escapeshellarg() lines, left the security fix in).
-
Release announcement ready at http://forum.coppermine-gallery.net/index.php?topic=50194.0 with steps for manual fix.
-
Release announcement ready at http://forum.coppermine-gallery.net/index.php?topic=50194.0 with steps for manual fix.
Thanks, Nibbler!
I can't see this one (topic), but I hope it will be available soon :)