Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: small security problem in anycontent.php  (Read 5560 times)

0 Members and 1 Guest are viewing this topic.

Andi

  • VIP
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 85
  • Join the Future
    • www.pragmamx.org
small security problem in anycontent.php
« on: December 12, 2004, 07:18:45 pm »
Hi :)

if you open the file anycontent.php directly, the following message appears:

Quote
Fatal error: Call to undefined function starttable() in xxx\anycontent.php on line 32

Version:
anycontent.php,v 1.10 2004/09/25 19:09:40 caspershadow
« Last Edit: December 14, 2004, 07:48:56 am by GauGau »
Logged
hope, I could help you... :)

Casper

  • VIP
  • Coppermine addict
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 5231
Re: small security problem in anycontent.php
« Reply #1 on: December 12, 2004, 08:15:33 pm »
Yes, but anycontent.php is not designed to be called directly.  It works fine when used as designed.

How is this a security problem?


Logged
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here

Andi

  • VIP
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 85
  • Join the Future
    • www.pragmamx.org
Re: small security problem in anycontent.php
« Reply #2 on: December 12, 2004, 08:19:15 pm »
Quote
How is this a security problem?

Hi :)

so called "full path disclosure"
Logged
hope, I could help you... :)

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: small security problem in anycontent.php
« Reply #3 on: December 12, 2004, 08:40:22 pm »
Fixed easily enough with
Code: [Select]
if (!defined('IN_COPPERMINE')) die('Not in Coppermine...');
« Last Edit: December 12, 2004, 08:49:13 pm by kegobeer »
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: small security problem in anycontent.php
« Reply #4 on: December 14, 2004, 07:48:41 am »
committed to devel branch.

Joachim
Logged
Pages: [1]   Go Up
« previous next »
 

Page created in 0.018 seconds with 18 queries.