Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: uploading html files to cpg 1.3.2  (Read 2400 times)

0 Members and 1 Guest are viewing this topic.

cluckeyo

  • Coppermine newbie
  • Offline Offline
  • Posts: 1
uploading html files to cpg 1.3.2
« on: January 18, 2005, 02:36:51 pm »

I notice i have the option of uploading html files in my gallery.  But when i attempt to upload the file i get an error (unknown mime type)  Can anyone please help with this.  Here is the source code, ty...cluckeyo :)

USER:
------------------
Array
(
    [ID] => 2d3c453bd90c03dcb0679ca48e02624d
    [am] => 1
)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 1
    [user_group] => 1
    [user_active] => YES
    [user_name] => carol
    [user_password] => ********
    [user_lastvisit] => 2005-01-18 07:09:03
    [user_regdate] => 2004-11-05 22:07:11
    [user_group_list] => 2
    [user_email] => caroloconnor@sbcglobal.net
    [user_website] => http://members.ebay.com/ws/eBayISAPI.dll?ViewUserPage&userid=cluckeyo
    [user_location] => Sharp,  Texas
    [user_interests] => Web Design, eBay Stores, My Dog, Gardening, Canning
    [user_occupation] => cluckeyo eBay Store (owner and operator)
    [user_actkey] =>
    [user_favpics] =>
    [disk_max] => 1024
    [disk_min] => 0
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [ufc_max] => 3
    [ufc_min] => 3
    [custom_user_upload] => 1
    [num_file_upload] => 5
    [num_URI_upload] => 3
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [has_admin_access] => 1
    [pub_upl_need_approval] => 0
    [priv_upl_need_approval] => 1
    [group_name] => Administrators
    [upload_form_config] => 3
    [group_quota] => 0
    [can_see_all_albums] => 1
    [group_id] => 1
    [groups] => Array
        (
           
  • => 2
  • [1] => 1
            )

    )

    ==========================
    Queries:
    ------------------
    Array
    (
       
  • => SELECT extension, mime, content FROM cpg_filetypes;
  • [1] => SELECT * FROM cpg_users WHERE user_id='1'AND user_active = 'YES' AND user_password != '' AND BINARY MD5(user_password) = '66ac484afaa8ae39d591c8b46036e29f'
        [2] => SELECT MAX(group_quota) as disk_max, MIN(group_quota) as disk_min, MAX(can_rate_pictures) as can_rate_pictures, MAX(can_send_ecards) as can_send_ecards, MAX(upload_form_config) as ufc_max, MIN(upload_form_config) as ufc_min, MAX(custom_user_upload) as custom_user_upload, MAX(num_file_upload) as num_file_upload, MAX(num_URI_upload) as num_URI_upload, MAX(can_post_comments) as can_post_comments, MAX(can_upload_pictures) as can_upload_pictures, MAX(can_create_albums) as can_create_albums, MAX(has_admin_access) as has_admin_access, MIN(pub_upl_need_approval) as pub_upl_need_approval, MIN( priv_upl_need_approval) as  priv_upl_need_approval FROM cpg_usergroups WHERE group_id in (2,1)
        [3] => SELECT group_name FROM  cpg_usergroups WHERE group_id= 1
        [4] => DELETE FROM cpg_banned WHERE expiry < 1106052093
        [5] => SELECT * FROM cpg_banned WHERE ip_addr='4.253.65.62' OR ip_addr='4.253.65.62' OR user_id=1
        [6] => SELECT extension FROM cpg_filetypes WHERE mime='text/html'
    )

    ==========================
    GET :
    ------------------
    Array
    (
    )

    ==========================
    POST :
    ------------------
    Array
    (
       
[URI_array] => Array
        (
           
        )

    [control] => phase_1
)

==========================
VERSION INFO :
------------------
PHP version: 4.3.10 - OK
------------------
mySQL version: 4.0.22-standard
------------------
Coppermine version: 1.3.2
==========================
Module: gd
------------------
GD Support enabled
GD Version bundled (2.0.28 compatible)
FreeType Support enabled
FreeType Linkage with freetype
GIF Read Support enabled
GIF Create Support enabled
JPG Support enabled
PNG Support enabled
WBMP Support enabled
XBM Support enabled
==========================
Module: mysql
------------------
Active Persistent Links 2
Active Links 3
Client API version 4.0.22
MYSQL_MODULE_TYPE external
MYSQL_SOCKET /var/lib/mysql/mysql.sock
MYSQL_INCLUDE -I/usr/include/mysql
MYSQL_LIBS -L/usr/lib -lmysqlclient 
==========================
Module: zlib
------------------
ZLib Support enabled
Compiled Version 1.1.4
Linked Version 1.1.4
==========================
Server restrictions (safe mode)?
------------------
Directive | Local Value | Master Value
safe_mode | Off | Off
safe_mode_exec_dir | no value | no value
safe_mode_gid | Off | Off
safe_mode_include_dir | no value | no value
safe_mode_exec_dir | no value | no value
sql.safe_mode | Off | Off
disable_functions | no value | no value
file_uploads | On | On
include_path | .:/usr/lib/php:/usr/local/lib/php | .:/usr/lib/php:/usr/local/lib/php
open_basedir | /home/carolo/:/usr/lib/php:/usr/local/lib/php:/tmp | no value
==========================
email
------------------
Directive | Local Value | Master Value
sendmail_from | no value | no value
sendmail_path | /usr/sbin/sendmail -t -i | /usr/sbin/sendmail -t -i
SMTP | localhost | localhost
smtp_port | 25 | 25
==========================
Size and Time
------------------
Directive | Local Value | Master Value
max_execution_time | 30 | 30
max_input_time | -1 | -1
upload_max_filesize | 2M | 2M
post_max_size | 55M | 55M
==========================
Page generated in 0.067 seconds - 7 queries in 0.002 seconds - Album set :
Logged

Casper

  • VIP
  • Coppermine addict
  • ***
  • Country: 00
  • Offline Offline
  • Gender: Male
  • Posts: 5231
Re: uploading html files to cpg 1.3.2
« Reply #1 on: January 18, 2005, 03:25:39 pm »

Coppermine as it comes does not allow html uploads.  You should not be able to upload html, and if you changed the database to allow it, you are taking a huge risk.

You should never allow the upload of any type of file that can be executed in a browser into the gallery, this includes .js and .php files
Logged
It has been a long time now since I did my little bit here, and have done no coding or any other such stuff since. I'm back to being a noob here
Pages: [1]   Go Up
 

Page created in 0.061 seconds with 19 queries.