Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: View image by its full size URL ? [image security issue]  (Read 2966 times)

0 Members and 1 Guest are viewing this topic.

HoundSP

  • Coppermine newbie
  • Offline Offline
  • Posts: 10
View image by its full size URL ? [image security issue]
« on: June 16, 2006, 12:48:37 pm »

Is there any way to prevent users from directly view the images by its full size image URL?
such as http://www.mywebsite.com/gallery/displayimage.php?pid=1&fullsize=1 this will allow ANYONE to view the image wheather they have permission or not.

both .htaccess and control_fullsize mod didnt help to prevent such method.

* Hiding image location is a nice idea but I can't find the specified code in include/function.inc.php (refer to http://forum.coppermine-gallery.net/index.php?topic=3069.0). Is there any other mothod? I tried to search for such topics but mostly found about .htaccess

Im using CPG 1.4.6

Thanks in advance.  :)
« Last Edit: June 16, 2006, 01:00:18 pm by HoundSP »
Logged

Tarique Sani

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 2712
    • http://tariquesani.net
Re: View image by its full size URL ? [image security issue]
« Reply #1 on: June 16, 2006, 01:18:03 pm »

Coppermine Core does not have any code to prevent *only* the fullsize picture from not being shown.
Logged
SANIsoft PHP applications for E Biz

jjhat1

  • Contributor
  • Coppermine newbie
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 17
Re: View image by its full size URL ? [image security issue]
« Reply #2 on: June 16, 2006, 01:22:23 pm »

You can also try a plugin I have written.  It loads the files through a PHP script using the PID and quality requested but uses MD5 to prevent people from just changing the quality or PID number to access another picture.

http://forum.coppermine-gallery.net/index.php?topic=32348.0


Hope this helps...  ;D

If you have any additional request for features related to this plugin it would be appropriate to post them on this board and not the announcement board.
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.