Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: cpg1.4 Testing/Bugs: themes.inc.php  (Read 13104 times)

0 Members and 1 Guest are viewing this topic.

m@rk

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 39
cpg1.4 Testing/Bugs: themes.inc.php
« on: January 21, 2007, 12:22:23 am »

There's obviously a bug in CPG 1.4.10 include\themes.inc.php:

You have to change line 864 from

Code: [Select]
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value="{USER_NAME}" />
to

Code: [Select]
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value={USER_NAME} />
to display the (cookie stored?) guests name in the guest name field (remove the [Anführungszeichen] from value="{USER_NAME}" ...).

with kind regards
« Last Edit: July 02, 2007, 03:50:29 pm by GauGau »
Logged

Nibbler

  • Guest
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #1 on: January 21, 2007, 12:21:01 pm »

I don't understand, how does your change help?
Logged

m@rk

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 39
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #2 on: January 21, 2007, 02:53:06 pm »

The original code produces the following html:

Code: [Select]
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value=""MarcyMarc"" />
The modified code produces:

Code: [Select]
<input type="text" class="textinput" name="msg_author" size="10" maxlength="20" value="MarcyMarc" />
In html source code around line 349, the text value is the point...
Logged

Nibbler

  • Guest
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #3 on: January 21, 2007, 03:09:06 pm »

A better fix is to remove the duplicate quotes being added here:

Code: [Select]
$user_name = isset($USER['name']) ? '"' . strtr($USER['name'], $HTML_SUBST) . '"' : $lang_display_comments['your_name'] . '" onclick="javascript:this.value=\'\';';
Moving to bugs board, thanks for the report.
Logged

m@rk

  • Contributor
  • Coppermine novice
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 39
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #4 on: January 21, 2007, 03:23:57 pm »

Hey Nibbler -

that's exactly what I detected during the last minutes and wanted to post right now  :D

great community!

with kind regards
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #5 on: July 02, 2007, 03:49:32 pm »

Changed
Code: [Select]
$user_name = isset($USER['name']) ? '"' . strtr($USER['name'], $HTML_SUBST) . '"' : $lang_display_comments['your_name'] . '" onclick="javascript:this.value=\'\';';to
Code: [Select]
            if (isset($USER['name'])) {
              $user_name = strtr($USER['name'], $HTML_SUBST);
            } else {
              $lang_display_comments['your_name'];
            }
in include/themes.inc.php and themes/sample/theme.php of svn repositories "cpg1.4.x" and "cpg1.5.x". Will go into cpg1.4.12 and cpg1.5.0. Marking as "fixed".
Logged

Nibbler

  • Guest
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #6 on: July 02, 2007, 04:30:44 pm »

Why? Your code makes no sense.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #7 on: July 04, 2007, 07:47:14 am »

Could you elaborate please?
Logged

Nibbler

  • Guest
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #8 on: July 04, 2007, 05:37:37 pm »

Code: [Select]
$lang_display_comments['your_name'];
Should be

Code: [Select]
$user_name = $lang_display_comments['your_name'];
Otherwise the line does nothing.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: cpg1.4 Testing/Bugs: themes.inc.php
« Reply #9 on: July 05, 2007, 10:50:32 am »

oops, you're of course right :-[. Committed to both branches of the SVN. Will go into cpg1.4.13 and cpg1.5.0.
Logged
Pages: [1]   Go Up
 

Page created in 0.022 seconds with 20 queries.