Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more  (Read 13241 times)

0 Members and 1 Guest are viewing this topic.

Makc666

  • Translator
  • Coppermine addict
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 1614
  • Русский (ISO-8859-1) - Russian - Русский (Windows)
    • Makc's home page

After upgrading from 1.4.14 to 1.4.15 ImageMagick doesn't work for me any more...
That's exploitable by people who can rotate an image, ie. registered users with upload rights. Only affects galleries using ImageMagick. Can be mitigated by restricting upload rights/membership to trusted individuals (or using GD2).
Doesn't work on two hosts/servers.
Doesn't work on "clean" 1.4.15 files.

The problem is for the code you added "everywhere" in 1.4.15:
Code: [Select]
$cmd = escapeshellarg($cmd);
I really can't understand for what you have added this one if the code already has:

Code: [Select]
$src_file = escapeshellarg($src_file);                                                                             
$im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));


http://ru2.php.net/escapeshellarg

May be you have to use escapeshellcmd() and not escapeshellarg?

http://ru2.php.net/manual/ru/function.escapeshellcmd.php


 
« Last Edit: February 01, 2008, 11:40:26 pm by Nibbler »
Logged

Makc666

  • Translator
  • Coppermine addict
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 1614
  • Русский (ISO-8859-1) - Russian - Русский (Windows)
    • Makc's home page

For example to see thumbnail during upload of files you have to comment second line
$cmd = escapeshellarg($cmd);

in file:
picmgmt.inc.php

in code:
Code: [Select]
    // Method for thumbnails creation                                                                                               
    switch ($method) {                                                                                                             
        case "im" :                                                                                                                 
            if (preg_match("#[A-Z]:|\\\\#Ai", __FILE__)) {                                                                         
                // get the basedir, remove '/include'                                                                               
                $cur_dir = substr(dirname(__FILE__), 0, -8);                                                                       
                $src_file = '"' . $cur_dir . '\\' . strtr($src_file, '/', '\\') . '"';                                             
                $im_dest_file = str_replace('%', '%%', ('"' . $cur_dir . '\\' . strtr($dest_file, '/', '\\') . '"'));               
            } else {                                                                                                               
                $src_file = escapeshellarg($src_file);                                                                             
                $im_dest_file = str_replace('%', '%%', escapeshellarg($dest_file));                                                 
            }                                                                                                                       
                                                                                                                                   
            $output = array();                                                                                                     
            /*                                                                                                                     
             * Hack for working with ImageMagick on WIndows even if IM is installed in C:\Program Files.                           
             * By Aditya Mooley <aditya@sanisoft.com>                                                                               
             */                                                                                                                     
            if (eregi("win",$_ENV['OS'])) {                                                                                         
                $cmd = "\"".str_replace("\\","/", $CONFIG['impath'])."convert\" -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options
                $cmd = escapeshellarg($cmd);                                                                                     
                exec ("\"$cmd\"", $output, $retval);                                                                               
            } else {                                                                                                               
                $cmd = "{$CONFIG['impath']}convert -quality {$CONFIG['jpeg_qual']} {$CONFIG['im_options']} -geometry {$destWidth}x{$
                $cmd = escapeshellarg($cmd);                                                                                     
                exec ($cmd, $output, $retval);                                                                                     
            }
Logged

Nibbler

  • Guest

Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release. ::)
Logged

Makc666

  • Translator
  • Coppermine addict
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 1614
  • Русский (ISO-8859-1) - Russian - Русский (Windows)
    • Makc's home page

Correct. This is not how you use escapeshellarg(). It should be applied to the arguments not the entire command line. Looks like we need a new release. ::)
All functions where code
Code: [Select]
$cmd = escapeshellarg($cmd);has been added doesn't work any more :-\
« Last Edit: February 01, 2008, 02:43:12 pm by Makc666 »
Logged

Nibbler

  • Guest

Fixed in svn (reverted the added escapeshellarg() lines, left the security fix in).
Logged

Nibbler

  • Guest

Release announcement ready at http://forum.coppermine-gallery.net/index.php?topic=50194.0 with steps for manual fix.
Logged

Makc666

  • Translator
  • Coppermine addict
  • **
  • Offline Offline
  • Gender: Male
  • Posts: 1614
  • Русский (ISO-8859-1) - Russian - Русский (Windows)
    • Makc's home page

Release announcement ready at http://forum.coppermine-gallery.net/index.php?topic=50194.0 with steps for manual fix.
Thanks, Nibbler!
I can't see this one (topic), but I hope it will be available soon :)
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 19 queries.