Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: N.W.F. Regarding [IMG]  (Read 1895 times)

0 Members and 1 Guest are viewing this topic.

stud

  • Coppermine novice
  • *
  • Offline Offline
  • Gender: Male
  • Posts: 22
  • Freelance Photographer
    • CarbonCruisers
N.W.F. Regarding [IMG]
« on: April 11, 2009, 06:44:38 pm »

Hope this is the correct section......

On my site , when I want to have a pic on the main part by using the (http://) nothing is coming up ?
Also , same for any links I put up , you can't click on them

Is this just a simple setting that is not right ??

You can see by going to www.CarbonCruisers.com

WARNING NOT WORK SAFE , 18+ MATERIAL !!!!

Can anyone help ??

Robert
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: N.W.F. Regarding [IMG]
« Reply #1 on: April 11, 2009, 08:49:39 pm »

In the future, read the announcements we make and the docs that come with your copy of coppermine first before asking questions.

In cpg1.4.21, the usage of the bbcode tag [ i m g ] has been disabled because of security reasons. This is being explained in the announcement thread "cpg1.4.21 Security release - upgrade mandatory!":
The release covers a recently discovered vulnerability that allows (if unpatched) a user to launch a CSRF attack (definition) against your website (milw0rm exploit 8114 and 8115).  The vulnerability is due to the processing of the bbcode tags [ i m g ] and [ u r l ].  The attack that can be launched through these tags can be wide-reaching and all gallery administrators must take this seriously.  Since cpg1.4.x is a stable release package, the Coppermine development team could not address this vulnerability without a large change in the way forms are handled.  So the solution is to remove the correct processing of the two bbcode tags, [ i m g ] and [ u r l ].  This is not a final solution but it is necessary to address this serious vulnerability.  The Coppermine dev team is working on a way to handle these bbcode tags and will post here with more information.  You can read information about how these tags are now processed and how to hack in your own solution in the bbcode section of the documentation.
Read the docs section as well that the quoted article refers to.
Logged
Pages: [1]   Go Up
 

Page created in 0.018 seconds with 21 queries.