The Coppermine development team is releasing an update for Coppermine in order to fix an endless loop that could occur in particular versions of PHP.The fix is not security-critical, so if your gallery is running fine with cpg1.4.23 you don't need to upgrade. If you are running an older version than cpg1.4.23, you must update to this latest version as soon as possible because of the security impact (the past few maintenance releases before cpg1.4.24 all were security-related).
The fix that lead to the release of cpg1.4.24 takes care of the blank pages or 500 internal server errors that some users reported after upgrading to cpg1.4.23 or after performing a fresh install. It seems that all users who reported the issues are using PHP 4.3.x - other versions of PHP don't seem to be affected.
How to update:
Users running versions prior to 1.4.24 should update by
downloading the latest version cpg1.4.24 from the
download page and following
the upgrade steps in the documentation.
Manual patch:
For those who want to apply the fix manually to their cpg1.4.23 Coppermine installation, edit include/init.inc.php with a plain text editor (notepad.exe is fine), find
$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger');
and replace with
$keysToSkip = array('_POST', '_GET', '_COOKIE', '_REQUEST', '_SERVER', 'HTML_SUBST', 'keysToSkip', 'register_globals_flag', 'cpgdebugger', 'key');
To make this absolutely clear: this will only fix the endless loop that lead to the release of cpg1.4.24 - this fix will not be enough if you are running an older version than cpg1.4.23. If you
are running an older version, don't apply the manual fix, but perform the full upgrade as suggested above.
Support:
If you have problems with this update, please use the
Update support board. Do
not post your issues to this announcement thread. You wouldn't want the world to know that you behaved like a moron, so please do think twice before replying to this thread. Do not reply with questions on your individual issues!
Why was cpg1.4.24 released?The release covers a bug that crept in when fixing the vulnerability that lead to
the release of cpg1.4.23.
Additionally, cpg1.4.24 includes fixes for the following non-security related issues:
- Added 'svn' to the list of foldernames to skip during batch-add
- Fixing duplicates during batch-add
- Removed deprecated target attributes
- Replaced reference to coppermine.sf.net with currenty URL coppermine-gallery.net
- Updated Russian language file
- Added line breaks for meta navigation
- Backported browser and client OS detection function from cpg1.5.x for granular stats
- Added code for correct keyword separation in keyword meta tag
- Updated Georgian language file
- Updated Finnish language file
- Updated Italian language file
Thanks to
Nibbler for coming up with the fix.
Thanks,
The Coppermine Team