Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Security Eror (Error #2049)  (Read 18445 times)

0 Members and 1 Guest are viewing this topic.

kfeger

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Security Eror (Error #2049)
« on: September 30, 2010, 04:17:28 pm »

Greetings from Germany!
I have a problem with Flash-Uploads. My gallery works otherwise just fine and (at least I believe) I have read the documentation.
When I try any number of uploads, I get a security error, which translates to Error #2049 in the debug output. I have know idea how to proceed.

Here's the data:
http://otto-dialin.dyndns.org
user: tester
password: tester

Code: [Select]
Following the debung output:
***********************************************
USER:
------------------
Array
(
    [ID] => 4b882f193dd16d0035e8a20a9b61f472
    [lang] => german
    [liv_a] => Array
        (
            [0] => 1
            [1] => 3
            [2] => 2
        )

    [upload_method] => swfupload
    [liv] => Array
        (
            [0] => 7
        )

    [am] => 1
)

==========================
USER DATA:
------------------
Array
(
    [user_id] => 2
    [user_name] => tester
    [groups] => Array
        (
            [0] => 2
        )

    [disk_max] => 1024
    [disk_min] => 1024
    [can_rate_pictures] => 1
    [can_send_ecards] => 1
    [can_post_comments] => 1
    [can_upload_pictures] => 1
    [can_create_albums] => 1
    [has_admin_access] => 0
    [access_level] => 3
    [pub_upl_need_approval] => 1
    [priv_upl_need_approval] => 0
    [group_name] => Registered
    [group_quota] => 1024
    [can_see_all_albums] => 0
    [group_id] => 2
    [allowed_albums] => Array
        (
        )

)

==========================
Queries:
------------------
Array
(
    [0] => SELECT name, value FROM cpgconfig [include/init.inc.php:181] (7 ms)
    [1] => SELECT * FROM cpgplugins ORDER BY priority [include/plugin_api.inc.php:54] (1 ms)
    [2] => SELECT user_id, time FROM `cpg`.cpgsessions WHERE session_id = '35006bf93af0fcf694f0d52eeba948ec' [bridge/coppermine.inc.php:264] (2 ms)
    [3] => SELECT user_id, user_password FROM `cpg`.cpgusers WHERE user_id = 2 [bridge/coppermine.inc.php:276] (2 ms)
    [4] => SELECT u.user_id AS id, u.user_name AS username, user_password AS password, u.user_group AS group_id FROM `cpg`.cpgusers AS u LEFT JOIN `cpg`.cpgusergroups AS g ON u.user_group=g.group_id WHERE u.user_id='2' [bridge/udb_base.inc.php:70] (2 ms)
    [5] => SELECT user_group_list FROM `cpg`.cpgusers AS u WHERE user_id='2' AND user_group_list <> '' [bridge/coppermine.inc.php:202] (2 ms)
    [6] => SELECT MAX(group_quota) AS disk_max, MIN(group_quota) AS disk_min, MAX(can_rate_pictures) AS can_rate_pictures, MAX(can_send_ecards) AS can_send_ecards, MAX(can_post_comments) AS can_post_comments, MAX(can_upload_pictures) AS can_upload_pictures, MAX(can_create_albums) AS can_create_albums, MAX(has_admin_access) AS has_admin_access, MAX(access_level) AS access_level, MIN(pub_upl_need_approval) AS pub_upl_need_approval, MIN( priv_upl_need_approval) AS  priv_upl_need_approval FROM cpgusergroups WHERE group_id in (2) [bridge/udb_base.inc.php:321] (3 ms)
    [7] => SELECT group_name FROM  cpgusergroups WHERE group_id= 2 [bridge/udb_base.inc.php:325] (2 ms)
    [8] => SELECT aid FROM cpgalbums WHERE moderator_group IN (2) [include/init.inc.php:271] (2 ms)
    [9] => SELECT lang_id FROM cpglanguages WHERE enabled='YES' [include/init.inc.php:329] (3 ms)
    [10] => SELECT user_favpics FROM cpgfavpics WHERE user_id = 2 [include/init.inc.php:387] (1 ms)
    [11] => DELETE FROM cpgbanned WHERE expiry < '2010-09-30 16:04:27' [include/init.inc.php:443] (2 ms)
    [12] => SELECT null FROM cpgbanned WHERE (user_id=2 OR '79.241.219.94' LIKE ip_addr ) AND brute_force=0 LIMIT 1 [include/init.inc.php:459] (2 ms)
    [13] => SELECT aid FROM cpgalbums WHERE (1  AND visibility != 0 AND visibility != 10002 AND visibility NOT IN (2)) [include/functions.inc.php:967] (2 ms)
    [14] => SELECT aid, title, cid, name FROM cpgalbums INNER JOIN cpgcategories ON cid = category WHERE category < 10000 AND ((uploads='YES' AND (visibility = '0' OR visibility IN (2) OR alb_password != '')) OR (owner=2)) [upload.php:575] (3 ms)
    [15] => SELECT aid, title FROM cpgalbums WHERE category = 0 AND ((uploads='YES' AND (visibility = '0' OR visibility IN (2) OR alb_password != '')) OR (owner=2)) [upload.php:577] (3 ms)
    [16] => SELECT aid, title FROM cpgalbums WHERE category='10002' ORDER BY title [upload.php:599] (2 ms)
    [17] => SELECT user_id AS user_id, user_password AS pass_hash FROM `cpg`.cpgusers WHERE user_id = '2' [bridge/udb_base.inc.php:730] (2 ms)
    [18] => SELECT cid, parent, name FROM cpgcategories WHERE 1 [upload.php:247] (2 ms)
)

==========================
GET :
------------------
Array
(
)

==========================
POST :
------------------
Array
(
)

==========================
COOKIE :
------------------
Array
(
    [b1c71d983f5a46013ac2aa29d72c2610] => 0b77e801d239d922e686a9f8e534e93c
    [PHPSESSID] => likqvquboq6ccsad6eltrobo03
    [cpg15x_data] => YTo2OntzOjI6IklEIjtzOjMyOiI0Yjg4MmYxOTNkZDE2ZDAwMzVlOGEyMGE5YjYxZjQ3MiI7czo0OiJsYW5nIjtzOjY6Imdlcm1hbiI7czo1OiJsaXZfYSI7YTozOntpOjA7aToxO2k6MTtpOjM7aToyO2k6Mjt9czoxMzoidXBsb2FkX21ldGhvZCI7czo5OiJzd2Z1cGxvYWQiO3M6MzoibGl2IjthOjE6e2k6MDtzOjE6IjciO31zOjI6ImFtIjtpOjE7fQ==
    [7ac4eaaf1c320cf45461be7b16dea2b7] => ebe33566d135581361978896476bb780
)

==========================
SESSION :
------------------
Array
(
    [php_captcha] => 4422ee706c56c3cec25f0b3a2e73d46e
)

==========================
                ---SWFUpload Instance Info--- Version: 2.2.0 2009-03-25 Movie Name: SWFUpload_0 Settings: upload_url: //cpg/upload.php flash_url: js/swfupload/swfupload.swf?preventswfcaching=1285855474921 use_query_string: false requeue_on_error: false http_success: assume_success_timeout: 0 file_post_name: Filedata post_params: [object Object] file_types: *.* file_types_description: Alle Dateien file_size_limit: 8000 KB file_upload_limit: 0 file_queue_limit: 0 debug: true prevent_swf_caching: true button_placeholder_id: browse_button_place_holder button_placeholder: Not Set button_image_url: //cpg/images/browse_swf.png button_width: 130 button_height: 20 button_text: Durchsuchen... button_text_style: color: #000000; font-size: 16pt; button_text_top_padding: 0 button_text_left_padding: 30 button_action: -110 button_disabled: true custom_settings: [object Object] Event Handlers: swfupload_loaded_handler assigned: true file_dialog_start_handler assigned: false file_queued_handler assigned: true file_queue_error_handler assigned: true upload_start_handler assigned: true upload_progress_handler assigned: true upload_error_handler assigned: true upload_success_handler assigned: true upload_complete_handler assigned: true debug_handler assigned: true SWFUpload.SWFObject Plugin settings: minimum_flash_version: 9.0.28 swfupload_load_failed_handler assigned: true SWF DEBUG: SWFUpload Init Complete SWF DEBUG: SWF DEBUG: ----- SWF DEBUG OUTPUT ---- SWF DEBUG: Build Number: SWFUPLOAD 2.2.0 SWF DEBUG: movieName: SWFUpload_0 SWF DEBUG: Upload URL: //cpg/upload.php SWF DEBUG: File Types String: *.* SWF DEBUG: Parsed File Types: SWF DEBUG: HTTP Success: 0 SWF DEBUG: File Types Description: Alle Dateien (*.*) SWF DEBUG: File Size Limit: 8192000 bytes SWF DEBUG: File Upload Limit: 0 SWF DEBUG: File Queue Limit: 0 SWF DEBUG: Post Params: SWF DEBUG: process=1 SWF DEBUG: user=YToyOntzOjc6InVzZXJfaWQiO3M6MToiMiI7czo5OiJwYXNzX2hhc2giO3M6MzI6ImY1ZDEyNzhlODEwOWVkZDk0ZTFlNDE5N2UwNDg3M2I5Ijt9 SWF DEBUG: ----- END SWF DEBUG OUTPUT ---- SWF DEBUG: Removing Flash functions hooks (this should only run in IE and should prevent memory leaks) SWF DEBUG: Event: fileDialogStart : Browsing files. Multi Select. Allowed file types: *.* SWF DEBUG: Select Handler: Received the files selected from the dialog. Processing the file list... SWF DEBUG: Event: fileQueued : File ID: SWFUpload_0_0 SWF DEBUG: Event: fileDialogComplete : Finished processing selected files. Files selected: 1. Files Queued: 1 SWF DEBUG: StartUpload: First file in queue SWF DEBUG: Event: uploadStart : File ID: SWFUpload_0_0 SWF DEBUG: Global Post Item: album=1 SWF DEBUG: Global Post Item: process=1 SWF DEBUG: Global Post Item: user=YToyOntzOjc6InVzZXJfaWQiO3M6MToiMiI7czo5OiJwYXNzX2hhc2giO3M6MzI6ImY1ZDEyNzhlODEwOWVkZDk0ZTFlNDE5N2UwNDg3M2I5Ijt9 SWF DEBUG: ReturnUploadStart(): File accepted by startUpload event and readied for upload. Starting upload to //cpg/upload.php for File ID: SWFUpload_0_0 SWF DEBUG: Event: uploadError : Security Error : File Number: SWFUpload_0_0. Error text: Error #2049 SWF DEBUG: Event: uploadComplete : Upload cycle complete. Error Code: Security Error, File name: IMG_0044.JPG, Message: Error #2049
« Last Edit: September 30, 2010, 05:47:56 pm by Jeff Bailey »
Logged

Jeff Bailey

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 1322
  • Fishing relaxes me.
    • Bailey Family Co.
Logged
Thinking is the hardest work there is, which is probably the reason why so few engage in it. - Henry Ford

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Security Eror (Error #2049)
« Reply #2 on: September 30, 2010, 07:43:02 pm »

Works for me, too: http://otto-dialin.dyndns.org/cpg/displayimage.php?pid=48

OT: every time I see Hatschepsut's temple I have to think of Serious Sam - The First Encounter :)
Logged

kfeger

  • Coppermine newbie
  • Offline Offline
  • Posts: 2
Re: Security Eror (Error #2049)
« Reply #3 on: September 30, 2010, 07:56:04 pm »

Could it be, that there is a problem when I'm in the same network as the gallery?
otto-dialin.dyndns.org is a dyndns-domain with a changing IP-adress and the server runs in my local network.
BTW: When I put the files on the server into my /albums/uploads dir, there is no problem.
Logged

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15764
Re: Security Eror (Error #2049)
« Reply #4 on: October 01, 2010, 06:25:43 am »

Could it be, that there is a problem when I'm in the same network as the gallery?
I don't think so. It works on my testbed, where server & client is the same machine. I assume your browser or/and your flash player causes the issue. Please try to use another browser and/or update your flash player.
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.