Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: 1 2 [3]   Go Down

Author Topic: Problem resizing or creating thumbnails  (Read 177169 times)

0 Members and 1 Guest are viewing this topic.

flapane

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 251
    • Flavio's page
Re: Problem resizing or creating thumbnails
« Reply #40 on: June 26, 2012, 11:41:22 am »

So I guess they lied for whatever reason. I understand their security concerns, but the fact that it's always been disabled is clearly a lie.
I guess I have to stick to GD as soon as I find another hosting. That's annoying, I'm not satisfied at all with the sharpness of the images produced by GD.

Out of curiosity, do we have any other ways for passing arguments to the shell via PHP? It seems that quite a few hostings around the world disabled escapeshellarg() in the last years.

Andre, thanks for your support.

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15760
Re: Problem resizing or creating thumbnails
« Reply #41 on: June 26, 2012, 11:53:47 am »

do we have any other ways for passing arguments to the shell via PHP?
It's not a matter of how to pass arguments, but how to escape specific characters in arguments. In that particular case it should be save to escape some characters like the single quote and put the whole argument in single quotes (at least that's what I understand what escapeshellarg does) if you're the only person who has permissions to upload pictures to your gallery. Regarding the security issue I found this article, which says that the security flaw has been fixed in PHP 4.3.7.
Logged

flapane

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 251
    • Flavio's page
Re: Problem resizing or creating thumbnails
« Reply #42 on: June 26, 2012, 11:57:30 am »

Who knows, maybe they don't trust of the customers themselves, I guess (customers could launch heavy load processes or whatever).

Αndré

  • Administrator
  • Coppermine addict
  • *****
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 15760
Re: Problem resizing or creating thumbnails
« Reply #43 on: June 26, 2012, 12:18:20 pm »

Then they have to disable the exec function. escapeshellarg seems to be the number one choice for shell arguments what mysql_real_escape_string is for whole MySQL query strings.
Logged

flapane

  • Contributor
  • Coppermine frequent poster
  • ***
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 251
    • Flavio's page
Re: Problem resizing or creating thumbnails
« Reply #44 on: June 26, 2012, 12:31:09 pm »

Bingo. In fact I had to use mysql_real_escape_string in the guestbook I recently wrote for my website in order to avoid injections. I'm gonna tell them, but I suspect that things won't change.
Pages: 1 2 [3]   Go Up
 

Page created in 0.015 seconds with 19 queries.