Advanced search  


cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.

Pages: [1]   Go Down

Author Topic: Upload Bugs and an Enhancement  (Read 4116 times)

0 Members and 1 Guest are viewing this topic.


  • Contributor
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Posts: 55
Upload Bugs and an Enhancement
« on: March 16, 2023, 06:09:06 pm »

My gallery is set up so that it only accepts images up to a certain size in pixel dimensions and file size. If an image is bigger it should be rejected. Uploads have to be approved by an administrator who is emailed when an image is uploaded. I've found a number of bugs in the upload process with the gallery set up this way. Same behaviour with 1.6.21 and 1.6.22.

Iíve included details of these bugs and also an enhancement because it would be really helpful to see them included in a future release of CPG so I donít have to change the code myself in future.
Upload Bug #1
When an image is uploaded using the single image loader, if it's too large the image is added to the users's album in /albums/userpics/100xx but not deleted when it is found to be too large.

The file is deleted in /include/ by the command @unlink($uploaded_pic). Unfortunately the variable $uploaded_pic is undefined at this point and thereís no checking the status of the command so the error is not reported.I fixed it by defining $uploaded_pic as a global in two places:
- in uniload.php
    add code just after:  define('H5U_LOG','h5upload');
    new code:     global $uploaded_pic;

- in /include/
    Replace:  global $lang_errors, $lang_db_input_php;
    with:     global $lang_errors, $lang_db_input_php, $uploaded_pic;

Upload bug #2.
When an upload in the single uploader fails the error message appears as just text on a white screen whereas it should have been included in a standard Coppermine error screen.
See screenshot too-big-error.png

In the code, when the upload fails, uniload.php calls the error_out routine which outputs the error message shown. I fixed it by redirecting back to upload.php with a fatal error code and suitable error message. This also involved editing to pass back an error code of 2 in this case. Itís a messy solution but it works.

Attached: bug2-code.txt
Upload bug #3.
When using the HTML 5 uploader, if the config option is set to notify admins by email, an email is not sent if all uploads are successful. The email only gets sent if one fails to be uploaded because of, for example, an image being too big.

Iíve tried to find out why this is happening. I put a debugger call in \plugins\upload_h5a\upload.js where function H5up_done is called. This works as expected.
In the debugger I stepped into various js calls.
Stepped into: $.post('notifyupload.php'........
Stepped into: \js\jquery-1.12.4.js   

At this point I got lost. Iím unable to proceed due to lack of skill and experience.
I know that notifyupload is not being called because the PHP debugger shows control going straight to editpics.php

For now Iím getting email notification from a hack that I added to uniload.php but the downside is getting an email for each image.
Enhancement #1
An enhancement to the upload. When I get an email to say that a user has uploaded a picture for approval I really want to know the album where theyíve uploaded it because different albums have different deadline dates. In some cases I may need to action the approval quickly, other times not. So I enhanced the part of uniload.php that sends the email to include the category and album names. Iíve included code fragments to show this. I wonít claim itís great code but it works.
Attached: enhancement-1.txt


  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 2026
Re: Upload Bugs and an Enhancement
« Reply #1 on: March 17, 2023, 12:02:37 pm »

Thank you for your feedback and sleuthing out these issues. We'll look into them before the next release (1.6.23).
You should be aware that at our Github Repository you can create Issues for problems that you may find.
Your help is appreciated.


  • Administrator
  • Coppermine addict
  • *****
  • Country: us
  • Offline Offline
  • Posts: 2026
Re: Upload Bugs and an Enhancement
« Reply #2 on: March 20, 2023, 08:07:25 pm »

I was unable to replicate the issue you are having with no admin approval emails when there are no upload errors.
I could, however, see the possibility existing for some systems/browsers.
Could you please use the attached versions of upload.js and upload.min.js to see whether it may correct the issue for you?
(be sure to clear cache)
Pages: [1]   Go Up

Page created in 0.019 seconds with 20 queries.