Yep, caught me again. The check was too simplistic. I've updated it once again, this time it should catch the problem.

While I was at it, I also closed off another couple of potential holes, where users might have been able to use special shell characters (such as | or >) to do funny stuff.

I didn't bother making this a new version, so if you re-download 3.3, you'll get this fix.

As for omegatron's comment about the security hole being fixable by good permissions, I'd rather have the script do the right thing, as opposed to making the user worry about yet another problem.

Anyway, thanks for pointing out the hole, and keep the feedback coming! (Yeah, even the negative stuff :))

<FONT COLOR="#000000" SIZE="1">[ June 26, 2001 10:17 PM: Message edited by: bobbitt ]</font>

Grrrrrreat!!!

It's fixed....

Failed basic sanity test: Sorry, you can't use a relative path for the album!!!

Cross that one off the list 8)...

Thanks AGAIN!!!

BTW, do you mind if people come up with some pretty attractive sytle templates, and distribute them through you?... Just curious if your interested... 8).. Cuz you'd be the best resource to horde them... 8)..

Glad to hear I finally nailed it.

As for the style sheets, I think it's a great idea. The one provided is about as basic as they come, so something with a little imagination would be pretty cool.

Send 'em along, and I'll start either including them in the .zip or hosting them at the download page.

Thanks

Excellent, I have a whole group of web developers / graphics guys @ my disposal.. I'll hopefully get some up to you by this weekend 8)..

I want to know if I could use this script (modify it slightly) to allow my members to upload a .map file (custom mapping for a fuel injected Suzuki GSX-R)

It is very close to what I need

I also have a gallery script (still beta and buggy) running at my site, you might want to take a look at it here: www.gixxer.com/gallery

I did not say we had to do it by hand. I just pointed out that with the proper permissions set the issue is not a bug. I tried to do it my server would not let me

Nice Hack and if I find anything else I'll let ya know but its shaping up nicely.

Jonny,

You sure can. There's an item in the config file called "imgexts" which is supposed to list the image extensions (jpg, bmp, gif, etc). If you put map in there, it'll allow people to upload only .map files.

Now the catch is that it'll try to "img src" them to display them in a browser, so if that doesn't work for a .map file (which I doubt) then you'd have to change a bit of code. I'm not sure how you'd want to deal with a .map file, probably just download it with a "href" maybe?

At any rate, it's possible, though it would require a bit of customization. BTW, that's a pretty cool gallery you've got there. Might just put me out of business...


omegatron,

Yeah, I agree. If you have everything above your web root as unreadable to your web server process (which is good design) then it's not a problem. But I'd still rather put the "safety features" into the script. It's bloody hard enough to configure as it is!

<FONT COLOR="#000000" SIZE="1">[ June 27, 2001 05:54 AM: Message edited by: bobbitt ]</font>

Yikes! That ../../../ bug is really nasty but at least I got a look at what my hosting provider also has on the system.

p2kay!

Ok, I'm trying to set my focus for the next round of updates. What's your preference for the next release:

• Improved documentation
• Improved installation
• Search capability
• "Jump to" drop box for albums
• Custom header/footer
• Auto thumbnails
• User comments/ratings on photos
• "Page views" for photos
• Something else? (Make your suggestion!)

These are just some of the things floating around in my head, but I'd rather spend my time on what people are going to use. So if you have a preference, let me know!

Thanks

<FONT COLOR="#000000" SIZE="1">[ June 27, 2001 09:56 AM: Message edited by: bobbitt ]</font>

auto thumbnail
members comment ans rating

thanks bobbit

for auto thumbnails you can run Image Magik on your server.


Where abouts in Ottawa are you anyways? I am over in Vancouver

Image Magik eh? I'll have to check that out. Have a link handy?

I'm actually just outside Ottawa, but we've all been amalgamated into one city now... Looks like there are a few of us canucks here...

Anyway, thanks for the info.

Excellent. I'll check it out.

What I don't want though is for people to have to compile and install Image Magick in order to use album.pl. But I'll see what I can come up with...

I just can't get it to run!

I have 4 or more different types of perl scripts running fine, but this one is making me pull my hair out!

500 Internal Server Error is all I get no matter how I try to muck with the .cfg file and permissions.

does it run on Unix?

I have UBB 6.04f running fine.

What am I doing wrong?

<FONT COLOR="#000000" SIZE="1">[ June 29, 2001 01:45 AM: Message edited by: Jonny Bravo ]</font>

I run the script on Windows and UNIX just fine. A few people are seeing this, so I'd love to nail it down.

I have a couple of theories, the most likely of which is that the .cfg and/or .pl files weren't FTP'd in ASCII mode. That would cause some problems, and would likely show itself as a 500 error.

Alternatively, my suspicion is that the .cfg file has been edited by an editor that leaves funny characters.

At any rate, if you have shell access, and can run "perl album.pl" in your cgi-bin directory, that'll give us a more clear error code to work with. Hopefully then I can wrap this up for everyone who's dealing with it.

Thanks!

<FONT COLOR="#000000" SIZE="1">[ June 29, 2001 06:04 AM: Message edited by: Mike Bobbitt ]</font>

well I started all over from scratch, set the dirs the same as per yours, used a plain jane text editor, use AceFTP and set to ASCII mode and got the same results.

Currently I have no shell access to the account.

Anything else I can try?

Darn, that's usually it. It looks like if any lines have leading or training whitespace in the .cfg file, it may cause problems. Including "blank" lines that are a space, instead of being empty.

I'm working on fixing these problem in 3.4, but that doesn't do you much good right now. Plus, since I'm not sure what your specific issue is, I'm not sure I've fixed it...

Johnny these are the exact things I was having problem with. However I have shell access and used that finally since editors dont work. If you want to send me your settings I can make a .cfg file for you?

I think I have it fixed. Just polishing up and will hopefully have something ready for download later tonight.

Cheers

<FONT COLOR="#000000" SIZE="1">[ July 01, 2001 05:21 PM: Message edited by: Mike Bobbitt ]</font>