Terry
Thanks for that advice. Just had a quick look at the server I installed gallery on, but luckily no hack attempts.
At
http://www.xatrix.org/article2466.htmlI see these advisories, including a couple of quick fixes for those without the time to immediately update to gallery v1.3.3.
The fix to this problem is very simple. Pursue one of the following
three options:
1. Upgrade to v1.3.3, available now on the Gallery website:
http://gallery.sourceforge.net/download.php-- or --
2. Edit your publish_xp_docs.php and near the top of the file, modify
the code so that this line:
appears after this block:
// Hack prevention.
if (!empty($HTTP_GET_VARS["GALLERY_BASEDIR"]) ||
!empty($HTTP_POST_VARS["GALLERY_BASEDIR"]) ||
!empty($HTTP_COOKIE_VARS["GALLERY_BASEDIR"])) {
print "Security violation\n";
exit;
}
?>
-- or --
3. Delete publish_xp_docs.php. This will secure your system but will
also disable the Windows XP Publishing feature.
Thanks Terry
Regards
Ray Mitchell
7 Replies
1032 Views