Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Allen Rapini on August 02, 2002, 07:08:26 AM
-
This is NOT an e-smith bug, but there is a recently reported flaw in the Gallery .php scripting that can result in what seems to be a serious exploit. Info, and several different types of fixes for it are availible at the below link. They only take a minute to apply.
http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&mode=thread&order=0&thold=0
The above link is all one line, but I never know how they will actually display when posted. If you like you can just go to http://gallery.menalto.com and see the front page for more info.
-
A big THANK YOU for pointing this out! I'd've not gotten around to looking at Gallery for awhile as I'd recently updated to 1.3 and was quite happy. Nice work!
-
Thanks for the pointer--I've updated my HOWTO to refer to version 1.3.1 of Gallery, which is supposed to fix this hole.
-
Dan,
As always, thanks for your How-To's. Figured I'd go whole hog and clean install sme 5.5 and gallery 1.3.1 .
Item of interest... gallery 1.3.1 does not work with SME 5.5. Images dont get displayed. they seem to get generated OK ( looking at the status sheet during file import ). For some reason thumbs and gallery images only display as a black box.
Still looking into this isuue :) Hope to find it soon.
-
JL, I think I've got it taken care of, though all I've done is update the required RPMs. Take a look at http://www.familybrown.org/howtos/gallery-howto-sme55.html and let me know how to get on.
-
I found out that "your" gallery conflicts with myPHPnuke's egallery :)
Neither one worked... so I backed out "your" gallery and all of a sudden myPHPnuke's egallery started working again. T'was a weird thing %-). So... off to prove my point, i reinstalled from scratch, three times, installed myPHPnuke and found it's egallery to work fine. Installed gallery 1.3.1 per your new and old instructions, and both went to @#$%.
Looks like something to do with the gallery package and not jhead or the 3rpm's you called out.
Thanks for the help and quick response! As always, I appreciate your work. Have a virtual beer on me :)