Not signed in (Sign In)

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

Help keep Vanilla free:
Welcome Guest!
Want to take part in these discussions? If you have an account, sign in now.
If you don't have an account, apply for one now.

Random: Inline Images 1.2

Bottom of Page

1 to 20 of 20

  1.  
    •  
      CommentAuthor[-Stash-]
    • CommentTimeDec 20th 2006
     # 1
    I just updated from Inline Images 1.1 (which was working fine) to 1.2 and now all I get is the ALT attribute showing from the image tag. The HTML code is all there, the image is in the directory still, but for whatever reason the image won't show up on the page.

    I also updated to Attachments 2.1 at the same time, but this appears to be working correctly, as when I disable II1.2 the pictures show up as a list at the bottom as expected.

    Any ideas as to what I've got wrong on the upgrade? I just deactivated the extension, deleted the directory via FTP, uploaded the new one and then reactivated it.
    •  
      CommentAuthorTiggr
    • CommentTimeDec 20th 2006
     # 2
    Same for me!

    Changed back to image.php from 1.1!
    •  
      CommentAuthorTiggr
    • CommentTimeDec 20th 2006
     # 3
    Hi again!

    Played a bit, it is the security fix

    if (!defined('IN_VANILLA')) exit();


    which kills the inline images!
    •  
      CommentAuthor[-Stash-]
    • CommentTimeDec 21st 2006
     # 4
    Groovy! Or not... what's the solution Jazzman/Mark, as I thought this part was needed yet is breaking things?
    • CommentAuthoremilime
    • CommentTimeDec 21st 2006
     # 5
    •  
      CommentAuthorTiggr
    • CommentTimeDec 21st 2006
     # 6
    Thank you emilime!

    I'm citing you from the other thread:

    UPDATE: well I think I've just found the error: the new constant IN_VANILLA is defined in appg/settings.php but the test if (!defined('IN_VANILLA')) exit(); in image.php is before the include of settings.php so IN_VANILLA is never defined and the script always exits.
    Just move the test after include('../../appg/settings.php');
    and everything works fine


    That's it!

    Thank you very much!
    •  
      CommentAuthor[-Stash-]
    • CommentTimeDec 21st 2006
     # 7
    <disclaimer>I suck at PHP and security</disclaimer>
    Wouldn't what you've just done pretty much negate the whole security fix?
    •  
      CommentAuthor[-Stash-]
    • CommentTimeDec 23rd 2006
     # 8
    Anyone care to comment on whether or not this breaks the security fix?
  9.  # 9
    Err...How come this extension has to include the settings file anyway? Jazzman is no fool so I'm sure there's a reason but it seems a bit odd...?
    •  
      CommentAuthorWallPhone
    • CommentTimeDec 23rd 2006
     # 10
    Stash: You should be fine to move it. Since the include path is relative, there is no possibility that an attacker could insert a foreign URL in the include.

    Good:
    include('../../appg/settings.php');

    Bad (if used without the IN_VANILLA check):
    include($configuration['APPLICATION_PATH'].'settings.php');'
    •  
      CommentAuthor[-Stash-]
    • CommentTimeDec 23rd 2006
     # 11
    Thanks WallPhone. So if relative paths are used you don't "need" the fix?
    •  
      CommentAuthorWallPhone
    • CommentTimeDec 23rd 2006
     # 12
    yep. Vunerability is caused by an attacker forcing the configuration variable to something unintended, such as to point to a file on his server that may contain some malitious code.

    Reltive paths are by definition relitive to their own server instead of some foreign srever.
    •  
      CommentAuthor[-Stash-]
    • CommentTimeDec 24th 2006
     # 13
    Thanks for explaining WallPhone. Has anyone notified Jazzman about this fix to his extension then?
    • CommentAuthorherozup
    • CommentTimeJan 4th 2007
     # 14
    Thanks for this!!
  15.  # 15
    I've sent him a sticky whisper so hopefully he'll drop by and check it out next time he's available.
    •  
      CommentAuthorJazzman
    • CommentTimeJan 8th 2007
     # 16
    Hey guys! Sorry for the late response! I switched to another internet provider, which resulted in 3 weeks without internet :) And with the Holidays, I had no access to internet at work!! The horror... the pain...!! :D

    I will take a look as soon as I have time.
    •  
      CommentAuthorCassini
    • CommentTimeMay 20th 2008
     # 17
    wasup here?
    not fixed. I wonder what you talk here......

    there is no line
    if (!defined('IN_VANILLA')) exit();
    in image.php

    What are yall talking about??? *shrug*
    You are funny people. In fact, theres not even a "IN_VANILLA"-phrase in the whole InlineImage-Extension...so what are you talking here??!
    Too bad.....i liked Vanilla, but it seems its doomed.


    And please:
    Could anyone be so kind, to explain that to me,
    if I understood it wrong?

    I'm searching through settings.php, appg/settings.php, the whole extension (default.php, image.php, image.jpg.php) and can't find IN_VANILLA !!!!!
    The only place to find it is in settings.php:
    define('IN_VANILLA', '1');

    I'm on the edge when it comes thinking about Vanilla....that makes me sad.
    Started off quite good,
    and is ending in a confusing bad state.
    Why can nobody (if nobody can fix this in a new version!) explain, how to fox that stupid bug????????
    This is sad...

    Will come back these days....but i think, if noone can help,
    thats it for me.

    Bye Vanilla....
    :'(
  18.  # 18
    Version 1.3 - 11.01.2006, Jazzman

    - Removed security patch again, as it was not neccesary and resulted in errors
    •  
      CommentAuthorCassini
    • CommentTimeMay 21st 2008 edited
     # 19
    ah, ok , i see....something, thank U.

    If the security patch is removed, why do I have the same problems as [-Stash-]?
    I'm using 1.3 with Attachments 2.

    EDIT:
    Problem is fixed now.
    It was a wrong encoded language file (definitions.php).
    It was coded in ANSI. Changed to UTF-8 and now it works.
    •  
      CommentAuthor[-Stash-]
    • CommentTimeJul 22nd 2008
     # 20
    Unofficial release from me to tie in with the latest JQuery release. Mods, please feel free to either update the addons site with this or remove the link/post.

    http://exhibitq.com/Vanilla/extensions/InlineImages/InlineImages-1.4.zip

    Basically, I added support for various thumbnail opening options (available in JQuery) and a GUI to choose which of these you want

1 to 20 of 20

  1.  
Add your comments
    Username Password
  • Format comments as
 
Back to Discussions Top of Page