Package: gallery
Version: 1.5-1
Followup-For: Bug #268949
Hi,
filenames with non-ascii characters break. Problem is a
function in classes/Image.php which returns the html img statement
non-escaped.
Is this a security problem for broken clients?
Here a small patch, which looks like to solves the problem.
In Debian the file is located under,
/usr/share/gallery/classes/Image.php
--- Image.php 2005-03-10 03:29:42.000000000 +0100
+++ /home/squat/Image.php 2005-06-09 18:06:42.000000000 +0200
@@ -185,7 +185,7 @@
"$attrs alt=\"$alttext\"
title=\"$alttext\">";
}
} else {
- return "<img src=\"$dir/$this->name.$this->type\"
$size_val $attrs alt=\"$alttext\" title=\"$alttext\" name=\"photo_j\">";
+ return "<img
src=\"".$dir.'/'.urlencode($this->name).'.'.$this->type."\" $size_val $attrs
alt=\"$alttext\" title=\"$alttext\" name=\"photo_j\">";
}
}
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.28
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages gallery depends on:
ii apache 1.3.33-6 versatile, high-performance HTTP s
ii apache2-mpm-prefork [apache2 2.0.54-4 traditional model for Apache2
ii debconf 1.4.30.13 Debian configuration management sy
ii libapache2-mod-php4 4:4.3.10-15 server-side, HTML-embedded scripti
ii netpbm 2:10.0-8 Graphics conversion tools
ii php4 4:4.3.10-15 server-side, HTML-embedded scripti
ii php4-cgi 4:4.3.10-15 server-side, HTML-embedded scripti
-- debconf information excluded
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
