PhotoPost Community - vBGallery Suggestions http://www.photopost.com/forum Post your comments, suggestions, and other feedback about PhotoPost vBGallery here. en Fri, 20 Nov 2009 23:24:21 GMT vBulletin 60 http://www.photopost.com/forum/images/misc/rss.jpg PhotoPost Community - vBGallery Suggestions http://www.photopost.com/forum <![CDATA[First test: VB4 beta3 ->vbgallery]]> http://www.photopost.com/forum/vbgallery-suggestions/141117-first-test-vb4-beta3-vbgallery.html Fri, 13 Nov 2009 08:40:13 GMT Well finally, i tested vbgallery with the beta3 :(

First.. i don't like the class programming of vb4...
comparing vbulletin only pages
+10 queries per page.. and + 30% memory usage.. but its a beta.. so we will see..

As to vbgallery...
Install went flawlessly... (that's good news..)
Only 1 image (rating) it couldn't find.. but that will be an easy fix..

Then to the functionality...
That's a bummer...

eval fetch_template doesnt exist anymore.. (well it does but triggers an error giving a warning at each call..)
(the good thing is that the warnings are triggered by vbulletin, they added :
Code:
Content visible to verified customers only.
So that's not bad for debugging...


Actually, without a new version, gallery is unusable as is for vb4.
At first sight.. it needs..
  • a complete rewrite of gallery_global.php
  • Small rewrites of functions_gallery
  • a partial rewrite of the 10 main files (replacing fetch_template with $templater = vB_Template::create(...

  • a complete rewrite of the templates (Thats the BIG part)
Its not that hard.. but, it will be very time intense.
(and here is my suggestion)
So Michael, forget about dating, girls, food, drinks and holidays B=0
Its going to be lots of work! :p

More seriously, i think it is feasible, and will work nicely..
But I suggest you don't upgrade to vb4 if you are in production environment

Luc ]]> vBGallery Suggestions Luciano http://www.photopost.com/forum/vbgallery-suggestions/141117-first-test-vb4-beta3-vbgallery.html <![CDATA[[Suggestion] Always reprocess originals for security reasons]]> http://www.photopost.com/forum/vbgallery-suggestions/141082-suggestion-always-reprocess-originals-security-reasons.html Sun, 08 Nov 2009 09:43:29 GMT I was doing a little reading and ran into a vulnerability of images through something called Gifar. Those are images combined with java jar files that can access your browser ---Quote--- GIFARs can be files other than combined GIF+JAR files, they could also be JPG+JAR, DOC+JAR, etc. ---End... I was doing a little reading and ran into a vulnerability of images through something called Gifar.
Those are images combined with java jar files that can access your browser
Quote:
GIFARs can be files other than combined GIF+JAR files, they could also be JPG+JAR, DOC+JAR, etc.
you can do some reading by searching Gifar on google or checking last years Black Hat conference:
Black Hat Sneak Preview | Zero Day | ZDNet.com
Sun has fixed this vulnerability in java, but you dont know if your users have installed the latest java plugin for their browser...
to be 100% sure nobody uploads a gifar to your site,

In vbgallery you have 2 possibilities..

Set: Save Original Files to no...
(drawback: you loose the original
and smaller files wont be resized => keeping potential gifar danger..)

Set the Original Image Quality from -1 to something like 75
the original will then be processed and gd2 or imagemagic will create a new file without malicious code...

BUT i am not sure if in that case gif or png images are really reprocessed..
as the quality option only affects jpgs. ( reprocessing is excluded in vbgallery: AND $imageinfo['numericaltype'] != 1)

So i suggest that reprocessing of gifs is allowed and forced in next vbgallery.

I would also Suggest, that a re-size original option (with max sizes) be added to next version.. ( this has nothing to do with vulnerabilies)

Luc

PS: i thought about another way... but it looks like a memory hog.. :
read the file into a string.. search for string like ".jar" or ".class" (is usually at the end of the code). if yes, reprocess the image.. ]]> vBGallery Suggestions Luciano http://www.photopost.com/forum/vbgallery-suggestions/141082-suggestion-always-reprocess-originals-security-reasons.html