Closed sleemanj closed 3 years ago
sleemanj
commented
19 years ago I'm looking for a way to use one installation of Xinha for more than one Webside! In the ImageManger plugin (config.inc.php) there is only the way to set one path!
$IMConfig['images_url'] = str_replace( "backend.php", "", $_SERVER["PHP_SELF"] ) . "demo_images";What can I do?
gogo to gochersleemanj
commented
19 years ago niko commented:
this is just the default-value which can be overwritten by other settings. take a look at this wiki-page, the usage is explained there: ImageManager
and take a look at the bottom of config.inc.php
sleemanj
commented
19 years ago anonymous commented:
== dgd gdf gdfg dfg
dfg dfg''''[' dfgdg dfg dfg'''''] ---- ''''''==
sleemanj
commented
19 years ago Pushing this to 2.0 release for two reasons
- it's a non-critical plugin, ImageManager is there and secure
- fixing this will change how InsertPicture is setup
2.0trunksleemanj
commented
19 years ago changeset:1203
I have disabled InsertPicture (which is now resident in unsupported_plugins), while I have not had any reports of it being attacked/compromised, I had a look at the code in there and it did not fill me with confidence.
It should be removed sometime, but for now the message will advise developers that they should upgrade to ImageManager and that InsertPicture will go away soon.
fixednew to closed
currently you can write in ANY directory where the www-user has write-rights by setting the localpicturepath, which is a big security hole.
you could use the same algorithm as ImageManager does to protect the settings.
Reported by niko, migrated from http://trac.xinha.org/ticket/472