Click here for more details.

new morning wrote:

Well, I fixed that part of the pb : I had to CHMOD all files in the 'cache' directory. Now I still can't use this mod : I get a blank screen.  can someone have a look at what happens ? (www.francafrique.infos.st) / http://www.francafrique.infos.st/uploadimg.php

Are you using the latest version of this mod (v1.3.3)? Also make sure that your  php version is not outdated, and that gd has been configured properly.

I am suffering this problem too.
Applied chmods already.
Can anyone give me tips ? http://ostudiolabs.com/forum/upload/uploadimg.php

edit- I have fixed it. I just deleted the files  and re unzipped them into the forum directory. thx!

T

Note:  it is not for 1.3

ooosh.

Note:  it is not for 1.3

Does anyone know if this is still safe to use ?

I am trying to set it up on my forum, but having issues.

Thanks for the feedback. Peter Österberg contacted me last year about this vulnerability which was found in v1.3.2 and confirmed in v1.3.3. I attempted to fix it in v1.3.4, but there are some things I missed.  This is indeed a very serious vulnerability - and I have now released v1.3.5. Everyone should update to this version. Download from punres.org

I have also created the file uploadimg_check.php which will check for potentially harmful files that were uploaded with previous versions and give you the option to delete them. Click here to download it. Note that you must be logged in as Admin to use it.

http://secunia.com/advisories/28138

solution:
open uploadimg.php and find line (~193):

// Determine whether file is correct filetype-
if (!((($_FILES['imagefile']['type'] == "image/jpg" || $_FILES['imagefile']['type'] == "image/jpeg" || $_FILES['imagefile']['type'] == "image/pjpeg") && ($allow_jpg_uploads == "1")) || (($_FILES['imagefile']['type'] == "image/png" || $_FILES['imagefile']['type'] == "image/x-png") && ($allow_png_uploads == "1")) || (($_FILES['imagefile']['type'] == "image/gif") && ($allow_gif_uploads == "1"))))

replace with (added extension checking):

if (!((($_FILES['imagefile']['type'] == "image/jpg" || $_FILES['imagefile']['type'] == "image/jpeg" || $_FILES['imagefile']['type'] == "image/pjpeg") && ($imagefilename_ext == 'jpg' || $imagefilename_ext == 'jpeg') && ($allow_jpg_uploads == "1")) || (($_FILES['imagefile']['type'] == "image/png" || $_FILES['imagefile']['type'] == "image/x-png") && ($imagefilename_ext == 'png') && ($allow_png_uploads == "1")) || (($_FILES['imagefile']['type'] == "image/gif") && ($imagefilename_ext == 'gif') && ($allow_gif_uploads == "1"))))

be careful!

Automatic Image Upload with Thumbnails 1.3.4 now available. ...

Where?

* Rewrote the "uploadimg.php" page
* Fixed a vulnerability
* All pages now valid XHTML 1.0 Strict
* Stats totals now also include thumb size

By the way, is this GD correctly configured ?

phpMyAdmin 2.7.0-pl1

PHP, not the PHP admin programme.

Graphics library.

Are you using the latest version of this mod (v1.3.3)?

Yes

-  Also make sure that your  php version is not outdated
phpMyAdmin 2.7.0-pl1

- and that gd has been configured properly.

What is GD ?

Well, I fixed that part of the pb : I had to CHMOD all files in the 'cache' directory. Now I still can't use this mod : I get a blank screen.  can someone have a look at what happens ? (www.francafrique.infos.st) / http://www.francafrique.infos.st/uploadimg.php

Are you using the latest version of this mod (v1.3.3)? Also make sure that your  php version is not outdated, and that gd has been configured properly.