folderblog
What is folderblog?
Folderblog is a free PHP script that automatically displays the images placed in a given directory, no database needed. It can be used as a blog or gallery — and anything in between.

» demo blog   » learn more   » download now

Discussion
IMPORTANT: Security patch(back to index)
Mike Gauthier has discovered an exploit in folderblog 3 that may allow arbitrary code to be executed on your server under certain circumstances. I have released a critical security patch (.zip) addressing this issue and will be working on a new major fb3 release in the near future. All fb3 users should replace their main fb.php file (keeping in mind that you may have renamed it) with the zipped version immediately. Many (many) thanks to Mike for the catch.
posted by donald on 17 Jul 06 at 1:48 AM
The patch came up with three undefined variable errors for me, including 'use_alt_url', 'locale', and 'time_difference'.
posted by Sarasnee on 18 Jul 06 at 2:04 AM
Thanks for the catch, Mike, and the fix, Donald. I have a small problem with the new fb.php in place. I'm not sure if it's the script's fault or something else in my configuration, but I'll mention it...

It seems if I have a cookie stored in my browser, from previously commenting and choosing "Remember me", an error appears at the top of my pages:

Array ( [PHPSESSID] => f9da2d2bc0e7cbde07fc76fd4f17457a [cprelogin] => no [folderblog] => Name_from_comment::URL_from_Comment::email_address_from_comment )

This error goes away if I delete the cookie.

Any cure for this?

Thanks for the support!

Brent
posted by Brent on 18 Jul 06 at 3:44 PM
By the way, Name_from_comment, URL_from_Comment, and email_address_from_comment, as I have written them above are actually replaced with the name, URL, and email address specified when a comment was last made. I simply removed them to generalize the above, but hope it's still clear.
posted by Brent on 18 Jul 06 at 3:45 PM
Update: I've removed the line:

print_r($_COOKIE);

from fb.php (there is only one occurrence of it), and the error is gone. Perhaps this was simply left over from debugging?
posted by Brent on 18 Jul 06 at 4:03 PM
print_r($_COOKIE) was line 442 on my Dreamweaver.
posted by Mark on 20 Jul 06 at 10:41 AM
I still haven't gotten rid of the undefined variable errors, and I have no idea what they mean. Whoever has php brains can look at it for me here. Any help is greatly appreciated.
posted by Sarasnee on 20 Jul 06 at 10:03 PM
Sarasnee,

I don't know PHP either, but...

Do you have the following variables defined in your fb_settings.php file, no matter what they are set to (the part on the right side of the equal's sign)?

$locale = "en_US";
$time_difference = 0;
$use_alt_url = 1;

If not, try sticking those in there (though you might have to change their values). I would think they would already be in there though, if you have downloaded folderblog 3 from folderblog.org.

Brent
posted by Brent on 21 Jul 06 at 7:10 AM
Thanks Brent! I have no idea how that portion was deleted, but it wasn't there. The patch works now. *phew* I should go through my files and make sure things are consistent with the original download. Thanks again!
-Sara
posted by Sarasnee on 25 Jul 06 at 12:36 AM
Thanks Brent, that helped me as well. Seems like I need to redo some changes in my files and check everything again.
posted by Thomas on 25 Oct 06 at 12:27 PM
Post a Reply:

Name:    Remember me
URL:    
(include http:// or mailto:)
(back to index)