Conflict: Menalto Gallery v 1.4.4-pl4

New Member Joined: Nov 22, 2004 Posts: 5

Hi Guys,

Let’s get this out of the way first.

---- Specs ----
Phpnuke v. 7.3
Chatserv v. 2.7
Sentinel v. 2.1.1
Menalto Gallery v. 1.4.4-pl4

Processor: Dual Intel Xeon 3.06GHz w/ Hyperthreading
Memory: 1GB DDR
Hard Drive: 7200RPM IDE
Ethernet Port: 100Mbps
O/S: CentOS 3.3 i686

http://REMOVEcopterholic.com
----------------

Background:

(1) Installed Gallery v 1.4.4-pl4, tested it out as admin, no problems what so ever (I’m guessing because my IP addie is protected within Sentinel).

(2) Created a test user account within nuke named “J1”.

(3) As Admin, created an album for this user name “J1” and set the album owner to “J1”.

(4) Logged in as “J1” I added 19 or so test photos, no problems.

(5) Entered the album, selected one of the photos to change it to new album “HIGHLIGHT PHOTO”…..Bang!!!

(6) Sentinel went off, banning me.

--- Below is the email generated from Sentinel ---

Date & Time: 2004-12-09 02:25:18
Blocked IP: 65.187.211.XXX (Note: I removed the last octet)
User ID: J1 (2)
Reason: Abuse-Filter
--------------------
User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Query String:
copterholic.com/modules.php?cmd=highlight&index=9&set_albumName=J1test&op=modload&name=gallery&file=index&include=do_command.php
Forwarded For: none
Client IP: none
Remote Address: 65.187.211.XXX
Remote Port: 4934
Request Method: GET
--------------------

My questions:

(1) Is there a way to make Sentinel compatible with Gallery? If so how?

Remember….. There’s a lot of functions within Gallery which a user could use on a photo IE: Edit Text, Edit Thumbnail, Rotate / Flip, Highlight, Move, Reorder, Copy, Hide, and Delete.

(2) If Sentinel cannot be tweaked to play nice with Gallery, is there another “Photo Gallery” script which is compatible, and isn’t too bad?

Thanks for your time,

Jeff G.

Posted: Thu Dec 09, 2004 7:39 am

Try these links (courtesy of the Only registered users can see links on this board! Get registered or login!).

http://www.ravenphpscripts.com/posts1861-highlightgallery.html+cmd
http://www.ravenphpscripts.com/postt1796.html
http://www.ravenphpscripts.com/posts3096-highlightgallery.html+cmd

Posted: Fri Dec 10, 2004 5:23 am

Thanks for the tips...... After trying the suggestions in those links, and testing out the gallery, I had to add a few more items to the code list within "includes/sentinel.php".

Below is the code, which will allow any "LOGGED IN" user to run any of the options for an album or photo without getting zapped by sentinel.

Code:

  // Check for XSS attack


if (eregi("http\:\/\/", $name) OR (eregi("cmd",$querystring) AND !eregi("&cmd",$querystring) AND !eregi("cmd=highlight",$querystring) AND !eregi("cmd=hide",$querystring)) OR eregi("exec",$querystring) AND !eregi("execu",$querystring) OR eregi("concat",$querystring)) {

Thanks,

Jeff

Posted: Fri Dec 10, 2004 10:44 pm

I had to add the following to the above if statement as well:

Code:

AND !eregi("cmd=show",$querystring) AND !eregi("cmd=reset",$querystring)

registered · Hangin' Around Joined: Aug 17, 2004 Posts: 43

I have a slight problem too, I am using

PHPNuke 7.6
Chatserv's Patches - 2.9
Gallery - 2.1.1
Sentinel - 2.1.3

And on many options I recieve Illegal Content. For example if you visit my gallery - http://www.pottersrealm.com/modules.php?name=gallery and browse through the albums, everything works fine except when you click on the links of the menu at the top where it says as:

Mirror of Erised >> Album Name >> Sub-Album Name >> Item Name

etc. you can click on any of these links and it shows a blank white page with Illegal Content written. When I disable Sentinel, no such problem occurs. Please advise.

Theme Guru Joined: Nov 01, 2003 Posts: 1006

have you made the changes listed above?
Have you done this as well
http://www.ravenphpscripts.com/posts4657-highlight-illegal+content.html