Security Violation!

Sire

Joined: 2002-08-28
Posts: 22

Posted: Thu, 2002-10-03 20:49

I went through README, and had a few problems along the way but the list had some instructions that helped. I haven't found this solution yet though.

I get: Security Violation!
whenever I click to view an image
/gallery/main.php?g2_view=core:ShowItem&g2_itemId=97

for that matter, I get a Security Violation! on this url too
/gallery/main.php?g2_view=core:SiteAdmin

Gallery Debug Output:
mysql): SELECT g2_GalleryModuleMap.g_moduleName,g2_GalleryModuleMap.g_active FROM g2_GalleryModuleMap

opendir(/home/sites/home/web/gallery/modules/)
file_exists(/home/sites/home/web/gallery/modules/CVS/module.inc)
file_exists(/home/sites/home/web/gallery/modules/comment/module.inc)
file_exists(/home/sites/home/web/gallery/modules/core/module.inc)
file_exists(/home/sites/home/web/gallery/modules/netpbm/module.inc)
file_exists(/home/sites/home/web/gallery/modules/netpbm/module.inc)

JnGDotCom

Joined: 2002-09-26
Posts: 5

Posted: Fri, 2002-10-04 17:20

Same error here...

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Mon, 2002-10-07 21:46

Hmm. In main.php, after this line:

list($viewName, $controllerName) =
GalleryUtilities::getRequestVariables('view', 'controller');

add:

print "[$viewName, $controllerName]"

and let me know what you find.

Sire

Joined: 2002-08-28
Posts: 22

Posted: Mon, 2002-10-14 02:29

Outputs this:
[core:ShowItem, ] Security Violation!

RoyV

Joined: 2002-10-16
Posts: 12

Posted: Thu, 2002-10-17 21:19

Same problem at my site...
main.php?g2_view=core:ShowItem&g2_itemId=6
Shows [core:ShowItem, ] Security Violation! validate this page
Or
main.php?g2_view=core:SiteAdmin
Shows [core:SiteAdmin, ] Security Violation! validate this page

Greetz,
Roy

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Thu, 2002-10-17 21:34

Can you guys tell me what rev of PHP you're using, and when you last got a copy of the code?

Please put some debug code into main.php around the ereg() call in the /* load and run the approriate view*/ block and let me know what you come up with.

RoyV

Joined: 2002-10-16
Posts: 12

Posted: Fri, 2002-10-18 05:46

I just made a clean install with the latest code.
What debug code must i add?
Here is some info.
http://www.royvogel.nl/index.php - Here you can find phpinfo
Gallery is installed at http://www.royvogel.nl/gallery2/main.php

Greetz,
Roy

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Tue, 2002-10-22 19:38

RoyV, your Gallery appears to be unconfigured. Would you run setup.php please?

nickthegreek

Joined: 2002-10-23
Posts: 11

Posted: Wed, 2002-10-23 16:59

I'm having the same problem even after several clean installations and setup's.When I click on the [login] link I get the Security Violation!

Thats the debug output
Gallery Debug Output
--------------------------------------------------------------------------------
(mysql): SELECT
g2_GalleryModuleMap.g_moduleName,g2_GalleryModuleMap.g_active FROM
g2_GalleryModuleMap
--------------------------------------------------------------------------------

opendir(/var/www/html/gallery2/modules/)
file_exists(/var/www/html/gallery2/modules/CVS/module.inc)
file_exists(/var/www/html/gallery2/modules/comment/module.inc)
file_exists(/var/www/html/gallery2/modules/core/module.inc)
file_exists(/var/www/html/gallery2/modules/netpbm/module.inc)
--------------------------------------------------------------------------------
(mysql): SELECT
g2_GalleryModuleParameterMap.g_parameterName,g2_GalleryModuleParameterMap.g_parameterValue
FROM g2_GalleryModuleParameterMap WHERE
g2_GalleryModuleParameterMap.g_moduleName='core'
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(mysql): SELECT g2_GallerySession.g_key, g2_GallerySession.g_value FROM
g2_GallerySession WHERE g2_GallerySession.g_sessionId =
'4a922ca4bacf4668984625a3a79fc643' AND g2_GallerySession.g_key IN
('core.session.creationTime') LIMIT 1
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(mysql): SELECT g2_GallerySession.g_key, g2_GallerySession.g_value FROM
g2_GallerySession WHERE g2_GallerySession.g_sessionId =
'4a922ca4bacf4668984625a3a79fc643' AND g2_GallerySession.g_key IN
('core.id.activeUser') LIMIT 1
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(mysql): SELECT g_id, g_entityType FROM g2_GalleryEntity WHERE g_id IN
('3')
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
(mysql): SELECT g2_GalleryEntity.g_id,
g2_GalleryEntity.g_creationTimestamp, g2_GalleryEntity.g_dataVersion,
g2_GalleryEntity.g_modificationTimestamp, g2_GalleryEntity.g_serialNumber,
g2_GalleryEntity.g_entityType, g2_GalleryUser.g_userName,
g2_GalleryUser.g_fullname, g2_GalleryUser.g_hashedPassword,
g2_GalleryUser.g_email, g2_GalleryUser.g_language FROM g2_GalleryEntity,
g2_GalleryUser WHERE g2_GalleryEntity.g_id IN ('3') AND
g2_GalleryUser.g_id=g2_GalleryEntity.g_id
--------------------------------------------------------------------------------

Binding text domain: modules_core ->
/var/www/html/gallery2/modules/core/locale

ps...
g2_GalleryModuleMap is empty. Should it be????

I'm using PHP Version 4.1.2

Thank you

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Thu, 2002-10-24 16:25

Hmm. That's unusual. Any chance I can ssh to your box and tinker with the code in place?

beckett

Joined: 2002-08-16
Posts: 3474

Posted: Thu, 2002-10-24 17:16

I'm having the same problem when I click [login]. I've tried on two different platforms.
gallery2 rev-1.4, with clean databases
:: linux-RH-2.4.7-10, php-4.1.2, mysql-3.23.48, apache-1.3.26
:: mac-darwin-5.2, php-4.1.2, mysql-3.23.39, apache-1.3.22
e.g. http://www.beckettmw.com/gallery2/main.php

RoyV

Joined: 2002-10-16
Posts: 12

Posted: Thu, 2002-10-24 20:34

Quote:

RoyV, your Gallery appears to be unconfigured. Would you run setup.php please?

Ok... It's all set again and you can take a look at http://www.royvogel.nl/gallery2/main.php
Debug is on at the moment.
Hope this will help you.

Greetz :lol:

crackers

Joined: 2002-10-24
Posts: 67

Posted: Thu, 2002-10-24 22:34

Quote:

Can you guys tell me what rev of PHP you're using, and when you last got a copy of the code?

Please put some debug code into main.php around the ereg() call in the /* load and run the approriate view*/ block and let me know what you come up with.

Just did a clean install of gallery tonight. I'm getting this Security violation error. I've install it on Server Version: Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2

has anyone made any progress on this problem? gallery 1 is working sweet on the same server.

You can check the debug info here <A HREF="http://stars.lasthop.ca/test/gallery2/main.php" TARGET="_blank">gallery2 main page</A>

Thanks

ikemaunnda

Joined: 2002-08-28
Posts: 9

Posted: Fri, 2002-10-25 01:37

Reproducing the same results here too.

tonio_73

Joined: 2002-10-25
Posts: 1

Posted: Fri, 2002-10-25 20:55

Quote:

Can you guys tell me what rev of PHP you're using, and when you last got a copy of the code?

Please put some debug code into main.php around the ereg() call in the /* load and run the approriate view*/ block and let me know what you come up with.

I got the security violation when logging in. The problem was coming from the ereg() on $viewName and my version of php (4.1.2). The ereg in some versions of PHP is returning an array of size mininum to 10. Since the size is checked against 3 in the gallery2 code afterward, it is raising a violation. Here is an extract of the php doc:
"
Note: Up to (and including) PHP 4.1.0 $regs will be filled with exactly ten elements, even though more or fewer than ten parenthesized substrings may actually have matched. This has no effect on ereg()'s ability to match more substrings. If no matches are found, $regs will not be altered by ereg().
"
I replaced it by a "split" and edited the code consequently, and the problem vanished. However, there are several ereg on that page and in the admin.
What about using a sub-routine to handle this split correclty and in a transparent way? Or use serialize()/unserialize() and an object.

Antoine

crackers

Joined: 2002-10-24
Posts: 67

Posted: Sun, 2002-10-27 23:14

I've downloaded the new CVS about an hour or 2 ago and it seems to have fixed the error mention above tho now when I first load the main.php it showing two links for add comment.. whichs spits out an err when you try to add a comment

Error (ERROR_STORAGE_FAILURE)
in modules/core/classes/GalleryStorage/DatabaseStorage.class at line 505
in modules/core/classes/GalleryEntity.class at line 188
in modules/comment/AddComment.inc at line 58
in main.php at line 115
in main.php at line 28

and when I try to click logout I'm getting this error

Fatal error: Cannot instantiate non-existent class: logoutview in /www/stars/test/gallery2/main.php on line 151

Thanks :smile:

bharat

Joined: 2002-05-21
Posts: 7994

Posted: Mon, 2002-10-28 19:08

I fixed the STORAGE_FAILURE error -- my new install code was failing to install the tables for the comment module. Doh!

Fixed the logoutview bug also; that turned out to be a copy/paste error.

Thanks, crackers!

nickthegreek

Joined: 2002-10-23
Posts: 11

Posted: Tue, 2002-10-29 12:18

I've downloaded the new CVS and tested for an hour or so and everything seemed ok. If I find anything yoy are going the first to know.
P.S. My server is an intranet server which the access is not controled by me. :???:

Sire Joined: 2002-08-28 Posts: 22	Posted: Thu, 2002-10-03 20:49
	I went through README, and had a few problems along the way but the list had some instructions that helped. I haven't found this solution yet though. I get: Security Violation! whenever I click to view an image /gallery/main.php?g2_view=core:ShowItem&g2_itemId=97 for that matter, I get a Security Violation! on this url too /gallery/main.php?g2_view=core:SiteAdmin Gallery Debug Output: mysql): SELECT g2_GalleryModuleMap.g_moduleName,g2_GalleryModuleMap.g_active FROM g2_GalleryModuleMap opendir(/home/sites/home/web/gallery/modules/) file_exists(/home/sites/home/web/gallery/modules/CVS/module.inc) file_exists(/home/sites/home/web/gallery/modules/comment/module.inc) file_exists(/home/sites/home/web/gallery/modules/core/module.inc) file_exists(/home/sites/home/web/gallery/modules/netpbm/module.inc) file_exists(/home/sites/home/web/gallery/modules/netpbm/module.inc)
	XUser login Username: * Password: * Create new account Request new password
JnGDotCom Joined: 2002-09-26 Posts: 5	Posted: Fri, 2002-10-04 17:20
	Same error here...

bharat Joined: 2002-05-21 Posts: 7994	Posted: Mon, 2002-10-07 21:46
	Hmm. In main.php, after this line: list($viewName, $controllerName) = GalleryUtilities::getRequestVariables('view', 'controller'); add: print "[$viewName, $controllerName]" and let me know what you find.

Sire Joined: 2002-08-28 Posts: 22	Posted: Mon, 2002-10-14 02:29
	Outputs this: [core:ShowItem, ] Security Violation!

RoyV Joined: 2002-10-16 Posts: 12	Posted: Thu, 2002-10-17 21:19
	Same problem at my site... main.php?g2_view=core:ShowItem&g2_itemId=6 Shows [core:ShowItem, ] Security Violation! validate this page Or main.php?g2_view=core:SiteAdmin Shows [core:SiteAdmin, ] Security Violation! validate this page Greetz, Roy

bharat Joined: 2002-05-21 Posts: 7994	Posted: Thu, 2002-10-17 21:34
	Can you guys tell me what rev of PHP you're using, and when you last got a copy of the code? Please put some debug code into main.php around the ereg() call in the /* load and run the approriate view*/ block and let me know what you come up with.

RoyV Joined: 2002-10-16 Posts: 12	Posted: Fri, 2002-10-18 05:46
	I just made a clean install with the latest code. What debug code must i add? Here is some info. http://www.royvogel.nl/index.php - Here you can find phpinfo Gallery is installed at http://www.royvogel.nl/gallery2/main.php Greetz, Roy

bharat Joined: 2002-05-21 Posts: 7994	Posted: Tue, 2002-10-22 19:38
	RoyV, your Gallery appears to be unconfigured. Would you run setup.php please?

nickthegreek Joined: 2002-10-23 Posts: 11	Posted: Wed, 2002-10-23 16:59
	I'm having the same problem even after several clean installations and setup's.When I click on the [login] link I get the Security Violation! Thats the debug output Gallery Debug Output -------------------------------------------------------------------------------- (mysql): SELECT g2_GalleryModuleMap.g_moduleName,g2_GalleryModuleMap.g_active FROM g2_GalleryModuleMap -------------------------------------------------------------------------------- opendir(/var/www/html/gallery2/modules/) file_exists(/var/www/html/gallery2/modules/CVS/module.inc) file_exists(/var/www/html/gallery2/modules/comment/module.inc) file_exists(/var/www/html/gallery2/modules/core/module.inc) file_exists(/var/www/html/gallery2/modules/netpbm/module.inc) -------------------------------------------------------------------------------- (mysql): SELECT g2_GalleryModuleParameterMap.g_parameterName,g2_GalleryModuleParameterMap.g_parameterValue FROM g2_GalleryModuleParameterMap WHERE g2_GalleryModuleParameterMap.g_moduleName='core' -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- (mysql): SELECT g2_GallerySession.g_key, g2_GallerySession.g_value FROM g2_GallerySession WHERE g2_GallerySession.g_sessionId = '4a922ca4bacf4668984625a3a79fc643' AND g2_GallerySession.g_key IN ('core.session.creationTime') LIMIT 1 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- (mysql): SELECT g2_GallerySession.g_key, g2_GallerySession.g_value FROM g2_GallerySession WHERE g2_GallerySession.g_sessionId = '4a922ca4bacf4668984625a3a79fc643' AND g2_GallerySession.g_key IN ('core.id.activeUser') LIMIT 1 -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- (mysql): SELECT g_id, g_entityType FROM g2_GalleryEntity WHERE g_id IN ('3') -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- (mysql): SELECT g2_GalleryEntity.g_id, g2_GalleryEntity.g_creationTimestamp, g2_GalleryEntity.g_dataVersion, g2_GalleryEntity.g_modificationTimestamp, g2_GalleryEntity.g_serialNumber, g2_GalleryEntity.g_entityType, g2_GalleryUser.g_userName, g2_GalleryUser.g_fullname, g2_GalleryUser.g_hashedPassword, g2_GalleryUser.g_email, g2_GalleryUser.g_language FROM g2_GalleryEntity, g2_GalleryUser WHERE g2_GalleryEntity.g_id IN ('3') AND g2_GalleryUser.g_id=g2_GalleryEntity.g_id -------------------------------------------------------------------------------- Binding text domain: modules_core -> /var/www/html/gallery2/modules/core/locale ps... g2_GalleryModuleMap is empty. Should it be???? I'm using PHP Version 4.1.2 Thank you

bharat Joined: 2002-05-21 Posts: 7994	Posted: Thu, 2002-10-24 16:25
	Hmm. That's unusual. Any chance I can ssh to your box and tinker with the code in place?

beckett Joined: 2002-08-16 Posts: 3474	Posted: Thu, 2002-10-24 17:16
	I'm having the same problem when I click [login]. I've tried on two different platforms. gallery2 rev-1.4, with clean databases :: linux-RH-2.4.7-10, php-4.1.2, mysql-3.23.48, apache-1.3.26 :: mac-darwin-5.2, php-4.1.2, mysql-3.23.39, apache-1.3.22 e.g. http://www.beckettmw.com/gallery2/main.php

RoyV Joined: 2002-10-16 Posts: 12	Posted: Thu, 2002-10-24 20:34
	Quote: RoyV, your Gallery appears to be unconfigured. Would you run setup.php please? Ok... It's all set again and you can take a look at http://www.royvogel.nl/gallery2/main.php Debug is on at the moment. Hope this will help you. Greetz :lol:

crackers Joined: 2002-10-24 Posts: 67	Posted: Thu, 2002-10-24 22:34
	Quote: Can you guys tell me what rev of PHP you're using, and when you last got a copy of the code? Please put some debug code into main.php around the ereg() call in the /* load and run the approriate view*/ block and let me know what you come up with. Just did a clean install of gallery tonight. I'm getting this Security violation error. I've install it on Server Version: Apache/1.3.26 (Unix) Debian GNU/Linux PHP/4.1.2 has anyone made any progress on this problem? gallery 1 is working sweet on the same server. You can check the debug info here <!-- BBCode Start --><A HREF="http://stars.lasthop.ca/test/gallery2/main.php" TARGET="_blank">gallery2 main page</A><!-- BBCode End --> Thanks

ikemaunnda Joined: 2002-08-28 Posts: 9	Posted: Fri, 2002-10-25 01:37
	Reproducing the same results here too.

tonio_73 Joined: 2002-10-25 Posts: 1	Posted: Fri, 2002-10-25 20:55
	Quote: Can you guys tell me what rev of PHP you're using, and when you last got a copy of the code? Please put some debug code into main.php around the ereg() call in the /* load and run the approriate view*/ block and let me know what you come up with. I got the security violation when logging in. The problem was coming from the ereg() on $viewName and my version of php (4.1.2). The ereg in some versions of PHP is returning an array of size mininum to 10. Since the size is checked against 3 in the gallery2 code afterward, it is raising a violation. Here is an extract of the php doc: " Note: Up to (and including) PHP 4.1.0 $regs will be filled with exactly ten elements, even though more or fewer than ten parenthesized substrings may actually have matched. This has no effect on ereg()'s ability to match more substrings. If no matches are found, $regs will not be altered by ereg(). " I replaced it by a "split" and edited the code consequently, and the problem vanished. However, there are several ereg on that page and in the admin. What about using a sub-routine to handle this split correclty and in a transparent way? Or use serialize()/unserialize() and an object. Antoine

crackers Joined: 2002-10-24 Posts: 67	Posted: Sun, 2002-10-27 23:14
	I've downloaded the new CVS about an hour or 2 ago and it seems to have fixed the error mention above tho now when I first load the main.php it showing two links for add comment.. whichs spits out an err when you try to add a comment Error (ERROR_STORAGE_FAILURE) in modules/core/classes/GalleryStorage/DatabaseStorage.class at line 505 in modules/core/classes/GalleryEntity.class at line 188 in modules/comment/AddComment.inc at line 58 in main.php at line 115 in main.php at line 28 and when I try to click logout I'm getting this error Fatal error: Cannot instantiate non-existent class: logoutview in /www/stars/test/gallery2/main.php on line 151 Thanks :smile:

bharat Joined: 2002-05-21 Posts: 7994	Posted: Mon, 2002-10-28 19:08
	I fixed the STORAGE_FAILURE error -- my new install code was failing to install the tables for the comment module. Doh! Fixed the logoutview bug also; that turned out to be a copy/paste error. Thanks, crackers!

nickthegreek Joined: 2002-10-23 Posts: 11	Posted: Tue, 2002-10-29 12:18
	I've downloaded the new CVS and tested for an hour or so and everything seemed ok. If I find anything yoy are going the first to know. P.S. My server is an intranet server which the access is not controled by me. :???:

Security Violation!

XUser login