Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0002413 [Piwigo] configuration feature N/A 2011.08.22 18:51 2011.08.23 12:43
Reporter plg View Status public  
Assigned To plg
Priority normal Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 2.3.0RC1 Product Version 2.2.4
  Target Version 2.3.0RC1 Product Build
Summary 0002413: move gallery_url configuration parameter from database to local configuration file
Description http://piwigo.org/forum/viewtopic.php?id=16774 [^]

This parameter is dangerous. Users think that by changing this URL, they will either get a new domain name or have their homepage elsewhere, this is just not true and misleading. Each time I see this parameter modified (with an exception for www.photos.tarrajat.fr) it breaks the gallery.

I think that moving this parameter to configuration file makes it more secure. Why? because modifying the configuration file is not "as easy" as modifying a field in the web interface, and the local configuration parameters becomes only for "advanced users".
Steps To Reproduce
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships
related to 0000721closedrvelices Get rid of $conf['gallery_url'] from #config 

-  Notes
(0005417)
svn (reporter)
2011.08.22 19:14

[Subversion] r11978 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
feature 2413 added: move gallery_url configuration parameter from database to
local configuration file.
(0005421)
rvelices (developer)
2011.08.23 12:25

Didn't you forget to remove a line from install/config.sql ?
(0005423)
svn (reporter)
2011.08.23 12:42

[Subversion] r11987 by plg on trunk

-----[Subversion commit log]----------------------------------------------------
feature 2413: forgotten to remove the gallery_url parameter in config.sql
(0005424)
plg (manager)
2011.08.23 12:43

Thank you rvelices :-)

- Issue History
Date Modified Username Field Change
2011.08.22 18:51 plg New Issue
2011.08.22 18:51 plg Status new => assigned
2011.08.22 18:51 plg Assigned To => plg
2011.08.22 18:51 plg browser => any
2011.08.22 18:51 plg Web server => Apache 1.3.x
2011.08.22 18:52 plg Relationship added related to 0000721
2011.08.22 19:14 svn Checkin
2011.08.22 19:14 svn Note Added: 0005417
2011.08.22 19:23 plg Status assigned => closed
2011.08.22 19:23 plg Resolution open => fixed
2011.08.22 19:23 plg Fixed in Version => 2.3.0RC1
2011.08.23 12:25 rvelices Note Added: 0005421
2011.08.23 12:25 rvelices Status closed => feedback
2011.08.23 12:25 rvelices Resolution fixed => reopened
2011.08.23 12:42 svn Checkin
2011.08.23 12:42 svn Note Added: 0005423
2011.08.23 12:43 plg Note Added: 0005424
2011.08.23 12:43 plg Status feedback => closed
2011.08.23 12:43 plg Resolution reopened => fixed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker