Rename .menu class
January 12th, 2010
Upgrading to 2.4+ Gives Broken Images on Some WordPress Configurations
December 31st, 2009
Due to a bug in DM Albums™ 2.4 through 2.4.3, upgrading may have caused broken images in some installations of WordPress. This was caused by a bug in the function_exists logic to test for the wp_mkdir_p function. This has been resolved in version 2.4.4.
Tags: Closed, Priority 5, Severity 4
Posted in DM Albums, Defect | No Comments »
Taglines $col_width Bug
December 30th, 2009
There’s a small bug in the code:
<table id="dm_taglines_container" width="500" border="0">
<tr>
<td align="left" width="$col_width%">
<div><a href="javascript:void(0);" onclick="window.ifrm_photoablum1.StartStopSlideshow();" id="slideshowcontrol" title="Start/Stop Slideshow">Slide Show</a> <a href="javascript:void(0);" onclick="window.ifrm_photoablum1.ChangeSlideshowSpeed(1000);" style="padding-left: 10px;" title="Increase Slideshow Speed">+</a> <a href="javascript:void(0);" onclick="window.ifrm_photoablum1.ChangeSlideshowSpeed(-1000);" style="padding-right: 5px;" title="Decrease Slideshow Speed">-</a></div>
</td>
<td align="right" width="$col_width%">
<div id="dm_fullscreen1"><a href="javascript:void(0);" onclick="window.ifrm_photoablum1.OpenFullScreen('http://www.diel.nl/mikediel/wp-content/plugins/dm-albums/dm-albums.php?currdir=/mikediel/wp-content/uploads/dm-albums/Test/', '');">Full Screen</a></div>
</td>
</tr>
</table>
This has been resolved in v2.4.4.
Tags: Closed, Priority 3, Severity
Posted in DM Albums, Defect | No Comments »
DM Albums™ Photo Sorter Not Functioning Properly in Internet Explorer 8
December 23rd, 2009
The DM Albums™ Photo Sorter is not functioning properly in Microsoft Internet Explorer 8, although it functions properly in standards-compliant browsers like Firefox, Safari, and Google Chrome.
When dragging photos, the position of the dragged object is not accurately calculated and photos can only be moved into the last position in the row, or into the last position of a lower row. No solution has currently been identified.
Tags: Priority 3, Severity 4
Posted in DM Albums, Defect | 1 Comment »
DM PhotoAlbums/MediaPlayer Download Defect
December 16th, 2009
Choppy Fade on Next/Previous Image Views
December 16th, 2009
Defect: The image fade becomes choppy and irregular when you scroll through images quickly using the arrow keys.
Proposed solution: Cleartimeout for image fade when next/preview image is requested
Tags: Priority 3, Severity 1
Posted in DM Albums, Defect | No Comments »
DM Albums™ Download Vulnerability
December 14th, 2009
Download Bug
December 14th, 2009
DM PhotoAlbums, DM MediaPlayer do not allow downloading of files when user is not logged in or does not have read access to directory.
Possible solution is to adjust download function in functions.php to allow download for directories users have read access to. A challenge will be to ensure the user is accessing the download properly and is not adjusting the path to gain access to content they are not allowed to see.
Tags: Closed, Priority 4, Severity 4
Posted in DM Albums, DM FileManager, Defect | No Comments »
ajax-upload.php Vulnerabilities
December 14th, 2009
DM-FileManager 3.9.9 XSS Vulnerability
December 10th, 2009
DM-FileManager 3.9.9 and below is vulnerable to XSS attacks. Listed below is the vulnerability:
http://domain.com/login.php?referrer=/&message=<script>alert(document.cookie)</script>
Here is an obfuscated version:
http://domain.com/login.php?referrer=/&message=%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%28%64%6F%63%75%6D%65%6E%74%2E%63%6F%6F%6B%69%65%29%3C%2F%73%63%72%69%70%74%3E
This can lead to session hijacking and loss of data. Users should not follow untrusted links.
Tags: Closed, Code Complete, Confirmed, Priority 5, Severity 5, Solution Identified
Posted in DM FileManager, Exploit | 8 Comments »
