Guest Brandon! Posted April 6, 2008 Share Posted April 6, 2008 I just realized that even though the compat-test page has a small error on it. When it tries to detect the version of gd, it anticipates a valid decimal for the version. My current version is 2.0.34, which is obviously not a valid decimal. I think that the preg_replace() that is used before the sprintf(%d) would be sufficient for script security.: function detectGD() { if (extension_loaded('gd') && function_exists('gd_info')) { $gd = gd_info(); $version = preg_replace('#[a-z\s]#i', '', $gd['GD Version']); return sprintf('%d', $version); } return false; } Becomes: function detectGD() { if (extension_loaded('gd') && function_exists('gd_info')) { $gd = gd_info(); return preg_replace('#[a-z\s]#i', '', $gd['GD Version']); } return false; } Just my $.02 Quote Link to comment Share on other sites More sharing options...
convict Posted April 6, 2008 Share Posted April 6, 2008 Thanks! Best to use the bug tracker for at http://bugs.cubecart.com, thank you. Quote Link to comment Share on other sites More sharing options...
Guest Posted April 7, 2008 Share Posted April 7, 2008 Yeah, the problem arises because the newer installations of PHP5 report the GD version differently than old versions. So we've had to revise the reporting. I'm all about killing a lot of the sprintf() calls in the code. :wacko: Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.