[Kde-imaging] [Bug 195136] New: Hard coded GALLERYSID cookie name breaks compatability with other G2 API compatible backends

grugnog at yahoo.com grugnog at yahoo.com
Wed Jun 3 20:11:13 CEST 2009 

https://bugs.kde.org/show_bug.cgi?id=195136

           Summary: Hard coded GALLERYSID cookie name breaks compatability
                    with other G2 API compatible backends
           Product: kipiplugins
           Version: 0.2.0
          Platform: Ubuntu Packages
        OS/Version: unspecified
            Status: UNCONFIRMED
          Severity: normal
          Priority: NOR
         Component: galleryexport
        AssignedTo: kde-imaging at kde.org
        ReportedBy: grugnog at yahoo.com


Version:           0.2.0 (using KDE 4.2.2)
Installed from:    Ubuntu Packages

There are various applications that provide a G2 API compatible backend, to
allow easy exporting of media using G2 compatible clients. I have been using
the image_pub module for Drupal (http://drupal.org/project/image_pub) and have
tested both the Drupal 5 and 6 versions and they both appear fully compatible
with the Gallery Remote client.

When using the kipi galleryexport plugin however the session is not maintained,
despite a successful login. Subsequent requests (e.g. to upload an image) are
then met by an access denied message. This is the case when using either the
"Gallery" or "Galley 2" modes.

After a bit of debugging I realised that the root cause is that galleryexport
is only returning session cookies named GALLERYSID, whereas Drupal uses session
cookies named SESS[and an MD5]. It is possible, although very inelegant, to
change the global session name in Drupal to GALLERYSID - which fixes the issue
and allows image uploads.

Assuming that GALLERYSID is not a requirement of the G2 API spec (which I
believe is the case), I think the correct fix is to galleryexport. Ideally it
should simply pass through all active cookies the same way as a browser does (I
am guessing there is a library or simple function that could be used to do the
bulk of the cookie string parsing/construction). Alternatively a temporary
simple fix could be something like changing the cookie RegExp from
"^GALLERYSID=.+" to something like "^[a-zA-Z0-9]+=.+" - however coling hinted
on IRC that this could cause problems when multiple "SetCookie" headers are
sent, so would need some testing.

-- 
Configure bugmail: https://bugs.kde.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the Kde-imaging mailing list