only Picasa feed url beginning with http://picasaweb.google.com/ is allowed
i.e. only Picasa accounts from Picasa US server are allowed

Solution:

well the current code in function render_brilliant_gallery to check if the path is a picasa feed is as follow:

if (substr($thisfolder,0,28) == 'http://picasaweb.google.com/') {
  $picasafolder = true;
}

so by simply changing it to:

if (substr($thisfolder,0,27) == 'http://picasaweb.google.com') {
  $picasafolder = true;
}

it'll support urls of Picasa feed for different countries like http://picasaweb.google.com.hk

however, I believe by removing the "/" it creates a security hole to let faking domains to be loaded.
so a better way to implement this should be using regular expression to check the url.

Comments

benkewell’s picture

benkewell commented

i've modified the code to use regular expression by preg_match instead:

if (preg_match('/http:\/\/picasaweb.google.co(?:m|m\.[A-Z]{2}|\.[A-Z]{2})\/(.+?)/i', $thisfolder) == 1) {
  $picasafolder = true;
}

it will match any url with domain 'picasaweb.google.com' or other Picasa domain with 2 letters country code in domain
like 'picasaweb.google.com.hk' or 'picasaweb.google.co.uk'

i believe this patch is necessary as some users may be accessing their Picasa accounts through localized Google website
which will give them a feed url with the country code as stated above, instead of the default 'picasaweb.google.com'

vacilando’s picture

vacilando commented
Status: Active » Fixed

This had been finally fixed in 6.x-3.1.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.