adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

attempt to fix #2079 with a different way to validate input

Browse Source
This commit is contained in:
plegall
2024-02-16 18:14:40 +01:00
parent e95036b92a
commit 276afe3de9
1 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/batch_manager_global.php
+14 -1
View File
@@ -51,8 +51,21 @@ if (isset($_POST['nb_photos_deleted']))
} }
else if (isset($_POST['setSelected'])) else if (isset($_POST['setSelected']))
{ {
check_input_parameter('whole_set', $_POST, false, '/^\d+(,\d+)*$/'); // Here we don't use check_input_parameter because preg_match has a limit in
// the repetitive pattern. Found a limit to 3276 but may depend on memory.
//
// check_input_parameter('whole_set', $_POST, false, '/^\d+(,\d+)*$/');
//
// Instead, let's break the input parameter into pieces and check pieces one by one.
$collection = explode(',', $_POST['whole_set']); $collection = explode(',', $_POST['whole_set']);
foreach ($collection as $id)
{
if (!preg_match('/^\d+$/', $id))
{
fatal_error('[Hacking attempt] the input parameter "whole_set" is not valid');
}
}
} }
else if (isset($_POST['selection'])) else if (isset($_POST['selection']))
{ {