mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-06 01:42:29 +02:00
merge -c2755 from branch 2.0 to branch 1.7
- fix vulnerability http://www.milw0rm.com/exploits/6755 git-svn-id: http://piwigo.org/svn/branches/branch-1_7@2762 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
+2
-2
@@ -69,7 +69,7 @@ $page['since'] = isset($_GET['since']) ? $_GET['since'] : 4;
|
||||
//
|
||||
$page['sort_by'] = 'date';
|
||||
// if the form was submitted, it overloads default behaviour
|
||||
if (isset($_GET['sort_by']))
|
||||
if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
|
||||
{
|
||||
$page['sort_by'] = $_GET['sort_by'];
|
||||
}
|
||||
@@ -78,7 +78,7 @@ if (isset($_GET['sort_by']))
|
||||
//
|
||||
$page['sort_order'] = $sort_order['descending'];
|
||||
// if the form was submitted, it overloads default behaviour
|
||||
if (isset($_GET['sort_order']))
|
||||
if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
|
||||
{
|
||||
$page['sort_order'] = $sort_order[$_GET['sort_order']];
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user