adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes GHSA-rr39-mf4j-6594 prevent displaying RAW cookie content

Browse Source 
... and also factorize code checking the cookie.lang user input
This commit is contained in:
plegall
2026-05-01 16:58:09 +02:00
parent 33024bcc8d
commit 5277a7dee4
6 changed files with 47 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files
password.php
+1 -11
View File
@@ -489,17 +489,7 @@ if (!isset($themeconf['hide_menu_on']) OR !in_array('thePasswordPage', $themecon
include( PHPWG_ROOT_PATH.'include/menubar.inc.php');
}
//Load language if cookie is set from login/register/password pages
if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
{
if (!array_key_exists($_COOKIE['lang'], get_languages()))
{
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
}
$user['language'] = $_COOKIE['lang'];
load_language('common.lang', '', array('language'=>$user['language']));
}
load_cookie_language();
//Get list of languages
foreach (get_languages() as $language_code => $language_name)