mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-19 16:13:00 +02:00
fixes #847, CVE-2018-5692 protect a few user input variables
This commit is contained in:
@@ -42,6 +42,7 @@ include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php');
|
||||
check_status(ACCESS_ADMINISTRATOR);
|
||||
|
||||
check_input_parameter('selection', $_POST, true, PATTERN_ID);
|
||||
check_input_parameter('display', $_REQUEST, false, '/^(\d+|all)$/');
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | specific actions |
|
||||
|
||||
Reference in New Issue
Block a user