mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-06 01:42:29 +02:00
fixes #1011 add user input checks (and pwg_token) to avoid SQL injection (and CSRF)
This commit is contained in:
+15
-6
@@ -18,19 +18,26 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
||||
// +-----------------------------------------------------------------------+
|
||||
check_status(ACCESS_ADMINISTRATOR);
|
||||
|
||||
if (!empty($_POST))
|
||||
{
|
||||
check_pwg_token();
|
||||
check_input_parameter('cat_true', $_POST, true, PATTERN_ID);
|
||||
check_input_parameter('cat_false', $_POST, true, PATTERN_ID);
|
||||
}
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | variables init |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
if (isset($_GET['group_id']) and is_numeric($_GET['group_id']))
|
||||
if (!isset($_GET['group_id']))
|
||||
{
|
||||
$page['group'] = $_GET['group_id'];
|
||||
}
|
||||
else
|
||||
{
|
||||
die('group_id URL parameter is missing');
|
||||
fatal_error('group_id URL parameter is missing');
|
||||
}
|
||||
|
||||
check_input_parameter('group_id', $_GET, false, PATTERN_ID);
|
||||
|
||||
$page['group'] = $_GET['group_id'];
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | updates |
|
||||
// +-----------------------------------------------------------------------+
|
||||
@@ -157,6 +164,8 @@ $query_false.= '
|
||||
;';
|
||||
display_select_cat_wrapper($query_false,array(),'category_option_false');
|
||||
|
||||
$template->assign('PWG_TOKEN', get_pwg_token());
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | html code display |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
@@ -3,6 +3,7 @@
|
||||
|
||||
<form method="post" action="{$F_ACTION}">
|
||||
{$DOUBLE_SELECT}
|
||||
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
|
||||
</form>
|
||||
|
||||
<p>{'Only private albums are listed'|@translate}</p>
|
||||
|
||||
@@ -18,5 +18,6 @@
|
||||
|
||||
<form method="post" action="{$F_ACTION}">
|
||||
{$DOUBLE_SELECT}
|
||||
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
|
||||
</form>
|
||||
</fieldset>
|
||||
|
||||
@@ -18,6 +18,13 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
|
||||
// +-----------------------------------------------------------------------+
|
||||
check_status(ACCESS_ADMINISTRATOR);
|
||||
|
||||
if (!empty($_POST))
|
||||
{
|
||||
check_pwg_token();
|
||||
check_input_parameter('cat_true', $_POST, true, PATTERN_ID);
|
||||
check_input_parameter('cat_false', $_POST, true, PATTERN_ID);
|
||||
}
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | variables init |
|
||||
// +-----------------------------------------------------------------------+
|
||||
@@ -158,6 +165,8 @@ $query_false.= '
|
||||
;';
|
||||
display_select_cat_wrapper($query_false,array(),'category_option_false');
|
||||
|
||||
$template->assign('PWG_TOKEN', get_pwg_token());
|
||||
|
||||
// +-----------------------------------------------------------------------+
|
||||
// | sending html code |
|
||||
// +-----------------------------------------------------------------------+
|
||||
|
||||
Reference in New Issue
Block a user