adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes #574, new checks on plugin section in URL

Browse Source
This commit is contained in:
plegall
2017-01-01 19:40:53 +01:00
parent beee647b74
commit 9004fdfc0b
1 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/plugin.php
+7 -1
View File
@@ -32,10 +32,16 @@ check_status(ACCESS_ADMINISTRATOR);
$sections = explode('/', $_GET['section'] );
for ($i=0; $i<count($sections); $i++)
{
if (empty($sections[$i]) or $sections[$i]=='..')
if (empty($sections[$i]))
{
unset($sections[$i]);
$i--;
continue;
}
if ($sections[$i] == '..' or !preg_match('/^[a-zA-Z_\.-]+$/', $sections[$i]))
{
die('invalid section token ['.htmlentities($sections[$i]).']');
}
}