adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes GHSA-rr39-mf4j-6594 prevent displaying RAW cookie content

Browse Source
This commit is contained in:
plegall
2026-05-01 17:03:17 +02:00
parent 41da78f35a
commit aaa0309494
5 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
identification.php
+1 -1
View File
@@ -130,7 +130,7 @@ if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
{
if (!array_key_exists($_COOKIE['lang'], get_languages()))
{
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
}
$user['language'] = $_COOKIE['lang'];
include/functions_user.inc.php
+1 -1
View File
@@ -1057,7 +1057,7 @@ function log_user($user_id, $remember_me)
{
if (!array_key_exists($_COOKIE['lang'], get_languages()))
{
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
}
single_update(
password.php
+1 -1
View File
@@ -494,7 +494,7 @@ if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
{
if (!array_key_exists($_COOKIE['lang'], get_languages()))
{
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
}
$user['language'] = $_COOKIE['lang'];
profile.php
+1 -1
View File
@@ -83,7 +83,7 @@ SELECT '.implode(',', $fields).'
{
if (!array_key_exists($_COOKIE['lang'], get_languages()))
{
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
}
$user['language'] = $_COOKIE['lang'];
register.php
+1 -1
View File
@@ -106,7 +106,7 @@ if (isset($_COOKIE['lang']) and $user['language'] != $_COOKIE['lang'])
{
if (!array_key_exists($_COOKIE['lang'], get_languages()))
{
fatal_error('[Hacking attempt] the input parameter "'.$_COOKIE['lang'].'" is not valid');
fatal_error('[Hacking attempt] the input parameter "'.htmlspecialchars($_COOKIE['lang']).'" is not valid');
}
$user['language'] = $_COOKIE['lang'];