adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-01 20:04:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes #2433 protect picture_modify.php from HTML just like pwg.images.setInfo

Browse Source 
... and a extra check on input parameters
This commit is contained in:
plegall
2025-11-10 16:04:51 +01:00
parent be85e9381a
commit bc9526f323
2 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/picture_modify.php
+7 -10
View File
@@ -19,6 +19,8 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
check_status(ACCESS_ADMINISTRATOR); check_status(ACCESS_ADMINISTRATOR);
check_input_parameter('image_id', $_GET, false, PATTERN_ID); check_input_parameter('image_id', $_GET, false, PATTERN_ID);
check_input_parameter('level', $_POST, false, '/^\d+$/');
check_input_parameter('date_creation', $_POST, false, '/^\d\d\d\d-\d\d-\d\d( \d\d:\d\d:\d\d)?$/');
// retrieving direct information about picture. This may have been already // retrieving direct information about picture. This may have been already
// done on admin/photo.php but this page can also be accessed without // done on admin/photo.php but this page can also be accessed without
@@ -80,17 +82,12 @@ if (isset($_POST['submit']))
$data = array(); $data = array();
$data['id'] = $_GET['image_id']; $data['id'] = $_GET['image_id'];
$data['name'] = $_POST['name'];
$data['author'] = $_POST['author'];
$data['level'] = $_POST['level']; $data['level'] = $_POST['level'];
if ($conf['allow_html_descriptions']) $to_sanitize_fields = array('name', 'author', 'comment');
foreach ($to_sanitize_fields as $field)
{ {
$data['comment'] = @$_POST['description']; $data[$field] = $conf['allow_html_descriptions'] ? @$_POST[$field] : strip_tags(@$_POST[$field]);
}
else
{
$data['comment'] = strip_tags(@$_POST['description']);
} }
if (!empty($_POST['date_creation'])) if (!empty($_POST['date_creation']))
@@ -249,8 +246,8 @@ $template->assign(
'DATE_CREATION' => $row['date_creation'], 'DATE_CREATION' => $row['date_creation'],
'DESCRIPTION' => 'DESCRIPTION' =>
htmlspecialchars( isset($_POST['description']) ? htmlspecialchars( isset($_POST['comment']) ?
stripslashes($_POST['description']) : (empty($row['comment']) ? '' : $row['comment'])), stripslashes($_POST['comment']) : (empty($row['comment']) ? '' : $row['comment'])),
'F_ACTION' => 'F_ACTION' =>
get_root_url().'admin.php' get_root_url().'admin.php'
admin/themes/default/template/picture_modify.tpl
+1 -1
View File
@@ -205,7 +205,7 @@ const str_assoc_album_ab = '{'Associate to album'|translate|escape:javascript}';
<p> <p>
<strong>{'Description'|@translate}</strong> <strong>{'Description'|@translate}</strong>
<br> <br>
<textarea name="description" id="description" class="description">{$DESCRIPTION}</textarea> <textarea name="comment" id="description" class="description">{$DESCRIPTION}</textarea>
</p> </p>
<p> <p>