iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-05-18 15:26:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

(cp 4310fe7) fixes #667, check $_GET['page'] to avoid XSS

Browse Source 
This can be an issue only on Internet Explorer
This commit is contained in:
plegall
2017-06-12 11:38:00 +02:00
parent c1e8f6f758
commit 1b22d08a80
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin.php
+2
View File
@@ -41,6 +41,8 @@ trigger_notify('loc_begin_admin');
check_status(ACCESS_ADMINISTRATOR);
check_input_parameter('page', $_GET, false, '/^[a-zA-Z\d_-]+$/');
// +-----------------------------------------------------------------------+
// | Direct actions |
// +-----------------------------------------------------------------------+