iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-04-30 18:42:43 +02:00
Code Issues Packages Projects Releases Wiki Activity

fixes GHSA-7r67-9xhq-7p2c check get.filter inputs for dimensions and filesize

Browse Source
This commit is contained in:
plegall
2026-04-26 13:06:52 +02:00
parent 4a13ec9a8f
commit c7e30da5c1
1 changed files with 44 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
admin/batch_manager.php
View File

@@ -256,6 +256,7 @@ elseif (isset($_GET['filter']))
break;
case 'dimension':
// filter=dimension-w10..1000-h100..5000-r0.70..2
$dim_map = array('w'=>'width','h'=>'height','r'=>'ratio');
foreach (explode('-', $value) as $part)
{
@@ -263,19 +264,54 @@ elseif (isset($_GET['filter']))
if (isset($dim_map[$part[0]]))
{
$type = $dim_map[$part[0]];
list(
$_SESSION['bulk_manager_filter']['dimension']['min_'.$type],
$_SESSION['bulk_manager_filter']['dimension']['max_'.$type]
) = $values;
$filter_to_validate_for_type = array(
'width' => FILTER_VALIDATE_INT,
'height' => FILTER_VALIDATE_INT,
'ratio' => FILTER_VALIDATE_FLOAT,
);
$valid = true;
foreach ($values as $value)
{
if (filter_var($value, $filter_to_validate_for_type[$type]) === false)
{
$valid = false;
}
}
if ($valid)
{
list(
$_SESSION['bulk_manager_filter']['dimension']['min_'.$type],
$_SESSION['bulk_manager_filter']['dimension']['max_'.$type]
) = $values;
}
}
}
break;
case 'filesize':
list(
$_SESSION['bulk_manager_filter']['filesize']['min'],
$_SESSION['bulk_manager_filter']['filesize']['max']
) = explode('..', $value);
// filter=filesize-1..10
$values = explode('..', $value);
$valid = true;
foreach ($values as $value)
{
if (filter_var($value, FILTER_VALIDATE_FLOAT) === false)
{
$valid = false;
}
}
if ($valid)
{
list(
$_SESSION['bulk_manager_filter']['filesize']['min'],
$_SESSION['bulk_manager_filter']['filesize']['max']
) = $values;
}
break;
default: