mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-28 20:29:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #1697 add checks on chronology URL parameters

Browse source
This commit is contained in:
plegall 2022-09-16 10:37:58 +02:00
parent 79d56beb8a
commit 156825d24d
1 changed files with 14 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

14
include/functions_url.inc.php
View file

@ -686,6 +686,11 @@ function parse_well_known_params_url($tokens, &$i)
array_shift($chronology_tokens); array_shift($chronology_tokens);
$page['chronology_style'] = $chronology_tokens[0]; $page['chronology_style'] = $chronology_tokens[0];
if (!in_array($page['chronology_style'], array('monthly', 'weekly')))
{
fatal_error('bad chronology field (style)');
}
array_shift($chronology_tokens); array_shift($chronology_tokens);
if ( count($chronology_tokens)>0 ) if ( count($chronology_tokens)>0 )
{ {
@ -696,6 +701,15 @@ function parse_well_known_params_url($tokens, &$i)
array_shift($chronology_tokens); array_shift($chronology_tokens);
} }
$page['chronology_date'] = $chronology_tokens; $page['chronology_date'] = $chronology_tokens;
foreach ($page['chronology_date'] as $date_token)
{
// each date part must be an integer (number of the year, number of the month, number of the week or number of the day)
if (!preg_match('/^\d+$/', $date_token))
{
fatal_error('bad chronology field (date)');
}
}
} }
} }
elseif (preg_match('/^start-(\d+)/', $tokens[$i], $matches)) elseif (preg_match('/^start-(\d+)/', $tokens[$i], $matches))