mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 11:19:55 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #1011 add user input checks (and pwg_token) to avoid SQL injection (and CSRF)

Browse source
This commit is contained in:
plegall 2019-08-12 16:45:21 +02:00
parent 91349065ea
commit 7234d0108e
4 changed files with 26 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

21
admin/group_perm.php
View file

@ -18,18 +18,25 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
if (!empty($_POST))
{
check_pwg_token();
check_input_parameter('cat_true', $_POST, true, PATTERN_ID);
check_input_parameter('cat_false', $_POST, true, PATTERN_ID);
}
// +-----------------------------------------------------------------------+
// | variables init |
// +-----------------------------------------------------------------------+
if (isset($_GET['group_id']) and is_numeric($_GET['group_id']))
if (!isset($_GET['group_id']))
{
fatal_error('group_id URL parameter is missing');
}
check_input_parameter('group_id', $_GET, false, PATTERN_ID);
$page['group'] = $_GET['group_id'];
}
else
{
die('group_id URL parameter is missing');
}
// +-----------------------------------------------------------------------+
// | updates |
@ -157,6 +164,8 @@ $query_false.= '
;';
display_select_cat_wrapper($query_false,array(),'category_option_false');
$template->assign('PWG_TOKEN', get_pwg_token());
// +-----------------------------------------------------------------------+
// | html code display |
// +-----------------------------------------------------------------------+

1
admin/themes/default/template/group_perm.tpl
View file

@ -3,6 +3,7 @@
<form method="post" action="{$F_ACTION}">
{$DOUBLE_SELECT}
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
<p>{'Only private albums are listed'|@translate}</p>

1
admin/themes/default/template/user_perm.tpl
View file

@ -18,5 +18,6 @@
<form method="post" action="{$F_ACTION}">
{$DOUBLE_SELECT}
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
</fieldset>

9
admin/user_perm.php
View file

@ -18,6 +18,13 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
if (!empty($_POST))
{
check_pwg_token();
check_input_parameter('cat_true', $_POST, true, PATTERN_ID);
check_input_parameter('cat_false', $_POST, true, PATTERN_ID);
}
// +-----------------------------------------------------------------------+
// | variables init |
// +-----------------------------------------------------------------------+
@ -158,6 +165,8 @@ $query_false.= '
;';
display_select_cat_wrapper($query_false,array(),'category_option_false');
$template->assign('PWG_TOKEN', get_pwg_token());
// +-----------------------------------------------------------------------+
// | sending html code |
// +-----------------------------------------------------------------------+