mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 19:29:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #872, CVE-2018-7724, protect photo admin page from CSRF

Browse source
This commit is contained in:
plegall 2018-07-06 14:38:39 +02:00
parent 06f4252312
commit bef09018fb
2 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
admin/picture_modify.php
View file

@ -118,6 +118,8 @@ if (isset($_GET['sync_metadata']))
//--------------------------------------------------------- update informations
if (isset($_POST['submit']))
{
check_pwg_token();
$data = array();
$data['id'] = $_GET['image_id'];
$data['name'] = $_POST['name'];
@ -445,6 +447,7 @@ $template->assign(array(
'represented_albums' => $represented_albums,
'STORAGE_ALBUM' => $storage_category_id,
'CACHE_KEYS' => get_admin_client_cache_keys(array('tags', 'categories')),
'PWG_TOKEN' => get_pwg_token(),
));
trigger_notify('loc_end_picture_modify');