mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 19:29:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes GHSA-p362-cfpj-q55f protect against CSRF on batch manager unit mode

Browse source
This commit is contained in:
plegall 2024-02-12 16:51:53 +01:00
parent 562170528c
commit e95036b92a
3 changed files with 4 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admin/batch_manager_unit.php
View file

@ -32,6 +32,7 @@ trigger_notify('loc_begin_element_set_unit');
if (isset($_POST['submit']))
{
check_pwg_token();
check_input_parameter('element_ids', $_POST, false, '/^\d+(,\d+)*$/');
$collection = explode(',', $_POST['element_ids']);
@ -110,6 +111,7 @@ $template->assign(
'F_ACTION' => $base_url.get_query_string_diff(array()),
'level_options' => get_privacy_level_options(),
'ADMIN_PAGE_TITLE' => l10n('Batch Manager'),
'PWG_TOKEN' => get_pwg_token(),
)
);