Skip to content
Permalink
Browse files

fixes #1011 add user input checks (and pwg_token) to avoid SQL inject…

…ion (and CSRF)
  • Loading branch information...
plegall committed Aug 12, 2019
1 parent 9134906 commit 7234d0108e7da33dd097b9a272c87b1c26be46b8
@@ -18,19 +18,26 @@
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
if (!empty($_POST))
{
check_pwg_token();
check_input_parameter('cat_true', $_POST, true, PATTERN_ID);
check_input_parameter('cat_false', $_POST, true, PATTERN_ID);
}
// +-----------------------------------------------------------------------+
// | variables init |
// +-----------------------------------------------------------------------+
if (isset($_GET['group_id']) and is_numeric($_GET['group_id']))
{
$page['group'] = $_GET['group_id'];
}
else
if (!isset($_GET['group_id']))
{
die('group_id URL parameter is missing');
fatal_error('group_id URL parameter is missing');
}
check_input_parameter('group_id', $_GET, false, PATTERN_ID);
$page['group'] = $_GET['group_id'];
// +-----------------------------------------------------------------------+
// | updates |
// +-----------------------------------------------------------------------+
@@ -157,6 +164,8 @@
;';
display_select_cat_wrapper($query_false,array(),'category_option_false');
$template->assign('PWG_TOKEN', get_pwg_token());
// +-----------------------------------------------------------------------+
// | html code display |
// +-----------------------------------------------------------------------+
@@ -3,6 +3,7 @@

<form method="post" action="{$F_ACTION}">
{$DOUBLE_SELECT}
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>

<p>{'Only private albums are listed'|@translate}</p>
@@ -18,5 +18,6 @@

<form method="post" action="{$F_ACTION}">
{$DOUBLE_SELECT}
<input type="hidden" name="pwg_token" value="{$PWG_TOKEN}">
</form>
</fieldset>
@@ -18,6 +18,13 @@
// +-----------------------------------------------------------------------+
check_status(ACCESS_ADMINISTRATOR);
if (!empty($_POST))
{
check_pwg_token();
check_input_parameter('cat_true', $_POST, true, PATTERN_ID);
check_input_parameter('cat_false', $_POST, true, PATTERN_ID);
}
// +-----------------------------------------------------------------------+
// | variables init |
// +-----------------------------------------------------------------------+
@@ -158,6 +165,8 @@
;';
display_select_cat_wrapper($query_false,array(),'category_option_false');
$template->assign('PWG_TOKEN', get_pwg_token());
// +-----------------------------------------------------------------------+
// | sending html code |
// +-----------------------------------------------------------------------+

0 comments on commit 7234d01

Please sign in to comment.
You can’t perform that action at this time.