aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2012-04-07 21:02:56 +0000
committerplegall <plg@piwigo.org>2012-04-07 21:02:56 +0000
commitd2c7671d931c0e1eb12437924d1b37590a6185ee (patch)
tree9002fc6b0460244fccca294ff4e3a37157b1480c
parentc59b052d7c84001fb267b38e24c20c51b33c6853 (diff)
merge r13957 from branch 2.3 to trunk
bug 2611 fixed: check $_GET['section'] input parameter git-svn-id: http://piwigo.org/svn/trunk@13958 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/configuration.php3
1 files changed, 3 insertions, 0 deletions
diff --git a/admin/configuration.php b/admin/configuration.php
index 7ab175c53..2258dab99 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -36,6 +36,9 @@ include_once(PHPWG_ROOT_PATH.'admin/include/tabsheet.class.php');
check_status(ACCESS_ADMINISTRATOR);
//-------------------------------------------------------- sections definitions
+
+check_input_parameter('section', $_GET, false, '/^[a-z]+$/i');
+
if (!isset($_GET['section']))
{
$page['section'] = 'main';