aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2005-11-16 21:18:56 +0000
committerplegall <plg@piwigo.org>2005-11-16 21:18:56 +0000
commit358930b9bab0641d8a9f48a2a328061515a2998b (patch)
tree953031720a1be70dbe55036fcfe1ace87494f769
parentb9970ec34c3811af535d9722fb8e075566fd780d (diff)
- bug 207 fixed : security issue. Any visitor can reach any picture in
picture.php only by deleting value for URL parameter "cat". git-svn-id: http://piwigo.org/svn/trunk@934 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--picture.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/picture.php b/picture.php
index e597b6f64..b41de7112 100644
--- a/picture.php
+++ b/picture.php
@@ -31,6 +31,12 @@ define('PHPWG_ROOT_PATH','./');
include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
//-------------------------------------------------- access authorization check
check_cat_id( $_GET['cat'] );
+
+if (!isset($page['cat']))
+{
+ die($lang['access_forbiden']);
+}
+
check_login_authorization();
if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
{