aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorz0rglub <z0rglub@piwigo.org>2003-09-09 18:36:25 +0000
committerz0rglub <z0rglub@piwigo.org>2003-09-09 18:36:25 +0000
commit122ac485f7330a9544504e2355fbdf53124e5702 (patch)
tree0baead077ce613edc79ff2f668f2ece56b272b0e
parente0e61217f7cf9cc980650419bcbd88facdeeb258 (diff)
Security improve : you can't display a picture in a category it doesn't
belong to git-svn-id: http://piwigo.org/svn/trunk@84 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--picture.php10
1 files changed, 9 insertions, 1 deletions
diff --git a/picture.php b/picture.php
index 56bd461b2..403301de7 100644
--- a/picture.php
+++ b/picture.php
@@ -36,7 +36,6 @@ $query.= ';';
@mysql_query( $query );
//-------------------------------------------------------------- initialization
initialize_category( 'picture' );
-$cat_directory = $page['cat_dir']; // by default
//------------------------------------- main picture information initialization
$query = 'SELECT id,date_available,comment,hit,keywords';
$query.= ',author,name,file,date_creation,filesize,width,height';
@@ -52,6 +51,15 @@ $query.= ' AND id = '.$_GET['image_id'];
$query.= $conf['order_by'];
$query.= ';';
$result = mysql_query( $query );
+// if this image_id doesn't correspond to this category, an error message is
+// displayed, and execution is stopped
+if ( mysql_num_rows( $result ) == 0 )
+{
+ echo '<div style="text-align:center;">'.$lang['access_forbiden'].'<br />';
+ echo '<a href="'.add_session_id( './category.php' ).'">';
+ echo $lang['thumbnails'].'</a></div>';
+ exit();
+}
$row = mysql_fetch_array( $result );
$page['id'] = $row['id'];
$page['file'] = $row['file'];