diff options
author | plegall <plg@piwigo.org> | 2005-11-16 21:18:56 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2005-11-16 21:18:56 +0000 |
commit | 358930b9bab0641d8a9f48a2a328061515a2998b (patch) | |
tree | 953031720a1be70dbe55036fcfe1ace87494f769 | |
parent | b9970ec34c3811af535d9722fb8e075566fd780d (diff) |
- bug 207 fixed : security issue. Any visitor can reach any picture in
picture.php only by deleting value for URL parameter "cat".
git-svn-id: http://piwigo.org/svn/trunk@934 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | picture.php | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/picture.php b/picture.php index e597b6f64..b41de7112 100644 --- a/picture.php +++ b/picture.php @@ -31,6 +31,12 @@ define('PHPWG_ROOT_PATH','./'); include_once(PHPWG_ROOT_PATH.'include/common.inc.php'); //-------------------------------------------------- access authorization check check_cat_id( $_GET['cat'] ); + +if (!isset($page['cat'])) +{ + die($lang['access_forbiden']); +} + check_login_authorization(); if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) { |