aboutsummaryrefslogtreecommitdiffstats
path: root/admin/plugin.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2015-02-12 14:32:33 +0000
committerplegall <plg@piwigo.org>2015-02-12 14:32:33 +0000
commit3c28040ca8c07586ce1498241503c0fbcf75c569 (patch)
tree50435f71171bfe01b9bc6f1d20266856d2f3f4d0 /admin/plugin.php
parent9faae3e25edb54b38f63e53d62c3f7f5958bd04b (diff)
bug 3201 fixed: check plugin identifier
git-svn-id: http://piwigo.org/svn/trunk@30950 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/plugin.php')
-rw-r--r--admin/plugin.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/admin/plugin.php b/admin/plugin.php
index b636608ef..82939b35a 100644
--- a/admin/plugin.php
+++ b/admin/plugin.php
@@ -45,6 +45,12 @@ if (count($sections)<2)
}
$plugin_id = $sections[0];
+
+if (!preg_match('/^\w+$/', $plugin_id))
+{
+ die('Invalid plugin identifier');
+}
+
if ( !isset($pwg_loaded_plugins[$plugin_id]) )
{
die('Invalid URL - plugin '.$plugin_id.' not active');