diff options
author | nikrou <nikrou@piwigo.org> | 2006-01-15 13:45:42 +0000 |
---|---|---|
committer | nikrou <nikrou@piwigo.org> | 2006-01-15 13:45:42 +0000 |
commit | c3397a2c73273ba5414d976ab7f45ae5e71a8a33 (patch) | |
tree | e59456bdf40caf57ca5d3586190c3b3f6e8eb463 /upload.php | |
parent | b223bb495dbfa1611766cdc528c9eb1af56c43e3 (diff) |
Improve security of sessions:
- use only cookies to store session id on client side
- use default php session system with database handler to store sessions on server side
git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | upload.php | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/upload.php b/upload.php index 39f0db5d2..dce72a66f 100644 --- a/upload.php +++ b/upload.php @@ -125,7 +125,7 @@ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) ) if ($page['cat_site_id'] != 1 or !$page['cat_uploadable']) { echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />'; - echo '<a href="'.add_session_id( './category.php' ).'">'; + echo '<a href="./category.php">'; echo $lang['thumbnails'].'</a></div>'; exit(); } @@ -299,9 +299,9 @@ $template->assign_vars(array( 'L_UPLOAD_DONE' => $lang['upload_successful'], 'L_MANDATORY' => $lang['mandatory'], - 'F_ACTION' => add_session_id( $u_form ), + 'F_ACTION' => $u_form, - 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']) + 'U_RETURN' => PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'] )); if ( !$page['upload_successful'] ) |