aboutsummaryrefslogtreecommitdiffstats
path: root/upload.php
diff options
context:
space:
mode:
authornikrou <nikrou@piwigo.org>2006-01-15 13:45:42 +0000
committernikrou <nikrou@piwigo.org>2006-01-15 13:45:42 +0000
commitc3397a2c73273ba5414d976ab7f45ae5e71a8a33 (patch)
treee59456bdf40caf57ca5d3586190c3b3f6e8eb463 /upload.php
parentb223bb495dbfa1611766cdc528c9eb1af56c43e3 (diff)
Improve security of sessions:
- use only cookies to store session id on client side - use default php session system with database handler to store sessions on server side git-svn-id: http://piwigo.org/svn/trunk@1004 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--upload.php6
1 files changed, 3 insertions, 3 deletions
diff --git a/upload.php b/upload.php
index 39f0db5d2..dce72a66f 100644
--- a/upload.php
+++ b/upload.php
@@ -125,7 +125,7 @@ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
if ($page['cat_site_id'] != 1 or !$page['cat_uploadable'])
{
echo '<div style="text-align:center;">'.$lang['upload_forbidden'].'<br />';
- echo '<a href="'.add_session_id( './category.php' ).'">';
+ echo '<a href="./category.php">';
echo $lang['thumbnails'].'</a></div>';
exit();
}
@@ -299,9 +299,9 @@ $template->assign_vars(array(
'L_UPLOAD_DONE' => $lang['upload_successful'],
'L_MANDATORY' => $lang['mandatory'],
- 'F_ACTION' => add_session_id( $u_form ),
+ 'F_ACTION' => $u_form,
- 'U_RETURN' => add_session_id(PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING'])
+ 'U_RETURN' => PHPWG_ROOT_PATH.'category.php?'.$_SERVER['QUERY_STRING']
));
if ( !$page['upload_successful'] )