From 358930b9bab0641d8a9f48a2a328061515a2998b Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Wed, 16 Nov 2005 21:18:56 +0000
Subject: - bug 207 fixed : security issue. Any visitor can reach any picture
 in   picture.php only by deleting value for URL parameter "cat".

git-svn-id: http://piwigo.org/svn/trunk@934 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 picture.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/picture.php b/picture.php
index e597b6f64..b41de7112 100644
--- a/picture.php
+++ b/picture.php
@@ -31,6 +31,12 @@ define('PHPWG_ROOT_PATH','./');
 include_once(PHPWG_ROOT_PATH.'include/common.inc.php');
 //-------------------------------------------------- access authorization check
 check_cat_id( $_GET['cat'] );
+
+if (!isset($page['cat']))
+{
+  die($lang['access_forbiden']);
+}
+
 check_login_authorization();
 if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
 {
-- 
cgit v1.2.3