From c0608565dabae6b25456ff6f665b0cd0f5afae4b Mon Sep 17 00:00:00 2001 From: plegall Date: Thu, 12 Feb 2015 14:35:42 +0000 Subject: merge r30950 from trunk to branch 2.7 bug 3201 fixed: check plugin identifier git-svn-id: http://piwigo.org/svn/branches/2.7@30951 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/plugin.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/admin/plugin.php b/admin/plugin.php index b636608ef..82939b35a 100644 --- a/admin/plugin.php +++ b/admin/plugin.php @@ -45,6 +45,12 @@ if (count($sections)<2) } $plugin_id = $sections[0]; + +if (!preg_match('/^\w+$/', $plugin_id)) +{ + die('Invalid plugin identifier'); +} + if ( !isset($pwg_loaded_plugins[$plugin_id]) ) { die('Invalid URL - plugin '.$plugin_id.' not active'); -- cgit v1.2.3