Changeset 934 for trunk/picture.php


Ignore:
Timestamp:
Nov 16, 2005, 10:18:56 PM (18 years ago)
Author:
plg
Message:
  • bug 207 fixed : security issue. Any visitor can reach any picture in picture.php only by deleting value for URL parameter "cat".
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/picture.php

    r922 r934  
    3232//-------------------------------------------------- access authorization check
    3333check_cat_id( $_GET['cat'] );
     34
     35if (!isset($page['cat']))
     36{
     37  die($lang['access_forbiden']);
     38}
     39
    3440check_login_authorization();
    3541if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
Note: See TracChangeset for help on using the changeset viewer.