Possible _GET and _POST var inversion in editpics.php Possible _GET and _POST var inversion in editpics.php
 

News:

CPG Release 1.6.28
added submissions from {406man}
cleaned up a few PHP (8.4) deprecations
fixed PHP deprecation in calendar
removed security vulnerability
(please upgrade when possible)

Main Menu

Possible _GET and _POST var inversion in editpics.php

Started by sjordan, April 06, 2006, 04:13:04 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

sjordan

April 06, 2006, 04:13:04 AM
Lines 32 and 33 of editpics.php in CPG 1.4.4 contain the lines

Code Select

} elseif (isset($_GET['album'])) {
        $album_id = (int)$_POST['album'];


Wondering whether they should read ...

Code Select

} elseif (isset($_POST['album'])) {
        $album_id = (int)$_POST['album'];
CODE]
Print
Go Up Pages1
User actions