News:

CPG Release 1.6.29
During HTML5 upload, keep pseudo blank code 200 messages from triggering error condition
added Russian language
correct failure to use theme menu icons in album manager
minor vulnerabilities mitigation

Main Menu

Possible _GET and _POST var inversion in editpics.php

Started by sjordan, April 06, 2006, 04:13:04 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

sjordan

April 06, 2006, 04:13:04 AM
Lines 32 and 33 of editpics.php in CPG 1.4.4 contain the lines

Code Select

} elseif (isset($_GET['album'])) {
        $album_id = (int)$_POST['album'];


Wondering whether they should read ...

Code Select

} elseif (isset($_POST['album'])) {
        $album_id = (int)$_POST['album'];
CODE]
Print
Go Up Pages1
User actions