Pierrick Le Gall
Pierrick Le Gall
Have you been able to introduce this XSS without an administration access? if yes, then it needs to be fixed urgently. If no, then it's not a bug: an administrator...
OK @inesmarcal :-) Do you know how we fix this kind of issue in Piwigo? (we add a preg_match) ``` if (!empty($params['datetime_parameter']) and !preg_match('/^\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d$/', $data['datetime_parameter'])) { return new PwgError(WS_ERR_INVALID_PARAM,...
Hi @inesmarcal As I replied before your question, the answer in Piwigo is : > do a white list approach, so that you only allow inputs being written in a...
Considering we received no pull-request for this security issue, I have decided to fix it. I didn't reproduce the problem with `min_level` (the user input is already checked, I wonder...
both min_level and max_level are checked, I still wonder how you got the SQL working on this paramater
In old versions of MySQL/MariaDB, when inserting "abcd" into a varchar(3) field, it would silently insert "abc" (auto-truncate). In recent version of MySQL/MariaDB, you get an error. I've experienced it...
Hi @Thom1b Why don't you use the zoom feature on each thumbnail?
You can also change the dimensions (in pixels) for the "thumbnail" size on page [Administration > Configuration > Options > Photo Sizes]. If you choose 235x235 pixels, it will be...
We're preparing a face recognition plugin and a proper "people" manager (instead of using tags). That won't be for Piwigo 15, but for 16.
@neehhaa06 well, I re-read my original description and it means pretty understandable. Tell me what you don't understand so that I can provide details if necessary.