Bug in publish_xp.php?
GearJamminHero
Joined: 2006-07-13
Posts: 1 |
Posted: Thu, 2006-07-13 06:40 |
I found that publish_xp.php does not appear to correctly check for an authenticated user in Gallery 1.5.3. The remainder of “select-album” code is executed with anonymous user session. This is illustrated below: Line 205 of publish_xp.php should be updated from: Once updated, the anonymous user will get the intended error message displayed. [img]http://trojanedbinaries.com/security/gallery-1.5.3~publish_xp.php-patch.gif[/img] Is there another preferred channel for security or bug related issues? I think I may poke around some more to see what I can find. |
|
Posts: 6818
Hello,
thanks for reporting !
If you found a security issue write a mail to
For normal issues, just use the forum.
Thanks,
Jens
--
Last Gallery v1 Developer and v1 translation manager.