aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormistic100 <mistic@piwigo.org>2013-01-20 11:48:53 +0000
committermistic100 <mistic@piwigo.org>2013-01-20 11:48:53 +0000
commit3d81c8d2cbf63523c7285b46ea2f4d62ee4aef80 (patch)
treecca38212553df0e228fb3767bbc26a3fbf2a65a8
parent61fca5efdced97488ccaab85aa73a8821a397d54 (diff)
protect session data with pwg_db_real_escape_string
git-svn-id: http://piwigo.org/svn/trunk@20281 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--include/functions_session.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 7888443bd..213fceb21 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -148,7 +148,7 @@ function pwg_session_write($session_id, $data)
$query = '
REPLACE INTO '.SESSIONS_TABLE.'
(id,data,expiration)
- VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.str_replace("'", "\'", $data).'\',now())
+ VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.pwg_db_real_escape_string($data).'\',now())
;';
pwg_query($query);
return true;