diff options
| author | plegall <plg@piwigo.org> | 2013-10-29 22:38:54 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2013-10-29 22:38:54 +0000 |
| commit | 42d65801a8874bd5435acfc0b1c9b56393c7c32f (patch) | |
| tree | c88a2275dc58a0bc9b2609556afca220cb8022de /admin/batch_manager.php | |
| parent | 475d8a6554cfc5a1e239a42fb033cc5488bb51fc (diff) | |
merge r25223 from branch 2.5 to trunk
bug 2992 fixed: escape all file names before searching them as duplicates in batch manager.
git-svn-id: http://piwigo.org/svn/trunk@25224 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/batch_manager.php')
| -rw-r--r-- | admin/batch_manager.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/admin/batch_manager.php b/admin/batch_manager.php index 302f8802f..22d4ace09 100644 --- a/admin/batch_manager.php +++ b/admin/batch_manager.php @@ -277,7 +277,7 @@ SELECT file $query = ' SELECT id FROM '.IMAGES_TABLE.' - WHERE file IN (\''.implode("','", $duplicate_files).'\') + WHERE file IN (\''.implode("','", array_map('pwg_db_real_escape_string', $duplicate_files)).'\') ;'; $filter_sets[] = array_from_query($query, 'id'); |