merge r30864 from trunk to branch 2.6

bug 3186: improved security on search.php git-svn-id: http://piwigo.org/svn/branches/2.6@30866 68402e56-0260-453c-a942-63ccdbb3a9ee
author: plegall <plg@piwigo.org> 2015-01-08 13:11:03 +0000
committer: plegall <plg@piwigo.org> 2015-01-08 13:11:03 +0000
commit: 7ab606155255df6501ab67279d39d20bd46df2e9 (patch)
tree: 7c52ff51f7a49e8b8f800a026c9b6386cb275e96 /include/functions.inc.php
parent: c07d55df32fbd19f9f257978d7eddd24df5b40f0 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php
index a08bd94b4..a3feb477b 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1887,9 +1887,9 @@ function check_input_parameter($param_name, $param_array, $is_array, $pattern, $
       fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
     }
 
-    foreach ($param_value as $item_to_check)
+    foreach ($param_value as $key => $item_to_check)
     {
-      if (!preg_match($pattern, $item_to_check))
+      if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check))
       {
         fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
       }
author	plegall <plg@piwigo.org>	2015-01-08 13:11:03 +0000
committer	plegall <plg@piwigo.org>	2015-01-08 13:11:03 +0000
commit	7ab606155255df6501ab67279d39d20bd46df2e9 (patch)
tree	7c52ff51f7a49e8b8f800a026c9b6386cb275e96 /include/functions.inc.php
parent	c07d55df32fbd19f9f257978d7eddd24df5b40f0 (diff)