aboutsummaryrefslogtreecommitdiffstats
path: root/search.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2015-01-08 13:11:03 +0000
committerplegall <plg@piwigo.org>2015-01-08 13:11:03 +0000
commit7ab606155255df6501ab67279d39d20bd46df2e9 (patch)
tree7c52ff51f7a49e8b8f800a026c9b6386cb275e96 /search.php
parentc07d55df32fbd19f9f257978d7eddd24df5b40f0 (diff)
merge r30864 from trunk to branch 2.6
bug 3186: improved security on search.php git-svn-id: http://piwigo.org/svn/branches/2.6@30866 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'search.php')
-rw-r--r--search.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/search.php b/search.php
index 6feee2780..fed2e4c5f 100644
--- a/search.php
+++ b/search.php
@@ -105,6 +105,8 @@ if (isset($_POST['submit']))
}
// dates
+ check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/');
+
$type_date = $_POST['date_type'];
if (!empty($_POST['start_year']))
@@ -144,7 +146,7 @@ if (isset($_POST['submit']))
INSERT INTO '.SEARCH_TABLE.'
(rules, last_seen)
VALUES
- (\''.serialize($search).'\', NOW())
+ (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW())
;';
pwg_query($query);