From 2365113e9194803e546be0a65bd60b65542bf53d Mon Sep 17 00:00:00 2001 From: plegall Date: Thu, 8 Jan 2015 13:09:38 +0000 Subject: merge r30864 from trunk to branch 2.5 bug 3186: improved security on search.php git-svn-id: http://piwigo.org/svn/branches/2.5@30865 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/functions.inc.php | 4 ++-- search.php | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/include/functions.inc.php b/include/functions.inc.php index edc56979b..42b187bbd 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1565,9 +1565,9 @@ function check_input_parameter($param_name, $param_array, $is_array, $pattern) fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array'); } - foreach ($param_value as $item_to_check) + foreach ($param_value as $key => $item_to_check) { - if (!preg_match($pattern, $item_to_check)) + if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check)) { fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"'); } diff --git a/search.php b/search.php index 84bf8a126..f1acf9701 100644 --- a/search.php +++ b/search.php @@ -48,7 +48,7 @@ if (isset($_POST['submit'])) and !preg_match('/^\s*$/', $_POST['search_allwords'])) { check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/'); - + $drop_char_match = array( '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_', '?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*'); @@ -105,6 +105,8 @@ if (isset($_POST['submit'])) } // dates + check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/'); + $type_date = $_POST['date_type']; if (!empty($_POST['start_year'])) @@ -144,7 +146,7 @@ if (isset($_POST['submit'])) INSERT INTO '.SEARCH_TABLE.' (rules, last_seen) VALUES - (\''.serialize($search).'\', NOW()) + (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW()) ;'; pwg_query($query); -- cgit v1.2.3