From 9ab609438f833f07d26ecbcbb901e25b57230b25 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Mon, 13 Sep 2010 21:10:51 +0000
Subject: merge r6909 from branch 2.1 to trunk

bug 1850 fixed: strong check of $_GET['cat']



git-svn-id: http://piwigo.org/svn/trunk@6910 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 comments.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'comments.php')

diff --git a/comments.php b/comments.php
index cda791ca6..0ffb05d97 100644
--- a/comments.php
+++ b/comments.php
@@ -104,6 +104,8 @@ $page['where_clauses'] = array();
 // which category to filter on ?
 if (isset($_GET['cat']) and 0 != $_GET['cat'])
 {
+  check_input_parameter('cat', $_GET, false, PATTERN_ID);
+  
   $page['where_clauses'][] =
     'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
 }
-- 
cgit v1.2.3