From 24d725c9eb7a832ad7f515fa5418e0813ea6a9ba Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Mon, 25 Jan 2010 15:19:17 +0000
Subject: merge r4742 from branch 2.0 to trunk

bug 1391 fixed: prevent from SQL injection


git-svn-id: http://piwigo.org/svn/trunk@4743 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 feed.php | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'feed.php')

diff --git a/feed.php b/feed.php
index 229f1156c..5d015c573 100644
--- a/feed.php
+++ b/feed.php
@@ -63,6 +63,8 @@ function ts_to_iso8601($ts)
 // |                            initialization                             |
 // +-----------------------------------------------------------------------+
 
+check_input_parameter('feed', $_GET['feed'], false, '/^[0-9a-z]{50}$/i');
+
 $feed_id= isset($_GET['feed']) ? $_GET['feed'] : '';
 $image_only=isset($_GET['image_only']);
 
-- 
cgit v1.2.3