From 639edaa04b6082ea6e46644022ed9898292cf43b Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 8 Jan 2015 13:06:27 +0000
Subject: bug 3186: improved security on search.php

git-svn-id: http://piwigo.org/svn/trunk@30864 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions.inc.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'include/functions.inc.php')

diff --git a/include/functions.inc.php b/include/functions.inc.php
index 7d8957bd3..4ba5eb54c 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1877,9 +1877,9 @@ function check_input_parameter($param_name, $param_array, $is_array, $pattern, $
       fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
     }
 
-    foreach ($param_value as $item_to_check)
+    foreach ($param_value as $key => $item_to_check)
     {
-      if (!preg_match($pattern, $item_to_check))
+      if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check))
       {
         fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
       }
-- 
cgit v1.2.3