From 3d81c8d2cbf63523c7285b46ea2f4d62ee4aef80 Mon Sep 17 00:00:00 2001
From: mistic100 <mistic@piwigo.org>
Date: Sun, 20 Jan 2013 11:48:53 +0000
Subject: protect session data with pwg_db_real_escape_string

git-svn-id: http://piwigo.org/svn/trunk@20281 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 include/functions_session.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'include/functions_session.inc.php')

diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php
index 7888443bd..213fceb21 100644
--- a/include/functions_session.inc.php
+++ b/include/functions_session.inc.php
@@ -148,7 +148,7 @@ function pwg_session_write($session_id, $data)
   $query = '
 REPLACE INTO '.SESSIONS_TABLE.'
   (id,data,expiration)
-  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.str_replace("'", "\'", $data).'\',now())
+  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.pwg_db_real_escape_string($data).'\',now())
 ;';
   pwg_query($query);
   return true;
-- 
cgit v1.2.3