From f107f5bf1a6bd07303a720b630fe651b7cb56d8c Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Tue, 26 Jan 2010 09:20:10 +0000
Subject: merge r4752 from branch 2.0 to trunk

bug 1401 fixed: let's use the mysql_real_escape_string on POST fields (even if
I was not able to reproduce any attack because fields are heavily processed
before any SQL query).


git-svn-id: http://piwigo.org/svn/trunk@4753 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 search.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'search.php')

diff --git a/search.php b/search.php
index fdcbab701..6f9ae5af3 100644
--- a/search.php
+++ b/search.php
@@ -35,6 +35,14 @@ $errors = array();
 $search = array();
 if (isset($_POST['submit']))
 {
+  foreach ($_POST as $post_key => $post_value)
+  {
+    if (!is_array($post_value))
+    {
+      $_POST[$post_key] = mysql_real_escape_string($post_value);
+    }
+  }  
+  
   if (isset($_POST['search_allwords'])
       and !preg_match('/^\s*$/', $_POST['search_allwords']))
   {
@@ -63,6 +71,8 @@ if (isset($_POST['submit']))
 
   if (isset($_POST['tags']))
   {
+    check_input_parameter('tags', $_POST['tags'], true, PATTERN_ID);
+    
     $search['fields']['tags'] = array(
       'words' => $_POST['tags'],
       'mode'  => $_POST['tag_mode'],
@@ -82,6 +92,8 @@ if (isset($_POST['submit']))
 
   if (isset($_POST['cat']))
   {
+    check_input_parameter('cat', $_POST['cat'], true, PATTERN_ID);
+    
     $search['fields']['cat'] = array(
       'words'   => $_POST['cat'],
       'sub_inc' => ($_POST['subcats-included'] == 1) ? true : false,
-- 
cgit v1.2.3