bug 1849 fixed: protect $_GET keys against SQL injections before parsing URL.

git-svn-id: http://piwigo.org/svn/branches/2.1@6905 68402e56-0260-453c-a942-63ccdbb3a9ee
2010-09-13 20:52:20 +00:00 · 2010-09-13 20:52:20 +00:00 · 4fa3f949d9
commit 4fa3f949d9
parent 2c6ac64a9d
1 changed files with 4 additions and 0 deletions
--- a/include/section_init.inc.php
+++ b/include/section_init.inc.php
@ -61,6 +61,10 @@ else
    $rewritten = $key;
    break;
  }
+  
+  // the $_GET keys are not protected in include/common.inc.php, only the values
+  $rewritten = pwg_db_real_escape_string($rewritten);
+  
  $page['root_path'] = PHPWG_ROOT_PATH;
 }