merge r11157 from branch 2.2 to trunk
bug 2280 fixed: check language and theme values before updating database. The posted value must match an expected value, this is not a free texfield. git-svn-id: http://piwigo.org/svn/trunk@11159 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
parent
257808402b
commit
70841e0f50
1 changed files with 10 additions and 0 deletions
10
profile.php
10
profile.php
|
|
@ -149,6 +149,16 @@ function save_profile_from_post($userdata, &$errors)
|
|||
{
|
||||
$errors[] = l10n('Recent period must be a positive integer value') ;
|
||||
}
|
||||
|
||||
if (!in_array($_POST['language'], array_keys(get_languages())))
|
||||
{
|
||||
die('Hacking attempt, incorrect language value');
|
||||
}
|
||||
|
||||
if (!in_array($_POST['theme'], array_keys(get_pwg_themes())))
|
||||
{
|
||||
die('Hacking attempt, incorrect theme value');
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_POST['mail_address']))
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue