archive/piwigo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bug 247 fixed : image_id GET parameter was not checked for sanity before

Browse source 
usage in SQL queries. Now, image_id must be a numeric value.


git-svn-id: http://piwigo.org/svn/branches/branch-1_5@989 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2005-12-25 22:37:07 +00:00
parent 7bdb132ffc
commit 9bc452537e
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
picture.php
View file

@ -42,6 +42,12 @@ if ( isset( $page['cat'] ) and is_numeric( $page['cat'] ) )
{ {
check_restrictions( $page['cat'] ); check_restrictions( $page['cat'] );
} }
if (!is_numeric($_GET['image_id']))
{
die('Hacking attempt on "image_id" GET parameter');
}
//---------------------------------------- incrementation of the number of hits //---------------------------------------- incrementation of the number of hits
$query = ' $query = '
UPDATE '.IMAGES_TABLE.' UPDATE '.IMAGES_TABLE.'