bug 3200 fixed: add input checks on admin history

git-svn-id: http://piwigo.org/svn/trunk@30948 68402e56-0260-453c-a942-63ccdbb3a9ee
2015-02-12 14:29:19 +00:00 · 2015-02-12 14:29:19 +00:00 · 9faae3e25e
commit 9faae3e25e
parent ea0fa566b1
1 changed files with 11 additions and 3 deletions
--- a/admin/history.php
+++ b/admin/history.php
@ -75,11 +75,15 @@ if (isset($_POST['submit']))
  // dates
  if (!empty($_POST['start']))
  {
+    $_POST['start'] = trim($_POST['start']);
+    check_input_parameter('start', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/');
    $search['fields']['date-after'] = $_POST['start'];
  }

  if (!empty($_POST['end']))
  {
+    $_POST['end'] = trim($_POST['end']);
+    check_input_parameter('end', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/');
    $search['fields']['date-before'] = $_POST['end'];
  }

@ -89,10 +93,11 @@ if (isset($_POST['submit']))
  }
  else
  {
+    check_input_parameter('types', $_POST, true, '/^('.implode('|', $types).')$/');
    $search['fields']['types'] = $_POST['types'];
  }

-  $search['fields']['user'] = $_POST['user'];
+  $search['fields']['user'] = intval($_POST['user']);

  if (!empty($_POST['image_id']))
  {
@ -117,6 +122,8 @@ if (isset($_POST['submit']))
      );
  }

+  check_input_parameter('display_thumbnail', $_POST, false, '/^('.implode('|', array_keys($display_thumbnails)).')$/');
+  
  $search['fields']['display_thumbnail'] = $_POST['display_thumbnail'];
  // Display choise are also save to one cookie
  if (!empty($_POST['display_thumbnail'])
@ -142,8 +149,9 @@ if (isset($_POST['submit']))
 INSERT INTO '.SEARCH_TABLE.'
  (rules)
  VALUES
-  (\''.serialize($search).'\')
+  (\''.pwg_db_real_escape_string(serialize($search)).'\')
 ;';
+
    pwg_query($query);

    $search_id = pwg_db_insert_id(SEARCH_TABLE);
@ -618,4 +626,4 @@ $template->assign('display_thumbnail_selected', $form['display_thumbnail']);
 // +-----------------------------------------------------------------------+

 $template->assign_var_from_handle('ADMIN_CONTENT', 'history');
-?>
+?>