aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2015-01-08 13:09:38 +0000
committerplegall <plg@piwigo.org>2015-01-08 13:09:38 +0000
commit2365113e9194803e546be0a65bd60b65542bf53d (patch)
tree648bd890f433e5ffe79db559cce7f47cec8400d1
parent8758dd626b62525a5936fb3b1df06f38d90b1b3f (diff)
merge r30864 from trunk to branch 2.5
bug 3186: improved security on search.php git-svn-id: http://piwigo.org/svn/branches/2.5@30865 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--include/functions.inc.php4
-rw-r--r--search.php6
2 files changed, 6 insertions, 4 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php
index edc56979b..42b187bbd 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1565,9 +1565,9 @@ function check_input_parameter($param_name, $param_array, $is_array, $pattern)
fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
}
- foreach ($param_value as $item_to_check)
+ foreach ($param_value as $key => $item_to_check)
{
- if (!preg_match($pattern, $item_to_check))
+ if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check))
{
fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
}
diff --git a/search.php b/search.php
index 84bf8a126..f1acf9701 100644
--- a/search.php
+++ b/search.php
@@ -48,7 +48,7 @@ if (isset($_POST['submit']))
and !preg_match('/^\s*$/', $_POST['search_allwords']))
{
check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/');
-
+
$drop_char_match = array(
'-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_',
'?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*');
@@ -105,6 +105,8 @@ if (isset($_POST['submit']))
}
// dates
+ check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/');
+
$type_date = $_POST['date_type'];
if (!empty($_POST['start_year']))
@@ -144,7 +146,7 @@ if (isset($_POST['submit']))
INSERT INTO '.SEARCH_TABLE.'
(rules, last_seen)
VALUES
- (\''.serialize($search).'\', NOW())
+ (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW())
;';
pwg_query($query);