diff options
| author | plegall <plg@piwigo.org> | 2011-05-31 20:32:41 +0000 |
|---|---|---|
| committer | plegall <plg@piwigo.org> | 2011-05-31 20:32:41 +0000 |
| commit | 70841e0f5076b04bc596f2a37c3714ed6cb9ac92 (patch) | |
| tree | c7d86c8575c4325640ca8a469216339434b844a2 | |
| parent | 257808402bed53e44bc8705d22e4d05f99fc37da (diff) | |
merge r11157 from branch 2.2 to trunk
bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.
git-svn-id: http://piwigo.org/svn/trunk@11159 68402e56-0260-453c-a942-63ccdbb3a9ee
| -rw-r--r-- | profile.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/profile.php b/profile.php index 2580b375c..402b03971 100644 --- a/profile.php +++ b/profile.php @@ -149,6 +149,16 @@ function save_profile_from_post($userdata, &$errors) { $errors[] = l10n('Recent period must be a positive integer value') ; } + + if (!in_array($_POST['language'], array_keys(get_languages()))) + { + die('Hacking attempt, incorrect language value'); + } + + if (!in_array($_POST['theme'], array_keys(get_pwg_themes()))) + { + die('Hacking attempt, incorrect theme value'); + } } if (isset($_POST['mail_address'])) |