diff options
author | plegall <plg@piwigo.org> | 2014-06-12 09:33:20 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2014-06-12 09:33:20 +0000 |
commit | 27972906be22af08b9cc6a1c598cf75146bd67e8 (patch) | |
tree | 608c229297c61a184294818311012e60186ce4aa | |
parent | 2384b3168d0c20411074276c044d612bcd9ac4a9 (diff) |
bug 3089: prevent SQL injection on photo edition
git-svn-id: http://piwigo.org/svn/trunk@28678 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | admin/picture_modify.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/admin/picture_modify.php b/admin/picture_modify.php index 3e88bf61a..57d98276a 100644 --- a/admin/picture_modify.php +++ b/admin/picture_modify.php @@ -155,6 +155,7 @@ if (isset($_POST['submit'])) { $_POST['associate'] = array(); } + check_input_parameter('associate', $_POST, true, PATTERN_ID); move_images_to_categories(array($_GET['image_id']), $_POST['associate']); invalidate_user_cache(); @@ -164,6 +165,7 @@ if (isset($_POST['submit'])) { $_POST['represent'] = array(); } + check_input_parameter('represent', $_POST, true, PATTERN_ID); $no_longer_thumbnail_for = array_diff($represented_albums, $_POST['represent']); if (count($no_longer_thumbnail_for) > 0) |