diff options
author | plegall <plg@piwigo.org> | 2011-05-31 20:32:16 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2011-05-31 20:32:16 +0000 |
commit | 21b369a8a5a8f3a71bf06bd781dbff80362b52f3 (patch) | |
tree | 7d63e8cbebd9ba4eaf7339fa3f9af98af2d4034a | |
parent | 3197a76eda34281425764383aa2fda7a97bd2c8e (diff) |
bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.
git-svn-id: http://piwigo.org/svn/branches/2.2@11157 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r-- | profile.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/profile.php b/profile.php index e0bb598e8..70f326b51 100644 --- a/profile.php +++ b/profile.php @@ -147,6 +147,16 @@ function save_profile_from_post($userdata, &$errors) { $errors[] = l10n('Recent period must be a positive integer value') ; } + + if (!in_array($_POST['language'], array_keys(get_languages()))) + { + die('Hacking attempt, incorrect language value'); + } + + if (!in_array($_POST['theme'], array_keys(get_pwg_themes()))) + { + die('Hacking attempt, incorrect theme value'); + } } if (isset($_POST['mail_address'])) |