aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2011-05-31 20:32:16 +0000
committerplegall <plg@piwigo.org>2011-05-31 20:32:16 +0000
commit21b369a8a5a8f3a71bf06bd781dbff80362b52f3 (patch)
tree7d63e8cbebd9ba4eaf7339fa3f9af98af2d4034a
parent3197a76eda34281425764383aa2fda7a97bd2c8e (diff)
bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield. git-svn-id: http://piwigo.org/svn/branches/2.2@11157 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--profile.php10
1 files changed, 10 insertions, 0 deletions
diff --git a/profile.php b/profile.php
index e0bb598e8..70f326b51 100644
--- a/profile.php
+++ b/profile.php
@@ -147,6 +147,16 @@ function save_profile_from_post($userdata, &$errors)
{
$errors[] = l10n('Recent period must be a positive integer value') ;
}
+
+ if (!in_array($_POST['language'], array_keys(get_languages())))
+ {
+ die('Hacking attempt, incorrect language value');
+ }
+
+ if (!in_array($_POST['theme'], array_keys(get_pwg_themes())))
+ {
+ die('Hacking attempt, incorrect theme value');
+ }
}
if (isset($_POST['mail_address']))