aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-10-29 22:53:26 +0000
committerplegall <plg@piwigo.org>2010-10-29 22:53:26 +0000
commit42a61b5cb839fbb86a5a91faa8f3d0419e045554 (patch)
tree3e152c648c7eeecf105a80aa62f4cded9b594a3c
parent7aae3dd9853e0bbbecd2b7fc48acf3b0b96aa9e0 (diff)
merge r7489 from branch 2.1 to trunk
bug 1908 fixed: protect the uploaded photo filename against SQL injection. git-svn-id: http://piwigo.org/svn/trunk@7490 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--admin/include/functions_upload.inc.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/admin/include/functions_upload.inc.php b/admin/include/functions_upload.inc.php
index 8fcfac4f0..94116a3b4 100644
--- a/admin/include/functions_upload.inc.php
+++ b/admin/include/functions_upload.inc.php
@@ -103,7 +103,7 @@ function add_uploaded_file($source_filepath, $original_filename=null, $categorie
// database registration
$insert = array(
- 'file' => isset($original_filename) ? $original_filename : basename($file_path),
+ 'file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)),
'date_available' => $dbnow,
'tn_ext' => 'jpg',
'path' => preg_replace('#^'.preg_quote(PHPWG_ROOT_PATH).'#', '', $file_path),