aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2010-09-13 21:10:51 +0000
committerplegall <plg@piwigo.org>2010-09-13 21:10:51 +0000
commit9ab609438f833f07d26ecbcbb901e25b57230b25 (patch)
treefe95ac70be27ff82715c291bf37173cd37e240f5
parenta8b34d3598a6a657f821d5d16593742cb708215a (diff)
merge r6909 from branch 2.1 to trunk
bug 1850 fixed: strong check of $_GET['cat'] git-svn-id: http://piwigo.org/svn/trunk@6910 68402e56-0260-453c-a942-63ccdbb3a9ee
-rw-r--r--comments.php2
1 files changed, 2 insertions, 0 deletions
diff --git a/comments.php b/comments.php
index cda791ca6..0ffb05d97 100644
--- a/comments.php
+++ b/comments.php
@@ -104,6 +104,8 @@ $page['where_clauses'] = array();
// which category to filter on ?
if (isset($_GET['cat']) and 0 != $_GET['cat'])
{
+ check_input_parameter('cat', $_GET, false, PATTERN_ID);
+
$page['where_clauses'][] =
'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')';
}