bug 1908 fixed: protect the uploaded photo filename against SQL injection.

git-svn-id: http://piwigo.org/svn/branches/2.1@7489 68402e56-0260-453c-a942-63ccdbb3a9ee
author: plegall <plg@piwigo.org> 2010-10-29 22:53:00 +0000
committer: plegall <plg@piwigo.org> 2010-10-29 22:53:00 +0000
commit: fe0d5b7547822f43895723b4cee35a84e803ca25 (patch)
tree: 5eb82cc76e28cf38fccf1cea86916af655534eec
parent: 542920d0f0b357e0587cb6e361c96e88c697b9b5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/admin/include/functions_upload.inc.php b/admin/include/functions_upload.inc.php
index 8fcfac4f0..94116a3b4 100644
--- a/admin/include/functions_upload.inc.php
+++ b/admin/include/functions_upload.inc.php
@@ -103,7 +103,7 @@ function add_uploaded_file($source_filepath, $original_filename=null, $categorie
 
   // database registration
   $insert = array(
-    'file' => isset($original_filename) ? $original_filename : basename($file_path),
+    'file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)),
     'date_available' => $dbnow,
     'tn_ext' => 'jpg',
     'path' => preg_replace('#^'.preg_quote(PHPWG_ROOT_PATH).'#', '', $file_path),
author	plegall <plg@piwigo.org>	2010-10-29 22:53:00 +0000
committer	plegall <plg@piwigo.org>	2010-10-29 22:53:00 +0000
commit	fe0d5b7547822f43895723b4cee35a84e803ca25 (patch)
tree	5eb82cc76e28cf38fccf1cea86916af655534eec
parent	542920d0f0b357e0587cb6e361c96e88c697b9b5 (diff)