aboutsummaryrefslogtreecommitdiffstats
path: root/admin/element_set_global.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2009-12-15 00:33:57 +0000
committerplegall <plg@piwigo.org>2009-12-15 00:33:57 +0000
commit742e2a7c0ac86e9bcce2fa6eef65214e869cd19c (patch)
tree39ece70263b1fb2ef881352f11e1f4a38b94afd7 /admin/element_set_global.php
parent8bbbe6c7943296a81df1c232ca7de0329295477f (diff)
bug 1329 fixed: add a check_input_parameter function to prevent hacking
attempts. git-svn-id: http://piwigo.org/svn/branches/2.0@4495 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/element_set_global.php6
1 files changed, 6 insertions, 0 deletions
diff --git a/admin/element_set_global.php b/admin/element_set_global.php
index 2ad3ab164..05f4158b7 100644
--- a/admin/element_set_global.php
+++ b/admin/element_set_global.php
@@ -43,6 +43,12 @@ check_status(ACCESS_ADMINISTRATOR);
// | deletion form submission |
// +-----------------------------------------------------------------------+
+// the $_POST['selection'] was already checked in element_set.php
+check_input_parameter('add_tags', @$_POST['add_tags'], true, PATTERN_ID);
+check_input_parameter('del_tags', @$_POST['del_tags'], true, PATTERN_ID);
+check_input_parameter('associate', @$_POST['associate'], false, PATTERN_ID);
+check_input_parameter('dissociate', @$_POST['dissociate'], false, PATTERN_ID);
+
if (isset($_POST['delete']))
{
if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion'])