aboutsummaryrefslogtreecommitdiffstats
path: root/admin/history.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2015-02-12 14:30:14 +0000
committerplegall <plg@piwigo.org>2015-02-12 14:30:14 +0000
commitf07a61c105b62611dcb4d6b4dc51ac33c59500ca (patch)
tree124ede7564d8bb0ae1f0327fb50c19e2b0a678da /admin/history.php
parent11f530c514323b3d4e1912147aced7d736c11292 (diff)
merge r30948 from trunk to branch 2.7
bug 3200 fixed: add input checks on admin history git-svn-id: http://piwigo.org/svn/branches/2.7@30949 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--admin/history.php14
1 files changed, 11 insertions, 3 deletions
diff --git a/admin/history.php b/admin/history.php
index 7cc51d821..190ad334b 100644
--- a/admin/history.php
+++ b/admin/history.php
@@ -75,11 +75,15 @@ if (isset($_POST['submit']))
// dates
if (!empty($_POST['start']))
{
+ $_POST['start'] = trim($_POST['start']);
+ check_input_parameter('start', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/');
$search['fields']['date-after'] = $_POST['start'];
}
if (!empty($_POST['end']))
{
+ $_POST['end'] = trim($_POST['end']);
+ check_input_parameter('end', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/');
$search['fields']['date-before'] = $_POST['end'];
}
@@ -89,10 +93,11 @@ if (isset($_POST['submit']))
}
else
{
+ check_input_parameter('types', $_POST, true, '/^('.implode('|', $types).')$/');
$search['fields']['types'] = $_POST['types'];
}
- $search['fields']['user'] = $_POST['user'];
+ $search['fields']['user'] = intval($_POST['user']);
if (!empty($_POST['image_id']))
{
@@ -117,6 +122,8 @@ if (isset($_POST['submit']))
);
}
+ check_input_parameter('display_thumbnail', $_POST, false, '/^('.implode('|', array_keys($display_thumbnails)).')$/');
+
$search['fields']['display_thumbnail'] = $_POST['display_thumbnail'];
// Display choise are also save to one cookie
if (!empty($_POST['display_thumbnail'])
@@ -142,8 +149,9 @@ if (isset($_POST['submit']))
INSERT INTO '.SEARCH_TABLE.'
(rules)
VALUES
- (\''.serialize($search).'\')
+ (\''.pwg_db_real_escape_string(serialize($search)).'\')
;';
+
pwg_query($query);
$search_id = pwg_db_insert_id(SEARCH_TABLE);
@@ -618,4 +626,4 @@ $template->assign('display_thumbnail_selected', $form['display_thumbnail']);
// +-----------------------------------------------------------------------+
$template->assign_var_from_handle('ADMIN_CONTENT', 'history');
-?> \ No newline at end of file
+?>