diff options
author | plegall <plg@piwigo.org> | 2009-12-15 00:33:57 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2009-12-15 00:33:57 +0000 |
commit | 742e2a7c0ac86e9bcce2fa6eef65214e869cd19c (patch) | |
tree | 39ece70263b1fb2ef881352f11e1f4a38b94afd7 /admin/picture_modify.php | |
parent | 8bbbe6c7943296a81df1c232ca7de0329295477f (diff) |
bug 1329 fixed: add a check_input_parameter function to prevent hacking
attempts.
git-svn-id: http://piwigo.org/svn/branches/2.0@4495 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'admin/picture_modify.php')
-rw-r--r-- | admin/picture_modify.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/admin/picture_modify.php b/admin/picture_modify.php index c142ae955..71b0d7777 100644 --- a/admin/picture_modify.php +++ b/admin/picture_modify.php @@ -33,6 +33,9 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php'); // +-----------------------------------------------------------------------+ check_status(ACCESS_ADMINISTRATOR); +check_input_parameter('image_id', $_GET['image_id'], false, PATTERN_ID); +check_input_parameter('cat_id', @$_GET['cat_id'], false, PATTERN_ID); + // +-----------------------------------------------------------------------+ // | synchronize metadata | // +-----------------------------------------------------------------------+ |