diff options
author | plegall <plg@piwigo.org> | 2010-09-13 21:10:27 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2010-09-13 21:10:27 +0000 |
commit | faa88d61bd7a3bd573344f49155b0cc00903aff8 (patch) | |
tree | 0513a5a9bfdc13a2afb210ca86db0836dee41733 /comments.php | |
parent | 4a28e4dfcd6ee5861e009373b707867a535bac97 (diff) |
bug 1850 fixed: strong check of $_GET['cat']
git-svn-id: http://piwigo.org/svn/branches/2.1@6909 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'comments.php')
-rw-r--r-- | comments.php | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/comments.php b/comments.php index cda791ca6..0ffb05d97 100644 --- a/comments.php +++ b/comments.php @@ -104,6 +104,8 @@ $page['where_clauses'] = array(); // which category to filter on ? if (isset($_GET['cat']) and 0 != $_GET['cat']) { + check_input_parameter('cat', $_GET, false, PATTERN_ID); + $page['where_clauses'][] = 'category_id IN ('.implode(',', get_subcat_ids(array($_GET['cat']))).')'; } |