diff options
author | plegall <plg@piwigo.org> | 2015-01-08 13:06:27 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2015-01-08 13:06:27 +0000 |
commit | 639edaa04b6082ea6e46644022ed9898292cf43b (patch) | |
tree | cd866154da16da4f5d4083dc5c8c9519ced222d7 /include/functions.inc.php | |
parent | 503f13db47a3cf917b7098a9ad3d35ae9ed81a84 (diff) |
bug 3186: improved security on search.php
git-svn-id: http://piwigo.org/svn/trunk@30864 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r-- | include/functions.inc.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php index 7d8957bd3..4ba5eb54c 100644 --- a/include/functions.inc.php +++ b/include/functions.inc.php @@ -1877,9 +1877,9 @@ function check_input_parameter($param_name, $param_array, $is_array, $pattern, $ fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array'); } - foreach ($param_value as $item_to_check) + foreach ($param_value as $key => $item_to_check) { - if (!preg_match($pattern, $item_to_check)) + if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check)) { fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"'); } |