diff options
author | plegall <plg@piwigo.org> | 2014-11-21 12:20:49 +0000 |
---|---|---|
committer | plegall <plg@piwigo.org> | 2014-11-21 12:20:49 +0000 |
commit | 2fce0ab1d0116f7fd3dc6732bfbfe5e517b3f5c1 (patch) | |
tree | 2d3206ce01b85694ea3d5e94e79d214d7fb804cc /include/functions_rate.inc.php | |
parent | 34c7adb96d0c11b7005da618bf8de331db41aec3 (diff) |
merge r30563 from trunk to branch 2.6
bug 3178 fixed, in_array check is not reliable when you compare string (user input) and numeric values
git-svn-id: http://piwigo.org/svn/branches/2.6@30567 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_rate.inc.php')
-rw-r--r-- | include/functions_rate.inc.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/functions_rate.inc.php b/include/functions_rate.inc.php index ae896c29a..11bb7e8bf 100644 --- a/include/functions_rate.inc.php +++ b/include/functions_rate.inc.php @@ -39,6 +39,7 @@ function rate_picture($image_id, $rate) if (!isset($rate) or !$conf['rate'] + or !preg_match('/^[0-9]+$/', $rate) or !in_array($rate, $conf['rate_items'])) { return false; |