aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_rate.inc.php
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2014-11-21 12:20:49 +0000
committerplegall <plg@piwigo.org>2014-11-21 12:20:49 +0000
commit2fce0ab1d0116f7fd3dc6732bfbfe5e517b3f5c1 (patch)
tree2d3206ce01b85694ea3d5e94e79d214d7fb804cc /include/functions_rate.inc.php
parent34c7adb96d0c11b7005da618bf8de331db41aec3 (diff)
merge r30563 from trunk to branch 2.6
bug 3178 fixed, in_array check is not reliable when you compare string (user input) and numeric values git-svn-id: http://piwigo.org/svn/branches/2.6@30567 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_rate.inc.php')
-rw-r--r--include/functions_rate.inc.php1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/functions_rate.inc.php b/include/functions_rate.inc.php
index ae896c29a..11bb7e8bf 100644
--- a/include/functions_rate.inc.php
+++ b/include/functions_rate.inc.php
@@ -39,6 +39,7 @@ function rate_picture($image_id, $rate)
if (!isset($rate)
or !$conf['rate']
+ or !preg_match('/^[0-9]+$/', $rate)
or !in_array($rate, $conf['rate_items']))
{
return false;