diff options
author | mistic100 <mistic@piwigo.org> | 2013-01-20 11:48:53 +0000 |
---|---|---|
committer | mistic100 <mistic@piwigo.org> | 2013-01-20 11:48:53 +0000 |
commit | 3d81c8d2cbf63523c7285b46ea2f4d62ee4aef80 (patch) | |
tree | cca38212553df0e228fb3767bbc26a3fbf2a65a8 /include/functions_session.inc.php | |
parent | 61fca5efdced97488ccaab85aa73a8821a397d54 (diff) |
protect session data with pwg_db_real_escape_string
git-svn-id: http://piwigo.org/svn/trunk@20281 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include/functions_session.inc.php')
-rw-r--r-- | include/functions_session.inc.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/functions_session.inc.php b/include/functions_session.inc.php index 7888443bd..213fceb21 100644 --- a/include/functions_session.inc.php +++ b/include/functions_session.inc.php @@ -148,7 +148,7 @@ function pwg_session_write($session_id, $data) $query = ' REPLACE INTO '.SESSIONS_TABLE.' (id,data,expiration) - VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.str_replace("'", "\'", $data).'\',now()) + VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.pwg_db_real_escape_string($data).'\',now()) ;'; pwg_query($query); return true; |