aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorplegall <plg@piwigo.org>2015-01-08 13:11:46 +0000
committerplegall <plg@piwigo.org>2015-01-08 13:11:46 +0000
commit6d04381f9d89651ae34452670a725d60e752affc (patch)
treeb7fe03d34dc0aa3a100a3519c81a1b9381a2e16b /include
parentbd4ff9fe713ed0b9ee122cf7812939f794c601d8 (diff)
merge r30864 from trunk to branch 2.7
bug 3186: improved security on search.php git-svn-id: http://piwigo.org/svn/branches/2.7@30867 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to 'include')
-rw-r--r--include/functions.inc.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/functions.inc.php b/include/functions.inc.php
index 7d8957bd3..4ba5eb54c 100644
--- a/include/functions.inc.php
+++ b/include/functions.inc.php
@@ -1877,9 +1877,9 @@ function check_input_parameter($param_name, $param_array, $is_array, $pattern, $
fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
}
- foreach ($param_value as $item_to_check)
+ foreach ($param_value as $key => $item_to_check)
{
- if (!preg_match($pattern, $item_to_check))
+ if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check))
{
fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
}