diff options
-rw-r--r-- | include/section_init.inc.php | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/section_init.inc.php b/include/section_init.inc.php index a4e10f806..38536ba90 100644 --- a/include/section_init.inc.php +++ b/include/section_init.inc.php @@ -61,6 +61,10 @@ else $rewritten = $key; break; } + + // the $_GET keys are not protected in include/common.inc.php, only the values + $rewritten = pwg_db_real_escape_string($rewritten); + $page['root_path'] = PHPWG_ROOT_PATH; } |