From 742e2a7c0ac86e9bcce2fa6eef65214e869cd19c Mon Sep 17 00:00:00 2001 From: plegall Date: Tue, 15 Dec 2009 00:33:57 +0000 Subject: bug 1329 fixed: add a check_input_parameter function to prevent hacking attempts. git-svn-id: http://piwigo.org/svn/branches/2.0@4495 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/element_set_global.php | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'admin/element_set_global.php') diff --git a/admin/element_set_global.php b/admin/element_set_global.php index 2ad3ab164..05f4158b7 100644 --- a/admin/element_set_global.php +++ b/admin/element_set_global.php @@ -43,6 +43,12 @@ check_status(ACCESS_ADMINISTRATOR); // | deletion form submission | // +-----------------------------------------------------------------------+ +// the $_POST['selection'] was already checked in element_set.php +check_input_parameter('add_tags', @$_POST['add_tags'], true, PATTERN_ID); +check_input_parameter('del_tags', @$_POST['del_tags'], true, PATTERN_ID); +check_input_parameter('associate', @$_POST['associate'], false, PATTERN_ID); +check_input_parameter('dissociate', @$_POST['dissociate'], false, PATTERN_ID); + if (isset($_POST['delete'])) { if (isset($_POST['confirm_deletion']) and 1 == $_POST['confirm_deletion']) -- cgit v1.2.3