From 9faae3e25edb54b38f63e53d62c3f7f5958bd04b Mon Sep 17 00:00:00 2001 From: plegall Date: Thu, 12 Feb 2015 14:29:19 +0000 Subject: bug 3200 fixed: add input checks on admin history git-svn-id: http://piwigo.org/svn/trunk@30948 68402e56-0260-453c-a942-63ccdbb3a9ee --- admin/history.php | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) (limited to 'admin/history.php') diff --git a/admin/history.php b/admin/history.php index 7cc51d821..190ad334b 100644 --- a/admin/history.php +++ b/admin/history.php @@ -75,11 +75,15 @@ if (isset($_POST['submit'])) // dates if (!empty($_POST['start'])) { + $_POST['start'] = trim($_POST['start']); + check_input_parameter('start', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/'); $search['fields']['date-after'] = $_POST['start']; } if (!empty($_POST['end'])) { + $_POST['end'] = trim($_POST['end']); + check_input_parameter('end', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/'); $search['fields']['date-before'] = $_POST['end']; } @@ -89,10 +93,11 @@ if (isset($_POST['submit'])) } else { + check_input_parameter('types', $_POST, true, '/^('.implode('|', $types).')$/'); $search['fields']['types'] = $_POST['types']; } - $search['fields']['user'] = $_POST['user']; + $search['fields']['user'] = intval($_POST['user']); if (!empty($_POST['image_id'])) { @@ -117,6 +122,8 @@ if (isset($_POST['submit'])) ); } + check_input_parameter('display_thumbnail', $_POST, false, '/^('.implode('|', array_keys($display_thumbnails)).')$/'); + $search['fields']['display_thumbnail'] = $_POST['display_thumbnail']; // Display choise are also save to one cookie if (!empty($_POST['display_thumbnail']) @@ -142,8 +149,9 @@ if (isset($_POST['submit'])) INSERT INTO '.SEARCH_TABLE.' (rules) VALUES - (\''.serialize($search).'\') + (\''.pwg_db_real_escape_string(serialize($search)).'\') ;'; + pwg_query($query); $search_id = pwg_db_insert_id(SEARCH_TABLE); @@ -618,4 +626,4 @@ $template->assign('display_thumbnail_selected', $form['display_thumbnail']); // +-----------------------------------------------------------------------+ $template->assign_var_from_handle('ADMIN_CONTENT', 'history'); -?> \ No newline at end of file +?> -- cgit v1.2.3