From 742e2a7c0ac86e9bcce2fa6eef65214e869cd19c Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Tue, 15 Dec 2009 00:33:57 +0000
Subject: bug 1329 fixed: add a check_input_parameter function to prevent
 hacking attempts.

git-svn-id: http://piwigo.org/svn/branches/2.0@4495 68402e56-0260-453c-a942-63ccdbb3a9ee
---
 admin/picture_modify.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'admin/picture_modify.php')

diff --git a/admin/picture_modify.php b/admin/picture_modify.php
index c142ae955..71b0d7777 100644
--- a/admin/picture_modify.php
+++ b/admin/picture_modify.php
@@ -33,6 +33,9 @@ include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
 // +-----------------------------------------------------------------------+
 check_status(ACCESS_ADMINISTRATOR);
 
+check_input_parameter('image_id', $_GET['image_id'], false, PATTERN_ID);
+check_input_parameter('cat_id', @$_GET['cat_id'], false, PATTERN_ID);
+
 // +-----------------------------------------------------------------------+
 // |                          synchronize metadata                         |
 // +-----------------------------------------------------------------------+
-- 
cgit v1.2.3