From 4fa3f949d9c838d7f759f667b075647b91ace300 Mon Sep 17 00:00:00 2001 From: plegall Date: Mon, 13 Sep 2010 20:52:20 +0000 Subject: bug 1849 fixed: protect $_GET keys against SQL injections before parsing URL. git-svn-id: http://piwigo.org/svn/branches/2.1@6905 68402e56-0260-453c-a942-63ccdbb3a9ee --- include/section_init.inc.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'include/section_init.inc.php') diff --git a/include/section_init.inc.php b/include/section_init.inc.php index 35d93ba5c..74900af86 100644 --- a/include/section_init.inc.php +++ b/include/section_init.inc.php @@ -61,6 +61,10 @@ else $rewritten = $key; break; } + + // the $_GET keys are not protected in include/common.inc.php, only the values + $rewritten = pwg_db_real_escape_string($rewritten); + $page['root_path'] = PHPWG_ROOT_PATH; } -- cgit v1.2.3