From 6d04381f9d89651ae34452670a725d60e752affc Mon Sep 17 00:00:00 2001 From: plegall Date: Thu, 8 Jan 2015 13:11:46 +0000 Subject: merge r30864 from trunk to branch 2.7 bug 3186: improved security on search.php git-svn-id: http://piwigo.org/svn/branches/2.7@30867 68402e56-0260-453c-a942-63ccdbb3a9ee --- search.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'search.php') diff --git a/search.php b/search.php index 697454ce0..e4528ea42 100644 --- a/search.php +++ b/search.php @@ -48,9 +48,8 @@ if (isset($_POST['submit'])) and !preg_match('/^\s*$/', $_POST['search_allwords'])) { check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/'); + check_input_parameter('fields', $_POST, true, '/^(name|comment|file)$/'); - $fields = array_intersect($_POST['fields'], array('name', 'comment', 'file')); - $drop_char_match = array( '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_', '?','%','~','.','[',']','{','}',':','\\','/','=','\'','!','*'); @@ -71,7 +70,7 @@ if (isset($_POST['submit'])) ) ), 'mode' => $_POST['mode'], - 'fields' => $fields, + 'fields' => $_POST['fields'], ); } @@ -112,6 +111,8 @@ if (isset($_POST['submit'])) } // dates + check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/'); + $type_date = $_POST['date_type']; if (!empty($_POST['start_year'])) @@ -151,7 +152,7 @@ if (isset($_POST['submit'])) INSERT INTO '.SEARCH_TABLE.' (rules, last_seen) VALUES - (\''.serialize($search).'\', NOW()) + (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW()) ;'; pwg_query($query); -- cgit v1.2.3