mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-26 19:29:58 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixes #1910 prevent SQL injection

Browse source
This commit is contained in:
plegall 2023-05-05 10:23:47 +02:00
parent 0e040c9d24
commit 3ad922815c
1 changed files with 3 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
admin/permalinks.php
View file

@ -73,6 +73,8 @@ if (!defined('PHPWG_ROOT_PATH')) die('Hacking attempt!');
include_once(PHPWG_ROOT_PATH.'admin/include/functions_permalinks.php'); include_once(PHPWG_ROOT_PATH.'admin/include/functions_permalinks.php');
check_input_parameter('cat_id', $_POST, false, PATTERN_ID);
$selected_cat = array(); $selected_cat = array();
if ( isset($_POST['set_permalink']) and $_POST['cat_id']>0 ) if ( isset($_POST['set_permalink']) and $_POST['cat_id']>0 )
{ {
@ -89,7 +91,7 @@ elseif ( isset($_GET['delete_permanent']) )
check_pwg_token(); check_pwg_token();
$query = ' $query = '
DELETE FROM '.OLD_PERMALINKS_TABLE.' DELETE FROM '.OLD_PERMALINKS_TABLE.'
WHERE permalink=\''.$_GET['delete_permanent'].'\' WHERE permalink=\''.pwg_db_real_escape_string($_GET['delete_permanent']).'\'
LIMIT 1'; LIMIT 1';
$result = pwg_query($query); $result = pwg_query($query);
if (pwg_db_changes($result)==0) if (pwg_db_changes($result)==0)