mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-05-01 05:40:02 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge r7489 from branch 2.1 to trunk

Browse source 
bug 1908 fixed: protect the uploaded photo filename against SQL injection.



git-svn-id: http://piwigo.org/svn/trunk@7490 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2010-10-29 22:53:26 +00:00
parent 7aae3dd985
commit 42a61b5cb8
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
admin/include/functions_upload.inc.php
View file

@ -103,7 +103,7 @@ function add_uploaded_file($source_filepath, $original_filename=null, $categorie
// database registration
$insert = array(
'file' => isset($original_filename) ? $original_filename : basename($file_path),
'file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)),
'date_available' => $dbnow,
'tn_ext' => 'jpg',
'path' => preg_replace('#^'.preg_quote(PHPWG_ROOT_PATH).'#', '', $file_path),