mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-28 12:19:57 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

issue #2237 clean user input on custom tag_list

Browse source
This commit is contained in:
plegall 2024-11-11 12:37:24 +01:00
parent 32b3eaf089
commit 7bb3994fc6
1 changed files with 6 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
include/ws_functions/pwg.images.php
View file

@ -2641,6 +2641,12 @@ SELECT *
return new PwgError(WS_ERR_INVALID_PARAM, 'Do not use tag_list and tag_ids at the same time.'); return new PwgError(WS_ERR_INVALID_PARAM, 'Do not use tag_list and tag_ids at the same time.');
} }
// clean user input
foreach ($_REQUEST['tag_list'] as $idx => $tag_candidate)
{
$_REQUEST['tag_list'][$idx] = pwg_db_real_escape_string(strip_tags(stripslashes($tag_candidate)));
}
$tag_list = get_tag_ids($_REQUEST['tag_list']); $tag_list = get_tag_ids($_REQUEST['tag_list']);
set_tags($tag_list, $params['image_id']); set_tags($tag_list, $params['image_id']);
} }