mirrors/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2025-04-30 05:09:57 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

merge r6905 from branch 2.1 to trunk

Browse source 
bug 1849 fixed: protect $_GET keys against SQL injections before parsing URL.



git-svn-id: http://piwigo.org/svn/trunk@6906 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall 2010-09-13 20:52:47 +00:00
parent 5421126743
commit 7ce249f0bb
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
include/section_init.inc.php
View file

@ -61,6 +61,10 @@ else
$rewritten = $key; $rewritten = $key;
break; break;
} }
// the $_GET keys are not protected in include/common.inc.php, only the values
$rewritten = pwg_db_real_escape_string($rewritten);
$page['root_path'] = PHPWG_ROOT_PATH; $page['root_path'] = PHPWG_ROOT_PATH;
} }