Changeset 11157


Ignore:
Timestamp:
May 31, 2011, 10:32:16 PM (13 years ago)
Author:
plg
Message:

bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.2/profile.php

    r8728 r11157  
    147147    {
    148148      $errors[] = l10n('Recent period must be a positive integer value') ;
     149    }
     150
     151    if (!in_array($_POST['language'], array_keys(get_languages())))
     152    {
     153      die('Hacking attempt, incorrect language value');
     154    }
     155
     156    if (!in_array($_POST['theme'], array_keys(get_pwg_themes())))
     157    {
     158      die('Hacking attempt, incorrect theme value');
    149159    }
    150160  }
Note: See TracChangeset for help on using the changeset viewer.