Changeset 11157


Ignore:
Timestamp:
05/31/11 22:32:16 (8 years ago)
Author:
plg
Message:

bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.2/profile.php

    r8728 r11157  
    147147    { 
    148148      $errors[] = l10n('Recent period must be a positive integer value') ; 
     149    } 
     150 
     151    if (!in_array($_POST['language'], array_keys(get_languages()))) 
     152    { 
     153      die('Hacking attempt, incorrect language value'); 
     154    } 
     155 
     156    if (!in_array($_POST['theme'], array_keys(get_pwg_themes()))) 
     157    { 
     158      die('Hacking attempt, incorrect theme value'); 
    149159    } 
    150160  } 
Note: See TracChangeset for help on using the changeset viewer.