Changeset 11159


Ignore:
Timestamp:
05/31/11 22:32:41 (8 years ago)
Author:
plg
Message:

merge r11157 from branch 2.2 to trunk

bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/profile.php

    r10824 r11159  
    149149    { 
    150150      $errors[] = l10n('Recent period must be a positive integer value') ; 
     151    } 
     152 
     153    if (!in_array($_POST['language'], array_keys(get_languages()))) 
     154    { 
     155      die('Hacking attempt, incorrect language value'); 
     156    } 
     157 
     158    if (!in_array($_POST['theme'], array_keys(get_pwg_themes()))) 
     159    { 
     160      die('Hacking attempt, incorrect theme value'); 
    151161    } 
    152162  } 
Note: See TracChangeset for help on using the changeset viewer.