Changeset 30866
- Timestamp:
- Jan 8, 2015, 2:11:03 PM (9 years ago)
- Location:
- branches/2.6
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.6/include/functions.inc.php
r27044 r30866 1888 1888 } 1889 1889 1890 foreach ($param_value as $ item_to_check)1891 { 1892 if (!preg_match( $pattern, $item_to_check))1890 foreach ($param_value as $key => $item_to_check) 1891 { 1892 if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check)) 1893 1893 { 1894 1894 fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"'); -
branches/2.6/search.php
r26825 r30866 106 106 107 107 // dates 108 check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/'); 109 108 110 $type_date = $_POST['date_type']; 109 111 … … 145 147 (rules, last_seen) 146 148 VALUES 147 (\''. serialize($search).'\', NOW())149 (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW()) 148 150 ;'; 149 151 pwg_query($query);
Note: See TracChangeset
for help on using the changeset viewer.