Ignore:
Timestamp:
Jan 8, 2015, 2:11:03 PM (9 years ago)
Author:
plg
Message:

merge r30864 from trunk to branch 2.6

bug 3186: improved security on search.php

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.6/include/functions.inc.php

    r27044 r30866  
    18881888    }
    18891889
    1890     foreach ($param_value as $item_to_check)
    1891     {
    1892       if (!preg_match($pattern, $item_to_check))
     1890    foreach ($param_value as $key => $item_to_check)
     1891    {
     1892      if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check))
    18931893      {
    18941894        fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
Note: See TracChangeset for help on using the changeset viewer.