Changeset 30948 for trunk/admin/history.php
- Timestamp:
- Feb 12, 2015, 3:29:19 PM (9 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/admin/history.php
r28587 r30948 76 76 if (!empty($_POST['start'])) 77 77 { 78 $_POST['start'] = trim($_POST['start']); 79 check_input_parameter('start', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/'); 78 80 $search['fields']['date-after'] = $_POST['start']; 79 81 } … … 81 83 if (!empty($_POST['end'])) 82 84 { 85 $_POST['end'] = trim($_POST['end']); 86 check_input_parameter('end', $_POST, false, '/^\d{4}-\d{2}-\d{2}$/'); 83 87 $search['fields']['date-before'] = $_POST['end']; 84 88 } … … 90 94 else 91 95 { 96 check_input_parameter('types', $_POST, true, '/^('.implode('|', $types).')$/'); 92 97 $search['fields']['types'] = $_POST['types']; 93 98 } 94 99 95 $search['fields']['user'] = $_POST['user'];100 $search['fields']['user'] = intval($_POST['user']); 96 101 97 102 if (!empty($_POST['image_id'])) … … 118 123 } 119 124 125 check_input_parameter('display_thumbnail', $_POST, false, '/^('.implode('|', array_keys($display_thumbnails)).')$/'); 126 120 127 $search['fields']['display_thumbnail'] = $_POST['display_thumbnail']; 121 128 // Display choise are also save to one cookie … … 143 150 (rules) 144 151 VALUES 145 (\''. serialize($search).'\')152 (\''.pwg_db_real_escape_string(serialize($search)).'\') 146 153 ;'; 154 147 155 pwg_query($query); 148 156
Note: See TracChangeset
for help on using the changeset viewer.