Changeset 6906


Ignore:
Timestamp:
09/13/10 22:52:47 (9 years ago)
Author:
plg
Message:

merge r6905 from branch 2.1 to trunk

bug 1849 fixed: protect $_GET keys against SQL injections before parsing URL.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/include/section_init.inc.php

    r6668 r6906  
    6262    break; 
    6363  } 
     64   
     65  // the $_GET keys are not protected in include/common.inc.php, only the values 
     66  $rewritten = pwg_db_real_escape_string($rewritten); 
     67   
    6468  $page['root_path'] = PHPWG_ROOT_PATH; 
    6569} 
Note: See TracChangeset for help on using the changeset viewer.