Changeset 7489

Timestamp:

10/30/10 00:53:00 (3 years ago)

Author:

plg

Message:

bug 1908 fixed: protect the uploaded photo filename against SQL injection.

Files:

• branches/2.1/admin/include/functions_upload.inc.php (modified) (1 diff)

branches/2.1/admin/include/functions_upload.inc.php

@@ -104 +104 @@
   // database registration
   $insert = array(
-    'file' => isset($original_filename) ? $original_filename : basename($file_path),
+    'file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)),
     'date_available' => $dbnow,
     'tn_ext' => 'jpg',