Changeset 7490


Ignore:
Timestamp:
10/30/10 00:53:26 (9 years ago)
Author:
plg
Message:

merge r7489 from branch 2.1 to trunk

bug 1908 fixed: protect the uploaded photo filename against SQL injection.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/include/functions_upload.inc.php

    r7170 r7490  
    104104  // database registration 
    105105  $insert = array( 
    106     'file' => isset($original_filename) ? $original_filename : basename($file_path), 
     106    'file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 
    107107    'date_available' => $dbnow, 
    108108    'tn_ext' => 'jpg', 
Note: See TracChangeset for help on using the changeset viewer.