Changeset 7490

Show
Ignore:
Timestamp:
10/30/10 00:53:26 (3 years ago)
Author:
plg
Message:

merge r7489 from branch 2.1 to trunk

bug 1908 fixed: protect the uploaded photo filename against SQL injection.

Files:
1 modified

Legend:

Unmodified
Added
Removed

  • trunk/admin/include/functions_upload.inc.php

    r7170 r7490  
    104104  // database registration 
    105105  $insert = array( 
    106     'file' => isset($original_filename) ? $original_filename : basename($file_path), 
     106    'file' => pwg_db_real_escape_string(isset($original_filename) ? $original_filename : basename($file_path)), 
    107107    'date_available' => $dbnow, 
    108108    'tn_ext' => 'jpg',