Changeset 989


Ignore:
Timestamp:
12/25/05 23:37:07 (14 years ago)
Author:
plg
Message:

bug 247 fixed : image_id GET parameter was not checked for sanity before
usage in SQL queries. Now, image_id must be a numeric value.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/branch-1_5/picture.php

    r947 r989  
    4343  check_restrictions( $page['cat'] ); 
    4444} 
     45 
     46if (!is_numeric($_GET['image_id'])) 
     47{ 
     48  die('Hacking attempt on "image_id" GET parameter'); 
     49} 
     50 
    4551//---------------------------------------- incrementation of the number of hits 
    4652$query = ' 
Note: See TracChangeset for help on using the changeset viewer.