Changeset 11159


Ignore:
Timestamp:
May 31, 2011, 10:32:41 PM (13 years ago)
Author:
plg
Message:

merge r11157 from branch 2.2 to trunk

bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/profile.php

    r10824 r11159  
    149149    {
    150150      $errors[] = l10n('Recent period must be a positive integer value') ;
     151    }
     152
     153    if (!in_array($_POST['language'], array_keys(get_languages())))
     154    {
     155      die('Hacking attempt, incorrect language value');
     156    }
     157
     158    if (!in_array($_POST['theme'], array_keys(get_pwg_themes())))
     159    {
     160      die('Hacking attempt, incorrect theme value');
    151161    }
    152162  }
Note: See TracChangeset for help on using the changeset viewer.