Changeset 28678


Ignore:
Timestamp:
Jun 12, 2014, 11:33:20 AM (6 years ago)
Author:
plg
Message:

bug 3089: prevent SQL injection on photo edition

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/admin/picture_modify.php

    r28587 r28678  
    156156    $_POST['associate'] = array();
    157157  }
     158  check_input_parameter('associate', $_POST, true, PATTERN_ID);
    158159  move_images_to_categories(array($_GET['image_id']), $_POST['associate']);
    159160
     
    165166    $_POST['represent'] = array();
    166167  }
     168  check_input_parameter('represent', $_POST, true, PATTERN_ID);
    167169
    168170  $no_longer_thumbnail_for = array_diff($represented_albums, $_POST['represent']);
Note: See TracChangeset for help on using the changeset viewer.