Changeset 30865
- Timestamp:
- Jan 8, 2015, 2:09:38 PM (9 years ago)
- Location:
- branches/2.5
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.5/include/functions.inc.php
r22654 r30865 1566 1566 } 1567 1567 1568 foreach ($param_value as $ item_to_check)1569 { 1570 if (!preg_match( $pattern, $item_to_check))1568 foreach ($param_value as $key => $item_to_check) 1569 { 1570 if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check)) 1571 1571 { 1572 1572 fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"'); -
branches/2.5/search.php
r27933 r30865 49 49 { 50 50 check_input_parameter('mode', $_POST, false, '/^(OR|AND)$/'); 51 51 52 52 $drop_char_match = array( 53 53 '-','^','$',';','#','&','(',')','<','>','`','\'','"','|',',','@','_', … … 106 106 107 107 // dates 108 check_input_parameter('date_type', $_POST, false, '/^date_(creation|available)$/'); 109 108 110 $type_date = $_POST['date_type']; 109 111 … … 145 147 (rules, last_seen) 146 148 VALUES 147 (\''. serialize($search).'\', NOW())149 (\''.pwg_db_real_escape_string(serialize($search)).'\', NOW()) 148 150 ;'; 149 151 pwg_query($query);
Note: See TracChangeset
for help on using the changeset viewer.