Ignore:
Timestamp:
Jan 8, 2015, 2:09:38 PM (9 years ago)
Author:
plg
Message:

merge r30864 from trunk to branch 2.5

bug 3186: improved security on search.php

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/2.5/include/functions.inc.php

    r22654 r30865  
    15661566    }
    15671567
    1568     foreach ($param_value as $item_to_check)
    1569     {
    1570       if (!preg_match($pattern, $item_to_check))
     1568    foreach ($param_value as $key => $item_to_check)
     1569    {
     1570      if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check))
    15711571      {
    15721572        fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
Note: See TracChangeset for help on using the changeset viewer.