Changeset 6905


Ignore:
Timestamp:
Sep 13, 2010, 10:52:20 PM (10 years ago)
Author:
plg
Message:

bug 1849 fixed: protect $_GET keys against SQL injections before parsing URL.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.1/include/section_init.inc.php

    r6669 r6905  
    6262    break;
    6363  }
     64 
     65  // the $_GET keys are not protected in include/common.inc.php, only the values
     66  $rewritten = pwg_db_real_escape_string($rewritten);
     67 
    6468  $page['root_path'] = PHPWG_ROOT_PATH;
    6569}
Note: See TracChangeset for help on using the changeset viewer.