Changeset 989


Ignore:
Timestamp:
Dec 25, 2005, 11:37:07 PM (15 years ago)
Author:
plg
Message:

bug 247 fixed : image_id GET parameter was not checked for sanity before
usage in SQL queries. Now, image_id must be a numeric value.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/branch-1_5/picture.php

    r947 r989  
    4343  check_restrictions( $page['cat'] );
    4444}
     45
     46if (!is_numeric($_GET['image_id']))
     47{
     48  die('Hacking attempt on "image_id" GET parameter');
     49}
     50
    4551//---------------------------------------- incrementation of the number of hits
    4652$query = '
Note: See TracChangeset for help on using the changeset viewer.