mirror of
https://github.com/Piwigo/Piwigo.git
synced 2026-07-13 13:21:43 +02:00
merge r30864 from trunk to branch 2.5
bug 3186: improved security on search.php git-svn-id: http://piwigo.org/svn/branches/2.5@30865 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
@@ -1565,9 +1565,9 @@ function check_input_parameter($param_name, $param_array, $is_array, $pattern)
|
||||
fatal_error('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
|
||||
}
|
||||
|
||||
foreach ($param_value as $item_to_check)
|
||||
foreach ($param_value as $key => $item_to_check)
|
||||
{
|
||||
if (!preg_match($pattern, $item_to_check))
|
||||
if (!preg_match(PATTERN_ID, $key) or !preg_match($pattern, $item_to_check))
|
||||
{
|
||||
fatal_error('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user