fixes #1009 check group_selection parameter to be only an array of ids

This commit is contained in:
plegall
2019-08-12 14:25:56 +02:00
parent 776f8fa186
commit 4932bc502b
+2 -1
View File
@@ -51,7 +51,7 @@ if (isset($_POST['submit_add']))
$query = '
SELECT COUNT(*)
FROM `'.GROUPS_TABLE.'`
WHERE name = \''.$_POST['groupname'].'\'
WHERE name = \''.pwg_db_real_escape_string($_POST['groupname']).'\'
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if ($count != 0)
@@ -82,6 +82,7 @@ INSERT INTO `'.GROUPS_TABLE.'`
// +-----------------------------------------------------------------------+
if (isset($_POST['submit']) and isset($_POST['selectAction']) and isset($_POST['group_selection']))
{
check_input_parameter('group_selection', $_POST, true, PATTERN_ID);
// if the user tries to apply an action, it means that there is at least 1
// photo in the selection
$groups = $_POST['group_selection'];