adam/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-06-02 04:15:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

bug 246 fixed : GET parameter "search" is not completely checked before

Browse Source 
usage in SQL queries. Simple check : if a ";" if found, execution stops.


git-svn-id: http://piwigo.org/svn/branches/branch-1_5@988 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2005-12-25 22:34:44 +00:00
parent 2268adf642
commit 7bdb132ffc
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/functions_category.inc.php
+6
View File
@@ -381,6 +381,12 @@ function initialize_category( $calling_page = 'category' )
// search result
if ( $page['cat'] == 'search' )
{
// SQL injection hacking attempt?
if (strpos($_GET['search'], ';') !== false)
{
die('Hacking attempt on "search" GET parameter');
}
// analyze search string given in URL (created in search.php)
$tokens = explode('|', $_GET['search']);