protect session data with pwg_db_real_escape_string

git-svn-id: http://piwigo.org/svn/trunk@20281 68402e56-0260-453c-a942-63ccdbb3a9ee

include/functions_session.inc.php

@@ -148,7 +148,7 @@ function pwg_session_write($session_id, $data)
   $query = '
 REPLACE INTO '.SESSIONS_TABLE.'
   (id,data,expiration)
-  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.str_replace("'", "\'", $data).'\',now())
+  VALUES(\''.get_remote_addr_session_hash().$session_id.'\',\''.pwg_db_real_escape_string($data).'\',now())
 ;';
   pwg_query($query);
   return true;