From 6ac6db0d2da3ba43f1203751afd34ce7353944be Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Fri, 7 Feb 2020 17:17:17 +0100
Subject: [PATCH] issue #1150 also protect groupe name on API methods

---
 include/ws_functions/pwg.groups.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/ws_functions/pwg.groups.php b/include/ws_functions/pwg.groups.php
index a64c8df31..cba84e441 100644
--- a/include/ws_functions/pwg.groups.php
+++ b/include/ws_functions/pwg.groups.php
@@ -61,7 +61,7 @@ SELECT
  */
 function ws_groups_add($params, &$service)
 {
-  $params['name'] = pwg_db_real_escape_string($params['name']);
+  $params['name'] = pwg_db_real_escape_string(strip_tags(stripslashes($params['name'])));
 
   // is the name not already used ?
   $query = '
@@ -180,7 +180,7 @@ SELECT COUNT(*)
 
   if (!empty($params['name']))
   {
-    $params['name'] = pwg_db_real_escape_string($params['name']);
+    $params['name'] = pwg_db_real_escape_string(strip_tags(stripslashes($params['name'])));
 
     // is the name not already used ?
     $query = '