iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-05-03 12:02:51 +02:00
Code Issues Packages Projects Releases Wiki Activity

bug 1329 fixed: add a check_input_parameter function to prevent hacking

Browse Source 
attempts.

git-svn-id: http://piwigo.org/svn/branches/2.0@4495 68402e56-0260-453c-a942-63ccdbb3a9ee
This commit is contained in:
plegall
2009-12-15 00:33:57 +00:00
parent 8bbbe6c794
commit 742e2a7c0a
6 changed files with 59 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
include/functions.inc.php
View File

@@ -1492,4 +1492,47 @@ function get_comment_post_key($image_id)
)
);
}
/*
* breaks the script execution if the given value doesn't match the given
* pattern. This should happen only during hacking attempts.
*
* @param string param_name
* @param mixed param_value
* @param boolean is_array
* @param string pattern
*
* @return void
*/
function check_input_parameter($param_name, $param_value, $is_array, $pattern)
{
// it's ok if the input parameter is null
if (empty($param_value))
{
return true;
}
if ($is_array)
{
if (!is_array($param_value))
{
die('[Hacking attempt] the input parameter "'.$param_name.'" should be an array');
}
foreach ($param_value as $item_to_check)
{
if (!preg_match($pattern, $item_to_check))
{
die('[Hacking attempt] an item is not valid in input parameter "'.$param_name.'"');
}
}
}
else
{
if (!preg_match($pattern, $param_value))
{
die('[Hacking attempt] the input parameter "'.$param_name.'" is not valid');
}
}
}
?>