iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

issue #2237 clean user input on custom tag_list

Browse Source
This commit is contained in:
plegall
2024-11-11 12:37:24 +01:00
parent 32b3eaf089
commit 7bb3994fc6
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/ws_functions/pwg.images.php
View File

@@ -2641,6 +2641,12 @@ SELECT *
return new PwgError(WS_ERR_INVALID_PARAM, 'Do not use tag_list and tag_ids at the same time.');
}
// clean user input
foreach ($_REQUEST['tag_list'] as $idx => $tag_candidate)
{
$_REQUEST['tag_list'][$idx] = pwg_db_real_escape_string(strip_tags(stripslashes($tag_candidate)));
}
$tag_list = get_tag_ids($_REQUEST['tag_list']);
set_tags($tag_list, $params['image_id']);
}