iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #825, check user input on Batch Manager, unit mode, to prevent SQL injection

Browse Source
This commit is contained in:
plegall
2017-12-18 16:44:42 +01:00
parent 77f02bfd76
commit 9028c75c1f
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
admin/batch_manager_unit.php
View File

@@ -47,6 +47,7 @@ trigger_notify('loc_begin_element_set_unit');
if (isset($_POST['submit']))
{
check_input_parameter('element_ids', $_POST, false, '/^\d+(,\d+)*$/');
$collection = explode(',', $_POST['element_ids']);
$datas = array();