iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #1967 POST/GET input are already escaped

Browse Source
This commit is contained in:
plegall
2023-08-23 18:56:08 +02:00
parent 407cabcbe9
commit ab111cdbe2
1 changed files with 12 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
include/ws_functions/pwg.tags.php
View File

@@ -288,7 +288,7 @@ function ws_tags_rename($params, &$service)
}
$tag_id = $params['tag_id'];
$tag_name = $params['new_name'];
$tag_name = strip_tags(stripslashes($params['new_name']));
// does the tag exist ?
$query = '
@@ -318,7 +318,7 @@ SELECT name
else if (!empty($tag_name))
{
$update = array(
'name' => addslashes($tag_name),
'name' => pwg_db_real_escape_string($tag_name),
'url_name' => trigger_change('render_tag_url', $tag_name),
);
@@ -332,11 +332,16 @@ SELECT name
array('id' => $tag_id)
);
return array(
'id' => $tag_id,
'name' => addslashes($tag_name),
'url_name' => trigger_change('render_tag_url', $tag_name)
);
$query = '
SELECT
id,
name,
url_name
FROM '.TAGS_TABLE.'
WHERE id = '.$tag_id.'
;';
return query2array($query)[0];
}