Skip to content
Permalink
Browse files

fixes #1009 check group_selection parameter to be only an array of ids

  • Loading branch information...
plegall committed Aug 12, 2019
1 parent 776f8fa commit 4932bc502b468e97f70b4f6cc2a6c7eb9b58be47
Showing with 2 additions and 1 deletion.
  1. +2 −1 admin/group_list.php
@@ -51,7 +51,7 @@
$query = '
SELECT COUNT(*)
FROM `'.GROUPS_TABLE.'`
WHERE name = \''.$_POST['groupname'].'\'
WHERE name = \''.pwg_db_real_escape_string($_POST['groupname']).'\'
;';
list($count) = pwg_db_fetch_row(pwg_query($query));
if ($count != 0)
@@ -82,6 +82,7 @@
// +-----------------------------------------------------------------------+
if (isset($_POST['submit']) and isset($_POST['selectAction']) and isset($_POST['group_selection']))
{
check_input_parameter('group_selection', $_POST, true, PATTERN_ID);
// if the user tries to apply an action, it means that there is at least 1
// photo in the selection
$groups = $_POST['group_selection'];

0 comments on commit 4932bc5

Please sign in to comment.
You can’t perform that action at this time.