Permalink
Browse files

merge r11157 from branch 2.2 to trunk

bug 2280 fixed: check language and theme values before updating database. The
posted value must match an expected value, this is not a free texfield.



git-svn-id: http://piwigo.org/svn/trunk@11159 68402e56-0260-453c-a942-63ccdbb3a9ee
  • Loading branch information...
plegall committed May 31, 2011
1 parent 2578084 commit 70841e0f5076b04bc596f2a37c3714ed6cb9ac92
Showing with 10 additions and 0 deletions.
  1. +10 −0 profile.php
@@ -149,6 +149,16 @@ function save_profile_from_post($userdata, &$errors)
{
$errors[] = l10n('Recent period must be a positive integer value') ;
}
if (!in_array($_POST['language'], array_keys(get_languages())))
{
die('Hacking attempt, incorrect language value');
}
if (!in_array($_POST['theme'], array_keys(get_pwg_themes())))
{
die('Hacking attempt, incorrect theme value');
}
}
if (isset($_POST['mail_address']))

0 comments on commit 70841e0

Please sign in to comment.