harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

check input is hex before sending it to hex2bin

Browse Source
This commit is contained in:
zotlabs 2017-08-30 21:45:54 -07:00
parent f436ec6f21
commit 74f55d1504
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/photos.php
View File

@ -595,7 +595,7 @@ function photos_album_exists($channel_id, $observer_hash, $album) {
// partial backward compatibility with Hubzilla < 2.4 when we used the filename only // partial backward compatibility with Hubzilla < 2.4 when we used the filename only
// (ambiguous which would get chosen if you had two albums of the same name in different directories) // (ambiguous which would get chosen if you had two albums of the same name in different directories)
if(!$r) { if(!$r && ctype_xdigit($album)) {
$r = q("SELECT folder, hash, is_dir, filename, os_path, display_path FROM attach WHERE filename = '%s' AND is_dir = 1 AND uid = %d $sql_extra limit 1", $r = q("SELECT folder, hash, is_dir, filename, os_path, display_path FROM attach WHERE filename = '%s' AND is_dir = 1 AND uid = %d $sql_extra limit 1",
dbesc(hex2bin($album)), dbesc(hex2bin($album)),
intval($channel_id) intval($channel_id)