diff options
| author | Philip Häusler <msquare@notrademark.de> | 2011-06-13 19:04:16 +0200 |
|---|---|---|
| committer | Philip Häusler <msquare@notrademark.de> | 2011-06-13 19:04:16 +0200 |
| commit | 377c24e13d403deedc399b427d3e776b2208b31a (patch) | |
| tree | c33129a4888f7f1ad1bbe458b331413cf98c9dc6 /public | |
| parent | 04973d1fa148381978b1251d10118e6bab86f435 (diff) | |
secure page selection
Diffstat (limited to 'public')
| -rw-r--r-- | public/index.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/public/index.php b/public/index.php index e1a4496f..83443879 100644 --- a/public/index.php +++ b/public/index.php @@ -28,7 +28,7 @@ if (isset ($_REQUEST['auth'])) // Gewünschte Seite/Funktion $p = isset ($user) ? "news" : "start"; -if (isset ($_REQUEST['p'])) +if (isset ($_REQUEST['p']) && preg_match("/^[a-z0-9_]*$/i", $_REQUEST['p']) && sql_num_query("SELECT * FROM `Privileges` WHERE `name`='" . sql_escape($_REQUEST['p']) . "' LIMIT 1") > 0) $p = $_REQUEST['p']; $title = Get_Text($p); |