Browse Source

Security fix

Tobias Reich 11 years ago
parent
commit
c86a61ca7b
1 changed files with 2 additions and 0 deletions
  1. 2 0
      php/modules/misc.php

+ 2 - 0
php/modules/misc.php

@@ -13,7 +13,9 @@ function openGraphHeader($photoID) {
 
 	global $database;
 
+	$photoID = mysqli_real_escape_string($database, $photoID);
     if (!is_numeric($photoID)) return false;
+
     $result = $database->query("SELECT * FROM lychee_photos WHERE id = '$photoID';");
     $row = $result->fetch_object();