diff options
Diffstat (limited to 'code/admin/ajax.php')
| -rw-r--r-- | code/admin/ajax.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/code/admin/ajax.php b/code/admin/ajax.php index 0893843..fd6dab5 100644 --- a/code/admin/ajax.php +++ b/code/admin/ajax.php @@ -15,11 +15,12 @@ } function save_page_props($path) { - //TODO : Should validate props here also... $props=load_page_props($path); foreach ( array('page_title', 'page_description', 'page_keywords') as $k ) { - if ( array_key_exists($k,$_GET) ) $props[$k]=$_GET[$k]; + if ( array_key_exists($k,$_GET) ) { + $props[$k]= sanitize($_GET, $k, RE_TEXT_LINE_CLEANER, ''); + } } $ini_path="content/$path/props.ini"; @@ -31,8 +32,8 @@ } // URL params clean-up - $action=sanitize($_GET, 'action', '/[^a-z_]+/', 'none'); /* Could be : load_page_props, load_media_props... */ - $path=sanitize($_GET, 'path', '/[^a-z0-9\/]+/', ''); // Never put \. in this regex + $action=sanitize($_GET, 'action', RE_IDENTIFIER_CLEANER, 'none'); /* Could be : load_page_props, load_media_props... */ + $path = sanitize($_GET, 'path', RE_RELPATH_CLEANER, ''); switch($action) { case 'load_page_props': |