Checked

[nucleus-jp/nucleus-plugins.git] / NP_gallery / trunk / gallery / add_picture.php

diff --git a/NP_gallery/trunk/gallery/add_picture.php b/NP_gallery/trunk/gallery/add_picture.php
index a9b1896..19025bd 100644 (file)
--- a/NP_gallery/trunk/gallery/add_picture.php
+++ b/NP_gallery/trunk/gallery/add_picture.php
@@ -70,7 +70,7 @@ if(!$NPG_CONF['batch_add_num']) $NPG_CONF['batch_add_num'] = 10;
 \r
 //todo: display header\r
 \r
-\r
+if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
 $type = requestvar('type');\r
 switch($type) {\r
        case 'firststage':\r
@@ -366,6 +366,7 @@ switch($type) {
 function add_temp($albumid = 0, $filename, $filetype, $filesize, $filetempname, $description = '') {\r
        global $NPG_CONF, $gmember, $NP_BASE_DIR,$manager;\r
        $memberid = $gmember->getID();\r
+       if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
        $temp_table = $NPG_CONF['temp_table'];\r
        $int_filename = '';\r
        $thumb_filename = '';\r