\r
//todo: display header\r
\r
-\r
+if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
$type = requestvar('type');\r
switch($type) {\r
case 'firststage':\r
function add_temp($albumid = 0, $filename, $filetype, $filesize, $filetempname, $description = '') {\r
global $NPG_CONF, $gmember, $NP_BASE_DIR,$manager;\r
$memberid = $gmember->getID();\r
+ if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
$temp_table = $NPG_CONF['temp_table'];\r
$int_filename = '';\r
$thumb_filename = '';\r