Checked

[nucleus-jp/nucleus-plugins.git] / NP_gallery / trunk / gallery / forms.php

diff --git a/NP_gallery/trunk/gallery/forms.php b/NP_gallery/trunk/gallery/forms.php
index 5a14d98..21cb425 100644 (file)
--- a/NP_gallery/trunk/gallery/forms.php
+++ b/NP_gallery/trunk/gallery/forms.php
@@ -293,6 +293,7 @@ function addPictureForm($albumid = 0, $num_files = 0) {
 \r
 function addpictureformjupload($albumid = 0, $num_files = 0) {\r
        global $NPG_CONF,$CONF;\r
+       if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
        $exist_temp_table = mysql_query('SELECT 1 FROM '.$NPG_CONF['temp_table'].' LIMIT 0');\r
        if ($exist_temp_table) sql_query('drop table '. $NPG_CONF['temp_table']);\r
 \r
@@ -358,6 +359,7 @@ function addTempPictureForm($albumid = 0) {
        global $NPG_CONF, $gmember,$manager,$CONF,$NP_BASE_DIR;\r
        \r
        $NPG_CONF = getNPGConfig();\r
+       if (!preg_match('/^([a-z0-9_]+|`[^`]+`)$/i',$NPG_CONF['temp_table'])) exit;\r
        $table_name = $NPG_CONF['temp_table'];\r
        \r
        $promo_allowed = false;\r