summaryrefslogtreecommitdiff
blob: bc18b452ca0294d843f8dba223330802ad1758e7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001
From: Deon George <wurley@users.sf.net>
Date: Thu, 6 Oct 2011 09:03:20 +1100
Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability

---
 lib/functions.php |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/functions.php b/lib/functions.php
index 19fde99..eb160dc 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
 	if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
 		debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
 
-	# if the array to sort is null or empty
-	if (! $data) return;
+	# if the array to sort is null or empty, or if we have some nasty chars
+	if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
+		return;
 
 	static $CACHE = array();
 
-- 
1.7.4.1