merge -c2755 from branch 2.0 to branch 1.7

- fix vulnerability http://www.milw0rm.com/exploits/6755 git-svn-id: http://piwigo.org/svn/branches/branch-1_7@2762 68402e56-0260-453c-a942-63ccdbb3a9ee
2026-06-02 04:15:05 +02:00 · 2008-10-16 19:34:46 +00:00
parent 9598532f67
commit 4411169d1a
2 changed files with 5 additions and 5 deletions
@@ -69,7 +69,7 @@ $page['since'] = isset($_GET['since']) ? $_GET['since'] : 4;
 //
 $page['sort_by'] = 'date';
 // if the form was submitted, it overloads default behaviour
-if (isset($_GET['sort_by']))
+if (isset($_GET['sort_by']) and isset($sort_by[$_GET['sort_by']]) )
 {
  $page['sort_by'] = $_GET['sort_by'];
 }
@@ -78,7 +78,7 @@ if (isset($_GET['sort_by']))
 //
 $page['sort_order'] = $sort_order['descending'];
 // if the form was submitted, it overloads default behaviour
-if (isset($_GET['sort_order']))
+if (isset($_GET['sort_order']) and isset($sort_order[$_GET['sort_order']]))
 {
  $page['sort_order'] = $sort_order[$_GET['sort_order']];
 }
@@ -16,7 +16,7 @@ function get_php_files($path, $to_ignore=array(), $recursive=true )
          if ( $recursive and is_dir($path.'/'.$node) )
          {
            $files = array_merge($files, get_php_files($path.'/'.$node, $to_ignore));
-            
+
          }
          if ( is_file($path.'/'.$node) )
          {
@@ -43,7 +43,7 @@ foreach ($files as $file)
  $code = preg_replace( '#\?'.'>.*<\?php#m', '', $code);
  $code = preg_replace( '#\/\*.*\*\/#m', '', $code);
  $code = preg_replace( '#\/\/.*#', '', $code);
-  
+
  $count = preg_match_all(
    '#[^a-zA-Z_$-]trigger_(action|event)\s*\(\s*([^,)]+)#m',
    $code, $matches
@@ -57,7 +57,7 @@ foreach ($files as $file)
  }
 }

-$sort= isset($_GET['sort']) ? $_GET['sort'] : 1;
+$sort= isset($_GET['sort']) ? (int)$_GET['sort'] : 1;
 usort(
  $events,
  create_function( '$a,$b', 'return $a['.$sort.']>$b['.$sort.'];' )