From 9671454e75b4f1cc93563ba5a53668a3735d8e78 Mon Sep 17 00:00:00 2001 From: plegall Date: Mon, 18 Dec 2017 17:06:37 +0100 Subject: [PATCH] fixes #826, check input parameter order_by in configuration --- admin/configuration.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/admin/configuration.php b/admin/configuration.php index 9e8cc5268..caed2a1bc 100644 --- a/admin/configuration.php +++ b/admin/configuration.php @@ -161,6 +161,8 @@ if (isset($_POST['submit'])) { if ( !empty($_POST['order_by']) ) { + check_input_parameter('order_by', $_POST, true, '/^('.implode('|', array_keys($sort_fields)).')$/'); + $used = array(); foreach ($_POST['order_by'] as $i => $val) {