(cp 0649ad3) fixes #1924 protect API user input from SQL injections

2026-05-14 13:26:01 +02:00 · 2023-05-29 12:26:51 +02:00
parent 7c1a1afc2d
commit 249bb6c932
4 changed files with 13 additions and 0 deletions
@@ -37,6 +37,7 @@ define('ACTIVITY_SYSTEM_THEME', 3);

 // Sanity checks
 define('PATTERN_ID', '/^\d+$/');
+define('PATTERN_ORDER', '/^(rand(om)?|[a-z_]+(\s+(asc|desc))?)(\s*,\s*(rand(om)?|[a-z_]+(\s+(asc|desc))?))*$/i');

 // Table names
 if (!defined('CATEGORIES_TABLE'))