iarv/Piwigo
1
0
Fork 0
mirror of https://github.com/Piwigo/Piwigo.git synced 2026-03-28 17:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixes #1410 check on user input to prevent SQL injection

Browse Source
This commit is contained in:
plegall
2021-05-13 12:38:45 +02:00
parent fbb489b3da
commit 2ce1e59522
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
admin/user_list_backend.php
View File

@@ -65,7 +65,7 @@ if ( isset( $_REQUEST["order"][0]["column"] ) )
$sOrder = "ORDER BY ";
$i = 0;
$col = $_REQUEST["order"][0]["column"];
if ( $_REQUEST['columns'][$col]["searchable"] == "true" )
if ( $_REQUEST['columns'][$col]["searchable"] == "true" and preg_match('/^(asc|desc)$/i', $_REQUEST["order"][0]["dir"]))
{
$sOrder .= $aColumns[ $col ].' '.$_REQUEST["order"][0]["dir"].', ';
}