From 2ce1e5952238eba0fe5c5d6537ebdc76cb970b52 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Thu, 13 May 2021 12:38:45 +0200
Subject: [PATCH] fixes #1410 check on user input to prevent SQL injection

---
 admin/user_list_backend.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin/user_list_backend.php b/admin/user_list_backend.php
index c7f76782c..e91356a14 100644
--- a/admin/user_list_backend.php
+++ b/admin/user_list_backend.php
@@ -65,7 +65,7 @@ if ( isset( $_REQUEST["order"][0]["column"] ) )
   $sOrder = "ORDER BY  ";
   $i = 0;
   $col = $_REQUEST["order"][0]["column"];
-  if ( $_REQUEST['columns'][$col]["searchable"] == "true" )
+  if ( $_REQUEST['columns'][$col]["searchable"] == "true" and preg_match('/^(asc|desc)$/i', $_REQUEST["order"][0]["dir"]))
   {
     $sOrder .= $aColumns[ $col ].' '.$_REQUEST["order"][0]["dir"].', ';
   }