From 91ef7909a5c51203f330cbecf986472900b60983 Mon Sep 17 00:00:00 2001
From: plegall <plg@piwigo.org>
Date: Mon, 18 Dec 2017 17:09:56 +0100
Subject: [PATCH] (cp 9671454) fixes #826, check input parameter order_by in
 configuration

---
 admin/configuration.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/admin/configuration.php b/admin/configuration.php
index 9e8cc5268..caed2a1bc 100644
--- a/admin/configuration.php
+++ b/admin/configuration.php
@@ -161,6 +161,8 @@ if (isset($_POST['submit']))
       {
         if ( !empty($_POST['order_by']) )
         {
+          check_input_parameter('order_by', $_POST, true, '/^('.implode('|', array_keys($sort_fields)).')$/');
+
           $used = array();
           foreach ($_POST['order_by'] as $i => $val)
           {