SF Bug #3417184 - PHP Code Injection Vulnerability
This commit is contained in:
parent
5d4245f93a
commit
76e6dad13e
@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
|
||||
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
|
||||
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
|
||||
|
||||
# if the array to sort is null or empty
|
||||
if (! $data) return;
|
||||
# if the array to sort is null or empty, or if we have some nasty chars
|
||||
if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
|
||||
return;
|
||||
|
||||
static $CACHE = array();
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user