diff --git a/lam/templates/3rdParty/pla/lib/functions.php b/lam/templates/3rdParty/pla/lib/functions.php
index 9f0f56b8..fba077a7 100644
--- a/lam/templates/3rdParty/pla/lib/functions.php
+++ b/lam/templates/3rdParty/pla/lib/functions.php
@@ -937,6 +937,9 @@ function masort(&$data,$sortby,$rev=0) {
 		$code = "\$c=0;\n";
 
 		foreach (explode(',',$sortby) as $key) {
+			if (!preg_match('/^[a-zA-z0-9_]+$/', $key)) {
+				die();
+			}
 			$code .= "if (is_object(\$a) || is_object(\$b)) {\n";
 
 			$code .= "	if (is_array(\$a->$key)) {\n";