From 5092e164e393da529e706fc3d9b672fb25cc38c5 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Sun, 2 Oct 2011 18:15:22 +0000 Subject: [PATCH] fixed possible security problem --- lam/templates/3rdParty/pla/lib/functions.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lam/templates/3rdParty/pla/lib/functions.php b/lam/templates/3rdParty/pla/lib/functions.php index 9f0f56b8..fba077a7 100644 --- a/lam/templates/3rdParty/pla/lib/functions.php +++ b/lam/templates/3rdParty/pla/lib/functions.php @@ -937,6 +937,9 @@ function masort(&$data,$sortby,$rev=0) { $code = "\$c=0;\n"; foreach (explode(',',$sortby) as $key) { + if (!preg_match('/^[a-zA-z0-9_]+$/', $key)) { + die(); + } $code .= "if (is_object(\$a) || is_object(\$b)) {\n"; $code .= " if (is_array(\$a->$key)) {\n";