WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fixed possible security problem

This commit is contained in:
Roland Gruber 2011-10-02 18:15:22 +00:00
parent fd8fa1be8d
commit 5092e164e3
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lam/templates/3rdParty/pla/lib/functions.php vendored
View File

@ -937,6 +937,9 @@ function masort(&$data,$sortby,$rev=0) {
$code = "\$c=0;\n"; $code = "\$c=0;\n";
foreach (explode(',',$sortby) as $key) { foreach (explode(',',$sortby) as $key) {
if (!preg_match('/^[a-zA-z0-9_]+$/', $key)) {
die();
}
$code .= "if (is_object(\$a) || is_object(\$b)) {\n"; $code .= "if (is_object(\$a) || is_object(\$b)) {\n";
$code .= " if (is_array(\$a->$key)) {\n"; $code .= " if (is_array(\$a->$key)) {\n";