calculate
/
gentoo-overlay
4
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '863f3a2aaf'
${ noResults }
gentoo-overlay/net-nds/phpldapadmin/files/phpldapadmin-1.2.1.1-fix-fu...

29 lines
939 B
Raw Blame History

From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001
From: Deon George <wurley@users.sf.net>
Date: Thu, 6 Oct 2011 09:03:20 +1100
Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability
---
lib/functions.php | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/functions.php b/lib/functions.php
index 19fde99..eb160dc 100644
--- a/lib/functions.php
+++ b/lib/functions.php
@@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) {
if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS'))
debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs);
- # if the array to sort is null or empty
- if (! $data) return;
+ # if the array to sort is null or empty, or if we have some nasty chars
+ if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data)
+ return;
static $CACHE = array();
--
1.7.4.1
Reference in new issue View Git Blame Copy Permalink