diff options
author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-28 22:29:08 +0000 |
---|---|---|
committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2009-10-28 22:29:08 +0000 |
commit | 55554bc0f14e36bbfaa619c6b684a7200da3b53e (patch) | |
tree | f871edf226892c6e255572fa54a92938a32522d3 /src/SemanticScuttle/functions.php | |
parent | 066085535d957801fed16273b0fdbb6a3249d4ee (diff) | |
download | semanticscuttle-55554bc0f14e36bbfaa619c6b684a7200da3b53e.tar.gz semanticscuttle-55554bc0f14e36bbfaa619c6b684a7200da3b53e.tar.bz2 |
fix XSS vulnerability
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@460 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'src/SemanticScuttle/functions.php')
-rw-r--r-- | src/SemanticScuttle/functions.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php index c03b3e0..145600a 100644 --- a/src/SemanticScuttle/functions.php +++ b/src/SemanticScuttle/functions.php @@ -49,7 +49,7 @@ function getSortOrder($override = NULL) { global $defaultOrderBy; if (isset($_GET['sort'])) { - return $_GET['sort']; + return preg_replace('/[^a-z]/', '', $_GET['sort']); } else if (isset($override)) { return $override; } else { |