summaryrefslogtreecommitdiff
path: root/src/SemanticScuttle/functions.php
diff options
context:
space:
mode:
authorcweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2009-10-28 22:29:08 +0000
committercweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2009-10-28 22:29:08 +0000
commit55554bc0f14e36bbfaa619c6b684a7200da3b53e (patch)
treef871edf226892c6e255572fa54a92938a32522d3 /src/SemanticScuttle/functions.php
parent066085535d957801fed16273b0fdbb6a3249d4ee (diff)
downloadsemanticscuttle-55554bc0f14e36bbfaa619c6b684a7200da3b53e.tar.gz
semanticscuttle-55554bc0f14e36bbfaa619c6b684a7200da3b53e.tar.bz2
fix XSS vulnerability
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@460 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'src/SemanticScuttle/functions.php')
-rw-r--r--src/SemanticScuttle/functions.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php
index c03b3e0..145600a 100644
--- a/src/SemanticScuttle/functions.php
+++ b/src/SemanticScuttle/functions.php
@@ -49,7 +49,7 @@ function getSortOrder($override = NULL) {
global $defaultOrderBy;
if (isset($_GET['sort'])) {
- return $_GET['sort'];
+ return preg_replace('/[^a-z]/', '', $_GET['sort']);
} else if (isset($override)) {
return $override;
} else {