From 55554bc0f14e36bbfaa619c6b684a7200da3b53e Mon Sep 17 00:00:00 2001
From: cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>
Date: Wed, 28 Oct 2009 22:29:08 +0000
Subject: fix XSS vulnerability

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@460 b3834d28-1941-0410-a4f8-b48e95affb8f
---
 src/SemanticScuttle/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/SemanticScuttle')

diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php
index c03b3e0..145600a 100644
--- a/src/SemanticScuttle/functions.php
+++ b/src/SemanticScuttle/functions.php
@@ -49,7 +49,7 @@ function getSortOrder($override = NULL) {
 	global $defaultOrderBy;
 
 	if (isset($_GET['sort'])) {
-		return $_GET['sort'];
+		return preg_replace('/[^a-z]/', '', $_GET['sort']);
 	} else if (isset($override)) {
 		return $override;
 	} else {
-- 
cgit v1.2.3