From 55554bc0f14e36bbfaa619c6b684a7200da3b53e Mon Sep 17 00:00:00 2001 From: cweiske Date: Wed, 28 Oct 2009 22:29:08 +0000 Subject: [PATCH] fix XSS vulnerability git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@460 b3834d28-1941-0410-a4f8-b48e95affb8f --- src/SemanticScuttle/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/SemanticScuttle/functions.php b/src/SemanticScuttle/functions.php index c03b3e0..145600a 100644 --- a/src/SemanticScuttle/functions.php +++ b/src/SemanticScuttle/functions.php @@ -49,7 +49,7 @@ function getSortOrder($override = NULL) { global $defaultOrderBy; if (isset($_GET['sort'])) { - return $_GET['sort']; + return preg_replace('/[^a-z]/', '', $_GET['sort']); } else if (isset($override)) { return $override; } else {