fix XSS vulnerability

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@460 b3834d28-1941-0410-a4f8-b48e95affb8f
2009-10-28 22:29:08 +00:00 · 2009-10-28 22:29:08 +00:00 · 55554bc0f1
commit 55554bc0f1
parent 066085535d
1 changed files with 1 additions and 1 deletions
--- a/src/SemanticScuttle/functions.php
+++ b/src/SemanticScuttle/functions.php
@ -49,7 +49,7 @@ function getSortOrder($override = NULL) {
 	global $defaultOrderBy;
 	if (isset($_GET['sort'])) {
-		return $_GET['sort'];
+		return preg_replace('/[^a-z]/', '', $_GET['sort']);
 	} else if (isset($override)) {
 		return $override;
 	} else {