From 76e6dad13ef77c5448b8dfed1a61e4acc7241165 Mon Sep 17 00:00:00 2001 From: Deon George Date: Thu, 6 Oct 2011 09:03:20 +1100 Subject: [PATCH] SF Bug #3417184 - PHP Code Injection Vulnerability --- lib/functions.php | 5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/functions.php b/lib/functions.php index 19fde99..eb160dc 100644 --- a/lib/functions.php +++ b/lib/functions.php @@ -1003,8 +1003,9 @@ function masort(&$data,$sortby,$rev=0) { if (defined('DEBUG_ENABLED') && DEBUG_ENABLED && (($fargs=func_get_args())||$fargs='NOARGS')) debug_log('Entered (%%)',1,0,__FILE__,__LINE__,__METHOD__,$fargs); - # if the array to sort is null or empty - if (! $data) return; + # if the array to sort is null or empty, or if we have some nasty chars + if (! preg_match('/^[a-zA-Z0-9_]+(\([a-zA-Z0-9_,]*\))?$/',$sortby) || ! $data) + return; static $CACHE = array(); -- 1.7.4.1