AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fixed Escaping issue with sortby unfortuantly with order_by mysql_escape is not enough and must also be filtered with a preg_replace Thanks @tdragon6

This commit is contained in:
johnnyq 2023-05-09 15:12:39 -04:00
parent cb0366b9f7
commit 163f14e791
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pagination_head.php
View File

@ -50,9 +50,12 @@ if (isset($_GET['q'])) {
// Sortby
if (!empty($_GET['sb'])) {
$sb = sanitizeInput($_GET['sb']);
$sb = sanitizeInput(preg_replace('/[^a-z_]/', '', $_GET['sb']));
}
//$sb = $_GET['sb'];
// Date Handling
if (empty($_GET['canned_date'])) {
//Prevents lots of undefined variable errors.