Added comment in pagination_head.php regarding issue #673

2023-05-09 15:22:02 -04:00 · 2023-05-09 15:22:02 -04:00 · 6f6ae476a9
parent 8d666abc40
commit 6f6ae476a9
1 changed files with 1 additions and 3 deletions
--- a/pagination_head.php
+++ b/pagination_head.php
@ -50,11 +50,9 @@ if (isset($_GET['q'])) {

 // Sortby
 if (!empty($_GET['sb'])) {
-    $sb = sanitizeInput(preg_replace('/[^a-z_]/', '', $_GET['sb']));
+    $sb = sanitizeInput(preg_replace('/[^a-z_]/', '', $_GET['sb'])); // JQ 2023-05-09 - See issue #673 on GitHub to see the reasoning why we used preg_replace technically sanitizeInput() should have been enough to escape SQL Commands
 }

-//$sb = $_GET['sb'];
-
 // Date Handling
 if (empty($_GET['canned_date'])) {
    //Prevents lots of undefined variable errors.