From 6f6ae476a93c3142cfe82c6c17ff9618080442bc Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Tue, 9 May 2023 15:22:02 -0400
Subject: [PATCH] Added comment in pagination_head.php regarding issue #673

---
 pagination_head.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/pagination_head.php b/pagination_head.php
index 392eb568..9406c238 100644
--- a/pagination_head.php
+++ b/pagination_head.php
@@ -50,11 +50,9 @@ if (isset($_GET['q'])) {
 
 // Sortby
 if (!empty($_GET['sb'])) {
-    $sb = sanitizeInput(preg_replace('/[^a-z_]/', '', $_GET['sb']));
+    $sb = sanitizeInput(preg_replace('/[^a-z_]/', '', $_GET['sb'])); // JQ 2023-05-09 - See issue #673 on GitHub to see the reasoning why we used preg_replace technically sanitizeInput() should have been enough to escape SQL Commands
 }
 
-//$sb = $_GET['sb'];
-
 // Date Handling
 if (empty($_GET['canned_date'])) {
     //Prevents lots of undefined variable errors.