Fixed Escaping issue with sortby unfortuantly with order_by mysql_escape is not enough and must also be filtered with a preg_replace Thanks @tdragon6
This commit is contained in:
johnnyq
+4
-1
@@ -50,9 +50,12 @@ if (isset($_GET['q'])) {
|
|||||||
|
|
||||||
// Sortby
|
// Sortby
|
||||||
if (!empty($_GET['sb'])) {
|
if (!empty($_GET['sb'])) {
|
||||||
$sb = sanitizeInput($_GET['sb']);
|
$sb = sanitizeInput(preg_replace('/[^a-z_]/', '', $_GET['sb']));
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//$sb = $_GET['sb'];
|
||||||
|
|
||||||
// Date Handling
|
// Date Handling
|
||||||
if (empty($_GET['canned_date'])) {
|
if (empty($_GET['canned_date'])) {
|
||||||
//Prevents lots of undefined variable errors.
|
//Prevents lots of undefined variable errors.
|
||||||
|
|||||||
Reference in New Issue
Block a user