Skip to content

Commit

Permalink
(cp 1da9d6a) fixes #823 add input user check to avoid SQLi on users list
Browse files Browse the repository at this point in the history
  • Loading branch information
@plegall
plegall committed Dec 18, 2017
1 parent 045d98a commit 33a03e9
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions admin/user_list_backend.php
View file
Expand Up @@ -67,8 +67,7 @@
$sLimit = "";
if ( isset( $_REQUEST['iDisplayStart'] ) && $_REQUEST['iDisplayLength'] != '-1' )
{
$sLimit = "LIMIT ".pwg_db_real_escape_string( $_REQUEST['iDisplayStart'] ).", ".
pwg_db_real_escape_string( $_REQUEST['iDisplayLength'] );
$sLimit = "LIMIT ".$_REQUEST['iDisplayStart'].", ".$_REQUEST['iDisplayLength'];
}


Expand All @@ -80,10 +79,13 @@
$sOrder = "ORDER BY ";
for ( $i=0 ; $i<intval( $_REQUEST['iSortingCols'] ) ; $i++ )
{
if ( $_REQUEST[ 'bSortable_'.intval($_REQUEST['iSortCol_'.$i]) ] == "true" )
check_input_parameter('iSortCol_'.$i, $_REQUEST, false, PATTERN_ID);

if ( $_REQUEST[ 'bSortable_'.$_REQUEST['iSortCol_'.$i] ] == "true" )
{
$sOrder .= $aColumns[ intval( $_REQUEST['iSortCol_'.$i] ) ]."
".pwg_db_real_escape_string( $_REQUEST['sSortDir_'.$i] ) .", ";
check_input_parameter('sSortDir_'.$i, $_REQUEST, false, '/^(asc|desc)$/');

$sOrder .= $aColumns[ $_REQUEST['iSortCol_'.$i] ].' '.$_REQUEST['sSortDir_'.$i].', ';
}
}

Expand Down

0 comments on commit 33a03e9

Please sign in to comment.