Fix 9704: (manage_proj_page.php) Remote Code Execution Exploit

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5680 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Oct 17, 2008 · 4e32f5a · 4e32f5a
1 parent 5b0afab
commit 4e32f5a
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/core/utility_api.php b/core/utility_api.php
@@ -151,8 +151,11 @@ function multi_sort( $p_array, $p_key, $p_direction = ASCENDING ) {
 		$t_factor = 1;
 	}
 
-	$t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" );
-	uasort( $p_array, $t_function );
+	// Security measure: see http://www.mantisbt.org/bugs/view.php?id=9704 for details
+	if ( array_key_exist( $p_array, $p_key ) ) {
+		$t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" );
+		uasort( $p_array, $t_function );
+	}
 	return $p_array;
 }