From b0021673ab23249244119bde3c7fcecd4daa4e7f Mon Sep 17 00:00:00 2001
From: Victor Boctor <victor@mantishub.net>
Date: Mon, 24 Nov 2014 20:54:51 -0800
Subject: [PATCH] Improve validation for filter sort and direction

Fixes #17841
---
 core/filter_api.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/core/filter_api.php b/core/filter_api.php
index 7ec33d7464..0667996b47 100644
--- a/core/filter_api.php
+++ b/core/filter_api.php
@@ -606,8 +606,20 @@ function filter_ensure_valid_filter( $p_filter_arr ) {
 			unset( $t_fields[$i] );
 		}
 	}
+
+	# Make sure array is no longer than 2 elements
 	$t_sort_fields = explode( ',', $p_filter_arr['sort'] );
+	if( count( $t_sort_fields ) > 2 ) {
+		$t_sort_fields = array_slice( $t_sort_fields, 0, 2 );
+	}
+
+	# Make sure array is no longer than 2 elements
 	$t_dir_fields = explode( ',', $p_filter_arr['dir'] );
+	if( count( $t_dir_fields ) > 2 ) {
+		$t_dir_fields = array_slice( $t_dir_fields, 0, 2 );
+	}
+
+	# Validate the max of two segments for $t_sort_fields and $t_dir_fields
 	for( $i = 0;$i < 2;$i++ ) {
 		if( isset( $t_sort_fields[$i] ) ) {
 			$t_drop = false;