Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix 2 vulnerabilities reported by felixk3y
  • Loading branch information
dleffler committed Oct 25, 2016
1 parent e616ead commit d5c3c17
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion framework/core/subsystems/expPaginator.php
Expand Up @@ -118,7 +118,7 @@ public function __construct($params=array()) {
$this->controller = empty($params['controller']) ? '' : $params['controller'];
$this->sql = empty($params['sql']) ? '' : $params['sql'];
$this->count_sql = empty($params['count_sql']) ? '' : $params['count_sql'];
$this->order = empty($params['order']) ? 'id' : expString::escape($params['order']);
$this->order = empty($params['order']) ? 'id' : preg_replace('/[^a-z\_]/i','',$params['order']);
$this->dir = empty($params['dir']) || !in_array($params['dir'], array('ASC', 'DESC')) ? 'ASC' : $params['dir'];
$this->src = empty($params['src']) ? null : expString::escape($params['src']);
$this->categorize = empty($params['categorize']) ? false : $params['categorize'];
Expand Down
1 change: 1 addition & 0 deletions framework/modules/help/controllers/helpController.php
Expand Up @@ -58,6 +58,7 @@ function __construct($src=null, $params=array()) {
}
}
if(!empty($params['version'])) {
$params['version'] = expString::escape($params['version']);
$version = isset($params['version']) ? (($params['version'] == 'current') ? $version : $params['version']) : $version;
}
expSession::set('help-version',$version);
Expand Down

0 comments on commit d5c3c17

Please sign in to comment.