Skip to content
Permalink
Browse files

Fix 9704: (manage_proj_page.php) Remote Code Execution Exploit

git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/trunk@5680 f5dc347c-c33d-0410-90a0-b07cc1902cb9
  • Loading branch information...
giallu committed Oct 17, 2008
1 parent 5b0afab commit 4e32f5ae03f0efd3f5fc8de71ce154a37843afc3
Showing with 5 additions and 2 deletions.
  1. +5 −2 core/utility_api.php
@@ -151,8 +151,11 @@ function multi_sort( $p_array, $p_key, $p_direction = ASCENDING ) {
$t_factor = 1;
}
$t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" );
uasort( $p_array, $t_function );
// Security measure: see http://www.mantisbt.org/bugs/view.php?id=9704 for details
if ( array_key_exist( $p_array, $p_key ) ) {
$t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" );
uasort( $p_array, $t_function );
}
return $p_array;
}

0 comments on commit 4e32f5a

Please sign in to comment.
You can’t perform that action at this time.