Port r5690 to 1.1.x to fix #9704.

Fix previous commit: 1) array_key_exist does not exist - it is array_key_exists 2) array_key_exists only works on a single dimension array, so we use current()/is_array to search for the sort column in the array and ensure we have a multi-dimensional array. git-svn-id: http://mantisbt.svn.sourceforge.net/svnroot/mantisbt/branches/BRANCH_1_1_0@5698 f5dc347c-c33d-0410-90a0-b07cc1902cb9
mantisbt · Oct 20, 2008 · 9f2d70f · 9f2d70f
1 parent ae68d94
commit 9f2d70f
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/core/constant_inc.php b/core/constant_inc.php
@@ -195,6 +195,7 @@
 	define( 'ERROR_HANDLER_ACCESS_TOO_LOW',				17 );
 	define( 'ERROR_PAGE_REDIRECTION',				18 );
 	define( 'ERROR_INVALID_REQUEST_METHOD',		    19 );
+	define( 'ERROR_INVALID_SORT_FIELD',				20 );
 
 	# ERROR_CONFIG_*
 	define( 'ERROR_CONFIG_OPT_NOT_FOUND',			100 );

diff --git a/core/utility_api.php b/core/utility_api.php
@@ -192,10 +192,20 @@ function multi_sort( $p_array, $p_key, $p_direction=ASCENDING ) {
 			$t_factor = 1;
 		}
 
+		if( empty( $p_array ) ) {
+			return $p_array;
+		}
+		if( !is_array( current($p_array ) ) ) {
+			error_parameters( 'tried to multisort an invalid multi-dimensional array' );
+			trigger_error(ERROR_GENERIC, ERROR);
+		}
+
 		// Security measure: see http://www.mantisbt.org/bugs/view.php?id=9704 for details
-		if ( array_key_exists( $p_key, $p_array ) ) {
-			$t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" );
+		if( array_key_exists( $p_key, current($p_array) ) ) {
+			$t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['" . $p_key . "'], \$b['" . $p_key . "'] );" );
 			uasort( $p_array, $t_function );
+		} else {
+			trigger_error(ERROR_INVALID_SORT_FIELD, ERROR);
 		}
 		return $p_array;
 	}

diff --git a/lang/strings_english.txt b/lang/strings_english.txt
@@ -301,6 +301,7 @@ $MANTIS_ERROR[ERROR_SESSION_HANDLER_INVALID] = 'Invalid session handler.';
 $MANTIS_ERROR[ERROR_SESSION_VAR_NOT_FOUND] = 'Session variable \'%s\' not found.';
 $MANTIS_ERROR[ERROR_FORM_TOKEN_INVALID] = 'Invalid form security token.  Did you submit the form twice by accident?';
 $MANTIS_ERROR[ERROR_INVALID_REQUEST_METHOD] = 'This page cannot be accessed using this method.';
+$MANTIS_ERROR[ERROR_INVALID_SORT_FIELD] = 'Invalid sort field.';
 
 $s_login_error = 'Your account may be disabled or blocked or the username/password you entered is incorrect.';
 $s_login_cookies_disabled = 'Your browser either doesn\'t know how to handle cookies, or refuses to handle them.';