Skip to content
Permalink
Browse files

Fix 9704: (manage_proj_page.php) Remote Code Execution Exploit

  • Loading branch information...
giallu committed Oct 17, 2008
1 parent 1b3097e commit ced9305bd0ce88a6a84c34ec391ec6c82a511431
Showing with 5 additions and 2 deletions.
  1. +5 −2 core/utility_api.php
@@ -192,8 +192,11 @@ function multi_sort( $p_array, $p_key, $p_direction=ASCENDING ) {
$t_factor = 1;
}
$t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" );
uasort( $p_array, $t_function );
// Security measure: see http://www.mantisbt.org/bugs/view.php?id=9704 for details
if ( array_key_exists( $p_array, $p_key ) ) {
$t_function = create_function( '$a, $b', "return $t_factor * strnatcasecmp( \$a['$p_key'], \$b['$p_key'] );" );
uasort( $p_array, $t_function );
}
return $p_array;
}

0 comments on commit ced9305

Please sign in to comment.
You can’t perform that action at this time.