From f80e417bb3e7ab5c1a89ea9ddd2cd060f54464e1 Mon Sep 17 00:00:00 2001
From: SecretR <secretr@e107.org>
Date: Fri, 27 Jun 2014 20:54:47 +0300
Subject: [PATCH] Sanitize some request variables

---
 e107_admin/db.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/e107_admin/db.php b/e107_admin/db.php
index f3440b9b6..1c76ef177 100644
--- a/e107_admin/db.php
+++ b/e107_admin/db.php
@@ -35,6 +35,16 @@ $e_sub_cat = 'database';
 $frm = e107::getForm();
 $mes = e107::getMessage();
 
+if(isset($_GET['mode']))
+{
+    $_GET['mode'] = preg_match('/[^\w-]/', '', $_GET['mode']);
+}
+
+if(isset($_GET['type']))
+{
+    $_GET['type'] = preg_replace('/[^\w-]/', '', $_GET['type']);
+}
+
 /*
  * Execute trigger
  */