From f9111fd5ca6f3c9f45b2dd96cab639eeb801c0c3 Mon Sep 17 00:00:00 2001 From: SecretR Date: Sun, 17 Aug 2014 16:38:58 +0300 Subject: [PATCH] Admin UI better sort handling (thanks Dingjie Yang) --- e107_handlers/form_handler.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/e107_handlers/form_handler.php b/e107_handlers/form_handler.php index d1e345155..baba387e8 100644 --- a/e107_handlers/form_handler.php +++ b/e107_handlers/form_handler.php @@ -2314,8 +2314,11 @@ class e_form { $text = ""; - // Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM] + $querypattern = filter_var($querypattern, FILTER_SANITIZE_STRING); + if(!$requeststr) $requeststr = rawurldecode(e_QUERY); + $requeststr = filter_var($requeststr, FILTER_SANITIZE_STRING); + // Recommended pattern: mode=list&field=[FIELD]&asc=[ASC]&from=[FROM] if(strpos($querypattern,'&')!==FALSE) { // we can assume it's always $_GET since that's what it will generate