security/core#59 - Fix SQL injection in civicrm/ajax/dedupefind

author Patrick Figel <pfigel@greenpeace.org>

Fri, 5 Jul 2019 18:49:44 +0000 (20:49 +0200)

committer Seamus Lee <seamuslee001@gmail.com>

Wed, 20 Nov 2019 21:24:22 +0000 (08:24 +1100)
author Patrick Figel <pfigel@greenpeace.org>
Fri, 5 Jul 2019 18:49:44 +0000 (20:49 +0200)
committer Seamus Lee <seamuslee001@gmail.com>
Wed, 20 Nov 2019 21:24:22 +0000 (08:24 +1100)
diff --git a/CRM/Contact/Page/AJAX.php b/CRM/Contact/Page/AJAX.php

index 3ac0326cf743eecfef9239b012f5737c38486c86..056b9369013172b005287237f85262aec327aa18 100644 (file)
--- a/CRM/Contact/Page/AJAX.php
+++ b/CRM/Contact/Page/AJAX.php
@@ -724,7 +724,7 @@ LIMIT {$offset}, {$rowCount}
        foreach ($_REQUEST['order'] as $orderInfo) {
          if (!empty($orderInfo['column'])) {
            $orderColumnNumber = $orderInfo['column'];
-          $dir = $orderInfo['dir'];
+          $dir = CRM_Utils_Type::escape($orderInfo['dir'], 'MysqlOrderByDirection', FALSE);
          }
        }
        $columnDetails = CRM_Utils_Array::value($orderColumnNumber, $_REQUEST['columns']);
author	Patrick Figel <pfigel@greenpeace.org>
	Fri, 5 Jul 2019 18:49:44 +0000 (20:49 +0200)
committer	Seamus Lee <seamuslee001@gmail.com>
	Wed, 20 Nov 2019 21:24:22 +0000 (08:24 +1100)