Commit 43d4ea61 authored by Marc Egger's avatar Marc Egger
Browse files

Tablesorter-view-saver: Sanitize base64 encoding

parent 400a9ef2
Pipeline #4009 failed with stages
in 3 minutes
......@@ -1896,8 +1896,11 @@ class QuickFormQuery {
throw new \UserReportException("Name too long (max. 64 characters).", ERROR_TABLESORTER_NAME_TOO_LONG);
// The $view is base64 encoded.
// The $view is base64 encoded. javascript base64 Alphabet: "A-Z", "a-z", "0-9", "+", "/" and "="
if (preg_match("#^[A-Za-z0-9+/=]*$#", $view)) {
throw new \UserReportException("Encoding error of table data. This should not happen. Please contact support.", ERROR_TABLESORTER_INVALID_CHAR);
$rows = $this->dbArray[$this->dbIndexQfq]->sql(
'SELECT `sett`.`id`, `sett`.`readonly` FROM `' . SETTING_TABLE_NAME . '` AS sett WHERE `tableId`=? AND `name`=? AND IF(?, public, feUser=? AND !public)',
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment