Commit ee12f05b authored by Marc Egger's avatar Marc Egger
Browse files

Tablesorter-view-saver: Sanitize base64 encoding

parent b57c78aa
Pipeline #4008 failed with stages
in 2 minutes and 33 seconds
......@@ -1972,8 +1972,11 @@ class QuickFormQuery {
throw new \UserReportException("Name too long (max. 64 characters).", ERROR_TABLESORTER_NAME_TOO_LONG);
}
// The $view is base64 encoded.
// The $view is base64 encoded. javascript base64 Alphabet: "A-Z", "a-z", "0-9", "+", "/" and "="
$view = Store::getVar(SETTING_TABLESORTER_VIEW, STORE_CLIENT, SANITIZE_ALLOW_ALLBUT);
if (preg_match("#^[A-Za-z0-9+/=]*$#", $view)) {
throw new \UserReportException("Encoding error of table data. This should not happen. Please contact support.", ERROR_TABLESORTER_INVALID_CHAR);
}
$rows = $this->dbArray[$this->dbIndexQfq]->sql(
'SELECT `sett`.`id`, `sett`.`readonly` FROM `' . SETTING_TABLE_NAME . '` AS sett WHERE `tableId`=? AND `name`=? AND IF(?, public, feUser=? AND !public)',
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment