From cf3e4154c6ad1df149b606fd88acb19fe8dabd70 Mon Sep 17 00:00:00 2001
From: Yannick Warnier <yannick.warnier@beeznest.com>
Date: Wed, 22 Apr 2009 03:43:54 +0200
Subject: [PATCH] [svn r19966] Protect sort_table_config()

---
 main/inc/lib/tablesort.lib.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/main/inc/lib/tablesort.lib.php b/main/inc/lib/tablesort.lib.php
index 349fce53ce..d0c747c847 100644
--- a/main/inc/lib/tablesort.lib.php
+++ b/main/inc/lib/tablesort.lib.php
@@ -205,11 +205,10 @@ class TableSort
 		
 	function sort_table_config($data, $column = 0, $direction = SORT_ASC, $column_show=null, $column_order=null,$type = SORT_REGULAR)
 	{
-		if(!is_array($data) || count($data)==0)
-		{
-			return array();
-		}
-		
+        if(!is_array($data) or count($data)==0){return array();}
+        if($column != strval(intval($column))){return $data;} //probably an attack
+        if(!in_array($direction,array(SORT_ASC,SORT_DESC))){return $data;} // probably an attack
+        $compare_function = '';		
 		// Change columns sort 			 
 	 	// Here we say that the real way of how the columns are going to be order is manage by the $column_order array
 	 	if(is_array($column_order))