diff --git a/resources/paging.php b/resources/paging.php
index 3e42092995..9cc7febb86 100644
--- a/resources/paging.php
+++ b/resources/paging.php
@@ -39,6 +39,40 @@ function paging($num_rows, $param, $rows_per_page, $mini = false, $result_count
$page_number = 0;
}
+ //sanitize the parameters
+ $sanitized_parameters = '';
+ if (isset($param) && strlen($param) > 0) {
+ $param_array = explode("&", $param);
+ if (is_array($param_array)) {
+ foreach($param_array as $row) {
+ $param_sub_array = explode("=", $row);
+ $key = preg_replace('#[^a-zA-Z0-9_\-]#', '', $param_sub_array['0']);
+ $value = urldecode($param_sub_array['1']);
+ if ($key == 'order_by' && strlen($value) > 0) {
+ //validate order by
+ $sanitized_parameters .= "&order_by=". preg_replace('#[^a-zA-Z0-9_\-]#', '', $value);
+ }
+ elseif ($key == 'order' && strlen($value) > 0) {
+ //validate order
+ switch ($value) {
+ case 'asc':
+ $sanitized_parameters .= "&order=asc";
+ break;
+ case 'desc':
+ $sanitized_parameters .= "&order=desc";
+ break;
+ }
+ }
+ elseif (strlen($value) > 0 && is_numeric($value)) {
+ $sanitized_parameters .= "&".$key."=".$value;
+ }
+ else {
+ $sanitized_parameters .= "&".$key."=".urlencode($value);
+ }
+ }
+ }
+ }
+
//get the offset
$offset = ($page_number - 1) * $rows_per_page;
@@ -51,8 +85,8 @@ function paging($num_rows, $param, $rows_per_page, $mini = false, $result_count
$language = new text;
$text = $language->get();
- // print the link to access each page
- $self = $_SERVER['PHP_SELF'];
+ //print the link to access each page
+ $self = escape($_SERVER['PHP_SELF']);
$nav = '';
for($page = 1; $page <= $max_page; $page++){
if ($page == $page_number) {
@@ -64,21 +98,21 @@ function paging($num_rows, $param, $rows_per_page, $mini = false, $result_count
}
if ($page_number > 0) {
- $page = $page_number - 1;
- $prev = "\n"; //◀
- $first = "\n"; //▲
+ $page = $page_number - 1;
+ $prev = "\n"; //◀
+ $first = "\n"; //▲
}
else {
$prev = "\n"; //◀
}
if (($page_number + 1) < $max_page) {
- $page = $page_number + 1;
- $next = "\n"; //▶
- $last = "\n"; //▼
+ $page = $page_number + 1;
+ $next = "\n"; //▶
+ $last = "\n"; //▼
}
else {
- $last = "\n"; //▼
+ $last = "\n"; //▼
$next = "\n"; //▶
}
@@ -123,7 +157,7 @@ function paging($num_rows, $param, $rows_per_page, $mini = false, $result_count
"// action to peform when enter is hit\n".
"if (page_num < 1) { page_num = 1; }\n".
"if (page_num > ".$max_page.") { page_num = ".$max_page."; }\n".
- "document.location.href = '".$self."?page='+(--page_num)+'".$param."';\n".
+ "document.location.href = '".$self."?page='+(--page_num)+'".$sanitized_parameters."';\n".
"}\n".
"}\n".
"\n";