Fix register global dependency and close sql injection

1 files changed, 7 insertions, 7 deletions

diff --git a/db_table.class b/db_table.class
index f99a733..0ab25da 100644
--- a/db_table.class
+++ b/db_table.class
@@ -278,15 +278,15 @@ function dump_html($tableargs="", $sqlwhere="", $c_fields="", $c_descriptions=""
 	if ($default_order == "")
 		$default_order = $fields[0];
 
-	if ($GLOBALS[$table_sort] == "")
-		$GLOBALS[$table_sort] = $default_order;
+	if (!in_array(it::replace(' DESC$' => "", $_REQUEST[$table_sort]), $fields))
+		$_REQUEST[$table_sort] = $default_order;
 
 	$sql = "SELECT $c_fields FROM $this->name";
 
 	if ($sqlwhere)
 		$sql .= " WHERE $sqlwhere";
 
-	$sql .= " ORDER BY $GLOBALS[$table_sort]";
+	$sql .= " ORDER BY $_REQUEST[$table_sort]";
 
 	if ($rows_limit != "")
 		$sql .= " LIMIT $rows_limit";
@@ -302,7 +302,7 @@ function dump_html($tableargs="", $sqlwhere="", $c_fields="", $c_descriptions=""
 
 	echo "<table $tableargs>\n";
 
-	if (empty($thispage)) $thispage = $GLOBALS['PHP_SELF'];
+	if (empty($thispage)) $thispage = $_SERVER['PHP_SELF'];
 	if (strstr($thispage, "?")) $thispage .= "&"; else $thispage .= "?";
 
 	/* Wenn man keine Titelzeile will, für c_descriptions einfach "," angeben */
@@ -311,12 +311,12 @@ function dump_html($tableargs="", $sqlwhere="", $c_fields="", $c_descriptions=""
 		echo '<tr>';
 		for ($i=0; $i < $numfields; ++$i)
 		{
-			if ($GLOBALS[$table_sort] == $fields[$i])
+			if ($_REQUEST[$table_sort] == $fields[$i])
 			{
-				$newsort = "$GLOBALS[$table_sort]+DESC";
+				$newsort = "$_REQUEST[$table_sort]+DESC";
 				$sortimg = '<img src="/icons/down.gif" border="0" width="10" height="11" alt="">';
 			}
-			else if ($GLOBALS[$table_sort] == "$fields[$i] DESC")
+			else if ($_REQUEST[$table_sort] == "$fields[$i] DESC")
 			{
 				$newsort = $fields[$i];
 				$sortimg = '<img src="/icons/up.gif" border="0" width="10" height="11" alt="">';