lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Complete fix

Browse Source
This commit is contained in:
Laurent Destailleur 2021-03-29 21:10:21 +02:00
parent adf15e4e64
commit 0d5c613008
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@ -150,7 +150,7 @@ function testSqlAndScriptInject($val, $type)
$inj += preg_match('/"/i', $val); // We refused " in GET parameters value.
}
if ($type == 2) {
$inj += preg_match('/[:;"\'<>\?]/', $val); // PHP_SELF is a file system (or url path without parameters). It can contains spaces.
$inj += preg_match('/[:;"\'<>\?\(\)]/', $val); // PHP_SELF is a file system (or url path without parameters). It can contains spaces.
}
return $inj;