Revert code because it does not fix security hole completely. Also it

does work on origin but at a transition level. Sanitizing for command line data must not appears inside a function used for http data. I prefer fixing this at the source and also using a rule that clean all attacks completely instead of a rule that clean "most problem but not all".
2012-04-10 01:24:52 +02:00 · 2012-04-10 01:24:52 +02:00 · 141fa014e6
commit 141fa014e6
parent b6b873cfc5
2 changed files with 1 additions and 6 deletions
--- a/htdocs/admin/tools/export.php
+++ b/htdocs/admin/tools/export.php
@ -127,7 +127,7 @@ if ($what == 'mysql')
    if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port;
    if (! GETPOST("use_transaction"))    $param.=" -l --single-transaction";
    if (GETPOST("disable_fk"))           $param.=" -K";
-    if (GETPOST("sql_compat") && GETPOST("sql_compat") != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","special");
+    if (GETPOST("sql_compat") && GETPOST("sql_compat") != 'NONE') $param.=" --compatible=".preg_replace('/[^a-zA-Z0-9]/','',GETPOST("sql_compat","alpha"));
    if (GETPOST("drop_database"))        $param.=" --add-drop-database";
    if (GETPOST("sql_structure"))
    {
--- a/htdocs/core/lib/functions.lib.php
+++ b/htdocs/core/lib/functions.lib.php
@ -195,11 +195,6 @@ function GETPOST($paramname,$check='',$method=0)
 		    if (preg_match('/"/',$out)) $out='';
 			else if (preg_match('/\.\.\//',$out)) $out='';
 		}
-		elseif ($check == 'special')
-		{
-			$out=trim($out);
-			if (preg_match('/(\s)*|(%20)*/',$out)) $out='';
-		}
 		elseif ($check == 'array')
 		{
 			if (! is_array($out) || empty($out)) $out=array();