Merge branch '3.4' of git@github.com:Dolibarr/dolibarr.git into 3.4

2013-10-19 14:59:46 +02:00 · 2013-10-19 14:59:46 +02:00 · 24cd2d2b85
commit 24cd2d2b85
parent 8e42a6fd15 4e637d3121
1 changed files with 1 additions and 1 deletions
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -102,7 +102,7 @@ function test_sql_and_script_inject($val, $type)
    }
    // For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
    if ($type == 1) $sql_inj += preg_match('/"/i', $val);		// We refused " in GET parameters value
-    if ($type == 2) $sql_inj += preg_match('/[\s;"]/', $val);	// PHP_SELF is an url and must match url syntax
+    if ($type == 2) $sql_inj += preg_match('/[;"]/', $val);		// PHP_SELF is a file system path. It can contains spaces. 
    return $sql_inj;
 }