Add constant to allow a module to disable injection scan for its pages.

2015-05-19 22:08:51 +02:00 · 2015-05-19 22:08:51 +02:00 · 26a74ba3cc
commit 26a74ba3cc
parent 0ef5fe24a3
1 changed files with 5 additions and 2 deletions
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -151,13 +151,16 @@ if (! empty($_SERVER["PHP_SELF"]))
    analyseVarsForSqlAndScriptsInjection($morevaltochecklikepost,2);
 }
 // Sanity check on GET parameters
-if (! empty($_SERVER["QUERY_STRING"]))
+if (! defined('NOSCANGETFORINJECTION') && ! empty($_SERVER["QUERY_STRING"]))
 {
    $morevaltochecklikeget=array($_SERVER["QUERY_STRING"]);
    analyseVarsForSqlAndScriptsInjection($morevaltochecklikeget,1);
 }
 // Sanity check on POST
-analyseVarsForSqlAndScriptsInjection($_POST,0);
+if (! defined('NOSCANPOSTFORINJECTION'))
+{
+	analyseVarsForSqlAndScriptsInjection($_POST,0);
+}

 // This is to make Dolibarr working with Plesk
 if (! empty($_SERVER['DOCUMENT_ROOT'])) set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');