lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge 2 tests. Remove checkstyle errors.

Browse Source
This commit is contained in:
Laurent Destailleur 2014-05-06 10:44:15 +02:00
parent 601d3260e9
commit 39c0b9e356
1 changed files with 8 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
htdocs/main.inc.php
View File

@ -80,15 +80,14 @@ function test_sql_and_script_inject($val, $type)
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests) // For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2) if ($type != 2)
{ {
$sql_inj += preg_match('/delete\s+from/i' , $val); $sql_inj += preg_match('/delete\s+from/i', $val);
$sql_inj += preg_match('/create\s+table/i' , $val); $sql_inj += preg_match('/create\s+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i' , $val); $sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert\s+into/i' , $val); $sql_inj += preg_match('/insert\s+into/i', $val);
$sql_inj += preg_match('/select.+from/i' , $val); $sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i' , $val); $sql_inj += preg_match('/union.+select/i', $val);
$sql_inj += preg_match('/into\s+outfile/i' , $val); $sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$sql_inj += preg_match('/into\s+dumpfile/i' , $val); $sql_inj += preg_match('/(\.\.%2f)+/i', $val);
$sql_inj += preg_match('/(\.\.%2f)+/i' , $val);
} }
// For XSS Injection done by adding javascript with script // For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript: // This is all cases a browser consider text is javascript: