From 576b93e7a8af696e80c9b01d1451e1e2314b17aa Mon Sep 17 00:00:00 2001
From: Rodolphe Quiedeville <rodolphe@quiedeville.org>
Date: Fri, 19 Jan 2007 19:27:01 +0000
Subject: [PATCH] Amelioration protection sql injection

---
 htdocs/main.inc.php | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 21a64f0d171..44f9adf4766 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -63,21 +63,15 @@ function test_sql_inject($val)
 
   return $sql_inj;
 }
-$sql_inj = 0;
-foreach ($_GET as $val)
+foreach ($_GET as $key => $val)
 {
-  $sql_inj += test_sql_inject($val);
+  if (test_sql_inject($val) > 0)
+    unset($_GET[$key]);
 }
-foreach ($_POST as $val)
+foreach ($_POST as $key => $val)
 {
-  $sql_inj += test_sql_inject($val);
-}
-
-if ($sql_inj > 0 ) 
-{
-  // Si attaque detectee on vide GET et POST
-  $_GET = array();
-  $_POST = array();
+  if (test_sql_inject($val) > 0)
+    unset($_POST[$key]);
 }
 // Fin filtre des GET et POST