Fix sql injection #4341

2016-01-25 15:24:31 +01:00 · 2016-01-25 15:24:31 +01:00 · 667651860d
commit 667651860d
parent c0e5fdee0e
1 changed files with 1 additions and 1 deletions
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@ -99,7 +99,7 @@ function test_sql_and_script_inject($val, $type)
    $sql_inj += preg_match('/<script/i', $val);
    if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
    $sql_inj += preg_match('/base[\s]+href/si', $val);
-    $sql_inj += preg_match('/<.*onmouseover/si', $val);       // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
+    $sql_inj += preg_match('/<.*onmouse/si', $val);       // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
    if ($type == 1)
    {
        $sql_inj += preg_match('/javascript:/i', $val);