lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2017-17971

Browse Source
This commit is contained in:
Laurent Destailleur 2018-01-04 19:25:52 +01:00
parent f6ff6610e4
commit b2feac9d90
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@ -102,6 +102,8 @@ function test_sql_and_script_inject($val, $type)
$inj += preg_match('/onerror\s*=/i', $val); // onerror can be set on img or any html tag like <img title='...' onerror = alert(1)>
$inj += preg_match('/onfocus\s*=/i', $val); // onfocus can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
$inj += preg_match('/onload\s*=/i', $val); // onload can be set on input text html tag like <input type='text' value='...' onfocus = alert(1)>
$inj += preg_match('/onclick\s*=/i', $val); // onclick can be set on img text html tag like <img onclick = alert(1)>
$inj += preg_match('/onscroll\s*=/i', $val); // onscroll can be textarea
if ($type == 1)
{
$inj += preg_match('/javascript:/i', $val);