lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

More robust test against sql injections

Browse Source
This commit is contained in:
Laurent Destailleur 2019-05-21 17:41:41 +02:00
parent 22e897b1a1
commit bfa4483722
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@ -91,7 +91,7 @@ function testSqlAndScriptInject($val, $type)
}
if ($type == 3)
{
$inj += preg_match('/select|update|delete|replace|group\s+by|concat|count|from/i', $val);
$inj += preg_match('/select|update|delete|truncate|replace|group\s+by|concat|count|from|union/i', $val);
}
if ($type != 2) // Not common key strings, so we can check them both on GET and POST
{