From c4e9e1c8df172891dba9b8d64c6805cc48fa6ca2 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 25 Jun 2021 10:50:58 +0200
Subject: [PATCH] Comment

---
 htdocs/main.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 7ef504bbf91..d984080d442 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -111,7 +111,7 @@ function testSqlAndScriptInject($val, $type)
 		$inj += preg_match('/insert\s+into/i', $val);
 		$inj += preg_match('/select\s+from/i', $val);
 		$inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
-		$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() that return current database login
+		$inj += preg_match('/user\s*\(/i', $val); // avoid to use function user() or mysql_user() that return current database login
 		$inj += preg_match('/information_schema/i', $val); // avoid to use request that read information_schema database
 		$inj += preg_match('/<svg/i', $val); // <svg can be allowed in POST
 		$inj += preg_match('/update.+set.+=/i', $val);