lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Enhance the anti injection layer

Browse Source
This commit is contained in:
Laurent Destailleur 2020-09-18 13:41:50 +02:00
parent cddec2f4dc
commit cc5d648888
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
htdocs/main.inc.php
View File

@ -107,6 +107,7 @@ function testSqlAndScriptInject($val, $type)
$inj += preg_match('/:|&#0000058|&#x3A/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'
//if ($type == 1)
//{
$inj += preg_match('/javascript%/i', $val);
$inj += preg_match('/javascript:/i', $val);
$inj += preg_match('/vbscript:/i', $val);
//}