diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php index 0c73df30c75..4d70c12eb71 100644 --- a/htdocs/main.inc.php +++ b/htdocs/main.inc.php @@ -107,6 +107,7 @@ function testSqlAndScriptInject($val, $type) $inj += preg_match('/:|:|:/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...' //if ($type == 1) //{ + $inj += preg_match('/javascript%/i', $val); $inj += preg_match('/javascript:/i', $val); $inj += preg_match('/vbscript:/i', $val); //}