From cc5d648888c21d6ddfc479204db94508b5360bbf Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Fri, 18 Sep 2020 13:41:50 +0200
Subject: [PATCH] Enhance the anti injection layer

---
 htdocs/main.inc.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 0c73df30c75..4d70c12eb71 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -107,6 +107,7 @@ function testSqlAndScriptInject($val, $type)
 	$inj += preg_match('/&#58;|&#0000058|&#x3A/i', $val); // refused string ':' encoded (no reason to have it encoded) to lock 'javascript:...'
 	//if ($type == 1)
 	//{
+		$inj += preg_match('/javascript%/i', $val);
 		$inj += preg_match('/javascript:/i', $val);
 		$inj += preg_match('/vbscript:/i', $val);
 	//}