lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert code because it does not fix security hole completely. Also it

Browse Source 
does work on origin but at a transition level.
Sanitizing for command line data must not appears inside a function used
for http data. I prefer fixing this at the source and also using a rule
that clean all attacks completely instead of a rule that clean "most
problem but not all".
This commit is contained in:
Laurent Destailleur 2012-04-10 01:31:21 +02:00
parent e42353bc32
commit d6cd54fda7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/admin/tools/export.php
View File

@ -111,7 +111,7 @@ if ($what == 'mysql')
if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port;
if (! $_POST["use_transaction"]) $param.=" -l --single-transaction";
if ($_POST["disable_fk"]) $param.=" -K";
if ($_POST["sql_compat"] && $_POST["sql_compat"] != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","alpha");
if ($_POST["sql_compat"] && $_POST["sql_compat"] != 'NONE') $param.=" --compatible=".preg_replace('/[^a-zA-Z0-9]/','',GETPOST("sql_compat","alpha"));
if ($_POST["drop_database"]) $param.=" --add-drop-database";
if ($_POST["sql_structure"])
{