lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "Fix: sql injection"

Browse Source 
This reverts commit feeb542e80.
This commit is contained in:
Laurent Destailleur 2012-04-10 01:29:03 +02:00
parent feeb542e80
commit e42353bc32
2 changed files with 2 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/admin/tools/export.php
View File

@ -111,7 +111,7 @@ if ($what == 'mysql')
if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port;
if (! $_POST["use_transaction"]) $param.=" -l --single-transaction";
if ($_POST["disable_fk"]) $param.=" -K";
if ($_POST["sql_compat"] && $_POST["sql_compat"] != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","special");
if ($_POST["sql_compat"] && $_POST["sql_compat"] != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","alpha");
if ($_POST["drop_database"]) $param.=" --add-drop-database";
if ($_POST["sql_structure"])
{

7
htdocs/lib/functions.lib.php
View File

@ -185,12 +185,7 @@ function GETPOST($paramname,$check='',$method=0)
if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',trim($out))) $out='';
// Check if alpha
//if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out='';
elseif ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; // Only " is dangerous because param in url can close the href= or src= and add javascript functions
elseif ($check == 'special')
{
$out=trim($out);
if (preg_match('/(\s)*|(%20)*/',$out)) $out='';
}
if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; // Only " is dangerous because param in url can close the href= or src= and add javascript functions
}
return $out;