lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #13490 from ptibogxiv/patch-319

Browse Source 
FIX preg_match for constante name
This commit is contained in:
Laurent Destailleur 2020-04-05 12:26:08 +02:00 committed by GitHub
commit e7360279b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/api/class/api_setup.class.php
View File

@ -1426,7 +1426,7 @@ class Setup extends DolibarrApi
throw new RestException(403, 'Error API open to admin users only or to the login user defined with constant API_LOGIN_ALLOWED_FOR_ADMIN_CHECK');
}
if (! preg_match('/[^a-zA-Z0-9_]/', $confname) || ! isset($conf->global->$confname)) {
if (! preg_match('/^[a-zA-Z0-9_]+$/', $confname) || ! isset($conf->global->$confname)) {
throw new RestException(500, 'Error Bad or unknown value for constname');
}
if (preg_match('/(_pass|password|secret|_key|key$)/i', $confname)) {