lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch '3.8' of github.com:Dolibarr/dolibarr into 3.8

Browse Source
This commit is contained in:
Laurent Destailleur 2016-01-26 18:30:08 +01:00
commit fccecc902d
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@ -99,7 +99,7 @@ function test_sql_and_script_inject($val, $type)
$sql_inj += preg_match('/<script/i', $val);
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
$sql_inj += preg_match('/base[\s]+href/si', $val);
$sql_inj += preg_match('/<.*onmouseover/si', $val); // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
$sql_inj += preg_match('/<.*onmouse/si', $val); // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
if ($type == 1)
{
$sql_inj += preg_match('/javascript:/i', $val);