From feeb542e80b0c2b7419fae134b8be97b0bc7b123 Mon Sep 17 00:00:00 2001 From: Regis Houssin Date: Mon, 9 Apr 2012 22:57:15 +0200 Subject: [PATCH] Fix: sql injection --- htdocs/admin/tools/export.php | 2 +- htdocs/lib/functions.lib.php | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/htdocs/admin/tools/export.php b/htdocs/admin/tools/export.php index f71e821496d..91f8a73b449 100644 --- a/htdocs/admin/tools/export.php +++ b/htdocs/admin/tools/export.php @@ -111,7 +111,7 @@ if ($what == 'mysql') if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port; if (! $_POST["use_transaction"]) $param.=" -l --single-transaction"; if ($_POST["disable_fk"]) $param.=" -K"; - if ($_POST["sql_compat"] && $_POST["sql_compat"] != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","alpha"); + if ($_POST["sql_compat"] && $_POST["sql_compat"] != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","special"); if ($_POST["drop_database"]) $param.=" --add-drop-database"; if ($_POST["sql_structure"]) { diff --git a/htdocs/lib/functions.lib.php b/htdocs/lib/functions.lib.php index d0f120898fa..7836ea0c5c4 100644 --- a/htdocs/lib/functions.lib.php +++ b/htdocs/lib/functions.lib.php @@ -185,7 +185,12 @@ function GETPOST($paramname,$check='',$method=0) if ($check == 'int' && ! preg_match('/^[-\.,0-9]+$/i',trim($out))) $out=''; // Check if alpha //if ($check == 'alpha' && ! preg_match('/^[ =:@#\/\\\(\)\-\._a-z0-9]+$/i',trim($out))) $out=''; - if ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; // Only " is dangerous because param in url can close the href= or src= and add javascript functions + elseif ($check == 'alpha' && preg_match('/"/',trim($out))) $out=''; // Only " is dangerous because param in url can close the href= or src= and add javascript functions + elseif ($check == 'special') + { + $out=trim($out); + if (preg_match('/(\s)*|(%20)*/',$out)) $out=''; + } } return $out;