Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
I
ISPConfig 3
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Massimiliano
ISPConfig 3
Commits
fc0a1c8d
Commit
fc0a1c8d
authored
Aug 25, 2014
by
Marius Cramer
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
- fixed sql injection regex
parent
f9529b33
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
1 addition
and
1 deletion
+1
-1
interface/lib/classes/db_mysql.inc.php
interface/lib/classes/db_mysql.inc.php
+1
-1
No files found.
interface/lib/classes/db_mysql.inc.php
View file @
fc0a1c8d
...
...
@@ -138,7 +138,7 @@ class db extends mysqli
$chars
=
array
(
';'
,
'#'
,
'/*'
,
'*/'
,
'--'
,
' UNION '
,
'\\\''
,
'\\"'
);
$string
=
str_replace
(
'\\\\'
,
''
,
$string
);
$string
=
preg_replace
(
'/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is'
,
'$1'
,
$string
);
$string
=
preg_replace
(
'/(^|[^\\\])([\'"])(.*?[^\\\]
?
)\\2/is'
,
'$1'
,
$string
);
$ok
=
true
;
if
(
substr_count
(
$string
,
"`"
)
%
2
!=
0
||
substr_count
(
$string
,
"'"
)
%
2
!=
0
||
substr_count
(
$string
,
'"'
)
%
2
!=
0
)
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
