Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Massimiliano
ISPConfig 3
Commits
fc0a1c8d
Commit
fc0a1c8d
authored
Aug 25, 2014
by
Marius Cramer
Browse files
- fixed sql injection regex
parent
f9529b33
Changes
1
Hide whitespace changes
Inline
Side-by-side
interface/lib/classes/db_mysql.inc.php
View file @
fc0a1c8d
...
...
@@ -138,7 +138,7 @@ class db extends mysqli
$chars
=
array
(
';'
,
'#'
,
'/*'
,
'*/'
,
'--'
,
' UNION '
,
'\\\''
,
'\\"'
);
$string
=
str_replace
(
'\\\\'
,
''
,
$string
);
$string
=
preg_replace
(
'/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is'
,
'$1'
,
$string
);
$string
=
preg_replace
(
'/(^|[^\\\])([\'"])(.*?[^\\\]
?
)\\2/is'
,
'$1'
,
$string
);
$ok
=
true
;
if
(
substr_count
(
$string
,
"`"
)
%
2
!=
0
||
substr_count
(
$string
,
"'"
)
%
2
!=
0
||
substr_count
(
$string
,
'"'
)
%
2
!=
0
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment