Skip to content

GitLab

I
ISPConfig 3
Commit fc0a1c8d authored by Marius Cramer's avatar Marius Cramer
Browse files
Options

- fixed sql injection regex

parent f9529b33
Hide whitespace changes
Inline Side-by-side
Showing with 1 addition and 1 deletion
interface/lib/classes/db_mysql.inc.php
View file @ fc0a1c8d
...@@ -138,7 +138,7 @@ class db extends mysqli ...@@ -138,7 +138,7 @@ class db extends mysqli
$chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"'); $chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"');
$string = str_replace('\\\\', '', $string); $string = str_replace('\\\\', '', $string);
$string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\])\\2/is', '$1', $string); $string = preg_replace('/(^|[^\\\])([\'"])(.*?[^\\\]?)\\2/is', '$1', $string);
$ok = true; $ok = true;
if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) { if(substr_count($string, "`") % 2 != 0 || substr_count($string, "'") % 2 != 0 || substr_count($string, '"') % 2 != 0) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment