[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14856] more on SQL-injection
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [14856] more on SQL-injection |
Date: |
Mon, 21 Mar 2016 17:38:21 +0000 |
Revision: 14856
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14856
Author: sigurdne
Date: 2016-03-21 17:38:21 +0000 (Mon, 21 Mar 2016)
Log Message:
-----------
more on SQL-injection
Modified Paths:
--------------
trunk/phpgwapi/inc/class.phpgw.inc.php
Modified: trunk/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.phpgw.inc.php 2016-03-20 17:46:19 UTC (rev
14855)
+++ trunk/phpgwapi/inc/class.phpgw.inc.php 2016-03-21 17:38:21 UTC (rev
14856)
@@ -400,7 +400,8 @@
case 'string':
default:
$value = filter_var($value,
FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
- $value =
htmlspecialchars($value, ENT_COMPAT, 'UTF-8');
+ $value =
htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
+ $value = str_replace(array('(',
')', '=', ';'),array('(', ')', '=', ';'), $value); // prevent
SQL-injection
break;
case 'boolean':
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14856] more on SQL-injection,
Sigurd Nes <=