[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14865] more on SQL-injection
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [14865] more on SQL-injection |
Date: |
Fri, 25 Mar 2016 13:44:38 +0000 |
Revision: 14865
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14865
Author: sigurdne
Date: 2016-03-25 13:44:38 +0000 (Fri, 25 Mar 2016)
Log Message:
-----------
more on SQL-injection
Modified Paths:
--------------
trunk/phpgwapi/inc/class.db.inc.php
Modified: trunk/phpgwapi/inc/class.db.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.db.inc.php 2016-03-25 13:34:27 UTC (rev 14864)
+++ trunk/phpgwapi/inc/class.db.inc.php 2016-03-25 13:44:38 UTC (rev 14865)
@@ -752,7 +752,7 @@
$first_element = false;
continue;
}
-
if(preg_match("/((?=.*\bunion\b)(?=.*\ball\b)|\bPG_SLEEP\b|\bCHR\b|\bGENERATE_SERIES\b)/i",
$sql))
+
if(preg_match("/((?=.*\bUNION\b)(?=.*\bALL\b)|\bPG_SLEEP\b|\bCHR\b|\bGENERATE_SERIES\b)/i",
$sql))
{
$this->transaction_abort();
trigger_error('Attempt on
SQL-injection', E_USER_ERROR);
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14865] more on SQL-injection,
Sigurd Nes <=