[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14878] more on SQL-injection
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [14878] more on SQL-injection |
Date: |
Thu, 31 Mar 2016 10:55:41 +0000 |
Revision: 14878
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14878
Author: sigurdne
Date: 2016-03-31 10:55:40 +0000 (Thu, 31 Mar 2016)
Log Message:
-----------
more on SQL-injection
Modified Paths:
--------------
trunk/phpgwapi/inc/class.phpgw.inc.php
Modified: trunk/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.phpgw.inc.php 2016-03-31 09:16:44 UTC (rev
14877)
+++ trunk/phpgwapi/inc/class.phpgw.inc.php 2016-03-31 10:55:40 UTC (rev
14878)
@@ -462,7 +462,7 @@
default:
$value = filter_var($value,
FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
$value =
htmlspecialchars($value, ENT_QUOTES, 'UTF-8');
- $value = str_replace(array('(',
')', ';', '=', '-'),array('(', ')', ';', '=','−'),
$value); // prevent SQL-injection
+ $value = str_replace(array('(',
')', ';', '=', '--'),array('(', ')', ';',
'=','−−'), $value); // prevent SQL-injection
break;
case 'boolean':
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14878] more on SQL-injection,
Sigurd Nes <=