[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [17035] API: sanitize values
|
From: |
sigurdne |
|
Subject: |
[Fmsystem-commits] [17035] API: sanitize values |
|
Date: |
Tue, 5 Sep 2017 04:12:58 -0400 (EDT) |
Revision: 17035
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=17035
Author: sigurdne
Date: 2017-09-05 04:12:58 -0400 (Tue, 05 Sep 2017)
Log Message:
-----------
API: sanitize values
Modified Paths:
--------------
trunk/phpgwapi/inc/class.phpgw.inc.php
Modified: trunk/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.phpgw.inc.php 2017-09-04 13:57:33 UTC (rev
17034)
+++ trunk/phpgwapi/inc/class.phpgw.inc.php 2017-09-05 08:12:58 UTC (rev
17035)
@@ -462,10 +462,10 @@
{
case 'string':
default:
+ $value =
str_replace(array(';','(', ')', '=', '--'),array(';','(', ')',
'=','−−'), $value); // prevent SQL-injection
$value = filter_var($value,
FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES);
$value =
htmlspecialchars($value, ENT_QUOTES, 'UTF-8', true);
// $value = htmlentities($value,
ENT_QUOTES, 'UTF-8', true);
- $value =
str_replace(array(';','(', ')', '=', '--'),array(';','(', ')',
'=','−−'), $value); // prevent SQL-injection
break;
case 'boolean':
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [17035] API: sanitize values,
sigurdne <=