Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Revert code because it does not fix security hole completely. Also it

Browse Source 
does work on origin but at a transition level.
Sanitizing for command line data must not appears inside a function used
for http data. I prefer fixing this at the source and also using a rule
that clean all attacks completely instead of a rule that clean "most
problem but not all".
This commit is contained in:
Laurent Destailleur
2012-04-10 01:25:52 +02:00
parent 1571134f7d
commit 37ce5d9fca
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/admin/tools/export.php
View File

@@ -127,7 +127,7 @@ if ($what == 'mysql')
if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port; if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port;
if (! GETPOST("use_transaction")) $param.=" -l --single-transaction"; if (! GETPOST("use_transaction")) $param.=" -l --single-transaction";
if (GETPOST("disable_fk")) $param.=" -K"; if (GETPOST("disable_fk")) $param.=" -K";
if (GETPOST("sql_compat") && GETPOST("sql_compat") != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","alpha"); if (GETPOST("sql_compat") && GETPOST("sql_compat") != 'NONE') $param.=" --compatible=".preg_replace('/[^a-zA-Z0-9]/','',GETPOST("sql_compat","alpha"));
if (GETPOST("drop_database")) $param.=" --add-drop-database"; if (GETPOST("drop_database")) $param.=" --add-drop-database";
if (GETPOST("sql_structure")) if (GETPOST("sql_structure"))
{ {