Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Fix: sql injection for create database

Browse Source
This commit is contained in:
Laurent Destailleur
2012-07-22 16:53:32 +02:00
parent 9eb9fe6d2c
commit 970d946e5b
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/db/mysql.class.php
View File

@@ -800,8 +800,8 @@ class DoliDBMysql
if (empty($collation)) $collation=$this->forcecollate;
// ALTER DATABASE dolibarr_db DEFAULT CHARACTER SET latin DEFAULT COLLATE latin1_swedish_ci
$sql = 'CREATE DATABASE '.$database;
$sql.= ' DEFAULT CHARACTER SET '.$charset.' DEFAULT COLLATE '.$collation;
$sql = "CREATE DATABASE '".$this->escape($database)."'";
$sql.= " DEFAULT CHARACTER SET '".$this->escape($charset)."' DEFAULT COLLATE '".$this->escape($collation)."'";
dol_syslog($sql,LOG_DEBUG);
$ret=$this->query($sql);

4
htdocs/core/db/mysqli.class.php
View File

@@ -794,8 +794,8 @@ class DoliDBMysqli
if (empty($collation)) $collation=$this->forcecollate;
// ALTER DATABASE dolibarr_db DEFAULT CHARACTER SET latin DEFAULT COLLATE latin1_swedish_ci
$sql = 'CREATE DATABASE '.$database;
$sql.= ' DEFAULT CHARACTER SET '.$charset.' DEFAULT COLLATE '.$collation;
$sql = "CREATE DATABASE '".$this->escape($database)."'";
$sql.= " DEFAULT CHARACTER SET '".$this->escape($charset)."' DEFAULT COLLATE '".$this->escape($collation)."'";
dol_syslog($sql,LOG_DEBUG);
$ret=$this->query($sql);