Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2026-01-06 09:02:59 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge 2 tests. Remove checkstyle errors.

Browse Source
This commit is contained in:
Laurent Destailleur
2014-05-06 10:44:15 +02:00
parent 601d3260e9
commit 39c0b9e356
1 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
htdocs/main.inc.php
View File

@@ -80,15 +80,14 @@ function test_sql_and_script_inject($val, $type)
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2)
{
$sql_inj += preg_match('/delete\s+from/i' , $val);
$sql_inj += preg_match('/create\s+table/i' , $val);
$sql_inj += preg_match('/update.+set.+=/i' , $val);
$sql_inj += preg_match('/insert\s+into/i' , $val);
$sql_inj += preg_match('/select.+from/i' , $val);
$sql_inj += preg_match('/union.+select/i' , $val);
$sql_inj += preg_match('/into\s+outfile/i' , $val);
$sql_inj += preg_match('/into\s+dumpfile/i' , $val);
$sql_inj += preg_match('/(\.\.%2f)+/i' , $val);
$sql_inj += preg_match('/delete\s+from/i', $val);
$sql_inj += preg_match('/create\s+table/i', $val);
$sql_inj += preg_match('/update.+set.+=/i', $val);
$sql_inj += preg_match('/insert\s+into/i', $val);
$sql_inj += preg_match('/select.+from/i', $val);
$sql_inj += preg_match('/union.+select/i', $val);
$sql_inj += preg_match('/into\s+(outfile|dumpfile)/i', $val);
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
}
// For XSS Injection done by adding javascript with script
// This is all cases a browser consider text is javascript: