Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-09 11:08:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Fix: sql injection"

Browse Source 
This reverts commit 8c3158cf28.
This commit is contained in:
Laurent Destailleur
2012-04-10 01:03:54 +02:00
parent 212b3bd60e
commit 4cb6ec76ee
2 changed files with 1 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/admin/tools/export.php
View File

@@ -127,7 +127,7 @@ if ($what == 'mysql')
if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port; if (! empty($dolibarr_main_db_port)) $param.=" -P ".$dolibarr_main_db_port;
if (! GETPOST("use_transaction")) $param.=" -l --single-transaction"; if (! GETPOST("use_transaction")) $param.=" -l --single-transaction";
if (GETPOST("disable_fk")) $param.=" -K"; if (GETPOST("disable_fk")) $param.=" -K";
if (GETPOST("sql_compat") && GETPOST("sql_compat") != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","special"); if (GETPOST("sql_compat") && GETPOST("sql_compat") != 'NONE') $param.=" --compatible=".GETPOST("sql_compat","alpha");
if (GETPOST("drop_database")) $param.=" --add-drop-database"; if (GETPOST("drop_database")) $param.=" --add-drop-database";
if (GETPOST("sql_structure")) if (GETPOST("sql_structure"))
{ {

6
htdocs/core/lib/functions.lib.php
View File

@@ -194,12 +194,6 @@ function GETPOST($paramname,$check='',$method=0)
// '../' is dangerous because it allows dir transversals // '../' is dangerous because it allows dir transversals
if (preg_match('/"/',$out)) $out=''; if (preg_match('/"/',$out)) $out='';
else if (preg_match('/\.\.\//',$out)) $out=''; else if (preg_match('/\.\.\//',$out)) $out='';
else if (preg_match('/(\s)*|(%20)*/',$out)) $out='';
}
elseif ($check == 'special')
{
$out=trim($out);
if (preg_match('/(\s)*|(%20)*/',$out)) $out='';
} }
elseif ($check == 'array') elseif ($check == 'array')
{ {