Wavyzz/dolibarr
2
0
Fork 1
mirror of https://github.com/Dolibarr/dolibarr.git synced 2025-12-24 02:11:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

FIX security vulnerability reported by ADLab of Venustech

Browse Source
This commit is contained in:
Laurent Destailleur
2017-12-21 13:32:16 +01:00
parent 62f895e2ec
commit 6a62e13960
60 changed files with 562 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
htdocs/main.inc.php
View File

@@ -81,7 +81,7 @@ function test_sql_and_script_inject($val, $type)
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
if ($type != 2)
{
$inj += preg_match('/updatexml^(/i', $val);
$inj += preg_match('/updatexml\(/i', $val);
$inj += preg_match('/delete\s+from/i', $val);
$inj += preg_match('/create\s+table/i', $val);
$inj += preg_match('/update.+set.+=/i', $val);