From 7818b1515142a38bd9aeaa03531241dce28bd06a Mon Sep 17 00:00:00 2001 From: ptibogxiv Date: Sun, 5 Apr 2020 10:50:38 +0200 Subject: [PATCH] Update api_setup.class.php --- htdocs/api/class/api_setup.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/htdocs/api/class/api_setup.class.php b/htdocs/api/class/api_setup.class.php index 5dbccb69fb4..7b47c59dbb7 100644 --- a/htdocs/api/class/api_setup.class.php +++ b/htdocs/api/class/api_setup.class.php @@ -1426,7 +1426,7 @@ class Setup extends DolibarrApi throw new RestException(403, 'Error API open to admin users only or to the login user defined with constant API_LOGIN_ALLOWED_FOR_ADMIN_CHECK'); } - if (! preg_match('/[a-zA-Z0-9_]/', $confname) || ! isset($conf->global->$confname)) { + if (! preg_match('/^[a-zA-Z0-9_]+$/', $confname) || ! isset($conf->global->$confname)) { throw new RestException(500, 'Error Bad or unknown value for constname'); } if (preg_match('/(_pass|password|secret|_key|key$)/i', $confname)) {