[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [13896] block sql-injection
|
From: |
Sigurd Nes |
|
Subject: |
[Fmsystem-commits] [13896] block sql-injection |
|
Date: |
Tue, 15 Sep 2015 07:06:09 +0000 |
Revision: 13896
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=13896
Author: sigurdne
Date: 2015-09-15 07:06:08 +0000 (Tue, 15 Sep 2015)
Log Message:
-----------
block sql-injection
Modified Paths:
--------------
branches/Version-1_0-branch/booking/inc/class.socompleted_reservation_export_file.inc.php
Modified:
branches/Version-1_0-branch/booking/inc/class.socompleted_reservation_export_file.inc.php
===================================================================
---
branches/Version-1_0-branch/booking/inc/class.socompleted_reservation_export_file.inc.php
2015-09-15 07:05:47 UTC (rev 13895)
+++
branches/Version-1_0-branch/booking/inc/class.socompleted_reservation_export_file.inc.php
2015-09-15 07:06:08 UTC (rev 13896)
@@ -225,10 +225,18 @@
# }
}
- $this->db_query(
- join(";\n", $export_conf_updates),
- __LINE__, __FILE__
- );
+ /**
+ * Sigurd: block SQL-injection by not allowing
multiple statements in one query
+ */
+ foreach($export_conf_updates as $sql)
+ {
+ $this->db_query($sql,__LINE__,
__FILE__);
+ }
+
+// $this->db_query(
+// join(";\n", $export_conf_updates),
+// __LINE__, __FILE__
+// );
if ($this->db->transaction_commit()) {
return $entity_export_files;
@@ -254,3 +262,4 @@
} catch (booking_unattached_storage_object $e) { }
}
}
+
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [13896] block sql-injection,
Sigurd Nes <=