[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14855] more on SQL-injection
From: |
Sigurd Nes |
Subject: |
[Fmsystem-commits] [14855] more on SQL-injection |
Date: |
Sun, 20 Mar 2016 17:46:19 +0000 |
Revision: 14855
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14855
Author: sigurdne
Date: 2016-03-20 17:46:19 +0000 (Sun, 20 Mar 2016)
Log Message:
-----------
more on SQL-injection
Modified Paths:
--------------
trunk/phpgwapi/inc/class.db.inc.php
Modified: trunk/phpgwapi/inc/class.db.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.db.inc.php 2016-03-20 17:33:23 UTC (rev 14854)
+++ trunk/phpgwapi/inc/class.db.inc.php 2016-03-20 17:46:19 UTC (rev 14855)
@@ -752,10 +752,10 @@
$first_element = false;
continue;
}
-
if(preg_match("/(\bUNION\b|\bPG_SLEEP\b|\bCHR\b|\bGENERATE_SERIES\b)/i", $sql))
// FIND 'UNION ALL SELECT'
+
if(preg_match("/(\bUNION\b|\bPG_SLEEP\b|\bCHR\b|\bGENERATE_SERIES\b)/i", $sql))
{
$this->transaction_abort();
- trigger_error('Attempt on
SQL-injection: UNION ALL SELECT', E_USER_ERROR);
+ trigger_error('Attempt on
SQL-injection', E_USER_ERROR);
exit;
}
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14855] more on SQL-injection,
Sigurd Nes <=