[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Fmsystem-commits] [14869] more on SQL-injection
|
From: |
Sigurd Nes |
|
Subject: |
[Fmsystem-commits] [14869] more on SQL-injection |
|
Date: |
Tue, 29 Mar 2016 08:19:31 +0000 |
Revision: 14869
http://svn.sv.gnu.org/viewvc/?view=rev&root=fmsystem&revision=14869
Author: sigurdne
Date: 2016-03-29 08:19:31 +0000 (Tue, 29 Mar 2016)
Log Message:
-----------
more on SQL-injection
Modified Paths:
--------------
trunk/phpgwapi/inc/class.phpgw.inc.php
Modified: trunk/phpgwapi/inc/class.phpgw.inc.php
===================================================================
--- trunk/phpgwapi/inc/class.phpgw.inc.php 2016-03-27 21:55:41 UTC (rev
14868)
+++ trunk/phpgwapi/inc/class.phpgw.inc.php 2016-03-29 08:19:31 UTC (rev
14869)
@@ -433,9 +433,27 @@
$error = 'SQL-injection spottet.';
$error .= " <br/> Your IP is logged";
$ip_address = self::get_ip_address();
- echo $error;
- trigger_error("$error: {$ip_address}",
E_USER_ERROR);
- $GLOBALS['phpgw']->common->phpgw_exit();
+ if($_POST) //$_POST: it "could" be a
valid userinput...
+ {
+ /*
+ * Log entry - just in case..
+ */
+
$GLOBALS['phpgw']->log->error(array(
+ 'text' => 'Possible
SQL-injection spottet from IP: %1. Error: %2',
+ 'p1' => $ip_address,
+ 'p2' => 'input value
ending with apos',
+ 'line' => __LINE__,
+ 'file' => __FILE__
+ ));
+
+ }
+ else
+ {
+ echo $error;
+
$GLOBALS['phpgw_info']['flags']['xslt_app'] = false;
+ trigger_error("$error:
{$ip_address}", E_USER_ERROR);
+
$GLOBALS['phpgw']->common->phpgw_exit();
+ }
}
switch ( $value_type )
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Fmsystem-commits] [14869] more on SQL-injection,
Sigurd Nes <=