2010-12-23 Miguel de Dios <miguel.dedios@artica.es>

* include/functions.php: in function "check_sql" added some changes in the regular expression for pass the pandora field "delete_pending". git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@3702 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f
2010-12-23 15:59:41 +00:00 · 2010-12-23 15:59:41 +00:00 · 6dec3b09f2
parent 1902cb0cd7
commit 6dec3b09f2
2 changed files with 8 additions and 1 deletions
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@ -1,3 +1,8 @@
+2010-12-23  Miguel de Dios  <miguel.dedios@artica.es>
+
+	* include/functions.php: in function "check_sql" added some changes in
+	the regular expression for pass the pandora field "delete_pending".
+
 2010-12-23  Miguel de Dios  <miguel.dedios@artica.es>

 	* include/ajax/reporting.ajax.php: fixed copy&paste mistake.
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@ -1175,7 +1175,9 @@ function string2image($string, $width, $height, $fontsize = 3,
 function check_sql ($sql){
        // We remove "*" to avoid things like SELECT * FROM tusuario

-        if (preg_match("/\*|delete|drop|alter|modify|union|password|pass|insert|update/i", $sql)){
+		//Check that it not delete_ as "delete_pending" (this is a common field in pandora tables).
+	
+        if (preg_match("/\*|delete[^_]|drop|alter|modify|union|password|pass|insert|update/i", $sql)) {
                return "";
        }
        return $sql;