tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-5910-bug-sql-query-report-illegal-words' into 'develop' 

Modified match for forbidden words. Now not allows spaces or scaped chars....

Closes pandora_enterprise#5910

See merge request artica/pandorafms!3277
This commit is contained in:
Alejandro Fraguas 2020-06-15 18:03:36 +02:00
parent 4e6528bd3b c6b1e92bda
commit 8ebf7b34f2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/include/functions.php
View File

@ -2142,7 +2142,7 @@ function check_sql($sql)
{
// We remove "*" to avoid things like SELECT * FROM tusuario
// Check that it not delete_ as "delete_pending" (this is a common field in pandora tables).
if (preg_match('/\*|delete[^_]|drop|alter|modify|password|pass|insert|update/i', $sql)) {
if (preg_match('/([ ]*(delete|drop|alter|modify|password|pass|insert|update)\b[ \\]+)/i', $sql)) {
return '';
}