tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ent-12798-unauth-sql-injection' into 'develop' 

Ent 12798 Unauth SQL Injection

See merge request artica/pandorafms!6897
This commit is contained in:
Rafael Ameijeiras 2024-02-01 08:07:53 +00:00
parent 2daa6f1e87 137488ee8c
commit 8feab8ab45
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pandora_console/extensions/grafana/query.php
View File

@ -23,6 +23,9 @@ if ($headers['Authorization']) {
list($user, $password) = explode(':', base64_decode($headers['Authorization']));
// Prevent sql injection.
$user = mysqli_real_escape_string($config['dbconnection'], $user);
// Check user login
$user_in_db = process_user_login($user, $password, true);

3
pandora_console/extensions/grafana/search.php
View File

@ -24,6 +24,9 @@ if ($headers['Authorization']) {
list($user, $password) = explode(':', base64_decode($headers['Authorization']));
// Prevent sql injection.
$user = mysqli_real_escape_string($config['dbconnection'], $user);
// Check user login
$user_in_db = process_user_login($user, $password, true);