tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-09-25 10:59:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '1000-Sentencia_UNION_restringida_en_informes_SQL' into 'develop'

Browse Source 
allow UNION sql reports

See merge request !704
This commit is contained in:
vgilc 2017-08-18 13:01:53 +02:00
commit c09033ae03
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/include/functions.php
View File

@ -1701,7 +1701,7 @@ function check_sql ($sql) {
//Check that it not delete_ as "delete_pending" (this is a common field in pandora tables). //Check that it not delete_ as "delete_pending" (this is a common field in pandora tables).
if (preg_match("/\*|delete[^_]|drop|alter|modify|union|password|pass|insert|update/i", $sql)) { if (preg_match("/\*|delete[^_]|drop|alter|modify|password|pass|insert|update/i", $sql)) {
return ""; return "";
} }
return $sql; return $sql;

2
pandora_console/include/functions_reporting.php
View File

@ -3991,7 +3991,7 @@ function reporting_sql($report, $content) {
} }
else { else {
$return['correct'] = 0; $return['correct'] = 0;
$return['error'] = __('Illegal query: Due security restrictions, there are some tokens or words you cannot use: *, delete, drop, alter, modify, union, password, pass, insert or update.'); $return['error'] = __('Illegal query: Due security restrictions, there are some tokens or words you cannot use: *, delete, drop, alter, modify, password, pass, insert or update.');
} }
if ($config['metaconsole']) { if ($config['metaconsole']) {