From c6b1e92bda7de0322c97e55d2116721c84f0f0ae Mon Sep 17 00:00:00 2001
From: Jose Gonzalez <jose.gonzalez@artica.es>
Date: Mon, 8 Jun 2020 08:44:24 +0200
Subject: [PATCH] Modified match for forbidden words. Now not allows spaces or
 scaped chars. Other cases must not be problemathic

---
 pandora_console/include/functions.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php
index 724fe11fd6..8805a0b1e2 100644
--- a/pandora_console/include/functions.php
+++ b/pandora_console/include/functions.php
@@ -2136,7 +2136,7 @@ function check_sql($sql)
 {
     // We remove "*" to avoid things like SELECT * FROM tusuario
     // Check that it not delete_ as "delete_pending" (this is a common field in pandora tables).
-    if (preg_match('/\*|delete[^_]|drop|alter|modify|password|pass|insert|update/i', $sql)) {
+    if (preg_match('/([ ]*(delete|drop|alter|modify|password|pass|insert|update)\b[ \\]+)/i', $sql)) {
         return '';
     }