tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Modified match for forbidden words. Now not allows spaces or scaped chars. Other cases must not be problemathic

This commit is contained in:
Jose Gonzalez 2020-06-08 08:44:24 +02:00
parent c8d8b1a312
commit c6b1e92bda
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pandora_console/include/functions.php
View File

@ -2136,7 +2136,7 @@ function check_sql($sql)
{ {
// We remove "*" to avoid things like SELECT * FROM tusuario // We remove "*" to avoid things like SELECT * FROM tusuario
// Check that it not delete_ as "delete_pending" (this is a common field in pandora tables). // Check that it not delete_ as "delete_pending" (this is a common field in pandora tables).
if (preg_match('/\*|delete[^_]|drop|alter|modify|password|pass|insert|update/i', $sql)) { if (preg_match('/([ ]*(delete|drop|alter|modify|password|pass|insert|update)\b[ \\]+)/i', $sql)) {
return ''; return '';
} }