tyler.durden/pandorafms
1
0
Fork 0
mirror of https://github.com/pandorafms/pandorafms.git synced 2025-04-08 18:55:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '3042-Punto-de-inyeccion-sql' into 'develop'

Browse Source 
avoid sql injection in visual_map_get_user_layouts function

See merge request 

Former-commit-id: cd680e3a3df45f6f54c6c2f25d118f97f30b8b81
This commit is contained in:
vgilc 2018-12-21 10:29:31 +01:00
commit dd0165fe89
1 changed files with 3 additions and 1 deletions

4
pandora_console/include/functions_visual_map.php

@ -3465,7 +3465,9 @@ function visual_map_get_user_layouts ($id_user = 0, $only_names = false, $filter
$filter = array ();
} else {
if(!empty($filter['name'])){
$where .= "name LIKE '%".io_safe_output($filter['name'])."%'";
$where .= sprintf("name LIKE '%%%s%%'",
db_escape_string_sql(io_safe_output($filter['name'])));
unset($filter['name']);
}
}