Added restriction to dangerous querys (drop database).

pandora_console/include/ajax/rolling_release.ajax.php

@@ -27,6 +27,24 @@ if (is_ajax ()) {
 		$dir = $config["homedir"]."/extras/mr";
 		
 		$file = "$dir/$number.open.sql";
+		
+		$dangerous_query = false;
+		$mr_file = fopen($file, "r");
+		while (!feof($mr_file)) {
+			$line = fgets($mr_file);
+			if ((preg_match("/^drop/", $line)) || 
+				(preg_match("/^DROP/", $line))) {
+				$dangerous_query = true;
+			}
+		}
+		
+		if ($dangerous_query) {
+			$error_file = fopen($config["homedir"] . "/extras/mr/error.txt", "w");
+			$message = "The sql file contains a dangerous query";
+			fwrite($error_file, $message);
+			fclose($error_file);
+		}
+		else {
 			if (file_exists($dir) && is_dir($dir)) {
 				if (is_readable($dir)) {
 					if ($config["minor_release_open"] >= $number) {
@@ -80,6 +98,7 @@ if (is_ajax ()) {
 				fwrite($error_file, $message);
 				fclose($error_file);
 			}
+		}
 		
 		echo $message;
 		return;