interface/lib/classes/db_mysql.inc.php
@@ -132,10 +132,15 @@ if($ids_config['sql_scan_enabled'] == 'yes') { // Remove whitespace $string = trim($string); if(substr($string,-1) == ';') $string = substr($string,0,-1); // Save original string $string_orig = $string; //echo $string; $chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"'); $chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"'); $string = str_replace('\\\\', '', $string); $string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string);
