From 0e34bade9cc2fa831f9c8a344b2ebfdf4047848c Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Mon, 27 Oct 2014 08:53:37 -0400
Subject: [PATCH] Fixed: FS#3718 - SQL injection checker false positive alert in APS installer

---
 interface/lib/classes/tform.inc.php |    8 ++++++--
 1 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/tform.inc.php b/interface/lib/classes/tform.inc.php
index 05740b1..4522304 100644
--- a/interface/lib/classes/tform.inc.php
+++ b/interface/lib/classes/tform.inc.php
@@ -252,7 +252,9 @@
 			unset($tmp_recordid);
 
 			$querystring = str_replace("{AUTHSQL}", $this->getAuthSQL('r'), $querystring);
-			$querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', "self::table_auth_sql", $querystring);
+			//$querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', "self::table_auth_sql", $querystring);
+			//*Used the ld form to be compatible with php < 5.3
+			$querystring = preg_replace_callback('@{AUTHSQL::(.+?)}@', create_function('$matches','global $app; $tmp = $app->tform->getAuthSQL("r", $matches[1]); return $tmp;'), $querystring);
 
 			// Getting the records
 			$tmp_records = $app->db->queryAllRecords($querystring);
@@ -293,10 +295,12 @@
 		return $values;
 
 	}
-
+	
+	/*
 	function table_auth_sql($matches){
 		return $this->getAuthSQL('r', $matches[1]);
 	}
+	*/
 
 	//* If the parameter 'valuelimit' is set
 	function applyValueLimit($limit, $values) {

--
Gitblit v1.9.1