From 68b1465cab0805f42facbbc76acf68e51889ccbf Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 16 Oct 2014 06:04:50 -0400
Subject: [PATCH] Changes in SQL injection check of database library.

---
 interface/lib/classes/db_mysql.inc.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php
index bcf1b00..d4ba79c 100644
--- a/interface/lib/classes/db_mysql.inc.php
+++ b/interface/lib/classes/db_mysql.inc.php
@@ -135,7 +135,7 @@
 				$string_orig = $string;
 				
 				//echo $string;
-				$chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"');
+				$chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"');
 		
 				$string = str_replace('\\\\', '', $string);
 				$string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string);

--
Gitblit v1.9.1