From 68b1465cab0805f42facbbc76acf68e51889ccbf Mon Sep 17 00:00:00 2001 From: Till Brehm <tbrehm@ispconfig.org> Date: Thu, 16 Oct 2014 06:04:50 -0400 Subject: [PATCH] Changes in SQL injection check of database library. --- interface/lib/classes/db_mysql.inc.php | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/interface/lib/classes/db_mysql.inc.php b/interface/lib/classes/db_mysql.inc.php index bcf1b00..d4ba79c 100644 --- a/interface/lib/classes/db_mysql.inc.php +++ b/interface/lib/classes/db_mysql.inc.php @@ -135,7 +135,7 @@ $string_orig = $string; //echo $string; - $chars = array(';', '#', '/*', '*/', '--', ' UNION ', '\\\'', '\\"'); + $chars = array(';', '#', '/*', '*/', '--', '\\\'', '\\"'); $string = str_replace('\\\\', '', $string); $string = preg_replace('/(^|[^\\\])([\'"])\\2/is', '$1', $string); -- Gitblit v1.9.1